From 6e5734adcab70596e4a0b494f3bf6836ec1fc6a7 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 26 Jun 2025 09:18:30 -0400 Subject: [PATCH 001/307] Crypto: Fix openssl padding to propery link async padding to hashing configs. --- .../AlgorithmInstances/AlgToAVCFlow.qll | 4 +- .../CipherAlgorithmInstance.qll | 14 +++-- .../PaddingAlgorithmInstance.qll | 61 +++++-------------- .../OpenSSL/Operations/CipherOperation.qll | 26 +++++++- .../Operations/EVPPKeyCtxInitializer.qll | 33 ++++++++-- .../Operations/OpenSSLOperationBase.qll | 18 ++++-- .../library-tests/quantum/node_edges.expected | 14 +++++ .../quantum/node_properties.expected | 15 +++++ .../library-tests/quantum/nodes.expected | 12 ++++ .../library-tests/quantum/openssl_basic.c | 58 +++++++++++++++++- 10 files changed, 188 insertions(+), 67 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll index d46c2f691916..45a194db3078 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll @@ -49,7 +49,9 @@ module KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow = DataFlow::Global; module RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { source.asExpr() instanceof OpenSslPaddingLiteral } + predicate isSource(DataFlow::Node source) { + source.asExpr() instanceof OpenSslSpecialPaddingLiteral + } predicate isSink(DataFlow::Node sink) { exists(PaddingAlgorithmValueConsumer c | c.getInputNode() = sink) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index 0fb8ecf95398..7cf71d12f716 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -4,8 +4,9 @@ private import KnownAlgorithmConstants private import Crypto::KeyOpAlg as KeyOpAlg private import OpenSSLAlgorithmInstanceBase private import PaddingAlgorithmInstance -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +private import OpenSSLAlgorithmInstances private import AlgToAVCFlow private import BlockAlgorithmInstance @@ -97,10 +98,13 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan } override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { - //TODO: the padding is either self, or it flows through getter ctx to a set padding call - // like EVP_PKEY_CTX_set_rsa_padding result = this - // TODO or trace through getter ctx to set padding + or + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(PaddingAlgorithmIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override string getRawAlgorithmName() { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll index 7a34b69ddf54..6a517ce90d29 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll @@ -1,6 +1,7 @@ import cpp private import experimental.quantum.Language private import OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants private import AlgToAVCFlow private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer @@ -17,13 +18,14 @@ private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgor * # define RSA_PKCS1_WITH_TLS_PADDING 7 * # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 */ -class OpenSslPaddingLiteral extends Literal { +class OpenSslSpecialPaddingLiteral extends Literal { // TODO: we can be more specific about where the literal is in a larger expression // to avoid literals that are clealy not representing an algorithm, e.g., array indices. - OpenSslPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } + OpenSslSpecialPaddingLiteral() { this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] } } /** + * Holds if `e` has the given `type`. * Given a `KnownOpenSslPaddingAlgorithmExpr`, converts this to a padding family type. * Does not bind if there is no mapping (no mapping to 'unknown' or 'other'). */ @@ -44,9 +46,6 @@ predicate knownOpenSslConstantToPaddingFamilyType( ) } -//abstract class OpenSslPaddingAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance{} -// TODO: need to alter this to include known padding constants which don't have the -// same mechanics as those with known nids class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Expr { @@ -78,7 +77,7 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta isPaddingSpecificConsumer = false or // Possibility 3: padding-specific literal - this instanceof OpenSslPaddingLiteral and + this instanceof OpenSslSpecialPaddingLiteral and exists(DataFlow::Node src, DataFlow::Node sink | // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and @@ -123,44 +122,6 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta } } -// // Values used for EVP_PKEY_CTX_set_rsa_padding, these are -// // not the same as 'typical' constants found in the set of known algorithm constants -// // they do not have an NID -// // TODO: what about setting the padding directly? -// class KnownRSAPaddingConstant extends OpenSslPaddingAlgorithmInstance, Crypto::PaddingAlgorithmInstance instanceof Literal -// { -// KnownRSAPaddingConstant() { -// // from rsa.h in openssl: -// // # define RSA_PKCS1_PADDING 1 -// // # define RSA_NO_PADDING 3 -// // # define RSA_PKCS1_OAEP_PADDING 4 -// // # define RSA_X931_PADDING 5 -// // /* EVP_PKEY_ only */ -// // # define RSA_PKCS1_PSS_PADDING 6 -// // # define RSA_PKCS1_WITH_TLS_PADDING 7 -// // /* internal RSA_ only */ -// // # define RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING 8 -// this instanceof Literal and -// this.getValue().toInt() in [0, 1, 3, 4, 5, 6, 7, 8] -// // TODO: trace to padding-specific consumers -// RSAPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow -// } -// override string getRawPaddingAlgorithmName() { result = this.(Literal).getValue().toString() } -// override Crypto::TPaddingType getPaddingType() { -// if this.(Literal).getValue().toInt() in [1, 6, 7, 8] -// then result = Crypto::PKCS1_v1_5() -// else -// if this.(Literal).getValue().toInt() = 3 -// then result = Crypto::NoPadding() -// else -// if this.(Literal).getValue().toInt() = 4 -// then result = Crypto::OAEP() -// else -// if this.(Literal).getValue().toInt() = 5 -// then result = Crypto::ANSI_X9_23() -// else result = Crypto::OtherPadding() -// } -// } class OAEPPaddingAlgorithmInstance extends Crypto::OAEPPaddingAlgorithmInstance, KnownOpenSslPaddingConstantAlgorithmInstance { @@ -169,10 +130,18 @@ class OAEPPaddingAlgorithmInstance extends Crypto::OAEPPaddingAlgorithmInstance, } override Crypto::HashAlgorithmInstance getOAEPEncodingHashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmOaepIO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } override Crypto::HashAlgorithmInstance getMGF1HashAlgorithm() { - none() //TODO + exists(OperationStep s | + this.getAvc().(AvcContextCreationStep).flowsToOperationStep(s) and + s.getAlgorithmValueConsumerForInput(HashAlgorithmMgf1IO()) = + result.(OpenSslAlgorithmInstance).getAvc() + ) } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index 96af476117b3..0d9c8f496ea4 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -214,7 +214,14 @@ class EvpCipherFinalCall extends EvpCipherOperationFinalStep { */ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { EvpPKeyCipherOperation() { - this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] + this.getTarget().getName() in ["EVP_PKEY_encrypt", "EVP_PKEY_decrypt"] and + // TODO: for now ignore this operation entirely if it is setting the cipher text to null + // this needs to be re-evalauted if this scenario sets other values worth tracking + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) } override DataFlow::Node getInput(IOType type) { @@ -226,9 +233,24 @@ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asExpr() = this.getArgument(1) and + type = CiphertextIO() and + this.getStepType() = FinalStep() // TODO: could indicate text lengths here, as well } + + override OperationStepType getStepType() { + // When the output buffer is null, the step is not a final step + // it is used to get the buffer size, if 0 consider it an initialization step + // NOTE/TODO: not tracing 0 to the arg, just looking for 0 directly in param + // the assumption is this is the common case, but we may want to make this more + // robust and support a dataflow. + result = FinalStep() and + (exists(super.getArgument(1).getValue()) implies super.getArgument(1).getValue().toInt() != 0) + or + result = InitializerStep() and + super.getArgument(1).getValue().toInt() = 0 + } } /** diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 2208407e53ca..9d9b14c6d2fc 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -71,19 +71,42 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep { * - `EVP_PKEY_CTX_set_ecdh_kdf_md` */ class EvpCtxSetHashInitializer extends OperationStep { + boolean isOaep; + boolean isMgf1; + EvpCtxSetHashInitializer() { this.getTarget().getName() in [ - "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_rsa_mgf1_md_name", - "EVP_PKEY_CTX_set_rsa_mgf1_md", "EVP_PKEY_CTX_set_rsa_oaep_md_name", - "EVP_PKEY_CTX_set_rsa_oaep_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", + "EVP_PKEY_CTX_set_signature_md", "EVP_PKEY_CTX_set_dsa_paramgen_md", "EVP_PKEY_CTX_set_dh_kdf_md", "EVP_PKEY_CTX_set_ecdh_kdf_md" - ] + ] and + isOaep = false and + isMgf1 = false + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_mgf1_md" + ] and + isOaep = false and + isMgf1 = true + or + this.getTarget().getName() in [ + "EVP_PKEY_CTX_set_rsa_oaep_md_name", + "EVP_PKEY_CTX_set_rsa_oaep_md" + ] and + isOaep = true and + isMgf1 = false } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() + result.asExpr() = this.getArgument(1) and + type = HashAlgorithmIO() and + isOaep = false and + isMgf1 = false + or + result.asExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true + or + result.asExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true } override DataFlow::Node getOutput(IOType type) { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index f1ab394ad787..389cb249058a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -58,7 +58,11 @@ newtype TIOType = // For OSSL_PARAM and OSSL_LIB_CTX use of OsslParamIO and OsslLibContextIO ContextIO() or DigestIO() or + // For OAEP and MGF1 hashes, there is a special IO type for these hashes + // it is recommended to set the most explicit type known, not both HashAlgorithmIO() or + HashAlgorithmOaepIO() or + HashAlgorithmMgf1IO() or IVorNonceIO() or KeyIO() or KeyOperationSubtypeIO() or @@ -254,18 +258,18 @@ abstract class OperationStep extends Call { * operation step (dominating operation step, see `getDominatingInitializersToStep`). */ Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { - exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcSucc | + exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred | (t = PrimaryAlgorithmIO() or t = ContextIO()) and - avcSucc.flowsToOperationStep(this) and + avcConsumingPred.flowsToOperationStep(this) and src.asExpr() = result and - sink = avcSucc.getInput(t) and + sink = avcConsumingPred.getInput(t) and AvcToOperationStepFlow::flow(src, sink) and ( - // Case 1: the avcSucc step is a dominating initialization step + // Case 1: the avcConsumingPred step is a dominating initialization step t = PrimaryAlgorithmIO() and - avcSucc = this.getDominatingInitializersToStep(PrimaryAlgorithmIO()) + avcConsumingPred = this.getDominatingInitializersToStep(PrimaryAlgorithmIO()) or - // Case 2: the succ is a context input (any avcSucc is valid) + // Case 2: the pred is a context input t = ContextIO() ) ) @@ -277,6 +281,8 @@ abstract class OperationStep extends Call { * TODO: generalize to use this for `getPrimaryAlgorithmValueConsumer` */ Crypto::AlgorithmValueConsumer getAlgorithmValueConsumerForInput(IOType type) { + result = this and this.setsValue(type) + or exists(DataFlow::Node src, DataFlow::Node sink | AvcToOperationStepFlow::flow(src, sink) and src.asExpr() = result and diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 652194fc60cd..c31b1035d85b 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -41,6 +41,20 @@ | openssl_basic.c:167:9:167:27 | SignOperation | Input | openssl_basic.c:163:35:163:41 | Message | | openssl_basic.c:167:9:167:27 | SignOperation | Key | openssl_basic.c:160:59:160:62 | Key | | openssl_basic.c:167:9:167:27 | SignOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Mode | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Padding | openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:238:9:238:25 | KeyGeneration | Output | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:238:39:238:43 | Key | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:243:52:243:55 | Key | Source | openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MD | openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | MGF1Hash | openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Input | openssl_basic.c:263:64:263:70 | Message | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Key | openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Nonce | openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:24:262:39 | EncryptOperation | Output | openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | Source | openssl_basic.c:231:27:231:49 | Constant | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyGeneration | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Output | openssl_pkey.c:21:30:21:32 | Key | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Mode | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index 2a9cac52beb0..61d4a8725fed 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -32,6 +32,21 @@ | openssl_basic.c:180:42:180:59 | Constant | Description | 0123456789012345 | openssl_basic.c:180:42:180:59 | openssl_basic.c:180:42:180:59 | | openssl_basic.c:181:49:181:87 | Constant | Description | This is a test message for encryption | openssl_basic.c:181:49:181:87 | openssl_basic.c:181:49:181:87 | | openssl_basic.c:218:32:218:33 | Constant | Description | 32 | openssl_basic.c:218:32:218:33 | openssl_basic.c:218:32:218:33 | +| openssl_basic.c:231:27:231:49 | Constant | Description | Encrypt me with OAEP! | openssl_basic.c:231:27:231:49 | openssl_basic.c:231:27:231:49 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Name | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | RawName | RSA | openssl_basic.c:235:51:235:55 | openssl_basic.c:235:51:235:55 | +| openssl_basic.c:237:54:237:57 | Constant | Description | 2048 | openssl_basic.c:237:54:237:57 | openssl_basic.c:237:54:237:57 | +| openssl_basic.c:238:39:238:43 | Key | KeyType | Asymmetric | openssl_basic.c:238:39:238:43 | openssl_basic.c:238:39:238:43 | +| openssl_basic.c:243:52:243:55 | Key | KeyType | Unknown | openssl_basic.c:243:52:243:55 | openssl_basic.c:243:52:243:55 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | Name | OAEP | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | RawName | 4 | openssl_basic.c:249:51:249:72 | openssl_basic.c:249:51:249:72 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:250:51:250:60 | openssl_basic.c:250:51:250:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | Name | SHA2 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:251:51:251:60 | openssl_basic.c:251:51:251:60 | +| openssl_basic.c:262:24:262:39 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_basic.c:262:24:262:39 | openssl_basic.c:262:24:262:39 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Name | RSA | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | RawName | RSA_generate_key_ex | openssl_pkey.c:21:10:21:28 | openssl_pkey.c:21:10:21:28 | | openssl_pkey.c:21:30:21:32 | Key | KeyType | Asymmetric | openssl_pkey.c:21:30:21:32 | openssl_pkey.c:21:30:21:32 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 9b5bf547604e..e7fb960d84fe 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -34,6 +34,18 @@ | openssl_basic.c:180:42:180:59 | Constant | | openssl_basic.c:181:49:181:87 | Constant | | openssl_basic.c:218:32:218:33 | Constant | +| openssl_basic.c:231:27:231:49 | Constant | +| openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | +| openssl_basic.c:237:54:237:57 | Constant | +| openssl_basic.c:238:9:238:25 | KeyGeneration | +| openssl_basic.c:238:39:238:43 | Key | +| openssl_basic.c:243:52:243:55 | Key | +| openssl_basic.c:249:51:249:72 | PaddingAlgorithm | +| openssl_basic.c:250:51:250:60 | HashAlgorithm | +| openssl_basic.c:251:51:251:60 | HashAlgorithm | +| openssl_basic.c:262:24:262:39 | EncryptOperation | +| openssl_basic.c:262:54:262:63 | KeyOperationOutput | +| openssl_basic.c:263:64:263:70 | Message | | openssl_pkey.c:21:10:21:28 | KeyGeneration | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:30:21:32 | Key | diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c index f1ffbfa24d36..04504070ddd7 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_basic.c @@ -1,7 +1,7 @@ #include "openssl/evp.h" #include "openssl/obj_mac.h" #include "openssl/rand.h" - +#include "openssl/rsa.h" size_t strlen(const char* str); // Sample OpenSSL code that demonstrates various cryptographic operations @@ -218,4 +218,58 @@ int test_main() { calculate_hmac_sha256(key, 32, plaintext, plaintext_len, hmac); return 0; -} \ No newline at end of file +} + +/** + * Simplified signature test + */ +int test_rsa_oaep_basic(void) { + EVP_PKEY_CTX *keygen_ctx = NULL, *encrypt_ctx = NULL; + EVP_PKEY *pkey = NULL; + unsigned char *ciphertext = NULL; + size_t ciphertext_len = 0; + const char *message = "Encrypt me with OAEP!"; + int ret = 1; + + // Generate RSA key + keygen_ctx = EVP_PKEY_CTX_new_from_name(NULL, "RSA", NULL); + if (!keygen_ctx || EVP_PKEY_keygen_init(keygen_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(keygen_ctx, 2048) <= 0 || + EVP_PKEY_generate(keygen_ctx, &pkey) <= 0) { + goto cleanup; + } + + // Create encryption context + encrypt_ctx = EVP_PKEY_CTX_new_from_pkey(NULL, pkey, NULL); + if (!encrypt_ctx || EVP_PKEY_encrypt_init(encrypt_ctx) <= 0) { + goto cleanup; + } + + // Set OAEP padding + if (EVP_PKEY_CTX_set_rsa_padding(encrypt_ctx, RSA_PKCS1_OAEP_PADDING) <= 0 || + EVP_PKEY_CTX_set_rsa_oaep_md(encrypt_ctx, EVP_sha256()) <= 0 || + EVP_PKEY_CTX_set_rsa_mgf1_md(encrypt_ctx, EVP_sha256()) <= 0) { + goto cleanup; + } + + // Determine buffer size + if (EVP_PKEY_encrypt(encrypt_ctx, NULL, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ciphertext = OPENSSL_malloc(ciphertext_len); + if (!ciphertext || EVP_PKEY_encrypt(encrypt_ctx, ciphertext, &ciphertext_len, + (const unsigned char *)message, strlen(message)) <= 0) { + goto cleanup; + } + + ret = 0; + +cleanup: + EVP_PKEY_CTX_free(keygen_ctx); + EVP_PKEY_CTX_free(encrypt_ctx); + EVP_PKEY_free(pkey); + OPENSSL_free(ciphertext); + return ret; +} \ No newline at end of file From e6b363b81bf34e1028a696ebb83c18a6eb62cd6d Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 30 Jun 2025 11:08:30 -0400 Subject: [PATCH 002/307] Crypto: fix Ql-for-QL alerts. --- .../OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll | 3 --- 1 file changed, 3 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index 6ba8fa15c7dd..e78b09dee7a5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -2,13 +2,10 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import Crypto::KeyOpAlg as KeyOpAlg -private import OpenSSLAlgorithmInstanceBase -private import PaddingAlgorithmInstance private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import OpenSSLAlgorithmInstances private import AlgToAVCFlow -private import BlockAlgorithmInstance /** * Given a `KnownOpenSslCipherAlgorithmExpr`, converts this to a cipher family type. From 8b64a72fe19cbac707c213c4ab8c32ae482a8449 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 30 Jun 2025 15:36:55 -0400 Subject: [PATCH 003/307] Crypto: Initial sketch for refactoring MAC and signatures to account for APIs having one function to do both. Incomplete. Work in progress. --- .../MACAlgorithmInstance.qll | 38 ++- .../PaddingAlgorithmInstance.qll | 3 +- .../OpenSSL/Operations/CipherOperation.qll | 37 +-- .../OpenSSL/Operations/HashOperation.qll | 22 +- .../OpenSSL/Operations/KeyGenOperation.qll | 5 +- .../OpenSSL/Operations/SignatureOperation.qll | 234 ++++++++++++++++-- .../codeql/quantum/experimental/Model.qll | 229 +++++++++-------- .../quantum/experimental/Standardization.qll | 28 +-- 8 files changed, 416 insertions(+), 180 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll index 97b183b7e7d3..b6d6112e1c6c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll @@ -2,12 +2,13 @@ import cpp private import experimental.quantum.Language private import KnownAlgorithmConstants private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers -private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstanceBase +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import Crypto::KeyOpAlg as KeyOpAlg private import AlgToAVCFlow class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, - Crypto::MacAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr + Crypto::KeyOperationAlgorithmInstance instanceof KnownOpenSslMacAlgorithmExpr { OpenSslAlgorithmValueConsumer getterCall; @@ -33,17 +34,34 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } - override string getRawMacAlgorithmName() { + override string getRawAlgorithmName() { result = this.(Literal).getValue().toString() or result = this.(Call).getTarget().getName() } - override Crypto::MacType getMacType() { - this instanceof KnownOpenSslHMacAlgorithmExpr and result = Crypto::HMAC() - or - this instanceof KnownOpenSslCMacAlgorithmExpr and result = Crypto::CMAC() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if this instanceof KnownOpenSslHMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if this instanceof KnownOpenSslCMacAlgorithmExpr + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmInstance, @@ -60,9 +78,13 @@ class KnownOpenSslHMacConstantAlgorithmInstance extends Crypto::HmacAlgorithmIns // where the current AVC traces to a HashAlgorithmIO consuming operation step. // TODO: need to consider getting reset values, tracing down to the first set for now exists(OperationStep s, AvcContextCreationStep avc | - avc = this.getAvc() and + avc = super.getAvc() and avc.flowsToOperationStep(s) and s.getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result ) } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll index b1d31c1a09c6..c9d2c7a21b6b 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll @@ -4,8 +4,7 @@ private import OpenSSLAlgorithmInstanceBase private import experimental.quantum.OpenSSL.Operations.OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmInstances.KnownAlgorithmConstants private import AlgToAVCFlow -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.DirectAlgorithmValueConsumer -private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumerBase +private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import codeql.quantum.experimental.Standardization::Types::KeyOpAlg as KeyOpAlg /** diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index b423013b6c3e..d5fe4e383f4d 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -3,6 +3,26 @@ private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers import EVPPKeyCtxInitializer +/** + * A base class for all final cipher operation steps. + */ +abstract class FinalCipherOperationStep extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base configuration for all EVP cipher operations. + */ +abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep { + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + /** * A base class for all EVP cipher operations. */ @@ -155,21 +175,6 @@ class EvpCipherUpdateCall extends OperationStep { override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base configuration for all EVP cipher operations. - */ -abstract class EvpCipherOperationFinalStep extends OperationStep { - override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - } - - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A Call to EVP_Cipher. */ @@ -259,7 +264,7 @@ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { * An EVP cipher operation instance. * Any operation step that is a final operation step for EVP cipher operation steps. */ -class EvpCipherOperationInstance extends Crypto::KeyOperationInstance instanceof EvpCipherOperationFinalStep +class OpenSslCipherOperationInstance extends Crypto::KeyOperationInstance instanceof FinalCipherOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll index 1878bfbe09f2..1922f04c3c64 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll @@ -6,6 +6,13 @@ private import experimental.quantum.Language private import OpenSSLOperationBase private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers +/** + * A base class for final digest operations. + */ +abstract class FinalDigestOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + /** * A call to and EVP digest initializer, such as: * - `EVP_DigestInit` @@ -51,18 +58,11 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call { override OperationStepType getStepType() { result = UpdateStep() } } -/** - * A base class for final digest operations. - */ -abstract class EvpFinalDigestOperationStep extends OperationStep { - override OperationStepType getStepType() { result = FinalStep() } -} - /** * A call to `EVP_Q_digest` * https://docs.openssl.org/3.0/man3/EVP_DigestInit/#synopsis */ -class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpQDigestOperation extends FinalDigestOperation instanceof Call { EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" } override DataFlow::Node getInput(IOType type) { @@ -81,7 +81,7 @@ class EvpQDigestOperation extends EvpFinalDigestOperationStep instanceof Call { } } -class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestOperation extends FinalDigestOperation instanceof Call { EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" } override DataFlow::Node getInput(IOType type) { @@ -98,7 +98,7 @@ class EvpDigestOperation extends EvpFinalDigestOperationStep instanceof Call { /** * A call to EVP_DigestFinal variants */ -class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call { +class EvpDigestFinalCall extends FinalDigestOperation instanceof Call { EvpDigestFinalCall() { this.getTarget().getName() in ["EVP_DigestFinal", "EVP_DigestFinal_ex", "EVP_DigestFinalXOF"] } @@ -118,7 +118,7 @@ class EvpDigestFinalCall extends EvpFinalDigestOperationStep instanceof Call { /** * An openssl digest final hash operation instance */ -class EvpDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof EvpFinalDigestOperationStep +class OpenSslDigestFinalOperationInstance extends Crypto::HashOperationInstance instanceof FinalDigestOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 2c146aec97f5..0685938b8850 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -43,6 +43,9 @@ class EvpKeyGenInitialize extends OperationStep { override OperationStepType getStepType() { result = InitializerStep() } } +/** + * A base class for final key generation operation steps. + */ abstract class KeyGenFinalOperationStep extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -165,7 +168,7 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { /** * An `KeyGenerationOperationInstance` for the for all key gen final operation steps. */ -class KeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep +class OpenSslKeyGenOperationInstance extends Crypto::KeyGenerationOperationInstance instanceof KeyGenFinalOperationStep { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index b9b498ee8df3..d097f68a4945 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -6,12 +6,24 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AvcFlow private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers private import experimental.quantum.OpenSSL.Operations.OpenSSLOperations +private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmInstances -// TODO: verification functions /** * A base class for final signature operations. + * The operation must be known to always be a signature operation, + * and not a MAC operation. + * NOTE: even an operation that may be a mac or signature but is known to take in + * only signature configurations should extend `SignatureOrMacFinalOperation`. */ -abstract class EvpSignatureFinalOperation extends OperationStep { +abstract class SignatureFinalOperation extends OperationStep { + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A base class for final signature or MAC operations. + * The operation must be known to always be a signature or MAC operation. + */ +abstract class SignatureOrMacFinalOperation extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } } @@ -141,7 +153,7 @@ class EvpSignatureUpdateCall extends OperationStep { /** * A call to EVP_SignFinal or EVP_SignFinal_ex. */ -class EvpSignFinal extends EvpSignatureFinalOperation { +class EvpSignFinal extends SignatureFinalOperation { EvpSignFinal() { this.getTarget().getName() in ["EVP_SignFinal_ex", "EVP_SignFinal"] } override DataFlow::Node getInput(IOType type) { @@ -162,10 +174,10 @@ class EvpSignFinal extends EvpSignatureFinalOperation { } /** - * A call to EVP_DigestSign or EVP_PKEY_sign. + * A call to EVP_PKEY_sign. */ -class EvpDigestSign extends EvpSignatureFinalOperation { - EvpDigestSign() { this.getTarget().getName() in ["EVP_DigestSign", "EVP_PKEY_sign"] } +class EvpPkeySign extends SignatureFinalOperation { + EvpPkeySign() { this.getTarget().getName() = "EVP_PKEY_sign" } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() @@ -181,15 +193,30 @@ class EvpDigestSign extends EvpSignatureFinalOperation { } /** - * A call to EVP_DigestSignFinal or EVP_PKEY_sign_message_final. + * A call to EVP_DigestSign. + * This is a mac or sign operation. */ -class EvpDigestAndPkeySignFinal extends EvpSignatureFinalOperation { - EvpDigestAndPkeySignFinal() { - this.getTarget().getName() in [ - "EVP_DigestSignFinal", - "EVP_PKEY_sign_message_final" - ] +class EvpDigestSign extends SignatureOrMacFinalOperation { + EvpDigestSign() { this.getTarget().getName() = "EVP_DigestSign" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(3) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() } +} + +/** + * A call to EVP_PKEY_sign_message_final. + */ +class EvpPkeySignFinal extends SignatureFinalOperation { + EvpPkeySignFinal() { this.getTarget().getName() = "EVP_PKEY_sign_message_final" } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = ContextIO() @@ -205,9 +232,124 @@ class EvpDigestAndPkeySignFinal extends EvpSignatureFinalOperation { } /** - * An EVP signature operation instance. + * A call to EVP_DigestSignFinal. + * This is a mac or sign operation. + */ +class EvpDigestSignFinal extends SignatureOrMacFinalOperation { + EvpDigestSignFinal() { this.getTarget().getName() = "EVP_DigestSignFinal" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + } + + override OperationStepType getStepType() { result = FinalStep() } +} + +/** + * A call to EVP_DigestVerifyInit or EVP_DigestVerifyInit_ex. + */ +class EvpDigestVerifyInit extends OperationStep { + EvpDigestVerifyInit() { + this.getTarget().getName() in ["EVP_DigestVerifyInit", "EVP_DigestVerifyInit_ex"] + } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(3) and + type = OsslLibContextIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(5) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit" and + result.asExpr() = this.getArgument(4) and + type = KeyIO() + or + this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and + result.asExpr() = this.getArgument(6) and + type = OsslParamIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to EVP_DigestVerifyUpdate. */ -class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof EvpSignatureFinalOperation +class EvpDigestVerifyUpdate extends OperationStep { + EvpDigestVerifyUpdate() { this.getTarget().getName() = "EVP_DigestVerifyUpdate" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to EVP_DigestVerifyFinal + */ +class EvpDigestVerifyFinal extends SignatureFinalOperation { + EvpDigestVerifyFinal() { this.getTarget().getName() = "EVP_DigestVerifyFinal" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to EVP_DigestVerify + */ +class EvpDigestVerify extends SignatureFinalOperation { + EvpDigestVerify() { this.getTarget().getName() = "EVP_DigestVerify" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(3) and type = PlaintextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * An instance of a signature operation. + * This is an OpenSSL specific class that extends the base SignatureOperationInstance. + */ +class OpenSslSignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof SignatureFinalOperation { override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { super.getPrimaryAlgorithmValueConsumer() = result @@ -217,7 +359,7 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i * Signing, verification or unknown. */ override Crypto::KeyOperationSubtype getKeyOperationSubtype() { - // TODO: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug + // NOTE: if this KeyOperationSubtype does not match initialization call's KeyOperationSubtype then we found a bug if super.getTarget().getName().toLowerCase().matches("%sign%") then result instanceof Crypto::TSignMode else @@ -227,18 +369,18 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i } override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { - // TODO: some signing operations may have explicit nonce generators - none() + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result } - /** - * Keys provided in the initialization call or in a context are found by this method. - * Keys in explicit arguments are found by overridden methods in extending classes. - */ override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result } + override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { + super.getDominatingInitializersToStep(SignatureIO()).getInput(SignatureIO()) = result + } + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { super.getOutputStepFlowingToStep(SignatureIO()).getOutput(SignatureIO()) = result } @@ -247,14 +389,58 @@ class EvpSignatureOperationInstance extends Crypto::SignatureOperationInstance i super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result } + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + super + .getDominatingInitializersToStep(HashAlgorithmIO()) + .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) + } +} + +/** + * A class for signature or MAC operation instances. + * This is an OpenSSL specific class that extends the base SignatureOrMacOperationInstance. + */ +class OpenSslSignatureOrMacOperationInstance extends Crypto::SignatureOrMacOperationInstance instanceof SignatureOrMacFinalOperation +{ + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + super.getPrimaryAlgorithmValueConsumer() = result + } + /** - * TODO: only signing operations for now, change when verificaiton is added + * Signing, verification or unknown. */ - override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { none() } + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { + result instanceof Crypto::TSignMode or result instanceof Crypto::TMacMode + } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { + // some signing operations may have explicit nonce generators + super.getDominatingInitializersToStep(IVorNonceIO()).getInput(IVorNonceIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + super.getDominatingInitializersToStep(KeyIO()).getInput(KeyIO()) = result + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + super.getOutputStepFlowingToStep(SignatureIO()).getOutput(SignatureIO()) = result + } + + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { + super.getDominatingInitializersToStep(PlaintextIO()).getInput(PlaintextIO()) = result + } override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { super .getDominatingInitializersToStep(HashAlgorithmIO()) .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result } + + override predicate hasHashAlgorithmConsumer() { + exists(super.getDominatingInitializersToStep(HashAlgorithmIO())) + } } diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index d8b1402b5e88..01448a2feb85 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -409,8 +409,6 @@ module CryptographyBase Input> { or exists(KeyDerivationOperationInstance op | inputNode = op.getInputConsumer()) or - exists(MacOperationInstance op | inputNode = op.getMessageConsumer()) - or exists(HashOperationInstance op | inputNode = op.getInputConsumer()) ) and this = Input::dfn_to_element(inputNode) @@ -545,8 +543,6 @@ module CryptographyBase Input> { or exists(KeyGenerationOperationInstance op | inputNode = op.getKeyValueConsumer()) or - exists(MacOperationInstance op | inputNode = op.getKeyConsumer()) - or exists(KeyAgreementSecretGenerationOperationInstance op | inputNode = op.getServerKeyConsumer() or inputNode = op.getPeerKeyConsumer() @@ -562,9 +558,10 @@ module CryptographyBase Input> { /** * A key-based cryptographic operation instance, encompassing: - * 1. **Ciphers**: Encryption and decryption, both symmetric and asymmetric - * 1. **Signing**: Signing and verifying, **NOT** including MACs (see `MACOperationInstance`) - * 1. **Key encapsulation**: Key wrapping and unwrapping + * - **Ciphers**: Encryption and decryption, both symmetric and asymmetric + * - **Signing**: Signing and verifying + * - **MACs**: Mac generation + * - **Key encapsulation**: Key wrapping and unwrapping * * This class represents a generic key operation that transforms input data * using a cryptographic key, producing an output artifact such as ciphertext, @@ -598,7 +595,8 @@ module CryptographyBase Input> { /** * Gets the consumer of the primary message input for this key operation. * For example: plaintext (for encryption), ciphertext (for decryption), - * message to be signed, or wrapped key to be unwrapped. + * a message to be signed or verified, the message on which a mac is generated, + * or a wrapped key to be unwrapped. */ abstract ConsumerInputDataFlowNode getInputConsumer(); @@ -614,25 +612,6 @@ module CryptographyBase Input> { abstract ArtifactOutputDataFlowNode getOutputArtifact(); } - /** - * A key operation instance representing a signature being generated or verified. - */ - abstract class SignatureOperationInstance extends KeyOperationInstance { - /** - * Gets the consumer of the signature that is being verified in case of a - * verification operation. - */ - abstract ConsumerInputDataFlowNode getSignatureConsumer(); - - /** - * Gets the consumer of a hash algorithm. - * This is intended for signature operations they are explicitly configured - * with a hash algorithm. If a signature is not configured with an explicit - * hash algorithm, users do not need to provide a consumer (set none()). - */ - abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); - } - /** * A key-based algorithm instance used in cryptographic operations such as encryption, decryption, * signing, verification, and key wrapping. @@ -651,6 +630,7 @@ module CryptographyBase Input> { * - `TSymmetricCipher(OtherSymmetricCipherType())` * - `TAsymmetricCipher(OtherAsymmetricCipherType())` * - `TSignature(OtherSignatureAlgorithmType())` + * - `TMacAlgorithm(OtherMacAlgorithmType())` * - `TKeyEncapsulation(OtherKEMAlgorithmType())` * * If the category of algorithm is not known, the following type should be used: @@ -710,6 +690,58 @@ module CryptographyBase Input> { predicate shouldHavePaddingScheme() { any() } } + // abstract class SignatureOrMacAlgorithmInstance extends KeyOperationAlgorithmInstance { + // SignatureOrMacAlgorithmInstance() { + // this.getAlgorithmType() = KeyOpAlg::TSignature(_) + // or + // this.getAlgorithmType() = KeyOpAlg::TMac(_) + // } + // override predicate shouldHaveModeOfOperation() { none() } + // /** + // * Gets the hash algorithm used by this signature algorithm. + // */ + // abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + // } + // abstract class SignatureAlgorithmInstance extends SignatureOrMacAlgorithmInstance { + // SignatureAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TSignature(_) } + // } + abstract class MacOperationInstance extends KeyOperationAlgorithmInstance { } + + abstract class HmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + HmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) } + + /** + * Gets the hash algorithm used by this HMAC algorithm. + */ + abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + + /** + * CMACs will have algorithms that have modes of operation but that + * is associated with the cipher algorithm, that is itself + * associated to the MAC algorithm. + */ + override predicate shouldHaveModeOfOperation() { none() } + + override ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + /** + * CMACs may have padding but the padding is associated with the cipher algorithm, + * that is itself associated to the MAC algorithm. + */ + override predicate shouldHavePaddingScheme() { none() } + + override PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + } + + abstract class CmacAlgorithmInstance extends KeyOperationAlgorithmInstance { + CmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::CMAC()) } + + /** + * Gets the cipher algorithm used by this CMAC algorithm. + */ + abstract AlgorithmValueConsumer getCipherAlgorithmValueConsumer(); + } + abstract class ModeOfOperationAlgorithmInstance extends AlgorithmInstance { /** * Gets the type of this mode of operation, e.g., "ECB" or "CBC". @@ -760,39 +792,44 @@ module CryptographyBase Input> { abstract HashAlgorithmInstance getMgf1HashAlgorithm(); } - abstract class MacAlgorithmInstance extends AlgorithmInstance { - /** - * Gets the type of this MAC algorithm, e.g., "HMAC" or "CMAC". - */ - abstract MacType getMacType(); - - /** - * Gets the isolated name as it appears in source, e.g., "HMAC-SHA256" in "HMAC-SHA256/UnrelatedInformation". - * - * This name should not be parsed or formatted beyond isolating the raw MAC name if necessary. - */ - abstract string getRawMacAlgorithmName(); - } - - abstract class MacOperationInstance extends OperationInstance { + /** + * A parent class for signature and MAC operations. + * Signatures and macs are the asymmetric and symmetric analogs of each other, + * and some APIs can reuse a single operation to do either signing on mac. + * Users should extend this class when an operation can be either a signature or a MAC, + * and where the instance is not obviously one or the other from use. + */ + abstract class SignatureOrMacOperationInstance extends KeyOperationInstance { /** - * Gets the message input used in this operation. + * Gets the consumer of a hash algorithm. + * This is intended for mac/signing operations they are explicitly configured + * with a hash algorithm. If the operation is not configured with an explicit + * hash algorithm, users do not need to provide a consumer (set none()). */ - abstract ConsumerInputDataFlowNode getMessageConsumer(); + abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); /** - * Gets the key used in this operation. + * Holds if this operation has a hash algorithm consumer. + * I.e., holds if the operation is configured to perform a hash + * on a message before signing and algorithm is passed in. + * The hash algorithm consumer must be specified through + * `getHashAlgorithmValueConsumer()`. */ - abstract ConsumerInputDataFlowNode getKeyConsumer(); + abstract predicate hasHashAlgorithmConsumer(); } - abstract class HmacAlgorithmInstance extends MacAlgorithmInstance { - HmacAlgorithmInstance() { this.getMacType() = HMAC() } - + /** + * A key operation instance representing a signature being generated or verified. + * Note: These instances are known to always be signature operations. + * If an API allows an operation to be used for both MAC and signature, + * it should be modeled as a `SignatureOrMacOperationInstance` instead, + * even if all configuration paths to the current operation only configure it as a signature operation. + */ + abstract class SignatureOperationInstance extends SignatureOrMacOperationInstance { /** - * Gets the hash algorithm used by this HMAC algorithm. + * Gets the consumer of the signature when this operation is a verification operation. */ - abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); + abstract ConsumerInputDataFlowNode getSignatureConsumer(); } abstract class EllipticCurveInstance extends AlgorithmInstance { @@ -1063,11 +1100,6 @@ module CryptographyBase Input> { exists(KeyOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } - private predicate isMacAvc(AlgorithmValueConsumer avc) { - exists(MacOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) or - exists(Pbkdf2AlgorithmInstance alg | avc = alg.getHmacAlgorithmValueConsumer()) - } - private predicate isKeyDerivationAvc(AlgorithmValueConsumer avc) { exists(KeyDerivationOperationInstance op | op.getAnAlgorithmValueConsumer() = avc) } @@ -1091,9 +1123,6 @@ module CryptographyBase Input> { final private class HashAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; - final private class MacAlgorithmInstanceOrValueConsumer = - AlgorithmInstanceOrValueConsumer::Union; - final private class KeyDerivationAlgorithmInstanceOrValueConsumer = AlgorithmInstanceOrValueConsumer::Union; @@ -1128,13 +1157,11 @@ module CryptographyBase Input> { TPaddingAlgorithm(PaddingAlgorithmInstance e) or // All other operations THashOperation(HashOperationInstance e) or - TMacOperation(MacOperationInstance e) or TKeyAgreementOperation(KeyAgreementSecretGenerationOperationInstance e) or // All other algorithms TEllipticCurve(EllipticCurveInstanceOrValueConsumer e) or THashAlgorithm(HashAlgorithmInstanceOrValueConsumer e) or TKeyDerivationAlgorithm(KeyDerivationAlgorithmInstanceOrValueConsumer e) or - TMacAlgorithm(MacAlgorithmInstanceOrValueConsumer e) or TKeyAgreementAlgorithm(KeyAgreementAlgorithmInstanceOrValueConsumer e) or // Generic source nodes, i.e., sources of data that are not resolvable to a specific known asset. TGenericSourceNode(GenericSourceInstance e) { @@ -1582,60 +1609,36 @@ module CryptographyBase Input> { /** * A MAC operation that produces a MAC value. */ - final class MacOperationNode extends OperationNode, TMacOperation { - MacOperationInstance instance; - - MacOperationNode() { this = TMacOperation(instance) } + final class MacOperationNode extends SignatureOrMacOperationNode { + MacOperationNode() { + this.getKeyOperationSubtype() = TMacMode() and + // Consider any operation a mac operation only if all algorithms going to the sink + // are MAC or unknown. This addresses the issue where an API allows for reuse of + // MAC operations for signatures. + forex(KeyOperationAlgorithmNode n | n = this.getAnAlgorithmOrGenericSource() | + n.getAlgorithmType() = KeyOpAlg::TMac(_) + ) + } final override string getInternalType() { result = "MACOperation" } override LocatableElement asElement() { result = instance } - override predicate isCandidateAlgorithmNode(AlgorithmNode node) { - node instanceof MacAlgorithmNode - } - MessageArtifactNode getAMessage() { - result.asElement() = instance.getMessageConsumer().getConsumer() + result.asElement() = instance.getInputConsumer().getConsumer() } - KeyArtifactNode getAKey() { result.asElement() = instance.getKeyConsumer().getConsumer() } - + //KeyArtifactNode getAKey() { result.asElement() = instance.getKeyConsumer().getConsumer() } override NodeBase getChild(string edgeName) { result = super.getChild(edgeName) or // [KNOWN_OR_UNKNOWN] edgeName = "Message" and - if exists(this.getAMessage()) then result = this.getAMessage() else result = this - or - // [KNOWN_OR_UNKNOWN] - edgeName = "Key" and - if exists(this.getAKey()) then result = this.getAKey() else result = this + (if exists(this.getAMessage()) then result = this.getAMessage() else result = this) } } - /** - * A MAC algorithm, such as HMAC or CMAC. - */ - class MacAlgorithmNode extends AlgorithmNode, TMacAlgorithm { - MacAlgorithmInstanceOrValueConsumer instance; - - MacAlgorithmNode() { this = TMacAlgorithm(instance) } - - final override string getInternalType() { result = "MACAlgorithm" } - - override LocatableElement asElement() { result = instance } - - final override string getRawAlgorithmName() { - result = instance.asAlg().getRawMacAlgorithmName() - } - - MacType getMacType() { result = instance.asAlg().getMacType() } - - override string getAlgorithmName() { result = this.getMacType().toString() } - } - - final class HmacAlgorithmNode extends MacAlgorithmNode { + final class HmacAlgorithmNode extends KeyAgreementAlgorithmNode { HmacAlgorithmInstance hmacInstance; HmacAlgorithmNode() { hmacInstance = instance.asAlg() } @@ -1871,6 +1874,7 @@ module CryptographyBase Input> { TUnwrapMode() or TSignMode() or TVerifyMode() or + TMacMode() or TUnknownKeyOperationMode() /** @@ -1890,6 +1894,8 @@ module CryptographyBase Input> { or result = "Verify" and this = TVerifyMode() or + result = "Mac" and this = TMacMode() + or result = "Unknown" and this = TUnknownKeyOperationMode() } } @@ -2001,14 +2007,31 @@ module CryptographyBase Input> { override string getInternalType() { result = nodeName } } - class SignatureOperationNode extends KeyOperationNode { + class SignatureOrMacOperationNode extends KeyOperationNode { + SignatureOrMacOperationNode() { + this.getKeyOperationSubtype() = TSignMode() + or + this.getKeyOperationSubtype() = TVerifyMode() + or + this.getKeyOperationSubtype() = TMacMode() + } + + override string getInternalType() { result = "SignatureOrMACOperation" } + } + + class SignatureOperationNode extends SignatureOrMacOperationNode { override SignatureOperationInstance instance; string nodeName; SignatureOperationNode() { - this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" - or - this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ( + this.getKeyOperationSubtype() = TSignMode() and nodeName = "SignOperation" + or + this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" + ) and + not exists(KeyOperationAlgorithmNode n | + n = this.getAnAlgorithmOrGenericSource() and n.getAlgorithmType() = KeyOpAlg::TMac(_) + ) } override string getInternalType() { result = nodeName } diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index 29c5b58d343a..929c92aefff1 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -14,6 +14,7 @@ module Types { TSymmetricCipher(TSymmetricCipherType t) or TAsymmetricCipher(TAsymmetricCipherType t) or TSignature(TSignatureAlgorithmType t) or + TMac(TMacAlgorithmType t) or TKeyEncapsulation(TKemAlgorithmType t) or TUnknownKeyOperationAlgorithmType() @@ -55,6 +56,11 @@ module Types { FRODO_KEM() or OtherKemAlgorithmType() + newtype TMacAlgorithmType = + HMAC() or + CMAC() or + OtherMacAlgorithmType() + newtype TCipherStructureType = Block() or Stream() or @@ -143,6 +149,13 @@ module Types { or this = TKeyEncapsulation(OtherKemAlgorithmType()) and result = "UnknownKEM" or + // MAC algorithms + this = TMac(HMAC()) and result = "HMAC" + or + this = TMac(CMAC()) and result = "CMAC" + or + this = TMac(OtherMacAlgorithmType()) and result = "UnknownMac" + or // Unknown this = TUnknownKeyOperationAlgorithmType() and result = "Unknown" } @@ -305,21 +318,6 @@ module Types { } } - newtype TMacType = - HMAC() or - CMAC() or - OtherMacType() - - class MacType extends TMacType { - string toString() { - this = HMAC() and result = "HMAC" - or - this = CMAC() and result = "CMAC" - or - this = OtherMacType() and result = "UnknownMacType" - } - } - // Key agreement algorithms newtype TKeyAgreementType = DH() or // Diffie-Hellman From d32e09ac3752d07c100d0dcd781b163d369b9447 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 1 Jul 2025 10:37:09 -0400 Subject: [PATCH 004/307] Crypto: Misc. cleanup and completed model refactor for Mac. Passing tests for openssl, refactor still required for JCA. --- .../Operations/OpenSSLOperationBase.qll | 42 +++----- .../library-tests/quantum/node_edges.expected | 99 ++++++++++++------- .../quantum/node_properties.expected | 23 +++-- .../library-tests/quantum/nodes.expected | 20 ++-- .../codeql/quantum/experimental/Model.qll | 45 ++++++--- 5 files changed, 137 insertions(+), 92 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index 389cb249058a..bddb7ef0728c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -127,7 +127,6 @@ class IOType extends TIOType { } } -//TODO: add more initializers as needed /** * The type of step in an `OperationStep`. * - `ContextCreationStep`: the creation of a context from an algorithm or key. @@ -249,8 +248,10 @@ abstract class OperationStep extends Call { /** * Gets an AVC for the primary algorithm for this operation. - * A primary algorithm is an AVC that flows to a ctx input directly or - * an AVC that flows to a primary algorithm input directly. + * A primary algorithm is an AVC that either: + * 1) flows to a ctx input directly or + * 2) flows to a primary algorithm input directly + * 3) flows to a key input directly (algorithm held in a key will be considered primary) * See `AvcContextCreationStep` for details about resetting scenarios. * Gets the first OperationStep an AVC flows to. If a context input, * the AVC is considered primary. @@ -259,15 +260,16 @@ abstract class OperationStep extends Call { */ Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred | - (t = PrimaryAlgorithmIO() or t = ContextIO()) and + (t = PrimaryAlgorithmIO() or t = ContextIO() or t = KeyIO()) and avcConsumingPred.flowsToOperationStep(this) and src.asExpr() = result and sink = avcConsumingPred.getInput(t) and AvcToOperationStepFlow::flow(src, sink) and ( - // Case 1: the avcConsumingPred step is a dominating initialization step - t = PrimaryAlgorithmIO() and - avcConsumingPred = this.getDominatingInitializersToStep(PrimaryAlgorithmIO()) + // Case 1: the avcConsumingPred step is a dominating primary algorithm initialization step + // or dominating key initialization step + (t = PrimaryAlgorithmIO() or t = KeyIO()) and + avcConsumingPred = this.getDominatingInitializersToStep(t) or // Case 2: the pred is a context input t = ContextIO() @@ -393,7 +395,9 @@ private class CtxCopyReturnCall extends CtxPassThroughCall, CtxPointerExpr { override DataFlow::Node getNode2() { result.asExpr() = this } } -// TODO: is this still needed? +// TODO: is this still needed? It appears to be (tests fail without it) but +// I don't know why as EVP_PKEY_paramgen is an operation step and we pass through +// operation steps already. /** * A call to `EVP_PKEY_paramgen` acts as a kind of pass through. * It's output pkey is eventually used in a new operation generating @@ -420,28 +424,6 @@ private class CtxParamGenCall extends CtxPassThroughCall { override DataFlow::Node getNode2() { result = n2 } } -//TODO: I am not sure CallArgToCtxRet is needed anymore -/** - * If the current node is an argument to a function - * that returns a pointer type, immediately flow through. - * NOTE: this passthrough is required if we allow - * intermediate steps to go into variables that are not a CTX type. - * See for example `CtxParamGenCall`. - */ -private class CallArgToCtxRet extends CtxPassThroughCall, CtxPointerExpr { - DataFlow::Node n1; - DataFlow::Node n2; - - CallArgToCtxRet() { - this.getAnArgument() = n1.asExpr() and - n2.asExpr() = this - } - - override DataFlow::Node getNode1() { result = n1 } - - override DataFlow::Node getNode2() { result = n2 } -} - /** * A flow configuration from any non-final `OperationStep` to any other `OperationStep`. */ diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 15d72d697fc8..348ba678bc63 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -34,15 +34,16 @@ | openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:22:155:41 | KeyGeneration | | openssl_basic.c:155:22:155:41 | KeyGeneration | KeyInput | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | Output | openssl_basic.c:155:22:155:41 | Key | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:155:64:155:66 | Key | Source | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:160:59:160:62 | Key | Source | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:163:35:163:41 | Message | Source | openssl_basic.c:181:49:181:87 | Constant | -| openssl_basic.c:167:9:167:27 | SignOperation | Algorithm | openssl_basic.c:167:9:167:27 | SignOperation | -| openssl_basic.c:167:9:167:27 | SignOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | -| openssl_basic.c:167:9:167:27 | SignOperation | Input | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | Key | openssl_basic.c:160:59:160:62 | Key | -| openssl_basic.c:167:9:167:27 | SignOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | HashAlgorithm | openssl_basic.c:160:39:160:48 | HashAlgorithm | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Input | openssl_basic.c:163:35:163:41 | Message | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Key | openssl_basic.c:160:59:160:62 | Key | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Nonce | openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | Output | openssl_basic.c:167:34:167:36 | SignatureOutput | | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Mode | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | Padding | openssl_basic.c:249:51:249:72 | PaddingAlgorithm | | openssl_basic.c:238:9:238:25 | KeyGeneration | Algorithm | openssl_basic.c:235:51:235:55 | KeyOperationAlgorithm | @@ -97,37 +98,67 @@ | openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:134:38:134:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:135:9:135:27 | SignOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:142:9:142:27 | SignOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:142:9:142:27 | SignOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:548:34:548:37 | Key | +| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:578:34:578:37 | Key | +| openssl_signature.c:166:40:166:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:166:40:166:46 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:165:54:165:57 | Key | +| openssl_signature.c:167:9:167:29 | VerifyOperation | Signature | openssl_signature.c:167:39:167:47 | SignatureInput | +| openssl_signature.c:167:39:167:47 | SignatureInput | Source | openssl_signature.c:142:37:142:46 | SignatureOutput | | openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:196:38:196:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:197:9:197:27 | SignOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:204:9:204:27 | SignOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:204:9:204:27 | SignOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:548:34:548:37 | Key | +| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:578:34:578:37 | Key | +| openssl_signature.c:234:40:234:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:196:38:196:44 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:234:40:234:46 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:190:57:190:60 | Key | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:228:59:228:62 | Key | +| openssl_signature.c:235:9:235:29 | VerifyOperation | Signature | openssl_signature.c:235:39:235:47 | SignatureInput | +| openssl_signature.c:235:39:235:47 | SignatureInput | Source | openssl_signature.c:204:37:204:46 | SignatureOutput | | openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | | openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | | openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index 5192e9c8c05a..2acaf5b0ed88 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -21,14 +21,15 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | Name | MD5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:144:67:144:73 | HashAlgorithm | RawName | EVP_md5 | openssl_basic.c:144:67:144:73 | openssl_basic.c:144:67:144:73 | | openssl_basic.c:155:22:155:41 | Key | KeyType | Asymmetric | openssl_basic.c:155:22:155:41 | openssl_basic.c:155:22:155:41 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | Name | HMAC | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | RawName | 855 | openssl_basic.c:155:43:155:55 | openssl_basic.c:155:43:155:55 | | openssl_basic.c:155:64:155:66 | Key | KeyType | Unknown | openssl_basic.c:155:64:155:66 | openssl_basic.c:155:64:155:66 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | DigestSize | 256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | Name | SHA2 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:39:160:48 | HashAlgorithm | RawName | EVP_sha256 | openssl_basic.c:160:39:160:48 | openssl_basic.c:160:39:160:48 | | openssl_basic.c:160:59:160:62 | Key | KeyType | Unknown | openssl_basic.c:160:59:160:62 | openssl_basic.c:160:59:160:62 | -| openssl_basic.c:167:9:167:27 | SignOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_basic.c:167:9:167:27 | openssl_basic.c:167:9:167:27 | | openssl_basic.c:179:43:179:76 | Constant | Description | 01234567890123456789012345678901 | openssl_basic.c:179:43:179:76 | openssl_basic.c:179:43:179:76 | | openssl_basic.c:180:42:180:59 | Constant | Description | 0123456789012345 | openssl_basic.c:180:42:180:59 | openssl_basic.c:180:42:180:59 | | openssl_basic.c:181:49:181:87 | Constant | Description | This is a test message for encryption | openssl_basic.c:181:49:181:87 | openssl_basic.c:181:49:181:87 | @@ -61,11 +62,19 @@ | openssl_signature.c:80:9:80:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:80:9:80:21 | openssl_signature.c:80:9:80:21 | | openssl_signature.c:80:53:80:56 | Key | KeyType | Unknown | openssl_signature.c:80:53:80:56 | openssl_signature.c:80:53:80:56 | | openssl_signature.c:133:52:133:55 | Key | KeyType | Unknown | openssl_signature.c:133:52:133:55 | openssl_signature.c:133:52:133:55 | -| openssl_signature.c:135:9:135:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | -| openssl_signature.c:142:9:142:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | +| openssl_signature.c:165:54:165:57 | Key | KeyType | Unknown | openssl_signature.c:165:54:165:57 | openssl_signature.c:165:54:165:57 | +| openssl_signature.c:167:9:167:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:167:9:167:29 | openssl_signature.c:167:9:167:29 | | openssl_signature.c:190:57:190:60 | Key | KeyType | Unknown | openssl_signature.c:190:57:190:60 | openssl_signature.c:190:57:190:60 | -| openssl_signature.c:197:9:197:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | -| openssl_signature.c:204:9:204:27 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | +| openssl_signature.c:228:59:228:62 | Key | KeyType | Unknown | openssl_signature.c:228:59:228:62 | openssl_signature.c:228:59:228:62 | +| openssl_signature.c:235:9:235:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:235:9:235:29 | openssl_signature.c:235:9:235:29 | | openssl_signature.c:260:39:260:42 | Key | KeyType | Unknown | openssl_signature.c:260:39:260:42 | openssl_signature.c:260:39:260:42 | | openssl_signature.c:263:9:263:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:263:9:263:21 | openssl_signature.c:263:9:263:21 | | openssl_signature.c:270:9:270:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:270:9:270:21 | openssl_signature.c:270:9:270:21 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 750a4367f22f..6245926f2110 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -24,12 +24,12 @@ | openssl_basic.c:144:67:144:73 | HashAlgorithm | | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | -| openssl_basic.c:155:43:155:55 | MACAlgorithm | +| openssl_basic.c:155:43:155:55 | HMACAlgorithm | | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:160:39:160:48 | HashAlgorithm | | openssl_basic.c:160:59:160:62 | Key | | openssl_basic.c:163:35:163:41 | Message | -| openssl_basic.c:167:9:167:27 | SignOperation | +| openssl_basic.c:167:9:167:27 | SignatureOrMACOperation | | openssl_basic.c:167:34:167:36 | SignatureOutput | | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:180:42:180:59 | Constant | @@ -69,16 +69,24 @@ | openssl_signature.c:80:53:80:56 | Key | | openssl_signature.c:133:52:133:55 | Key | | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignOperation | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignOperation | +| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | | openssl_signature.c:142:37:142:46 | SignatureOutput | +| openssl_signature.c:165:54:165:57 | Key | +| openssl_signature.c:166:40:166:46 | Message | +| openssl_signature.c:167:9:167:29 | VerifyOperation | +| openssl_signature.c:167:39:167:47 | SignatureInput | | openssl_signature.c:190:57:190:60 | Key | | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignOperation | +| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignOperation | +| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | | openssl_signature.c:204:37:204:46 | SignatureOutput | +| openssl_signature.c:228:59:228:62 | Key | +| openssl_signature.c:234:40:234:46 | Message | +| openssl_signature.c:235:9:235:29 | VerifyOperation | +| openssl_signature.c:235:39:235:47 | SignatureInput | | openssl_signature.c:260:39:260:42 | Key | | openssl_signature.c:263:9:263:21 | SignOperation | | openssl_signature.c:263:33:263:36 | SignatureOutput | diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 01448a2feb85..fa3145e4aecf 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1612,12 +1612,8 @@ module CryptographyBase Input> { final class MacOperationNode extends SignatureOrMacOperationNode { MacOperationNode() { this.getKeyOperationSubtype() = TMacMode() and - // Consider any operation a mac operation only if all algorithms going to the sink - // are MAC or unknown. This addresses the issue where an API allows for reuse of - // MAC operations for signatures. - forex(KeyOperationAlgorithmNode n | n = this.getAnAlgorithmOrGenericSource() | - n.getAlgorithmType() = KeyOpAlg::TMac(_) - ) + // If the type type could be a mac, then we will not consider it a mac operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) } final override string getInternalType() { result = "MACOperation" } @@ -1628,7 +1624,6 @@ module CryptographyBase Input> { result.asElement() = instance.getInputConsumer().getConsumer() } - //KeyArtifactNode getAKey() { result.asElement() = instance.getKeyConsumer().getConsumer() } override NodeBase getChild(string edgeName) { result = super.getChild(edgeName) or @@ -1638,11 +1633,21 @@ module CryptographyBase Input> { } } - final class HmacAlgorithmNode extends KeyAgreementAlgorithmNode { + abstract class MacAlgorithmNode extends KeyOperationAlgorithmNode { + MacAlgorithmNode() { + instance.(KeyOperationAlgorithmInstance).getAlgorithmType() = KeyOpAlg::TMac(_) + } + + override string getInternalType() { result = "MACAlgorithm" } + } + + final class HmacAlgorithmNode extends MacAlgorithmNode { HmacAlgorithmInstance hmacInstance; HmacAlgorithmNode() { hmacInstance = instance.asAlg() } + override string getInternalType() { result = "HMACAlgorithm" } + NodeBase getHashAlgorithmOrUnknown() { result.asElement() = hmacInstance.getHashAlgorithmValueConsumer().getASource() } @@ -1658,6 +1663,7 @@ module CryptographyBase Input> { } } + // TODO: CMAC model class KeyAgreementOperationNode extends OperationNode, TKeyAgreementOperation { KeyAgreementSecretGenerationOperationInstance instance; @@ -2008,6 +2014,8 @@ module CryptographyBase Input> { } class SignatureOrMacOperationNode extends KeyOperationNode { + override SignatureOrMacOperationInstance instance; + SignatureOrMacOperationNode() { this.getKeyOperationSubtype() = TSignMode() or @@ -2017,6 +2025,18 @@ module CryptographyBase Input> { } override string getInternalType() { result = "SignatureOrMACOperation" } + + HashAlgorithmNode getHashAlgorithm() { + result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() + } + + override NodeBase getChild(string key) { + result = super.getChild(key) + or + // [KNOWN_OR_UNKNOWN] + key = "HashAlgorithm" and + (if exists(this.getHashAlgorithm()) then result = this.getHashAlgorithm() else result = this) + } } class SignatureOperationNode extends SignatureOrMacOperationNode { @@ -2029,9 +2049,8 @@ module CryptographyBase Input> { or this.getKeyOperationSubtype() = TVerifyMode() and nodeName = "VerifyOperation" ) and - not exists(KeyOperationAlgorithmNode n | - n = this.getAnAlgorithmOrGenericSource() and n.getAlgorithmType() = KeyOpAlg::TMac(_) - ) + // If the type could be a mac, then we will not consider it a signature operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) } override string getInternalType() { result = nodeName } @@ -2040,10 +2059,6 @@ module CryptographyBase Input> { result.asElement() = instance.getSignatureConsumer().getConsumer() } - HashAlgorithmNode getHashAlgorithm() { - result = instance.getHashAlgorithmValueConsumer().getAKnownSourceNode() - } - override NodeBase getChild(string key) { result = super.getChild(key) or From 0270fac4e771f897ec4ae5a6d731ad39f75066a7 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 1 Jul 2025 11:51:40 -0400 Subject: [PATCH 005/307] Crypto: Update model to have a mac operation instance that extends the signature or mac operation instance. --- .../codeql/quantum/experimental/Model.qll | 19 ++----------------- 1 file changed, 2 insertions(+), 17 deletions(-) diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index fa3145e4aecf..672077d71e69 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -690,23 +690,6 @@ module CryptographyBase Input> { predicate shouldHavePaddingScheme() { any() } } - // abstract class SignatureOrMacAlgorithmInstance extends KeyOperationAlgorithmInstance { - // SignatureOrMacAlgorithmInstance() { - // this.getAlgorithmType() = KeyOpAlg::TSignature(_) - // or - // this.getAlgorithmType() = KeyOpAlg::TMac(_) - // } - // override predicate shouldHaveModeOfOperation() { none() } - // /** - // * Gets the hash algorithm used by this signature algorithm. - // */ - // abstract AlgorithmValueConsumer getHashAlgorithmValueConsumer(); - // } - // abstract class SignatureAlgorithmInstance extends SignatureOrMacAlgorithmInstance { - // SignatureAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TSignature(_) } - // } - abstract class MacOperationInstance extends KeyOperationAlgorithmInstance { } - abstract class HmacAlgorithmInstance extends KeyOperationAlgorithmInstance { HmacAlgorithmInstance() { this.getAlgorithmType() = KeyOpAlg::TMac(KeyOpAlg::HMAC()) } @@ -832,6 +815,8 @@ module CryptographyBase Input> { abstract ConsumerInputDataFlowNode getSignatureConsumer(); } + abstract class MacOperationInstance extends SignatureOrMacOperationInstance { } + abstract class EllipticCurveInstance extends AlgorithmInstance { /** * Gets the isolated name as it appears in source From 88d36aa57435211d6c3e62a65b13e118a665f559 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 1 Jul 2025 12:19:15 -0400 Subject: [PATCH 006/307] Crypto: Intermediate JCA updates to support new MAC model. Work in progress. --- java/ql/lib/experimental/quantum/JCA.qll | 38 ++++++++++++++++-------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index dc86c4637505..e4092d2f4fb3 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -5,6 +5,7 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking import semmle.code.java.controlflow.Dominance +private import Crypto::KeyOpAlg as KeyOpAlg module JCAModel { import Language @@ -205,12 +206,6 @@ module JCAModel { ) } - bindingset[name] - predicate mac_name_to_mac_type_known(Crypto::TMacType type, string name) { - type = Crypto::HMAC() and - name.toUpperCase().matches("HMAC%") - } - bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and @@ -1480,7 +1475,7 @@ module JCAModel { module MacInitCallToMacOperationFlow = DataFlow::Global; - class KnownMacAlgorithm extends Crypto::MacAlgorithmInstance instanceof StringLiteral { + class KnownMacAlgorithm extends Crypto::KeyOperationAlgorithmInstance instanceof StringLiteral { MacGetInstanceAlgorithmValueConsumer consumer; KnownMacAlgorithm() { @@ -1490,13 +1485,30 @@ module JCAModel { MacGetInstanceAlgorithmValueConsumer getConsumer() { result = consumer } - override string getRawMacAlgorithmName() { result = super.getValue() } + override string getRawAlgorithmName() { result = super.getValue() } - override Crypto::MacType getMacType() { - if mac_name_to_mac_type_known(_, super.getValue()) - then mac_name_to_mac_type_known(result, super.getValue()) - else result = Crypto::OtherMacType() + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if super.getValue().toUpperCase().matches("HMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + else + if super.getValue().toUpperCase().matches("CMAC%") + then result = KeyOpAlg::TMac(KeyOpAlg::CMAC()) + else result = KeyOpAlg::TMac(KeyOpAlg::OtherMacAlgorithmType()) + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } } class MacGetInstanceCall extends MethodCall { @@ -1566,7 +1578,7 @@ module JCAModel { ) } - override Crypto::ConsumerInputDataFlowNode getMessageConsumer() { + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { result.asExpr() = super.getArgument(0) and super.getMethod().getParameterType(0).hasName("byte[]") } From ff930459387d997aa9f4cc297cba5cc8c7f6e58f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 1 Jul 2025 12:21:51 -0400 Subject: [PATCH 007/307] Crypto: remove JCA bad import. --- java/ql/lib/experimental/quantum/JCA.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index e4092d2f4fb3..f6f5ba71ec2a 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -5,7 +5,6 @@ import java import semmle.code.java.dataflow.DataFlow import semmle.code.java.dataflow.TaintTracking import semmle.code.java.controlflow.Dominance -private import Crypto::KeyOpAlg as KeyOpAlg module JCAModel { import Language From a98f4c29d3567c44c8499e198b81195a720a7961 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 1 Jul 2025 12:26:50 -0400 Subject: [PATCH 008/307] Crypto: Code scanning warning fix. --- shared/quantum/codeql/quantum/experimental/Model.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 672077d71e69..ec09468b5d2f 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1597,7 +1597,7 @@ module CryptographyBase Input> { final class MacOperationNode extends SignatureOrMacOperationNode { MacOperationNode() { this.getKeyOperationSubtype() = TMacMode() and - // If the type type could be a mac, then we will not consider it a mac operation exclusively. + // If the type could be a mac, then we will not consider it a mac operation exclusively. not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) } From adf01e76cdf004c0128a12828a4cb4e17093ef0a Mon Sep 17 00:00:00 2001 From: Marcono1234 Date: Thu, 7 Aug 2025 16:02:36 +0200 Subject: [PATCH 009/307] Doc: Fix link to `warnOnImplicitThis` GitHub docs --- docs/codeql/ql-language-reference/formulas.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/ql-language-reference/formulas.rst b/docs/codeql/ql-language-reference/formulas.rst index 8745217decc9..c17ba858ed7c 100644 --- a/docs/codeql/ql-language-reference/formulas.rst +++ b/docs/codeql/ql-language-reference/formulas.rst @@ -193,7 +193,7 @@ information on cartesian products, see ":ref:`Troubleshooting query performance `". It is possible to enable warnings about implicit this receivers for `CodeQL packs -`__ +`__ through the ``warnOnImplicitThis`` property. .. _parenthesized-formulas: From 33aa6c94df17cf294f1b93b81d78c5e34d3c6f67 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 20 Aug 2025 13:21:18 -0400 Subject: [PATCH 010/307] Crypto: Adding tests for reuse nonce query for JAVA/JCA. --- .../quantum/NonceReuse/NonceReuse.expected | 4 + .../quantum/NonceReuse/NonceReuse.qlref | 1 + .../query-tests/quantum/NonceReuse/Test.java | 108 ++++++++++++++++++ 3 files changed, 113 insertions(+) create mode 100644 java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected create mode 100644 java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref create mode 100644 java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected new file mode 100644 index 000000000000..7afd24f0dfb7 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected @@ -0,0 +1,4 @@ +| Test.java:48:47:48:52 | Nonce | Reuse with nonce $@ | Test.java:57:47:57:52 | Nonce | Nonce | +| Test.java:57:47:57:52 | Nonce | Reuse with nonce $@ | Test.java:48:47:48:52 | Nonce | Nonce | +| Test.java:85:48:85:54 | Nonce | Reuse with nonce $@ | Test.java:91:49:91:55 | Nonce | Nonce | +| Test.java:91:49:91:55 | Nonce | Reuse with nonce $@ | Test.java:85:48:85:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref new file mode 100644 index 000000000000..bfe67a6c2e8e --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.qlref @@ -0,0 +1 @@ +experimental/quantum/Analysis/ReusedNonce.ql \ No newline at end of file diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java new file mode 100644 index 000000000000..cfb4c2e4fda4 --- /dev/null +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java @@ -0,0 +1,108 @@ +package com.example.crypto.artifacts; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; +import java.util.random.*; +import java.util.Properties; +import java.util.Random; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Arrays; + +public class Test { + + public static SecretKey generateAESKey()throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + + private static byte[] getRandomWrapper1()throws Exception { + byte[] val = new byte[16]; + new SecureRandom().nextBytes(val); + return val; + } + + private static byte[] getRandomWrapper2A()throws Exception { + byte[] val; + val = getRandomWrapper1(); + funcA1(val); + return val; + } + + private static byte[] getRandomWrapper2b()throws Exception { + byte[] val; + val = getRandomWrapper1(); + return val; + } + + private static void funcA1(byte[] iv)throws Exception { + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcB1 + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcB1()throws Exception { + byte[] iv = getRandomWrapper2A(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // BAD: Reuse of `iv` in funcA1 + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcA2()throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + private static void funcB2()throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); // GOOD + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + + private static void funcA3() throws Exception { + byte[] iv = getRandomWrapper2b(); + IvParameterSpec ivSpec1 = new IvParameterSpec(iv); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key1 = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key1, ivSpec1); // BAD: reuse of `iv` below + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + + IvParameterSpec ivSpec2 = new IvParameterSpec(iv); + Cipher cipher2 = Cipher.getInstance("AES/CBC/PKCS5Padding"); + SecretKey key2 = generateAESKey(); + cipher2.init(Cipher.ENCRYPT_MODE, key2, ivSpec2); // BAD: Reuse of `iv` above + byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); + } + + + + + public static void main(String[] args) { + try{ + funcA2(); + funcB1(); + funcB2(); + } + catch(Exception e) { + e.printStackTrace(); + } + } +} From 30a07763e8de5588394fb3b6d97e053889d506d8 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 20 Aug 2025 13:28:28 -0400 Subject: [PATCH 011/307] Crypto: Copilot suggested code changes. --- .../query-tests/quantum/NonceReuse/NonceReuse.expected | 8 ++++---- .../experimental/query-tests/quantum/NonceReuse/Test.java | 1 - 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected index 7afd24f0dfb7..7372722c2f57 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected @@ -1,4 +1,4 @@ -| Test.java:48:47:48:52 | Nonce | Reuse with nonce $@ | Test.java:57:47:57:52 | Nonce | Nonce | -| Test.java:57:47:57:52 | Nonce | Reuse with nonce $@ | Test.java:48:47:48:52 | Nonce | Nonce | -| Test.java:85:48:85:54 | Nonce | Reuse with nonce $@ | Test.java:91:49:91:55 | Nonce | Nonce | -| Test.java:91:49:91:55 | Nonce | Reuse with nonce $@ | Test.java:85:48:85:54 | Nonce | Nonce | +| Test.java:47:47:47:52 | Nonce | Reuse with nonce $@ | Test.java:56:47:56:52 | Nonce | Nonce | +| Test.java:56:47:56:52 | Nonce | Reuse with nonce $@ | Test.java:47:47:47:52 | Nonce | Nonce | +| Test.java:84:48:84:54 | Nonce | Reuse with nonce $@ | Test.java:90:49:90:55 | Nonce | Nonce | +| Test.java:90:49:90:55 | Nonce | Reuse with nonce $@ | Test.java:84:48:84:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java index cfb4c2e4fda4..2f3aab5b6ef3 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java @@ -6,7 +6,6 @@ import javax.crypto.spec.GCMParameterSpec; import java.security.*; import java.util.Base64; -import java.util.random.*; import java.util.Properties; import java.util.Random; import java.io.FileInputStream; From ec7e41cb30e3fdc66edfe8408465d508ca6fe2ba Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 21 Aug 2025 15:05:45 -0400 Subject: [PATCH 012/307] Crypto: Fixed issues in CBOM representations (gaps in the underlying model) and simplified unit tests in terms of the graph complexity to aid visual assessments of model correctness. --- .../KnownAlgorithmConstants.qll | 5 +- .../HashAlgorithmValueConsumer.qll | 17 + .../PaddingAlgorithmValueConsumer.qll | 2 +- .../SignatureAlgorithmValueConsumer.qll | 2 +- .../Operations/EVPPKeyCtxInitializer.qll | 28 ++ .../OpenSSL/Operations/KeyGenOperation.qll | 9 +- .../Operations/OpenSSLOperationBase.qll | 18 +- .../OpenSSL/Operations/SignatureOperation.qll | 182 +++++++- .../library-tests/quantum/node_edges.expected | 320 +++++++------ .../quantum/node_properties.expected | 159 +++++-- .../library-tests/quantum/nodes.expected | 20 + .../library-tests/quantum/openssl_signature.c | 426 ++++++++++-------- 12 files changed, 795 insertions(+), 393 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll index 4328253f1a4f..06bbee745445 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll @@ -171,7 +171,10 @@ class KnownOpenSslKeyAgreementAlgorithmExpr extends Expr instanceof KnownOpenSsl } predicate knownOpenSslAlgorithmOperationCall(Call c, string normalized, string algType) { - c.getTarget().getName() in ["EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new"] and + c.getTarget().getName() in [ + "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify", + "EVP_PKEY_get1_RSA" + ] and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll index 114cf78a112e..f2a29ad37d86 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll @@ -87,3 +87,20 @@ class EvpDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer { exists(OpenSslAlgorithmInstance i | i.getAvc() = this and result = i) } } + +class RsaSignOrVerifyHashAlgorithmValueConsumer extends HashAlgorithmValueConsumer { + DataFlow::Node valueArgNode; + + RsaSignOrVerifyHashAlgorithmValueConsumer() { + this.(Call).getTarget().getName() in ["RSA_sign", "RSA_verify"] and + valueArgNode.asExpr() = this.(Call).getArgument(0) + } + + override DataFlow::Node getResultNode() { none() } + + override Crypto::ConsumerInputDataFlowNode getInputNode() { result = valueArgNode } + + override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { + exists(OpenSslAlgorithmInstance i | i.getAvc() = this and result = i) + } +} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll index f080fc0f12a2..9ebc1379610a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll @@ -14,7 +14,7 @@ class Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorit DataFlow::Node resultNode; Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer() { - resultNode.asExpr() = this and + resultNode.asExpr() = this.(Call).getArgument(0) and this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and valueArgNode.asExpr() = this.(Call).getArgument(1) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll index c6f3fb8959c8..882d9dd30ba6 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll @@ -18,7 +18,7 @@ class EvpSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and valueArgNode.asExpr() = this.(Call).getArgument(1) // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA - // DSA_SIG_new, DSA_SIG_get0, RSA_sign ? + // DSA_SIG_new, DSA_SIG_get0 ? ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 9d9b14c6d2fc..2761d8d6bc87 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -1,5 +1,10 @@ /** * Initializers for EVP PKey + * These are used to create a Pkey context or set properties on a Pkey context + * e.g., key size, hash algorithms, curves, padding schemes, etc. + * Meant to capture more general purpose initializers that aren't necessarily + * tied to a specific operation. If tied to an operation (i.e., in the docs) + * we recommend defining defining all together in the same operation definition qll. * including: * https://docs.openssl.org/3.0/man3/EVP_PKEY_CTX_ctrl/ * https://docs.openssl.org/3.0/man3/EVP_EncryptInit/#synopsis @@ -195,3 +200,26 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep { override OperationStepType getStepType() { result = InitializerStep() } } + +/** + * A call to `EVP_PKEY_get1_RSA` or `EVP_PKEY_get1_DSA` + * - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + * - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); + */ +class EvpPkeyGet1RsaOrDsa extends OperationStep { + EvpPkeyGet1RsaOrDsa() { this.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] } + + override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + + override DataFlow::Node getInput(IOType type) { + // Key being loaded or created from another location + result.asExpr() = this.getArgument(0) and type = KeyIO() + } + + /** + * Consider this to be an intialization step. A key is accepted and a different key is produced. + * It doesn't create a new context or new key. It isn't quite an initialiation for an operaiton + * either. + */ + override OperationStepType getStepType() { result = InitializerStep() } +} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 0685938b8850..5d0d08899246 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -149,21 +149,16 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { EvpNewMacKey() { this.getTarget().getName() = "EVP_PKEY_new_mac_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() - or // the raw key that is configured into the output key result.asExpr() = this.getArgument(2) and type = KeyIO() or result.asExpr() = this.getArgument(3) and type = KeySizeIO() } - override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this and type = KeyIO() - or - result.asExpr() = this.getArgument(0) and type = ContextIO() - } + override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } } + /// TODO: https://docs.openssl.org/3.0/man3/EVP_PKEY_new/#synopsis /** * An `KeyGenerationOperationInstance` for the for all key gen final operation steps. diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index bddb7ef0728c..3ebd53dae79c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -75,11 +75,13 @@ newtype TIOType = PaddingAlgorithmIO() or // Plaintext also includes a message for digest, signature, verification, and mac generation PlaintextIO() or + PlaintextSizeIO() or PrimaryAlgorithmIO() or RandomSourceIO() or SaltLengthIO() or SeedIO() or - SignatureIO() + SignatureIO() or + SignatureSizeIO() private string ioTypeToString(TIOType t) { t = CiphertextIO() and result = "CiphertextIO" @@ -108,6 +110,8 @@ private string ioTypeToString(TIOType t) { or t = PlaintextIO() and result = "PlaintextIO" or + t = PlaintextSizeIO() and result = "PlaintextSizeIO" + or t = PrimaryAlgorithmIO() and result = "PrimaryAlgorithmIO" or t = RandomSourceIO() and result = "RandomSourceIO" @@ -117,6 +121,8 @@ private string ioTypeToString(TIOType t) { t = SeedIO() and result = "SeedIO" or t = SignatureIO() and result = "SignatureIO" + or + t = SignatureSizeIO() and result = "SignatureSizeIO" } class IOType extends TIOType { @@ -131,8 +137,9 @@ class IOType extends TIOType { * The type of step in an `OperationStep`. * - `ContextCreationStep`: the creation of a context from an algorithm or key. * for example `EVP_MD_CTX_create(EVP_sha256())` or `EVP_PKEY_CTX_new(pkey, NULL)` - * - `InitializerStep`: the initialization of an operation through some sort of shared/accumulated context - * for example `EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)` + * - `InitializerStep`: the initialization of an operation or state through some sort of shared/accumulated context + * for example `EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)`, may also be used for pass through + * configuration, for example `EVP_PKEY_get1_RSA(key)` where a pkey is input into an RSA key return. * - `UpdateStep`: any operation that has and update/final paradigm, the update represents an intermediate step in an operation, * such as `EVP_DigestUpdate(ctx, data, len)` * - `FinalStep`: an ultimate operation step. This may be an explicit 'final' in an update/final paradigm, but not necessarily. @@ -249,8 +256,9 @@ abstract class OperationStep extends Call { /** * Gets an AVC for the primary algorithm for this operation. * A primary algorithm is an AVC that either: + * 0) `this` is an AVC (consider direct algorithm consumers like RSA_sign (algorithm is implicit) or EVP_PKEY_new_mac_key (NID is first arg) ) * 1) flows to a ctx input directly or - * 2) flows to a primary algorithm input directly + * 2) flows to a primary algorithm input directly or * 3) flows to a key input directly (algorithm held in a key will be considered primary) * See `AvcContextCreationStep` for details about resetting scenarios. * Gets the first OperationStep an AVC flows to. If a context input, @@ -259,6 +267,8 @@ abstract class OperationStep extends Call { * operation step (dominating operation step, see `getDominatingInitializersToStep`). */ Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { + this instanceof Crypto::AlgorithmValueConsumer and result = this + or exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred | (t = PrimaryAlgorithmIO() or t = ContextIO() or t = KeyIO()) and avcConsumingPred.flowsToOperationStep(this) and diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index d097f68a4945..ac1947926801 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -11,7 +11,7 @@ private import experimental.quantum.OpenSSL.AlgorithmInstances.OpenSSLAlgorithmI /** * A base class for final signature operations. * The operation must be known to always be a signature operation, - * and not a MAC operation. + * and not a MAC operation. Used for both verification and signing. * NOTE: even an operation that may be a mac or signature but is known to take in * only signature configurations should extend `SignatureOrMacFinalOperation`. */ @@ -22,6 +22,7 @@ abstract class SignatureFinalOperation extends OperationStep { /** * A base class for final signature or MAC operations. * The operation must be known to always be a signature or MAC operation. + * Used for both verification or signing. */ abstract class SignatureOrMacFinalOperation extends OperationStep { override OperationStepType getStepType() { result = FinalStep() } @@ -227,8 +228,6 @@ class EvpPkeySignFinal extends SignatureFinalOperation { or result.asExpr() = this.getArgument(1) and type = SignatureIO() } - - override OperationStepType getStepType() { result = FinalStep() } } /** @@ -345,6 +344,161 @@ class EvpDigestVerify extends SignatureFinalOperation { } } +/** + * A call to `EVP_PKEY_verify_init`, `EVP_PKEY_verify_init_ex`, + * `EVP_PKEY_verify_init_ex2`, or `EVP_PKEY_verify_message_init` + * https://docs.openssl.org/master/man3/EVP_PKEY_verify/#synopsis + */ +class EvpVerifyInit extends OperationStep { + EvpVerifyInit() { + this.getTarget().getName() in [ + "EVP_PKEY_verify_init", "EVP_PKEY_verify_init_ex", "EVP_PKEY_verify_init_ex2", + "EVP_PKEY_verify_message_init" + ] + } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + this.getTarget().getName() = "EVP_PKEY_verify_init_ex" and + result.asExpr() = this.getArgument(1) and + type = OsslParamIO() + or + this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and + result.asExpr() = this.getArgument(1) and + type = PrimaryAlgorithmIO() + or + this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and + result.asExpr() = this.getArgument(2) and + type = OsslParamIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_PKEY_CTX_set_signature` + * https://docs.openssl.org/master/man3/EVP_PKEY_verify/ + */ +class EvpCtxSetSignatureInitializer extends OperationStep { + EvpCtxSetSignatureInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_signature" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_PKEY_verify_message_update`. + */ +class EvpVerifyMessageUpdate extends OperationStep { + EvpVerifyMessageUpdate() { this.getTarget().getName() = "EVP_PKEY_verify_message_update" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to `EVP_PKEY_verify_message_final`. + */ +class EvpVerifyMessageFinal extends SignatureFinalOperation { + EvpVerifyMessageFinal() { this.getTarget().getName() = "EVP_PKEY_verify_message_final" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to `EVP_PKEY_verify` + */ +class EvpVerify extends SignatureFinalOperation { + EvpVerify() { this.getTarget().getName() = "EVP_PKEY_verify" } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + result.asExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + or + result.asExpr() = this.getArgument(3) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(4) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + } +} + +/** + * A call to `RSA_sign` or `RSA_verify`. + * https://docs.openssl.org/3.0/man3/RSA_sign/ + */ +class RsaSign extends SignatureFinalOperation { + RsaSign() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] } + + override DataFlow::Node getInput(IOType type) { + result.asExpr() = this.getArgument(0) and type = HashAlgorithmIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() + or + this.getTarget().getName() = "RSA_verify" and + result.asExpr() = this.getArgument(3) and + type = SignatureIO() + or + this.getTarget().getName() = "RSA_verify" and + result.asExpr() = this.getArgument(4) and + type = SignatureSizeIO() + or + result.asExpr() = this.getArgument(5) and type = KeyIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asExpr() = this.getArgument(0) and type = ContextIO() + or + this.getTarget().getName() = "RSA_sign" and + result.asDefiningArgument() = this.getArgument(3) and + type = SignatureIO() + or + this.getTarget().getName() = "RSA_sign" and + type = SignatureSizeIO() and + result.asDefiningArgument() = this.getArgument(4) + } +} + /** * An instance of a signature operation. * This is an OpenSSL specific class that extends the base SignatureOperationInstance. @@ -393,6 +547,17 @@ class OpenSslSignatureOperationInstance extends Crypto::SignatureOperationInstan super .getDominatingInitializersToStep(HashAlgorithmIO()) .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + or + // Handle cases where the hash is set through the primary algorithm + // RSA-SHA256 for example + // NOTE: assuming the hash would not be overridden, or if it is it is undefined + // i.e., if the above dominating initializer exists and the primary algorithm + // specifies a hash, consider both valid hash AVCs. + // TODO: can this behavior be build into the get dominating initializers? + super.getPrimaryAlgorithmValueConsumer() = result and + exists(OpenSslAlgorithmInstance i | + i.getAvc() = result and i instanceof Crypto::HashAlgorithmInstance + ) } override predicate hasHashAlgorithmConsumer() { @@ -438,6 +603,17 @@ class OpenSslSignatureOrMacOperationInstance extends Crypto::SignatureOrMacOpera super .getDominatingInitializersToStep(HashAlgorithmIO()) .getAlgorithmValueConsumerForInput(HashAlgorithmIO()) = result + or + // Handle cases where the hash is set through the primary algorithm + // RSA-SHA256 for example + // NOTE: assuming the hash would not be overridden, or if it is it is undefined + // i.e., if the above dominating initializer exists and the primary algorithm + // specifies a hash, consider both valid hash AVCs. + // TODO: can this behavior be build into the get dominating initializers? + super.getPrimaryAlgorithmValueConsumer() = result and + exists(OpenSslAlgorithmInstance i | + i.getAvc() = result and i instanceof Crypto::HashAlgorithmInstance + ) } override predicate hasHashAlgorithmConsumer() { diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 348ba678bc63..707643fcaedf 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -30,8 +30,8 @@ | openssl_basic.c:144:13:144:22 | HashOperation | Message | openssl_basic.c:144:24:144:30 | Message | | openssl_basic.c:144:24:144:30 | Message | Source | openssl_basic.c:181:49:181:87 | Constant | | openssl_basic.c:144:46:144:51 | Digest | Source | openssl_basic.c:144:46:144:51 | Digest | -| openssl_basic.c:155:22:155:41 | Key | Algorithm | openssl_basic.c:155:22:155:41 | Key | -| openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:22:155:41 | KeyGeneration | +| openssl_basic.c:155:22:155:41 | Key | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | +| openssl_basic.c:155:22:155:41 | KeyGeneration | Algorithm | openssl_basic.c:155:43:155:55 | HMACAlgorithm | | openssl_basic.c:155:22:155:41 | KeyGeneration | KeyInput | openssl_basic.c:155:64:155:66 | Key | | openssl_basic.c:155:22:155:41 | KeyGeneration | Output | openssl_basic.c:155:22:155:41 | Key | | openssl_basic.c:155:43:155:55 | HMACAlgorithm | H | openssl_basic.c:160:39:160:48 | HashAlgorithm | @@ -58,11 +58,11 @@ | openssl_basic.c:262:24:262:39 | EncryptOperation | Nonce | openssl_basic.c:262:24:262:39 | EncryptOperation | | openssl_basic.c:262:24:262:39 | EncryptOperation | Output | openssl_basic.c:262:54:262:63 | KeyOperationOutput | | openssl_basic.c:263:64:263:70 | Message | Source | openssl_basic.c:231:27:231:49 | Constant | -| openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyGeneration | +| openssl_pkey.c:21:10:21:28 | KeyGeneration | Algorithm | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:10:21:28 | KeyGeneration | Output | openssl_pkey.c:21:30:21:32 | Key | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Mode | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | Padding | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | -| openssl_pkey.c:21:30:21:32 | Key | Algorithm | openssl_pkey.c:21:30:21:32 | Key | +| openssl_pkey.c:21:30:21:32 | Key | Algorithm | openssl_pkey.c:21:10:21:28 | KeyOperationAlgorithm | | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | Mode | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | Padding | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | | openssl_pkey.c:55:9:55:23 | KeyGeneration | Algorithm | openssl_pkey.c:50:31:50:42 | KeyOperationAlgorithm | @@ -75,135 +75,185 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | Nonce | openssl_pkey.c:64:9:64:24 | EncryptOperation | | openssl_pkey.c:64:9:64:24 | EncryptOperation | Output | openssl_pkey.c:64:31:64:39 | KeyOperationOutput | | openssl_pkey.c:64:58:64:66 | Message | Source | openssl_pkey.c:45:49:45:65 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:685:37:685:77 | Constant | -| openssl_signature.c:22:34:22:40 | Message | Source | openssl_signature.c:741:37:741:77 | Constant | -| openssl_signature.c:23:9:23:26 | HashOperation | Algorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:23:9:23:26 | HashOperation | Algorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:23:9:23:26 | HashOperation | Digest | openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:23:9:23:26 | HashOperation | Message | openssl_signature.c:22:34:22:40 | Message | -| openssl_signature.c:23:36:23:41 | Digest | Source | openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:70:32:70:38 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:75:28:75:36 | Message | Source | openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:80:9:80:21 | SignOperation | Input | openssl_signature.c:70:32:70:38 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Input | openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | Key | openssl_signature.c:80:53:80:56 | Key | -| openssl_signature.c:80:9:80:21 | SignOperation | Output | openssl_signature.c:80:31:80:40 | SignatureOutput | -| openssl_signature.c:80:53:80:56 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:80:53:80:56 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:133:52:133:55 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:134:38:134:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:574:37:574:74 | Constant | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:624:37:624:74 | Constant | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:741:37:741:66 | Constant | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:575:24:575:30 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:625:24:625:33 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Digest | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:26:9:26:26 | HashOperation | Message | openssl_signature.c:25:34:25:40 | Message | +| openssl_signature.c:26:36:26:41 | Digest | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:660:37:660:61 | Constant | +| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:68:28:68:36 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:661:24:661:33 | HashAlgorithm | +| openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:63:32:63:38 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:68:28:68:36 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | Key | openssl_signature.c:73:53:73:56 | Key | +| openssl_signature.c:73:9:73:21 | SignOperation | Output | openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:675:34:675:37 | Key | +| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:716:34:716:37 | Key | +| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:701:37:701:67 | Constant | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Output | openssl_signature.c:128:37:128:40 | SignatureOutput | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | Output | openssl_signature.c:142:37:142:46 | SignatureOutput | -| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:165:54:165:57 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:166:40:166:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:167:9:167:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:134:38:134:44 | Message | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Input | openssl_signature.c:166:40:166:46 | Message | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Key | openssl_signature.c:165:54:165:57 | Key | -| openssl_signature.c:167:9:167:29 | VerifyOperation | Signature | openssl_signature.c:167:39:167:47 | SignatureInput | -| openssl_signature.c:167:39:167:47 | SignatureInput | Source | openssl_signature.c:142:37:142:46 | SignatureOutput | -| openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:190:57:190:60 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:196:38:196:44 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | Output | openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | Output | openssl_signature.c:204:37:204:46 | SignatureOutput | -| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:228:59:228:62 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:234:40:234:46 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:235:9:235:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Input | openssl_signature.c:234:40:234:46 | Message | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Key | openssl_signature.c:228:59:228:62 | Key | -| openssl_signature.c:235:9:235:29 | VerifyOperation | Signature | openssl_signature.c:235:39:235:47 | SignatureInput | -| openssl_signature.c:235:39:235:47 | SignatureInput | Source | openssl_signature.c:204:37:204:46 | SignatureOutput | -| openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:260:39:260:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:263:9:263:21 | SignOperation | Input | openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:263:9:263:21 | SignOperation | Key | openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | Output | openssl_signature.c:263:33:263:36 | SignatureOutput | -| openssl_signature.c:263:54:263:59 | Message | Source | openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | HashAlgorithm | openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | HashAlgorithm | openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:270:9:270:21 | SignOperation | Input | openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | Key | openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:270:9:270:21 | SignOperation | Output | openssl_signature.c:270:33:270:42 | SignatureOutput | -| openssl_signature.c:270:60:270:65 | Message | Source | openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:321:39:321:42 | Key | Source | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:321:39:321:42 | Key | Source | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:326:48:326:54 | Message | Source | openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | Algorithm | openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | -| openssl_signature.c:327:9:327:35 | SignOperation | HashAlgorithm | openssl_signature.c:327:9:327:35 | SignOperation | -| openssl_signature.c:327:9:327:35 | SignOperation | Input | openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:327:9:327:35 | SignOperation | Key | openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:327:9:327:35 | SignOperation | Output | openssl_signature.c:327:47:327:50 | SignatureOutput | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | Algorithm | openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | -| openssl_signature.c:334:9:334:35 | SignOperation | HashAlgorithm | openssl_signature.c:334:9:334:35 | SignOperation | -| openssl_signature.c:334:9:334:35 | SignOperation | Input | openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:334:9:334:35 | SignOperation | Key | openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:334:9:334:35 | SignOperation | Output | openssl_signature.c:334:47:334:56 | SignatureOutput | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:548:9:548:23 | KeyGeneration | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:548:9:548:23 | KeyGeneration | Output | openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:548:34:548:37 | Key | Algorithm | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:575:32:575:37 | Key | Source | openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:578:9:578:23 | KeyGeneration | KeyInput | openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | Output | openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:578:34:578:37 | Key | Algorithm | openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | Padding | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:716:34:716:37 | Key | +| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:701:37:701:67 | Constant | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:159:40:159:46 | Message | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:126:52:126:55 | Key | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:158:54:158:57 | Key | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Signature | openssl_signature.c:160:39:160:47 | SignatureInput | +| openssl_signature.c:160:39:160:47 | SignatureInput | Source | openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:800:34:800:37 | Key | +| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:786:37:786:73 | Constant | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Output | openssl_signature.c:188:37:188:40 | SignatureOutput | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Output | openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:800:34:800:37 | Key | +| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:786:37:786:73 | Constant | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:224:40:224:46 | Message | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:218:59:218:62 | Key | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Signature | openssl_signature.c:225:39:225:47 | SignatureInput | +| openssl_signature.c:225:39:225:47 | SignatureInput | Source | openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key | +| openssl_signature.c:253:9:253:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:253:9:253:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:253:9:253:21 | SignOperation | Input | openssl_signature.c:253:54:253:59 | Message | +| openssl_signature.c:253:9:253:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:253:9:253:21 | SignOperation | Output | openssl_signature.c:253:33:253:36 | SignatureOutput | +| openssl_signature.c:253:54:253:59 | Message | Source | openssl_signature.c:253:54:253:59 | Message | +| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:260:9:260:21 | SignOperation | Input | openssl_signature.c:260:60:260:65 | Message | +| openssl_signature.c:260:9:260:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:260:9:260:21 | SignOperation | Output | openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:260:60:260:65 | Message | +| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Input | openssl_signature.c:285:61:285:66 | Message | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:282:39:282:42 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Signature | openssl_signature.c:285:35:285:43 | SignatureInput | +| openssl_signature.c:285:35:285:43 | SignatureInput | Source | openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:285:61:285:66 | Message | +| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key | +| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:826:37:826:63 | Constant | +| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | +| openssl_signature.c:317:9:317:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | +| openssl_signature.c:317:9:317:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:317:9:317:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:317:9:317:35 | SignOperation | Output | openssl_signature.c:317:47:317:50 | SignatureOutput | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:324:9:324:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:324:9:324:35 | SignOperation | Output | openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key | +| openssl_signature.c:353:42:353:50 | SignatureInput | Source | openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:826:37:826:63 | Constant | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:848:87:848:98 | HashAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:355:50:355:56 | Message | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:347:39:347:42 | Key | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Signature | openssl_signature.c:353:42:353:50 | SignatureInput | +| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | HashAlgorithm | openssl_signature.c:604:37:604:46 | HashAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | Input | openssl_signature.c:388:28:388:33 | Message | +| openssl_signature.c:388:9:388:16 | SignOperation | Key | openssl_signature.c:389:48:389:54 | Key | +| openssl_signature.c:388:9:388:16 | SignOperation | Output | openssl_signature.c:388:48:388:57 | SignatureOutput | +| openssl_signature.c:388:28:388:33 | Message | Source | openssl_signature.c:388:28:388:33 | Message | +| openssl_signature.c:389:48:389:54 | Key | Source | openssl_signature.c:389:48:389:54 | Key | +| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:606:41:606:50 | HashAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Input | openssl_signature.c:411:33:411:38 | Message | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Key | openssl_signature.c:412:51:412:57 | Key | +| openssl_signature.c:411:12:411:21 | VerifyOperation | Signature | openssl_signature.c:411:53:411:61 | SignatureInput | +| openssl_signature.c:411:33:411:38 | Message | Source | openssl_signature.c:411:33:411:38 | Message | +| openssl_signature.c:411:53:411:61 | SignatureInput | Source | openssl_signature.c:411:53:411:61 | SignatureInput | +| openssl_signature.c:412:51:412:57 | Key | Source | openssl_signature.c:412:51:412:57 | Key | +| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | +| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | +| openssl_signature.c:524:9:524:23 | KeyGeneration | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | +| openssl_signature.c:524:9:524:23 | KeyGeneration | Output | openssl_signature.c:524:34:524:37 | Key | +| openssl_signature.c:524:34:524:37 | Key | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | +| openssl_signature.c:551:32:551:37 | Key | Source | openssl_signature.c:551:32:551:37 | Key | +| openssl_signature.c:554:9:554:23 | KeyGeneration | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | +| openssl_signature.c:554:9:554:23 | KeyGeneration | KeyInput | openssl_signature.c:551:32:551:37 | Key | +| openssl_signature.c:554:9:554:23 | KeyGeneration | Output | openssl_signature.c:554:34:554:37 | Key | +| openssl_signature.c:554:34:554:37 | Key | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | +| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:588:9:588:23 | KeyGeneration | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:588:9:588:23 | KeyGeneration | Output | openssl_signature.c:588:34:588:37 | Key | +| openssl_signature.c:588:34:588:37 | Key | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Mode | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | +| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Padding | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | +| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:675:9:675:23 | KeyGeneration | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:675:9:675:23 | KeyGeneration | Output | openssl_signature.c:675:34:675:37 | Key | +| openssl_signature.c:675:34:675:37 | Key | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:716:9:716:23 | KeyGeneration | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:716:9:716:23 | KeyGeneration | Output | openssl_signature.c:716:34:716:37 | Key | +| openssl_signature.c:716:34:716:37 | Key | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:760:9:760:23 | KeyGeneration | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:760:9:760:23 | KeyGeneration | Output | openssl_signature.c:760:34:760:37 | Key | +| openssl_signature.c:760:34:760:37 | Key | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:800:9:800:23 | KeyGeneration | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:800:9:800:23 | KeyGeneration | Output | openssl_signature.c:800:34:800:37 | Key | +| openssl_signature.c:800:34:800:37 | Key | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:838:9:838:23 | KeyGeneration | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:838:9:838:23 | KeyGeneration | Output | openssl_signature.c:838:34:838:37 | Key | +| openssl_signature.c:838:34:838:37 | Key | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | +| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index 2acaf5b0ed88..ecd846364522 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -59,52 +59,117 @@ | openssl_pkey.c:55:30:55:34 | Key | KeyType | Asymmetric | openssl_pkey.c:55:30:55:34 | openssl_pkey.c:55:30:55:34 | | openssl_pkey.c:60:28:60:31 | Key | KeyType | Unknown | openssl_pkey.c:60:28:60:31 | openssl_pkey.c:60:28:60:31 | | openssl_pkey.c:64:9:64:24 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_pkey.c:64:9:64:24 | openssl_pkey.c:64:9:64:24 | -| openssl_signature.c:80:9:80:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:80:9:80:21 | openssl_signature.c:80:9:80:21 | -| openssl_signature.c:80:53:80:56 | Key | KeyType | Unknown | openssl_signature.c:80:53:80:56 | openssl_signature.c:80:53:80:56 | -| openssl_signature.c:133:52:133:55 | Key | KeyType | Unknown | openssl_signature.c:133:52:133:55 | openssl_signature.c:133:52:133:55 | +| openssl_signature.c:73:9:73:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:73:9:73:21 | openssl_signature.c:73:9:73:21 | +| openssl_signature.c:73:53:73:56 | Key | KeyType | Unknown | openssl_signature.c:73:53:73:56 | openssl_signature.c:73:53:73:56 | +| openssl_signature.c:126:52:126:55 | Key | KeyType | Unknown | openssl_signature.c:126:52:126:55 | openssl_signature.c:126:52:126:55 | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:142:9:142:27 | openssl_signature.c:142:9:142:27 | -| openssl_signature.c:165:54:165:57 | Key | KeyType | Unknown | openssl_signature.c:165:54:165:57 | openssl_signature.c:165:54:165:57 | -| openssl_signature.c:167:9:167:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:167:9:167:29 | openssl_signature.c:167:9:167:29 | -| openssl_signature.c:190:57:190:60 | Key | KeyType | Unknown | openssl_signature.c:190:57:190:60 | openssl_signature.c:190:57:190:60 | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:197:9:197:27 | openssl_signature.c:197:9:197:27 | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:204:9:204:27 | openssl_signature.c:204:9:204:27 | -| openssl_signature.c:228:59:228:62 | Key | KeyType | Unknown | openssl_signature.c:228:59:228:62 | openssl_signature.c:228:59:228:62 | -| openssl_signature.c:235:9:235:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:235:9:235:29 | openssl_signature.c:235:9:235:29 | -| openssl_signature.c:260:39:260:42 | Key | KeyType | Unknown | openssl_signature.c:260:39:260:42 | openssl_signature.c:260:39:260:42 | -| openssl_signature.c:263:9:263:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:263:9:263:21 | openssl_signature.c:263:9:263:21 | -| openssl_signature.c:270:9:270:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:270:9:270:21 | openssl_signature.c:270:9:270:21 | -| openssl_signature.c:321:39:321:42 | Key | KeyType | Unknown | openssl_signature.c:321:39:321:42 | openssl_signature.c:321:39:321:42 | -| openssl_signature.c:327:9:327:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:327:9:327:35 | openssl_signature.c:327:9:327:35 | -| openssl_signature.c:334:9:334:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:334:9:334:35 | openssl_signature.c:334:9:334:35 | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | Name | PSS | openssl_signature.c:521:46:521:66 | openssl_signature.c:521:46:521:66 | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:521:46:521:66 | openssl_signature.c:521:46:521:66 | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:543:35:543:46 | openssl_signature.c:543:35:543:46 | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:543:35:543:46 | openssl_signature.c:543:35:543:46 | -| openssl_signature.c:547:51:547:54 | Constant | Description | 2048 | openssl_signature.c:547:51:547:54 | openssl_signature.c:547:51:547:54 | -| openssl_signature.c:548:34:548:37 | Key | KeyType | Asymmetric | openssl_signature.c:548:34:548:37 | openssl_signature.c:548:34:548:37 | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:565:50:565:54 | openssl_signature.c:565:50:565:54 | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:565:50:565:54 | openssl_signature.c:565:50:565:54 | -| openssl_signature.c:569:55:569:58 | Constant | Description | 2048 | openssl_signature.c:569:55:569:58 | openssl_signature.c:569:55:569:58 | -| openssl_signature.c:575:32:575:37 | Key | KeyType | Unknown | openssl_signature.c:575:32:575:37 | openssl_signature.c:575:32:575:37 | -| openssl_signature.c:578:34:578:37 | Key | KeyType | Asymmetric | openssl_signature.c:578:34:578:37 | openssl_signature.c:578:34:578:37 | -| openssl_signature.c:602:37:602:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:602:37:602:77 | openssl_signature.c:602:37:602:77 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:684:24:684:33 | openssl_signature.c:684:24:684:33 | -| openssl_signature.c:685:37:685:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:685:37:685:77 | openssl_signature.c:685:37:685:77 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | Name | SHA2 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:702:60:702:71 | openssl_signature.c:702:60:702:71 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:740:24:740:33 | openssl_signature.c:740:24:740:33 | -| openssl_signature.c:741:37:741:77 | Constant | Description | Test message for OpenSSL signature APIs | openssl_signature.c:741:37:741:77 | openssl_signature.c:741:37:741:77 | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:758:60:758:64 | openssl_signature.c:758:60:758:64 | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:758:60:758:64 | openssl_signature.c:758:60:758:64 | +| openssl_signature.c:158:54:158:57 | Key | KeyType | Unknown | openssl_signature.c:158:54:158:57 | openssl_signature.c:158:54:158:57 | +| openssl_signature.c:160:9:160:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:160:9:160:29 | openssl_signature.c:160:9:160:29 | +| openssl_signature.c:182:57:182:60 | Key | KeyType | Unknown | openssl_signature.c:182:57:182:60 | openssl_signature.c:182:57:182:60 | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | +| openssl_signature.c:218:59:218:62 | Key | KeyType | Unknown | openssl_signature.c:218:59:218:62 | openssl_signature.c:218:59:218:62 | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 | +| openssl_signature.c:225:9:225:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:225:9:225:29 | openssl_signature.c:225:9:225:29 | +| openssl_signature.c:250:39:250:42 | Key | KeyType | Unknown | openssl_signature.c:250:39:250:42 | openssl_signature.c:250:39:250:42 | +| openssl_signature.c:253:9:253:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:253:9:253:21 | openssl_signature.c:253:9:253:21 | +| openssl_signature.c:260:9:260:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:260:9:260:21 | openssl_signature.c:260:9:260:21 | +| openssl_signature.c:282:39:282:42 | Key | KeyType | Unknown | openssl_signature.c:282:39:282:42 | openssl_signature.c:282:39:282:42 | +| openssl_signature.c:285:9:285:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:285:9:285:23 | openssl_signature.c:285:9:285:23 | +| openssl_signature.c:311:39:311:42 | Key | KeyType | Unknown | openssl_signature.c:311:39:311:42 | openssl_signature.c:311:39:311:42 | +| openssl_signature.c:317:9:317:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:317:9:317:35 | openssl_signature.c:317:9:317:35 | +| openssl_signature.c:324:9:324:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:324:9:324:35 | openssl_signature.c:324:9:324:35 | +| openssl_signature.c:347:39:347:42 | Key | KeyType | Unknown | openssl_signature.c:347:39:347:42 | openssl_signature.c:347:39:347:42 | +| openssl_signature.c:356:9:356:37 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:356:9:356:37 | openssl_signature.c:356:9:356:37 | +| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | +| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | +| openssl_signature.c:388:9:388:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | +| openssl_signature.c:389:48:389:54 | Key | KeyType | Unknown | openssl_signature.c:389:48:389:54 | openssl_signature.c:389:48:389:54 | +| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | +| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | +| openssl_signature.c:411:12:411:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | +| openssl_signature.c:412:51:412:57 | Key | KeyType | Unknown | openssl_signature.c:412:51:412:57 | openssl_signature.c:412:51:412:57 | +| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 | +| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 | +| openssl_signature.c:523:51:523:54 | Constant | Description | 2048 | openssl_signature.c:523:51:523:54 | openssl_signature.c:523:51:523:54 | +| openssl_signature.c:524:34:524:37 | Key | KeyType | Asymmetric | openssl_signature.c:524:34:524:37 | openssl_signature.c:524:34:524:37 | +| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 | +| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 | +| openssl_signature.c:545:55:545:58 | Constant | Description | 2048 | openssl_signature.c:545:55:545:58 | openssl_signature.c:545:55:545:58 | +| openssl_signature.c:551:32:551:37 | Key | KeyType | Unknown | openssl_signature.c:551:32:551:37 | openssl_signature.c:551:32:551:37 | +| openssl_signature.c:554:34:554:37 | Key | KeyType | Asymmetric | openssl_signature.c:554:34:554:37 | openssl_signature.c:554:34:554:37 | +| openssl_signature.c:574:37:574:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:574:37:574:74 | openssl_signature.c:574:37:574:74 | +| openssl_signature.c:575:24:575:30 | HashAlgorithm | DigestSize | 128 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | +| openssl_signature.c:575:24:575:30 | HashAlgorithm | Name | MD5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | +| openssl_signature.c:575:24:575:30 | HashAlgorithm | RawName | EVP_md5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | +| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 | +| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 | +| openssl_signature.c:587:51:587:54 | Constant | Description | 2048 | openssl_signature.c:587:51:587:54 | openssl_signature.c:587:51:587:54 | +| openssl_signature.c:588:34:588:37 | Key | KeyType | Asymmetric | openssl_signature.c:588:34:588:37 | openssl_signature.c:588:34:588:37 | +| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 | +| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | RawName | EVP_PKEY_get1_RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 | +| openssl_signature.c:604:37:604:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | +| openssl_signature.c:604:37:604:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | +| openssl_signature.c:604:37:604:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | +| openssl_signature.c:606:41:606:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | +| openssl_signature.c:606:41:606:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | +| openssl_signature.c:606:41:606:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | +| openssl_signature.c:624:37:624:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:624:37:624:74 | openssl_signature.c:624:37:624:74 | +| openssl_signature.c:625:24:625:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | +| openssl_signature.c:625:24:625:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | +| openssl_signature.c:625:24:625:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | +| openssl_signature.c:660:37:660:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:660:37:660:61 | openssl_signature.c:660:37:660:61 | +| openssl_signature.c:661:24:661:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | +| openssl_signature.c:661:24:661:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | +| openssl_signature.c:661:24:661:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | +| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 | +| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 | +| openssl_signature.c:674:51:674:54 | Constant | Description | 2048 | openssl_signature.c:674:51:674:54 | openssl_signature.c:674:51:674:54 | +| openssl_signature.c:675:34:675:37 | Key | KeyType | Asymmetric | openssl_signature.c:675:34:675:37 | openssl_signature.c:675:34:675:37 | +| openssl_signature.c:701:37:701:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:701:37:701:67 | openssl_signature.c:701:37:701:67 | +| openssl_signature.c:702:24:702:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | +| openssl_signature.c:702:24:702:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | +| openssl_signature.c:702:24:702:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | +| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 | +| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 | +| openssl_signature.c:715:51:715:54 | Constant | Description | 2048 | openssl_signature.c:715:51:715:54 | openssl_signature.c:715:51:715:54 | +| openssl_signature.c:716:34:716:37 | Key | KeyType | Asymmetric | openssl_signature.c:716:34:716:37 | openssl_signature.c:716:34:716:37 | +| openssl_signature.c:741:37:741:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:741:37:741:66 | openssl_signature.c:741:37:741:66 | +| openssl_signature.c:742:24:742:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | +| openssl_signature.c:742:24:742:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | +| openssl_signature.c:742:24:742:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | +| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 | +| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 | +| openssl_signature.c:759:51:759:54 | Constant | Description | 2048 | openssl_signature.c:759:51:759:54 | openssl_signature.c:759:51:759:54 | +| openssl_signature.c:760:34:760:37 | Key | KeyType | Asymmetric | openssl_signature.c:760:34:760:37 | openssl_signature.c:760:34:760:37 | +| openssl_signature.c:786:37:786:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:786:37:786:73 | openssl_signature.c:786:37:786:73 | +| openssl_signature.c:787:24:787:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | +| openssl_signature.c:787:24:787:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | +| openssl_signature.c:787:24:787:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | +| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 | +| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 | +| openssl_signature.c:799:51:799:54 | Constant | Description | 2048 | openssl_signature.c:799:51:799:54 | openssl_signature.c:799:51:799:54 | +| openssl_signature.c:800:34:800:37 | Key | KeyType | Asymmetric | openssl_signature.c:800:34:800:37 | openssl_signature.c:800:34:800:37 | +| openssl_signature.c:826:37:826:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:826:37:826:63 | openssl_signature.c:826:37:826:63 | +| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 | +| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 | +| openssl_signature.c:837:51:837:54 | Constant | Description | 2048 | openssl_signature.c:837:51:837:54 | openssl_signature.c:837:51:837:54 | +| openssl_signature.c:838:34:838:37 | Key | KeyType | Asymmetric | openssl_signature.c:838:34:838:37 | openssl_signature.c:838:34:838:37 | +| openssl_signature.c:847:85:847:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | +| openssl_signature.c:847:85:847:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | +| openssl_signature.c:847:85:847:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | +| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | +| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | +| openssl_signature.c:848:87:848:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | +| openssl_signature.c:848:87:848:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | +| openssl_signature.c:848:87:848:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | +| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | +| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 6245926f2110..bcbb8152c54d 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -94,12 +94,30 @@ | openssl_signature.c:270:9:270:21 | SignOperation | | openssl_signature.c:270:33:270:42 | SignatureOutput | | openssl_signature.c:270:60:270:65 | Message | +| openssl_signature.c:292:39:292:42 | Key | +| openssl_signature.c:295:9:295:23 | VerifyOperation | +| openssl_signature.c:295:35:295:43 | SignatureInput | +| openssl_signature.c:295:61:295:66 | Message | | openssl_signature.c:321:39:321:42 | Key | | openssl_signature.c:326:48:326:54 | Message | | openssl_signature.c:327:9:327:35 | SignOperation | | openssl_signature.c:327:47:327:50 | SignatureOutput | | openssl_signature.c:334:9:334:35 | SignOperation | | openssl_signature.c:334:47:334:56 | SignatureOutput | +| openssl_signature.c:357:39:357:42 | Key | +| openssl_signature.c:363:42:363:50 | SignatureInput | +| openssl_signature.c:365:50:365:56 | Message | +| openssl_signature.c:366:9:366:37 | VerifyOperation | +| openssl_signature.c:398:9:398:16 | KeyOperationAlgorithm | +| openssl_signature.c:398:9:398:16 | SignOperation | +| openssl_signature.c:398:28:398:33 | Message | +| openssl_signature.c:398:48:398:57 | SignatureOutput | +| openssl_signature.c:399:48:399:54 | Key | +| openssl_signature.c:421:12:421:21 | KeyOperationAlgorithm | +| openssl_signature.c:421:12:421:21 | VerifyOperation | +| openssl_signature.c:421:33:421:38 | Message | +| openssl_signature.c:421:53:421:61 | SignatureInput | +| openssl_signature.c:422:51:422:57 | Key | | openssl_signature.c:521:46:521:66 | PaddingAlgorithm | | openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | | openssl_signature.c:547:51:547:54 | Constant | @@ -115,6 +133,8 @@ | openssl_signature.c:685:37:685:77 | Constant | | openssl_signature.c:702:60:702:71 | HashAlgorithm | | openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | +| openssl_signature.c:709:37:709:46 | HashAlgorithm | +| openssl_signature.c:711:41:711:50 | HashAlgorithm | | openssl_signature.c:740:24:740:33 | HashAlgorithm | | openssl_signature.c:741:37:741:77 | Constant | | openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c index f8be74416423..c3fd6dd14e67 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c @@ -4,6 +4,9 @@ #include #include + + + /* ============================================================================= * UTILITY FUNCTIONS - Common operations shared across signature APIs * ============================================================================= @@ -38,16 +41,6 @@ static unsigned char* allocate_signature_buffer(size_t *sig_len, const EVP_PKEY return OPENSSL_malloc(*sig_len); } -/** - * Helper to extract key from EVP_PKEY - */ -static RSA* get_rsa_from_pkey(EVP_PKEY *pkey) { - return EVP_PKEY_get1_RSA(pkey); -} - -static DSA* get_dsa_from_pkey(EVP_PKEY *pkey) { - return EVP_PKEY_get1_DSA(pkey); -} /* ============================================================================= * EVP_SIGN/VERIFY API - Legacy high-level API (older, simpler) @@ -180,8 +173,7 @@ int verify_using_evp_digestverify(const unsigned char *message, size_t message_l */ int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - EVP_PKEY *pkey, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx)) { + EVP_PKEY *pkey, const EVP_MD *md) { EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; int ret = 0; @@ -190,8 +182,7 @@ int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_ EVP_DigestSignInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) { goto cleanup; } - - if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup; + EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); if (EVP_DigestSignUpdate(md_ctx, message, message_len) != 1 || EVP_DigestSignFinal(md_ctx, NULL, signature_len) != 1) { @@ -218,8 +209,7 @@ int sign_using_digestsign_with_ctx(const unsigned char *message, size_t message_ */ int verify_using_digestverify_with_ctx(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - EVP_PKEY *pkey, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx)) { + EVP_PKEY *pkey, const EVP_MD *md) { EVP_MD_CTX *md_ctx = NULL; EVP_PKEY_CTX *pkey_ctx = NULL; int ret = 0; @@ -228,9 +218,9 @@ int verify_using_digestverify_with_ctx(const unsigned char *message, size_t mess EVP_DigestVerifyInit(md_ctx, &pkey_ctx, md, NULL, pkey) != 1) { goto cleanup; } - - if (param_setter && param_setter(pkey_ctx) != 1) goto cleanup; - + + EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); + if (EVP_DigestVerifyUpdate(md_ctx, message, message_len) != 1 || EVP_DigestVerifyFinal(md_ctx, signature, signature_len) != 1) { goto cleanup; @@ -313,7 +303,7 @@ int verify_using_evp_pkey_verify(const unsigned char *digest, size_t digest_len, */ int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) { + EVP_PKEY *pkey, const char *alg_name) { EVP_PKEY_CTX *pkey_ctx = NULL; EVP_SIGNATURE *alg = NULL; int ret = 0; @@ -349,7 +339,7 @@ int sign_using_evp_pkey_sign_message(const unsigned char *message, size_t messag */ int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - EVP_PKEY *pkey, const EVP_MD *md, const char *alg_name) { + EVP_PKEY *pkey, const char *alg_name) { EVP_PKEY_CTX *pkey_ctx = NULL; EVP_SIGNATURE *alg = NULL; int ret = 0; @@ -514,20 +504,6 @@ int verify_using_dsa_verify(const unsigned char *message, size_t message_len, * ============================================================================= */ -/** - * Set RSA PSS padding mode - */ -int set_rsa_pss_padding(EVP_PKEY_CTX *ctx) { - return EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING); -} - -/** - * No-op parameter setter for default behavior - */ -int no_parameter_setter(EVP_PKEY_CTX *ctx) { - return 1; -} - /* ============================================================================= * KEY GENERATION HELPERS * ============================================================================= @@ -592,228 +568,290 @@ static EVP_PKEY* generate_dsa_key(void) { * ============================================================================= */ -/** - * Test all signature APIs with a given key and algorithm - * Demonstrates the 6 different signature API approaches - */ -int test_signature_apis(EVP_PKEY *key, const EVP_MD *md, - int (*param_setter)(EVP_PKEY_CTX *ctx), - const char *algo_name) { - const unsigned char message[] = "Test message for OpenSSL signature APIs"; +int testLowLevelRSASignAndVerify(){ + EVP_PKEY *key = NULL; + RSA *rsa_key = NULL; + const unsigned char message[] = "testLowLevelRSASignAndVerify message"; + const EVP_MD *md = EVP_md5(); const size_t message_len = strlen((char *)message); - - unsigned char *sig1 = NULL, *sig2 = NULL, *sig3 = NULL, - *sig4 = NULL, *sig6 = NULL; - size_t sig_len1 = 0, sig_len2 = 0, sig_len3 = 0, sig_len4 = 0, sig_len6 = 0; - - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; + unsigned char *sig = NULL; + size_t sig_len = 0; int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - printf("\nTesting signature APIs with %s:\n", algo_name); + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } - /* Test 1: EVP_Sign API */ - printf("1. EVP_Sign API: "); - if (sign_using_evp_sign(message, message_len, &sig1, &sig_len1, key, md) && - verify_using_evp_verify(message, message_len, sig1, sig_len1, key, md)) { + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + rsa_key = EVP_PKEY_get1_RSA(key); + + if (!rsa_key) { + EVP_PKEY_free(key); + success = 0; + } + + if (sign_using_rsa_sign(message, message_len, &sig, &sig_len, + rsa_key, NID_sha256, md) && + verify_using_rsa_verify(message, message_len, sig, sig_len, + rsa_key, NID_sha256, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + + /* Cleanup */ + OPENSSL_free(sig); + EVP_PKEY_free(key); + + return success; +} + + +int testLowLevelDSASignAndVerify(){ + EVP_PKEY *key = NULL; + DSA *dsa_key = NULL; + const unsigned char message[] = "testLowLevelDSASignAndVerify message"; + const EVP_MD *md = EVP_sha256(); + int success = 1; + + EVP_PKEY_CTX *param_ctx = NULL, *key_ctx = NULL; + EVP_PKEY *params = NULL; + + const size_t message_len = strlen((char *)message); + unsigned char *sig = NULL; + size_t sig_len = 0; - /* Test 2: EVP_DigestSign API */ - printf("2. EVP_DigestSign API: "); - if (sign_using_evp_digestsign(message, message_len, &sig2, &sig_len2, key, md) && - verify_using_evp_digestverify(message, message_len, sig2, sig_len2, key, md)) { + key = generate_dsa_key(); + dsa_key = EVP_PKEY_get1_DSA(key); + + if (!dsa_key) { + EVP_PKEY_free(key); + success = 0; + } + + if (sign_using_dsa_sign(message, message_len, &sig, &sig_len, dsa_key, md) && + verify_using_dsa_verify(message, message_len, sig, sig_len, dsa_key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + + /* Cleanup */ + OPENSSL_free(sig); + EVP_PKEY_free(key); + + return success; +} + +int testEVP_SignAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_SignAPI message"; + const EVP_MD *md = EVP_sha224(); + + const size_t message_len = strlen((char *)message); + + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - /* Test 3: EVP_PKEY_sign API (requires pre-hashed input) */ - printf("3. EVP_PKEY_sign API: "); - if (create_digest(message, message_len, md, digest, &digest_len) && - sign_using_evp_pkey_sign(digest, digest_len, &sig3, &sig_len3, key, md) && - verify_using_evp_pkey_verify(digest, digest_len, sig3, sig_len3, key, md)) { + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + + /* Test 1: EVP_Sign API */ + printf("1. EVP_Sign API: "); + if (sign_using_evp_sign(message, message_len, &sig, &sig_len, key, md) && + verify_using_evp_verify(message, message_len, sig, sig_len, key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + + +int testEVP_DigestSignAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_DigestSignAPI message"; + const EVP_MD *md = EVP_sha224(); + + const size_t message_len = strlen((char *)message); - /* Test 4: EVP_DigestSign with explicit PKEY_CTX */ - printf("4. EVP_DigestSign with explicit PKEY_CTX: "); - if (sign_using_digestsign_with_ctx(message, message_len, &sig4, &sig_len4, - key, md, param_setter) && - verify_using_digestverify_with_ctx(message, message_len, sig4, sig_len4, - key, md, param_setter)) { + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + + /* Test 2: EVP_DigestSign API */ + printf("2. EVP_DigestSign API: "); + if (sign_using_evp_digestsign(message, message_len, &sig, &sig_len, key, md) && + verify_using_evp_digestverify(message, message_len, sig, sig_len, key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } + OPENSSL_free(sig); + EVP_PKEY_free(key); + return success; +} + +int testEVP_PKEY_signAPI(){ + EVP_PKEY *key = NULL; + const unsigned char message[] = "testEVP_PKEY_signAPI message"; + const EVP_MD *md = EVP_sha1(); + + const size_t message_len = strlen((char *)message); - /* Test 6: EVP_PKEY_sign_message API */ - printf("6. EVP_PKEY_sign_message API: "); - if (sign_using_evp_pkey_sign_message(message, message_len, &sig6, &sig_len6, key, md, algo_name) && - verify_using_evp_pkey_verify_message(message, message_len, sig6, sig_len6, key, md, algo_name)) { + unsigned char *sig = NULL; + size_t sig_len = 0; + int success = 1; + + EVP_PKEY_CTX *key_ctx = NULL; + + unsigned char digest[EVP_MAX_MD_SIZE]; + unsigned int digest_len; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; + + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { + EVP_PKEY_free(key); + key = NULL; + } + + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + /* Test 3: EVP_PKEY_sign API (requires pre-hashed input) */ + printf("3. EVP_PKEY_sign API: "); + if (create_digest(message, message_len, md, digest, &digest_len) && + sign_using_evp_pkey_sign(digest, digest_len, &sig, &sig_len, key, md) && + verify_using_evp_pkey_verify(digest, digest_len, sig, sig_len, key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } - - /* Cleanup */ - OPENSSL_free(sig1); - OPENSSL_free(sig2); - OPENSSL_free(sig3); - OPENSSL_free(sig4); - OPENSSL_free(sig6); - + + OPENSSL_free(sig); + EVP_PKEY_free(key); return success; } -/** - * Test RSA-specific signature APIs including low-level RSA functions - */ -int test_signature_apis_rsa(void) { +int testEVP_DigestSign_with_ctx(void) { EVP_PKEY *key = NULL; - RSA *rsa_key = NULL; - const EVP_MD *md = EVP_sha256(); - const unsigned char message[] = "Test message for OpenSSL signature APIs"; + const unsigned char message[] = "testEVP_DigestSign_with_ctx message"; + const EVP_MD *md = EVP_sha1(); + const size_t message_len = strlen((char *)message); - unsigned char *sig5 = NULL; - size_t sig_len5 = 0; + unsigned char *sig = NULL; + size_t sig_len = 0; int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - printf("\nGenerating RSA key pair...\n"); - key = generate_rsa_key(); - if (!key) return 0; - - rsa_key = get_rsa_from_pkey(key); - if (!rsa_key) { + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { EVP_PKEY_free(key); - return 0; - } - - /* Test generic APIs */ - if (!test_signature_apis(key, md, set_rsa_pss_padding, "RSA-SHA256")) { - success = 0; + key = NULL; } - /* Test 5: Low-level RSA API */ - printf("5. Low-level RSA API: "); - if (sign_using_rsa_sign(message, message_len, &sig5, &sig_len5, - rsa_key, NID_sha256, md) && - verify_using_rsa_verify(message, message_len, sig5, sig_len5, - rsa_key, NID_sha256, md)) { + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + /* Test 4: EVP_DigestSign with explicit PKEY_CTX */ + printf("4. EVP_DigestSign with explicit PKEY_CTX: "); + if (sign_using_digestsign_with_ctx(message, message_len, &sig, &sig_len, + key, md) && + verify_using_digestverify_with_ctx(message, message_len, sig, sig_len, + key, md)) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } - - printf("\nRSA API Summary:\n"); - printf("1. EVP_Sign API: Legacy, simple\n"); - printf("2. EVP_DigestSign API: Modern, recommended\n"); - printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n"); - printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n"); - printf("5. Low-level RSA API: Deprecated, algorithm-specific\n"); - printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n"); - - /* Cleanup */ - OPENSSL_free(sig5); - RSA_free(rsa_key); + OPENSSL_free(sig); EVP_PKEY_free(key); - return success; } -/** - * Test DSA-specific signature APIs including low-level DSA functions - */ -int test_signature_apis_dsa(void) { +int testEVP_PKEY_sign_message(void) { EVP_PKEY *key = NULL; - DSA *dsa_key = NULL; - const EVP_MD *md = EVP_sha256(); - const unsigned char message[] = "Test message for OpenSSL signature APIs"; + const unsigned char message[] = "testEVP_PKEY_sign_message"; const size_t message_len = strlen((char *)message); - unsigned char *sig5 = NULL; - size_t sig_len5 = 0; + unsigned char *sig = NULL; + size_t sig_len = 0; int success = 1; + EVP_PKEY_CTX *key_ctx = NULL; + + key_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + if (!key_ctx) return NULL; - printf("\nGenerating DSA key pair...\n"); - key = generate_dsa_key(); - if (!key) return 0; - - dsa_key = get_dsa_from_pkey(key); - if (!dsa_key) { + if (EVP_PKEY_keygen_init(key_ctx) <= 0 || + EVP_PKEY_CTX_set_rsa_keygen_bits(key_ctx, 2048) <= 0 || + EVP_PKEY_keygen(key_ctx, &key) <= 0) { EVP_PKEY_free(key); - return 0; - } - - /* Test generic APIs */ - if (!test_signature_apis(key, md, no_parameter_setter, "dsa")) { - success = 0; + key = NULL; } - /* Test 5: Low-level DSA API */ - printf("5. Low-level DSA API: "); - if (sign_using_dsa_sign(message, message_len, &sig5, &sig_len5, dsa_key, md) && - verify_using_dsa_verify(message, message_len, sig5, sig_len5, dsa_key, md)) { + EVP_PKEY_CTX_free(key_ctx); + if (!key) return 0; + + printf("6. EVP_PKEY_sign_message API: "); + if (sign_using_evp_pkey_sign_message(message, message_len, &sig, &sig_len, key, "RSA-SHA256") && + verify_using_evp_pkey_verify_message(message, message_len, sig, sig_len, key, "RSA-SHA256")) { printf("PASS\n"); } else { printf("FAIL\n"); success = 0; } - - printf("\nDSA API Summary:\n"); - printf("1. EVP_Sign API: Legacy, simple\n"); - printf("2. EVP_DigestSign API: Modern, recommended\n"); - printf("3. EVP_PKEY_sign API: Lower-level, pre-hashed input\n"); - printf("4. EVP_DigestSign with PKEY_CTX: Fine-grained control\n"); - printf("5. Low-level DSA API: Deprecated, algorithm-specific\n"); - printf("6. EVP_PKEY_sign_message API: Streamlined message signing\n"); - - /* Cleanup */ - OPENSSL_free(sig5); + OPENSSL_free(sig); EVP_PKEY_free(key); - return success; -} - -/* ============================================================================= - * MAIN FUNCTION - Entry point for testing all signature APIs - * ============================================================================= - */ - -// /** -// * Main function demonstrating all OpenSSL signature APIs -// * Tests both RSA and DSA algorithms with all 6 API approaches -// */ -// int main(void) { -// /* Initialize OpenSSL */ -// OpenSSL_add_all_algorithms(); -// ERR_load_crypto_strings(); - -// printf("=================================================================\n"); -// printf("OpenSSL Signature API Demonstration\n"); -// printf("=================================================================\n"); - -// printf("\n-------- TESTING RSA SIGNATURES --------\n"); -// int rsa_result = test_signature_apis_rsa(); - -// printf("\n-------- TESTING DSA SIGNATURES --------\n"); -// int dsa_result = test_signature_apis_dsa(); - -// printf("\n=================================================================\n"); -// if (rsa_result && dsa_result) { -// printf("All tests completed successfully.\n"); -// return 0; -// } else { -// printf("Some tests failed.\n"); -// return 1; -// } -// } \ No newline at end of file +} \ No newline at end of file From b7ceeb399f6f9d890ae4932b11fe6eb01c2d176e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 22 Aug 2025 14:50:31 -0400 Subject: [PATCH 013/307] Crypto: nodes.expected update and removed dead code from Language.qll --- cpp/ql/lib/experimental/quantum/Language.qll | 24 --- .../library-tests/quantum/nodes.expected | 191 +++++++++++------- 2 files changed, 113 insertions(+), 102 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/Language.qll b/cpp/ql/lib/experimental/quantum/Language.qll index 53cf7292b12f..8a9fc07fc2d6 100644 --- a/cpp/ql/lib/experimental/quantum/Language.qll +++ b/cpp/ql/lib/experimental/quantum/Language.qll @@ -103,28 +103,4 @@ private class ConstantDataSource extends Crypto::GenericConstantSourceInstance i override string getAdditionalDescription() { result = this.toString() } } -module ArtifactUniversalFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node source) { - source = any(Crypto::ArtifactInstance artifact).getOutputNode() - } - - predicate isSink(DataFlow::Node sink) { - sink = any(Crypto::FlowAwareElement other).getInputNode() - } - - predicate isBarrierOut(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getInputNode() - } - - predicate isBarrierIn(DataFlow::Node node) { - node = any(Crypto::FlowAwareElement element).getOutputNode() - } - - predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - node1.(AdditionalFlowInputStep).getOutput() = node2 - } -} - -module ArtifactUniversalFlow = DataFlow::Global; - import OpenSSL.OpenSSL diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index bcbb8152c54d..178495b3d840 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -59,82 +59,117 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | | openssl_pkey.c:64:31:64:39 | KeyOperationOutput | | openssl_pkey.c:64:58:64:66 | Message | -| openssl_signature.c:22:34:22:40 | Message | -| openssl_signature.c:23:9:23:26 | HashOperation | -| openssl_signature.c:23:36:23:41 | Digest | -| openssl_signature.c:70:32:70:38 | Message | -| openssl_signature.c:75:28:75:36 | Message | -| openssl_signature.c:80:9:80:21 | SignOperation | -| openssl_signature.c:80:31:80:40 | SignatureOutput | -| openssl_signature.c:80:53:80:56 | Key | -| openssl_signature.c:133:52:133:55 | Key | -| openssl_signature.c:134:38:134:44 | Message | +| openssl_signature.c:25:34:25:40 | Message | +| openssl_signature.c:26:9:26:26 | HashOperation | +| openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:63:32:63:38 | Message | +| openssl_signature.c:68:28:68:36 | Message | +| openssl_signature.c:73:9:73:21 | SignOperation | +| openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:73:53:73:56 | Key | +| openssl_signature.c:126:52:126:55 | Key | +| openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | +| openssl_signature.c:128:37:128:40 | SignatureOutput | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | -| openssl_signature.c:135:37:135:40 | SignatureOutput | -| openssl_signature.c:142:9:142:27 | SignatureOrMACOperation | -| openssl_signature.c:142:37:142:46 | SignatureOutput | -| openssl_signature.c:165:54:165:57 | Key | -| openssl_signature.c:166:40:166:46 | Message | -| openssl_signature.c:167:9:167:29 | VerifyOperation | -| openssl_signature.c:167:39:167:47 | SignatureInput | -| openssl_signature.c:190:57:190:60 | Key | -| openssl_signature.c:196:38:196:44 | Message | -| openssl_signature.c:197:9:197:27 | SignatureOrMACOperation | -| openssl_signature.c:197:37:197:40 | SignatureOutput | -| openssl_signature.c:204:9:204:27 | SignatureOrMACOperation | -| openssl_signature.c:204:37:204:46 | SignatureOutput | -| openssl_signature.c:228:59:228:62 | Key | -| openssl_signature.c:234:40:234:46 | Message | -| openssl_signature.c:235:9:235:29 | VerifyOperation | -| openssl_signature.c:235:39:235:47 | SignatureInput | -| openssl_signature.c:260:39:260:42 | Key | -| openssl_signature.c:263:9:263:21 | SignOperation | -| openssl_signature.c:263:33:263:36 | SignatureOutput | -| openssl_signature.c:263:54:263:59 | Message | -| openssl_signature.c:270:9:270:21 | SignOperation | -| openssl_signature.c:270:33:270:42 | SignatureOutput | -| openssl_signature.c:270:60:270:65 | Message | -| openssl_signature.c:292:39:292:42 | Key | -| openssl_signature.c:295:9:295:23 | VerifyOperation | -| openssl_signature.c:295:35:295:43 | SignatureInput | -| openssl_signature.c:295:61:295:66 | Message | -| openssl_signature.c:321:39:321:42 | Key | -| openssl_signature.c:326:48:326:54 | Message | -| openssl_signature.c:327:9:327:35 | SignOperation | -| openssl_signature.c:327:47:327:50 | SignatureOutput | -| openssl_signature.c:334:9:334:35 | SignOperation | -| openssl_signature.c:334:47:334:56 | SignatureOutput | -| openssl_signature.c:357:39:357:42 | Key | -| openssl_signature.c:363:42:363:50 | SignatureInput | -| openssl_signature.c:365:50:365:56 | Message | -| openssl_signature.c:366:9:366:37 | VerifyOperation | -| openssl_signature.c:398:9:398:16 | KeyOperationAlgorithm | -| openssl_signature.c:398:9:398:16 | SignOperation | -| openssl_signature.c:398:28:398:33 | Message | -| openssl_signature.c:398:48:398:57 | SignatureOutput | -| openssl_signature.c:399:48:399:54 | Key | -| openssl_signature.c:421:12:421:21 | KeyOperationAlgorithm | -| openssl_signature.c:421:12:421:21 | VerifyOperation | -| openssl_signature.c:421:33:421:38 | Message | -| openssl_signature.c:421:53:421:61 | SignatureInput | -| openssl_signature.c:422:51:422:57 | Key | -| openssl_signature.c:521:46:521:66 | PaddingAlgorithm | -| openssl_signature.c:543:35:543:46 | KeyOperationAlgorithm | -| openssl_signature.c:547:51:547:54 | Constant | -| openssl_signature.c:548:9:548:23 | KeyGeneration | -| openssl_signature.c:548:34:548:37 | Key | -| openssl_signature.c:565:50:565:54 | KeyOperationAlgorithm | -| openssl_signature.c:569:55:569:58 | Constant | -| openssl_signature.c:575:32:575:37 | Key | -| openssl_signature.c:578:9:578:23 | KeyGeneration | -| openssl_signature.c:578:34:578:37 | Key | -| openssl_signature.c:602:37:602:77 | Constant | -| openssl_signature.c:684:24:684:33 | HashAlgorithm | -| openssl_signature.c:685:37:685:77 | Constant | -| openssl_signature.c:702:60:702:71 | HashAlgorithm | -| openssl_signature.c:702:60:702:71 | KeyOperationAlgorithm | -| openssl_signature.c:709:37:709:46 | HashAlgorithm | -| openssl_signature.c:711:41:711:50 | HashAlgorithm | -| openssl_signature.c:740:24:740:33 | HashAlgorithm | -| openssl_signature.c:741:37:741:77 | Constant | -| openssl_signature.c:758:60:758:64 | KeyOperationAlgorithm | +| openssl_signature.c:135:37:135:46 | SignatureOutput | +| openssl_signature.c:158:54:158:57 | Key | +| openssl_signature.c:159:40:159:46 | Message | +| openssl_signature.c:160:9:160:29 | VerifyOperation | +| openssl_signature.c:160:39:160:47 | SignatureInput | +| openssl_signature.c:182:57:182:60 | Key | +| openssl_signature.c:185:44:185:64 | PaddingAlgorithm | +| openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | +| openssl_signature.c:188:37:188:40 | SignatureOutput | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | +| openssl_signature.c:195:37:195:46 | SignatureOutput | +| openssl_signature.c:218:59:218:62 | Key | +| openssl_signature.c:222:44:222:64 | PaddingAlgorithm | +| openssl_signature.c:224:40:224:46 | Message | +| openssl_signature.c:225:9:225:29 | VerifyOperation | +| openssl_signature.c:225:39:225:47 | SignatureInput | +| openssl_signature.c:250:39:250:42 | Key | +| openssl_signature.c:253:9:253:21 | SignOperation | +| openssl_signature.c:253:33:253:36 | SignatureOutput | +| openssl_signature.c:253:54:253:59 | Message | +| openssl_signature.c:260:9:260:21 | SignOperation | +| openssl_signature.c:260:33:260:42 | SignatureOutput | +| openssl_signature.c:260:60:260:65 | Message | +| openssl_signature.c:282:39:282:42 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | +| openssl_signature.c:285:35:285:43 | SignatureInput | +| openssl_signature.c:285:61:285:66 | Message | +| openssl_signature.c:311:39:311:42 | Key | +| openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:317:9:317:35 | SignOperation | +| openssl_signature.c:317:47:317:50 | SignatureOutput | +| openssl_signature.c:324:9:324:35 | SignOperation | +| openssl_signature.c:324:47:324:56 | SignatureOutput | +| openssl_signature.c:347:39:347:42 | Key | +| openssl_signature.c:353:42:353:50 | SignatureInput | +| openssl_signature.c:355:50:355:56 | Message | +| openssl_signature.c:356:9:356:37 | VerifyOperation | +| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | +| openssl_signature.c:388:9:388:16 | SignOperation | +| openssl_signature.c:388:28:388:33 | Message | +| openssl_signature.c:388:48:388:57 | SignatureOutput | +| openssl_signature.c:389:48:389:54 | Key | +| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | +| openssl_signature.c:411:12:411:21 | VerifyOperation | +| openssl_signature.c:411:33:411:38 | Message | +| openssl_signature.c:411:53:411:61 | SignatureInput | +| openssl_signature.c:412:51:412:57 | Key | +| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | +| openssl_signature.c:523:51:523:54 | Constant | +| openssl_signature.c:524:9:524:23 | KeyGeneration | +| openssl_signature.c:524:34:524:37 | Key | +| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | +| openssl_signature.c:545:55:545:58 | Constant | +| openssl_signature.c:551:32:551:37 | Key | +| openssl_signature.c:554:9:554:23 | KeyGeneration | +| openssl_signature.c:554:34:554:37 | Key | +| openssl_signature.c:574:37:574:74 | Constant | +| openssl_signature.c:575:24:575:30 | HashAlgorithm | +| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | +| openssl_signature.c:587:51:587:54 | Constant | +| openssl_signature.c:588:9:588:23 | KeyGeneration | +| openssl_signature.c:588:34:588:37 | Key | +| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | +| openssl_signature.c:604:37:604:46 | HashAlgorithm | +| openssl_signature.c:606:41:606:50 | HashAlgorithm | +| openssl_signature.c:624:37:624:74 | Constant | +| openssl_signature.c:625:24:625:33 | HashAlgorithm | +| openssl_signature.c:660:37:660:61 | Constant | +| openssl_signature.c:661:24:661:33 | HashAlgorithm | +| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | +| openssl_signature.c:674:51:674:54 | Constant | +| openssl_signature.c:675:9:675:23 | KeyGeneration | +| openssl_signature.c:675:34:675:37 | Key | +| openssl_signature.c:701:37:701:67 | Constant | +| openssl_signature.c:702:24:702:33 | HashAlgorithm | +| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | +| openssl_signature.c:715:51:715:54 | Constant | +| openssl_signature.c:716:9:716:23 | KeyGeneration | +| openssl_signature.c:716:34:716:37 | Key | +| openssl_signature.c:741:37:741:66 | Constant | +| openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | +| openssl_signature.c:759:51:759:54 | Constant | +| openssl_signature.c:760:9:760:23 | KeyGeneration | +| openssl_signature.c:760:34:760:37 | Key | +| openssl_signature.c:786:37:786:73 | Constant | +| openssl_signature.c:787:24:787:31 | HashAlgorithm | +| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | +| openssl_signature.c:799:51:799:54 | Constant | +| openssl_signature.c:800:9:800:23 | KeyGeneration | +| openssl_signature.c:800:34:800:37 | Key | +| openssl_signature.c:826:37:826:63 | Constant | +| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | +| openssl_signature.c:837:51:837:54 | Constant | +| openssl_signature.c:838:9:838:23 | KeyGeneration | +| openssl_signature.c:838:34:838:37 | Key | +| openssl_signature.c:847:85:847:96 | HashAlgorithm | +| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | +| openssl_signature.c:848:87:848:98 | HashAlgorithm | +| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | From 5d29240f2713a41bd8ff42505abfe3bafa1e5de5 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 25 Aug 2025 16:59:09 -0400 Subject: [PATCH 014/307] Crypto: OperationStep overhaul to account for errors and missing interproc flow. --- cpp/ql/lib/experimental/quantum/Language.qll | 9 +- .../CipherAlgorithmValueConsumer.qll | 2 +- .../DirectAlgorithmValueConsumer.qll | 2 +- .../EllipticCurveAlgorithmValueConsumer.qll | 2 +- .../HashAlgorithmValueConsumer.qll | 2 +- .../KEMAlgorithmValueConsumer.qll | 2 +- .../KeyExchangeAlgorithmValueConsumer.qll | 2 +- .../PKeyAlgorithmValueConsumer.qll | 2 +- .../PaddingAlgorithmValueConsumer.qll | 2 +- .../SignatureAlgorithmValueConsumer.qll | 2 +- .../experimental/quantum/OpenSSL/AvcFlow.qll | 4 +- .../OpenSSL/Operations/CipherOperation.qll | 18 +- .../Operations/EVPPKeyCtxInitializer.qll | 30 ++-- .../OpenSSL/Operations/HashOperation.qll | 23 +-- .../OpenSSL/Operations/KeyGenOperation.qll | 17 +- .../Operations/OpenSSLOperationBase.qll | 74 +++++--- .../OpenSSL/Operations/SignatureOperation.qll | 165 +++++++++--------- .../library-tests/quantum/openssl_signature.c | 32 ++-- 18 files changed, 205 insertions(+), 185 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/Language.qll b/cpp/ql/lib/experimental/quantum/Language.qll index 8a9fc07fc2d6..faa72f0f50e3 100644 --- a/cpp/ql/lib/experimental/quantum/Language.qll +++ b/cpp/ql/lib/experimental/quantum/Language.qll @@ -14,8 +14,8 @@ module CryptoInput implements InputSig { result = node.asExpr() or result = node.asParameter() or result = node.asVariable() or - result = node.asDefiningArgument() - // TODO: do we need asIndirectExpr()? + result = node.asDefiningArgument() or + result = node.asIndirectExpr() } string locationToFileBaseNameAndLineNumberString(Location location) { @@ -93,7 +93,10 @@ module GenericDataSourceFlow = TaintTracking::Global; diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index d5fe4e383f4d..114dc911ab95 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -15,11 +15,11 @@ abstract class FinalCipherOperationStep extends OperationStep { */ abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep { override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -28,9 +28,9 @@ abstract class EvpCipherOperationFinalStep extends FinalCipherOperationStep { */ abstract class EvpCipherInitializer extends OperationStep { override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() and // Constants that are not equal to zero or // non-constants (e.g., variable accesses, which require data-flow to determine the value) @@ -40,7 +40,7 @@ abstract class EvpCipherInitializer extends OperationStep { } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -127,13 +127,13 @@ class EvpPkeyEncryptDecryptInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -161,7 +161,7 @@ class EvpCipherUpdateCall extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(3) and type = PlaintextIO() } @@ -169,7 +169,7 @@ class EvpCipherUpdateCall extends OperationStep { override DataFlow::Node getOutput(IOType type) { result.asExpr() = this.getArgument(1) and type = CiphertextIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 2761d8d6bc87..72172864892c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -38,7 +38,9 @@ class EvpNewKeyCtx extends OperationStep instanceof Call { type = OsslLibContextIO() } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = ContextIO() } + override DataFlow::Node getOutput(IOType type) { + result.asIndirectExpr() = this and type = ContextIO() + } override OperationStepType getStepType() { result = ContextCreationStep() } } @@ -52,13 +54,13 @@ class EvpCtxSetEcParamgenCurveNidInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -102,7 +104,7 @@ class EvpCtxSetHashInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() and @@ -115,7 +117,7 @@ class EvpCtxSetHashInitializer extends OperationStep { } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -134,13 +136,13 @@ class EvpCtxSetKeySizeInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = KeySizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -150,7 +152,7 @@ class EvpCtxSetMacKeyInitializer extends OperationStep { EvpCtxSetMacKeyInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_mac_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(2) and type = KeySizeIO() or @@ -159,7 +161,7 @@ class EvpCtxSetMacKeyInitializer extends OperationStep { } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -171,13 +173,13 @@ class EvpCtxSetPaddingInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = PaddingAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -189,13 +191,13 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = SaltLengthIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll index 1922f04c3c64..4abf503462dc 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll @@ -25,13 +25,13 @@ class EvpDigestInitVariantCalls extends OperationStep instanceof Call { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } @@ -45,13 +45,13 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call { EvpDigestUpdateCall() { this.getTarget().getName() = "EVP_DigestUpdate" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } @@ -66,15 +66,15 @@ class EvpQDigestOperation extends FinalDigestOperation instanceof Call { EvpQDigestOperation() { this.getTarget().getName() = "EVP_Q_digest" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or result.asDefiningArgument() = this.getArgument(5) and type = DigestIO() @@ -85,7 +85,7 @@ class EvpDigestOperation extends FinalDigestOperation instanceof Call { EvpDigestOperation() { this.getTarget().getName() = "EVP_Digest" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO() + result.asIndirectExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO() or result.asExpr() = this.getArgument(0) and type = PlaintextIO() } @@ -104,14 +104,15 @@ class EvpDigestFinalCall extends FinalDigestOperation instanceof Call { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or result.asDefiningArgument() = this.getArgument(1) and type = DigestIO() + //result.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = this.getArgument(1) } } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 5d0d08899246..6ab2b658e499 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -13,7 +13,7 @@ class ECKeyGen extends OperationStep instanceof Call { ECKeyGen() { this.(Call).getTarget().getName() = "EC_KEY_generate_key" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.(Call).getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.(Call).getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } @@ -33,11 +33,11 @@ class EvpKeyGenInitialize extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -57,13 +57,13 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { EvpPKeyQKeyGen() { this.getTarget().getName() = "EVP_PKEY_Q_keygen" } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or result.asExpr() = this and type = KeyIO() } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or // When arg 3 is a derived type, it is a curve name, otherwise it is a key size for RSA if provided // and arg 2 is the algorithm type @@ -120,7 +120,7 @@ class RsaGenerateKeyEx extends KeyGenFinalOperationStep instanceof Call { override DataFlow::Node getInput(IOType type) { // arg 0 comes in as a blank RSA key, which we consider a context, // on output it is considered a key - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } } @@ -131,13 +131,13 @@ class EvpPkeyGen extends KeyGenFinalOperationStep instanceof Call { EvpPkeyGen() { this.getTarget().getName() in ["EVP_PKEY_generate", "EVP_PKEY_keygen"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { result.asDefiningArgument() = this.getArgument(1) and type = KeyIO() or - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -158,7 +158,6 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } } - /// TODO: https://docs.openssl.org/3.0/man3/EVP_PKEY_new/#synopsis /** * An `KeyGenerationOperationInstance` for the for all key gen final operation steps. diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index 3ebd53dae79c..18f4238a412c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -198,8 +198,7 @@ abstract class OperationStep extends Call { * If `sink` is `this`, then this holds true. */ predicate flowsToOperationStep(OperationStep sink) { - sink = this or - OperationStepFlow::flow(this.getAnOutput(), sink.getAnInput()) + OperationStepFlow::flow(this.getAnOutput(), [sink.getAnInput(), sink.getAnOutput()]) } /** @@ -207,8 +206,7 @@ abstract class OperationStep extends Call { * If `source` is `this`, then this holds true. */ predicate flowsFromOperationStep(OperationStep source) { - source = this or - OperationStepFlow::flow(source.getAnOutput(), this.getAnInput()) + OperationStepFlow::flow(source.getAnOutput(), [this.getAnInput(), this.getAnOutput()]) } /** @@ -226,11 +224,22 @@ abstract class OperationStep extends Call { * the operation allows for multiple inputs (like plaintext for cipher update calls before final). */ OperationStep getDominatingInitializersToStep(IOType type) { - result.flowsToOperationStep(this) and + //exists(IOType sinkInType | + //sinkInType = ContextIO() or sinkInType = type | + result.flowsToOperationStep(this) and //, sinkInType) + //) result.setsValue(type) and ( // Do not consider a 'reset' to occur on updates - result.getStepType() = UpdateStep() + // but only for resets that are part of the same update/finalize + // progression (e.g., an update for an unrelated finalize is ignored) + result.getStepType() = UpdateStep() and + not exists(OperationStep op | + result.flowsToOperationStep(op) and + op.flowsToOperationStep(this) and + op != this and + op.getStepType() = FinalStep() + ) or not exists(OperationStep reset | result != reset and @@ -269,20 +278,22 @@ abstract class OperationStep extends Call { Crypto::AlgorithmValueConsumer getPrimaryAlgorithmValueConsumer() { this instanceof Crypto::AlgorithmValueConsumer and result = this or - exists(DataFlow::Node src, DataFlow::Node sink, IOType t, OperationStep avcConsumingPred | - (t = PrimaryAlgorithmIO() or t = ContextIO() or t = KeyIO()) and + exists( + DataFlow::Node src, DataFlow::Node sink, IOType srcIntype, OperationStep avcConsumingPred + | + (srcIntype = ContextIO() or srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and avcConsumingPred.flowsToOperationStep(this) and - src.asExpr() = result and - sink = avcConsumingPred.getInput(t) and + src.asIndirectExpr() = result and + sink = avcConsumingPred.getInput(srcIntype) and AvcToOperationStepFlow::flow(src, sink) and ( // Case 1: the avcConsumingPred step is a dominating primary algorithm initialization step // or dominating key initialization step - (t = PrimaryAlgorithmIO() or t = KeyIO()) and - avcConsumingPred = this.getDominatingInitializersToStep(t) + (srcIntype = PrimaryAlgorithmIO() or srcIntype = KeyIO()) and + avcConsumingPred = this.getDominatingInitializersToStep(srcIntype) or // Case 2: the pred is a context input - t = ContextIO() + srcIntype = ContextIO() ) ) } @@ -297,7 +308,7 @@ abstract class OperationStep extends Call { or exists(DataFlow::Node src, DataFlow::Node sink | AvcToOperationStepFlow::flow(src, sink) and - src.asExpr() = result and + src.asIndirectExpr() = result and sink = this.getInput(type) ) } @@ -375,7 +386,7 @@ private class CtxCopyOutArgCall extends CtxPassThroughCall { CtxCopyOutArgCall() { this.getTarget().getName().toLowerCase().matches("%copy%") and - n1.asExpr() = this.getAnArgument() and + n1.asIndirectExpr() = this.getAnArgument() and n1.getType() instanceof CtxType and n2.asDefiningArgument() = this.getAnArgument() and n2.getType() instanceof CtxType and @@ -396,13 +407,13 @@ private class CtxCopyReturnCall extends CtxPassThroughCall, CtxPointerExpr { CtxCopyReturnCall() { this.getTarget().getName().toLowerCase().matches("%dup%") and - n1.asExpr() = this.getAnArgument() and + n1.asIndirectExpr() = this.getAnArgument() and n1.getType() instanceof CtxType } override DataFlow::Node getNode1() { result = n1 } - override DataFlow::Node getNode2() { result.asExpr() = this } + override DataFlow::Node getNode2() { result.asIndirectExpr() = this } } // TODO: is this still needed? It appears to be (tests fail without it) but @@ -422,11 +433,7 @@ private class CtxParamGenCall extends CtxPassThroughCall { CtxParamGenCall() { this.getTarget().getName() = "EVP_PKEY_paramgen" and n1.asExpr() = this.getArgument(0) and - ( - n2.asExpr() = this.getArgument(1) - or - n2.asDefiningArgument() = this.getArgument(1) - ) + n2.asDefiningArgument() = this.getArgument(1) } override DataFlow::Node getNode1() { result = n1 } @@ -453,15 +460,28 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { - exists(CtxClearCall c | c.getAnArgument() = node.asExpr()) + exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()]) } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { exists(CtxPassThroughCall c | c.getNode1() = node1 and c.getNode2() = node2) or - // Flow out through all outputs from an operation step if more than one output - // is defined. - exists(OperationStep s | s.getAnInput() = node1 and s.getAnOutput() = node2) + // Flow only through context and key inputs and outputs + // keys and context generally hold unifying context that link multiple steps + exists(OperationStep s, IOType inType, IOType outType | + ( + inType = ContextIO() + or + inType = KeyIO() + ) and + ( + outType = ContextIO() + or + outType = KeyIO() + ) and + s.getInput(inType) = node1 and + s.getOutput(outType) = node2 + ) // TODO: consideration for additional alises defined as follows: // if an output from an operation step itself flows from the output of another operation step // then the source of that flow's outputs (all of them) are potential aliases @@ -481,7 +501,7 @@ module AvcToOperationStepFlowConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { exists(OperationStep s | s.getAnInput() = sink) } predicate isBarrier(DataFlow::Node node) { - exists(CtxClearCall c | c.getAnArgument() = node.asExpr()) + exists(CtxClearCall c | c.getAnArgument() = [node.asExpr(), node.asIndirectExpr()]) } /** diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index ac1947926801..ea3adb5d4f0b 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -37,36 +37,32 @@ class EvpSignatureDigestInitializer extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = OsslLibContextIO() or - result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO() or this.getTarget().getName() = "EVP_DigestSignInit" and - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(5) and + result.asIndirectExpr() = this.getArgument(5) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(6) and + result.asIndirectExpr() = this.getArgument(6) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or // EVP_PKEY_CTX - result.asExpr() = this.getArgument(1) and type = ContextIO() - or - this.getTarget().getName() = "EVP_DigestSignInit_ex" and - result.asExpr() = this.getArgument(6) and - type = ContextIO() + result.asDefiningArgument() = this.getArgument(1) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -79,13 +75,13 @@ class EvpSignInit extends OperationStep { EvpSignInit() { this.getTarget().getName() in ["EVP_SignInit", "EVP_SignInit_ex"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -107,22 +103,22 @@ class EvpPkeySignInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() in ["EVP_PKEY_sign_init_ex2", "EVP_PKEY_sign_message_init"] and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() or this.getTarget().getName() = "EVP_PKEY_sign_init_ex" and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO() or // Argument 2 (0 based) only exists for EVP_PKEY_sign_init_ex2 and EVP_PKEY_sign_message_init - result.asExpr() = this.getArgument(2) and type = OsslParamIO() + result.asIndirectExpr() = this.getArgument(2) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -139,13 +135,13 @@ class EvpSignatureUpdateCall extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } @@ -158,19 +154,21 @@ class EvpSignFinal extends SignatureFinalOperation { EvpSignFinal() { this.getTarget().getName() in ["EVP_SignFinal_ex", "EVP_SignFinal"] } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() or // params above 3 (0-based) only exist for EVP_SignFinal_ex - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = OsslLibContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + or + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(2) and type = SignatureSizeIO() } } @@ -181,15 +179,15 @@ class EvpPkeySign extends SignatureFinalOperation { EvpPkeySign() { this.getTarget().getName() = "EVP_PKEY_sign" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() } } @@ -201,15 +199,15 @@ class EvpDigestSign extends SignatureOrMacFinalOperation { EvpDigestSign() { this.getTarget().getName() = "EVP_DigestSign" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() } } @@ -220,13 +218,15 @@ class EvpPkeySignFinal extends SignatureFinalOperation { EvpPkeySignFinal() { this.getTarget().getName() = "EVP_PKEY_sign_message_final" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() } } @@ -238,13 +238,13 @@ class EvpDigestSignFinal extends SignatureOrMacFinalOperation { EvpDigestSignFinal() { this.getTarget().getName() = "EVP_DigestSignFinal" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asDefiningArgument() = this.getArgument(1) and type = SignatureIO() } override OperationStepType getStepType() { result = FinalStep() } @@ -259,31 +259,31 @@ class EvpDigestVerifyInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(2) and type = HashAlgorithmIO() + result.asIndirectExpr() = this.getArgument(2) and type = HashAlgorithmIO() or this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = OsslLibContextIO() or this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and - result.asExpr() = this.getArgument(5) and + result.asIndirectExpr() = this.getArgument(5) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestVerifyInit" and - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = KeyIO() or this.getTarget().getName() = "EVP_DigestVerifyInit_ex" and - result.asExpr() = this.getArgument(6) and + result.asIndirectExpr() = this.getArgument(6) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(1) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -296,13 +296,13 @@ class EvpDigestVerifyUpdate extends OperationStep { EvpDigestVerifyUpdate() { this.getTarget().getName() = "EVP_DigestVerifyUpdate" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } @@ -315,13 +315,13 @@ class EvpDigestVerifyFinal extends SignatureFinalOperation { EvpDigestVerifyFinal() { this.getTarget().getName() = "EVP_DigestVerifyFinal" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -332,15 +332,15 @@ class EvpDigestVerify extends SignatureFinalOperation { EvpDigestVerify() { this.getTarget().getName() = "EVP_DigestVerify" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -358,23 +358,23 @@ class EvpVerifyInit extends OperationStep { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() = "EVP_PKEY_verify_init_ex" and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO() or this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = PrimaryAlgorithmIO() or this.getTarget().getName() in ["EVP_PKEY_verify_init_ex2", "EVP_PKEY_verify_message_init"] and - result.asExpr() = this.getArgument(2) and + result.asIndirectExpr() = this.getArgument(2) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -388,15 +388,15 @@ class EvpCtxSetSignatureInitializer extends OperationStep { EvpCtxSetSignatureInitializer() { this.getTarget().getName() = "EVP_PKEY_CTX_set_signature" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() or result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = InitializerStep() } @@ -409,15 +409,15 @@ class EvpVerifyMessageUpdate extends OperationStep { EvpVerifyMessageUpdate() { this.getTarget().getName() = "EVP_PKEY_verify_message_update" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() or result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } override OperationStepType getStepType() { result = UpdateStep() } @@ -430,11 +430,11 @@ class EvpVerifyMessageFinal extends SignatureFinalOperation { EvpVerifyMessageFinal() { this.getTarget().getName() = "EVP_PKEY_verify_message_final" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -445,19 +445,19 @@ class EvpVerify extends SignatureFinalOperation { EvpVerify() { this.getTarget().getName() = "EVP_PKEY_verify" } override DataFlow::Node getInput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = SignatureIO() + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() or result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() or result.asExpr() = this.getArgument(4) and type = PlaintextSizeIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } } @@ -469,25 +469,26 @@ class RsaSign extends SignatureFinalOperation { RsaSign() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] } override DataFlow::Node getInput(IOType type) { + // Arg 0 is an NID (so asExpr not asIndirectExpr) result.asExpr() = this.getArgument(0) and type = HashAlgorithmIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() or result.asExpr() = this.getArgument(2) and type = PlaintextSizeIO() or this.getTarget().getName() = "RSA_verify" and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = SignatureIO() or this.getTarget().getName() = "RSA_verify" and - result.asExpr() = this.getArgument(4) and + result.asIndirectExpr() = this.getArgument(4) and type = SignatureSizeIO() or - result.asExpr() = this.getArgument(5) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(5) and type = KeyIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(0) and type = ContextIO() + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or this.getTarget().getName() = "RSA_sign" and result.asDefiningArgument() = this.getArgument(3) and diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c index c3fd6dd14e67..4aec1ae90fe3 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c @@ -363,10 +363,10 @@ int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t me return ret; } -/* ============================================================================= - * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated) - * ============================================================================= - */ +// /* ============================================================================= +// * LOW-LEVEL RSA API - Algorithm-specific functions (deprecated) +// * ============================================================================= +// */ /** * Sign using low-level RSA_sign API (deprecated, RSA-only) @@ -375,17 +375,13 @@ int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t me int sign_using_rsa_sign(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, RSA *rsa_key, int hash_nid, const EVP_MD *md) { - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; int ret = 0; - if (!create_digest(message, message_len, md, digest, &digest_len)) return 0; - *signature_len = RSA_size(rsa_key); *signature = OPENSSL_malloc(*signature_len); if (!*signature) return 0; - - if (RSA_sign(hash_nid, digest, digest_len, *signature, + + if (RSA_sign(hash_nid, message, message_len, *signature, (unsigned int*)signature_len, rsa_key) == 1) { ret = 1; } else { @@ -403,19 +399,15 @@ int sign_using_rsa_sign(const unsigned char *message, size_t message_len, int verify_using_rsa_verify(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, RSA *rsa_key, int hash_nid, const EVP_MD *md) { - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; - - if (!create_digest(message, message_len, md, digest, &digest_len)) return 0; - - return RSA_verify(hash_nid, digest, digest_len, signature, + + return RSA_verify(hash_nid, message, message_len, signature, (unsigned int)signature_len, rsa_key); } -/* ============================================================================= - * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated) - * ============================================================================= - */ +// /* ============================================================================= +// * LOW-LEVEL DSA API - Algorithm-specific functions (deprecated) +// * ============================================================================= +// */ /** * Sign using low-level DSA_do_sign API (deprecated, DSA-only) From 48dc280e6cebc2b06e46fc7247b5cc79684fcb20 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 26 Aug 2025 08:51:52 -0400 Subject: [PATCH 015/307] Crypto: Fix issue with OAEP padding edges regressing. --- .../HashAlgorithmValueConsumer.qll | 11 ++++++----- .../OpenSSL/Operations/EVPPKeyCtxInitializer.qll | 15 +++++++++------ 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll index e1462b04b175..c79547e587dd 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/HashAlgorithmValueConsumer.qll @@ -13,7 +13,7 @@ class Evp_Q_Digest_Algorithm_Consumer extends HashAlgorithmValueConsumer { Evp_Q_Digest_Algorithm_Consumer() { this.(Call).getTarget().getName() = "EVP_Q_digest" } override Crypto::ConsumerInputDataFlowNode getInputNode() { - result.asExpr() = this.(Call).getArgument(1) + result.asIndirectExpr() = this.(Call).getArgument(1) } override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { @@ -42,7 +42,7 @@ class EvpPkeySetCtxALgorithmConsumer extends HashAlgorithmValueConsumer { "EVP_PKEY_CTX_set_rsa_mgf1_md_name", "EVP_PKEY_CTX_set_rsa_oaep_md_name", "EVP_PKEY_CTX_set_dsa_paramgen_md_props" ] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) } override DataFlow::Node getResultNode() { none() } @@ -69,13 +69,13 @@ class EvpDigestAlgorithmValueConsumer extends HashAlgorithmValueConsumer { this.(Call).getTarget().getName() in [ "EVP_get_digestbyname", "EVP_get_digestbynid", "EVP_get_digestbyobj" ] and - valueArgNode.asExpr() = this.(Call).getArgument(0) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() = "EVP_MD_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) or this.(Call).getTarget().getName() = "EVP_DigestSignInit_ex" and - valueArgNode.asExpr() = this.(Call).getArgument(2) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(2) ) } @@ -93,6 +93,7 @@ class RsaSignOrVerifyHashAlgorithmValueConsumer extends HashAlgorithmValueConsum RsaSignOrVerifyHashAlgorithmValueConsumer() { this.(Call).getTarget().getName() in ["RSA_sign", "RSA_verify"] and + // arg 0 is an int, use asExpr valueArgNode.asExpr() = this.(Call).getArgument(0) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 72172864892c..3d9bf04fc907 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -106,14 +106,14 @@ class EvpCtxSetHashInitializer extends OperationStep { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO() and isOaep = false and isMgf1 = false or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmOaepIO() and isOaep = true or - result.asExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmMgf1IO() and isMgf1 = true } override DataFlow::Node getOutput(IOType type) { @@ -157,7 +157,7 @@ class EvpCtxSetMacKeyInitializer extends OperationStep { result.asExpr() = this.getArgument(2) and type = KeySizeIO() or // the raw key that is configured into the output key - result.asExpr() = this.getArgument(1) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(1) and type = KeyIO() } override DataFlow::Node getOutput(IOType type) { @@ -175,6 +175,7 @@ class EvpCtxSetPaddingInitializer extends OperationStep { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or + // The algorithm is an int: use asExpr result.asExpr() = this.getArgument(1) and type = PaddingAlgorithmIO() } @@ -211,11 +212,13 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep { class EvpPkeyGet1RsaOrDsa extends OperationStep { EvpPkeyGet1RsaOrDsa() { this.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asIndirectExpr() = this and type = KeyIO() + } override DataFlow::Node getInput(IOType type) { // Key being loaded or created from another location - result.asExpr() = this.getArgument(0) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(0) and type = KeyIO() } /** From 422352c63208877ce12dc72ed4bc490cb25a1e8c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 26 Aug 2025 11:49:26 -0400 Subject: [PATCH 016/307] Crypto: Continued refactoring of operation steps and bug fixes. --- .../AlgorithmInstances/AlgToAVCFlow.qll | 8 +++-- .../BlockAlgorithmInstance.qll | 3 +- .../CipherAlgorithmInstance.qll | 3 +- .../EllipticCurveAlgorithmInstance.qll | 3 +- .../HashAlgorithmInstance.qll | 3 +- .../KeyAgreementAlgorithmInstance.qll | 3 +- .../KnownAlgorithmConstants.qll | 4 +++ .../MACAlgorithmInstance.qll | 3 +- .../PaddingAlgorithmInstance.qll | 6 ++-- .../SignatureAlgorithmInstance.qll | 3 +- .../CipherAlgorithmValueConsumer.qll | 10 +++--- .../EllipticCurveAlgorithmValueConsumer.qll | 7 +++- .../KEMAlgorithmValueConsumer.qll | 2 +- .../KeyExchangeAlgorithmValueConsumer.qll | 2 +- .../PKeyAlgorithmValueConsumer.qll | 8 +++-- .../PaddingAlgorithmValueConsumer.qll | 1 + .../SignatureAlgorithmValueConsumer.qll | 2 +- .../experimental/quantum/OpenSSL/OpenSSL.qll | 1 + .../Operations/EVPPKeyCtxInitializer.qll | 29 ++------------- .../Operations/OpenSSLOperationBase.qll | 11 +++--- .../OpenSSL/Operations/SignatureOperation.qll | 35 +++++++++++++++++-- 21 files changed, 91 insertions(+), 56 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll index c2660c9770ec..e976b671d194 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll @@ -14,9 +14,13 @@ private import PaddingAlgorithmInstance */ module KnownOpenSslAlgorithmToAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { - source.asExpr() instanceof KnownOpenSslAlgorithmExpr and + ( + source.asExpr() instanceof KnownOpenSslAlgorithmExpr or + source.asIndirectExpr() instanceof KnownOpenSslAlgorithmExpr + ) and // No need to flow direct operations to AVCs - not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall + not source.asExpr() instanceof OpenSslDirectAlgorithmOperationCall and + not source.asIndirectExpr() instanceof OpenSslDirectAlgorithmOperationCall } predicate isSink(DataFlow::Node sink) { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll index 4bd4b4497660..a0cbad2c57d5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/BlockAlgorithmInstance.qll @@ -53,7 +53,8 @@ class KnownOpenSslBlockModeConstantAlgorithmInstance extends OpenSslAlgorithmIns // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index e78b09dee7a5..94251c39b566 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -77,7 +77,8 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll index 82a2b1357f27..ef7186d07a0e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/EllipticCurveAlgorithmInstance.qll @@ -21,7 +21,8 @@ class KnownOpenSslEllipticCurveConstantAlgorithmInstance extends OpenSslAlgorith // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll index 2be84b68f616..55b2dcd7af4c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/HashAlgorithmInstance.qll @@ -59,7 +59,8 @@ class KnownOpenSslHashConstantAlgorithmInstance extends OpenSslAlgorithmInstance // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll index 1addda3a9eff..542c56666d98 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KeyAgreementAlgorithmInstance.qll @@ -37,7 +37,8 @@ class KnownOpenSslKeyAgreementConstantAlgorithmInstance extends OpenSslAlgorithm // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll index 06bbee745445..40176900da49 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll @@ -177,6 +177,10 @@ predicate knownOpenSslAlgorithmOperationCall(Call c, string normalized, string a ] and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" + or + c.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] and + normalized = "DSA" and + algType = "SIGNATURE" } /** diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll index b6d6112e1c6c..5590f74082cb 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/MACAlgorithmInstance.qll @@ -22,7 +22,8 @@ class KnownOpenSslMacConstantAlgorithmInstance extends OpenSslAlgorithmInstance, // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll index c9d2c7a21b6b..3a3b2d66c28c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/PaddingAlgorithmInstance.qll @@ -64,7 +64,8 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) and isPaddingSpecificConsumer = false @@ -82,7 +83,8 @@ class KnownOpenSslPaddingConstantAlgorithmInstance extends OpenSslAlgorithmInsta // Sink is an argument to a CipherGetterCall sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a padding-specific consumer RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow::flow(src, sink) ) and diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll index cc2e5771ffc8..dda7aea22dcd 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/SignatureAlgorithmInstance.qll @@ -47,7 +47,8 @@ class KnownOpenSslSignatureConstantAlgorithmInstance extends OpenSslAlgorithmIns // Sink is an argument to a signature getter call sink = getterCall.getInputNode() and // Source is `this` - src.asExpr() = this and + // NOTE: src literals can be ints or strings, so need to consider asExpr and asIndirectExpr + this = [src.asExpr(), src.asIndirectExpr()] and // This traces to a getter KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow::flow(src, sink) ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll index 60562679a72a..a2de555d7f46 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/CipherAlgorithmValueConsumer.qll @@ -14,13 +14,15 @@ class EvpCipherAlgorithmValueConsumer extends CipherAlgorithmValueConsumer { EvpCipherAlgorithmValueConsumer() { resultNode.asIndirectExpr() = this and ( - this.(Call).getTarget().getName() in [ - "EVP_get_cipherbyname", "EVP_get_cipherbyobj", "EVP_get_cipherbynid" - ] and + this.(Call).getTarget().getName() in ["EVP_get_cipherbyname", "EVP_get_cipherbyobj"] and + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) + or + this.(Call).getTarget().getName() = "EVP_get_cipherbynid" and + // algorithm is an NID (int), use asExpr() valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in ["EVP_CIPHER_fetch", "EVP_ASYM_CIPHER_fetch"] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll index adf99e87a31a..94272f8abcc4 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/EllipticCurveAlgorithmValueConsumer.qll @@ -14,12 +14,17 @@ class EvpEllipticCurveAlgorithmConsumer extends EllipticCurveValueConsumer { EvpEllipticCurveAlgorithmConsumer() { resultNode.asIndirectExpr() = this.(Call) and // in all cases the result is the return ( - this.(Call).getTarget().getName() in ["EVP_EC_gen", "EC_KEY_new_by_curve_name"] and + this.(Call).getTarget().getName() = "EVP_EC_gen" and + valueArgNode.asIndirectExpr() = this.(Call).getArgument(0) + or + this.(Call).getTarget().getName() = "EC_KEY_new_by_curve_name" and + // algorithm is an NID (int), use asExpr() valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in [ "EC_KEY_new_by_curve_name_ex", "EVP_PKEY_CTX_set_ec_paramgen_curve_nid" ] and + // algorithm is an NID (int), use asExpr valueArgNode.asExpr() = this.(Call).getArgument(2) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll index 07ea1114a936..918dc57ff97a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KEMAlgorithmValueConsumer.qll @@ -14,7 +14,7 @@ class EvpKemAlgorithmValueConsumer extends KemAlgorithmValueConsumer { resultNode.asIndirectExpr() = this and ( this.(Call).getTarget().getName() = "EVP_KEM_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll index b1192e475f2f..b4634b625f90 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/KeyExchangeAlgorithmValueConsumer.qll @@ -14,7 +14,7 @@ class EvpKeyExchangeAlgorithmValueConsumer extends KeyExchangeAlgorithmValueCons resultNode.asIndirectExpr() = this and ( this.(Call).getTarget().getName() = "EVP_KEYEXCH_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll index 94b639cf45b5..ba5cb8146ad5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PKeyAlgorithmValueConsumer.qll @@ -19,6 +19,7 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { "EVP_PKEY_CTX_new_id", "EVP_PKEY_new_raw_private_key", "EVP_PKEY_new_raw_public_key", "EVP_PKEY_new_mac_key" ] and + // Algorithm is an int, use asExpr valueArgNode.asExpr() = this.(Call).getArgument(0) or this.(Call).getTarget().getName() in [ @@ -26,7 +27,8 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { "EVP_PKEY_new_raw_public_key_ex", "EVP_PKEY_CTX_ctrl", "EVP_PKEY_CTX_ctrl_uint64", "EVP_PKEY_CTX_ctrl_str", "EVP_PKEY_CTX_set_group_name" ] and - valueArgNode.asExpr() = this.(Call).getArgument(1) + // AAlgorithm is a char*, use asIndirectExpr + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) or // argInd 2 is 'type' which can be RSA, or EC // if RSA argInd 3 is the key size, else if EC argInd 3 is the curve name @@ -38,10 +40,10 @@ class EvpPKeyAlgorithmConsumer extends PKeyValueConsumer { // Elliptic curve case // If the argInd 3 is a derived type (pointer or array) then assume it is a curve name if this.(Call).getArgument(3).getType().getUnderlyingType() instanceof DerivedType - then valueArgNode.asExpr() = this.(Call).getArgument(3) + then valueArgNode.asIndirectExpr() = this.(Call).getArgument(3) else // All other cases - valueArgNode.asExpr() = this.(Call).getArgument(2) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(2) ) ) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll index b9d4473d911e..e279f7f1e091 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/PaddingAlgorithmValueConsumer.qll @@ -16,6 +16,7 @@ class Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer extends PaddingAlgorit Evp_PKey_Ctx_set_rsa_padding_AlgorithmValueConsumer() { resultNode.asDefiningArgument() = this.(Call).getArgument(0) and this.(Call).getTarget().getName() = "EVP_PKEY_CTX_set_rsa_padding" and + // algorithm is an int, use asExpr valueArgNode.asExpr() = this.(Call).getArgument(1) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll index ad7f32192532..bcc596bb1ee6 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmValueConsumers/SignatureAlgorithmValueConsumer.qll @@ -16,7 +16,7 @@ class EvpSignatureAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer ( // EVP_SIGNATURE this.(Call).getTarget().getName() = "EVP_SIGNATURE_fetch" and - valueArgNode.asExpr() = this.(Call).getArgument(1) + valueArgNode.asIndirectExpr() = this.(Call).getArgument(1) // EVP_PKEY_get1_DSA, EVP_PKEY_get1_RSA // DSA_SIG_new, DSA_SIG_get0 ? ) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll index 706cac65f8c4..2b3266902250 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/OpenSSL.qll @@ -4,4 +4,5 @@ module OpenSslModel { import Operations.OpenSSLOperations import Random import GenericSourceCandidateLiteral + import ArtifactPassthrough } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll index 3d9bf04fc907..32823cada5a2 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/EVPPKeyCtxInitializer.qll @@ -31,10 +31,10 @@ class EvpNewKeyCtx extends OperationStep instanceof Call { } override DataFlow::Node getInput(IOType type) { - result.asExpr() = keyArg and type = KeyIO() + result.asIndirectExpr() = keyArg and type = KeyIO() or this.getTarget().getName() = "EVP_PKEY_CTX_new_from_pkey" and - result.asExpr() = this.getArgument(0) and + result.asIndirectExpr() = this.getArgument(0) and type = OsslLibContextIO() } @@ -203,28 +203,3 @@ class EvpCtxSetSaltLengthInitializer extends OperationStep { override OperationStepType getStepType() { result = InitializerStep() } } - -/** - * A call to `EVP_PKEY_get1_RSA` or `EVP_PKEY_get1_DSA` - * - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); - * - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); - */ -class EvpPkeyGet1RsaOrDsa extends OperationStep { - EvpPkeyGet1RsaOrDsa() { this.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] } - - override DataFlow::Node getOutput(IOType type) { - result.asIndirectExpr() = this and type = KeyIO() - } - - override DataFlow::Node getInput(IOType type) { - // Key being loaded or created from another location - result.asIndirectExpr() = this.getArgument(0) and type = KeyIO() - } - - /** - * Consider this to be an intialization step. A key is accepted and a different key is produced. - * It doesn't create a new context or new key. It isn't quite an initialiation for an operaiton - * either. - */ - override OperationStepType getStepType() { result = InitializerStep() } -} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index 18f4238a412c..2324b1fa9539 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -224,10 +224,7 @@ abstract class OperationStep extends Call { * the operation allows for multiple inputs (like plaintext for cipher update calls before final). */ OperationStep getDominatingInitializersToStep(IOType type) { - //exists(IOType sinkInType | - //sinkInType = ContextIO() or sinkInType = type | - result.flowsToOperationStep(this) and //, sinkInType) - //) + (result.flowsToOperationStep(this) or result = this) and result.setsValue(type) and ( // Do not consider a 'reset' to occur on updates @@ -432,7 +429,9 @@ private class CtxParamGenCall extends CtxPassThroughCall { CtxParamGenCall() { this.getTarget().getName() = "EVP_PKEY_paramgen" and - n1.asExpr() = this.getArgument(0) and + //Arg 0 is *ctx + n1.asIndirectExpr() = this.getArgument(0) and + //Arg 1 is **pkey n2.asDefiningArgument() = this.getArgument(1) } @@ -464,6 +463,8 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig { } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + node1.(AdditionalFlowInputStep).getOutput() = node2 + or exists(CtxPassThroughCall c | c.getNode1() = node1 and c.getNode2() = node2) or // Flow only through context and key inputs and outputs diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index ea3adb5d4f0b..310777bbb6e4 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -465,8 +465,8 @@ class EvpVerify extends SignatureFinalOperation { * A call to `RSA_sign` or `RSA_verify`. * https://docs.openssl.org/3.0/man3/RSA_sign/ */ -class RsaSign extends SignatureFinalOperation { - RsaSign() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] } +class RsaSignorVerify extends SignatureFinalOperation { + RsaSignorVerify() { this.getTarget().getName() in ["RSA_sign", "RSA_verify"] } override DataFlow::Node getInput(IOType type) { // Arg 0 is an NID (so asExpr not asIndirectExpr) @@ -500,6 +500,37 @@ class RsaSign extends SignatureFinalOperation { } } +/** + * A call to `DSA_do_sign` or `DSA_do_verify` + */ +class DSADoSignOrVerify extends SignatureFinalOperation { + DSADoSignOrVerify() { this.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO() + or + result.asExpr() = this.getArgument(1) and type = PlaintextSizeIO() + or + this.getTarget().getName() = "DSA_do_sign" and + result.asIndirectExpr() = this.getArgument(2) and + type = KeyIO() + or + this.getTarget().getName() = "DSA_do_verify" and + result.asIndirectExpr() = this.getArgument(2) and + type = SignatureIO() + or + this.getTarget().getName() = "DSA_do_verify" and + result.asIndirectExpr() = this.getArgument(3) and + type = KeyIO() + } + + override DataFlow::Node getOutput(IOType type) { + this.getTarget().getName() = "DSA_do_sign" and + result.asIndirectExpr() = this and + type = SignatureIO() + } +} + /** * An instance of a signature operation. * This is an OpenSSL specific class that extends the base SignatureOperationInstance. From 938b47c2ad7a4744039c7882b4f268ba424620c3 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 26 Aug 2025 16:07:04 -0400 Subject: [PATCH 017/307] Crypto: Debug missing hashes associated with HMAC. EVP_PKEY_get1_RSA is now just a passthrough, it is not a known implicit operation call. Some final operations generating null outputs are now removed from possible final operartions (typically used to determine buffer lenghth and not actually performing the operation). Misc. false positive/error fixes and code clean up, and added missing models. --- .../KnownAlgorithmConstants.qll | 3 +- .../OpenSSL/Operations/CipherOperation.qll | 36 ++- .../OpenSSL/Operations/HashOperation.qll | 6 +- .../OpenSSL/Operations/KeyGenOperation.qll | 26 +- .../Operations/OpenSSLOperationBase.qll | 23 +- .../OpenSSL/Operations/SignatureOperation.qll | 110 ++++++- .../library-tests/quantum/node_edges.expected | 282 +++++++++--------- .../quantum/node_properties.expected | 179 ++++++----- .../library-tests/quantum/nodes.expected | 148 ++++----- .../library-tests/quantum/openssl_signature.c | 9 +- 10 files changed, 467 insertions(+), 355 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll index 40176900da49..dcc7ad08ae5a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/KnownAlgorithmConstants.qll @@ -172,8 +172,7 @@ class KnownOpenSslKeyAgreementAlgorithmExpr extends Expr instanceof KnownOpenSsl predicate knownOpenSslAlgorithmOperationCall(Call c, string normalized, string algType) { c.getTarget().getName() in [ - "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify", - "EVP_PKEY_get1_RSA" + "EVP_RSA_gen", "RSA_generate_key_ex", "RSA_generate_key", "RSA_new", "RSA_sign", "RSA_verify" ] and normalized = "RSA" and algType = "ASYMMETRIC_ENCRYPTION" diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll index 114dc911ab95..13d6a4ae4574 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/CipherOperation.qll @@ -36,7 +36,11 @@ abstract class EvpCipherInitializer extends OperationStep { // non-constants (e.g., variable accesses, which require data-flow to determine the value) // A zero (null) value typically indicates use of this operation step to initialize // other out parameters in a multi-step initialization. - (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0) + ( + exists(result.asIndirectExpr().getValue()) + implies + result.asIndirectExpr().getValue().toInt() != 0 + ) } override DataFlow::Node getOutput(IOType type) { @@ -58,11 +62,15 @@ abstract class EvpEXInitializer extends EvpCipherInitializer { // non-constants (e.g., variable accesses, which require data-flow to determine the value) // A zero (null) value typically indicates use of this operation step to initialize // other out parameters in a multi-step initialization. - result.asExpr() = this.getArgument(3) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() or - result.asExpr() = this.getArgument(4) and type = IVorNonceIO() + result.asIndirectExpr() = this.getArgument(4) and type = IVorNonceIO() ) and - (exists(result.asExpr().getValue()) implies result.asExpr().getValue().toInt() != 0) + ( + exists(result.asIndirectExpr().getValue()) + implies + result.asIndirectExpr().getValue().toInt() != 0 + ) } } @@ -73,9 +81,9 @@ abstract class EvpEX2Initializer extends EvpCipherInitializer { override DataFlow::Node getInput(IOType type) { result = super.getInput(type) or - result.asExpr() = this.getArgument(2) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(2) and type = KeyIO() or - result.asExpr() = this.getArgument(3) and type = IVorNonceIO() + result.asIndirectExpr() = this.getArgument(3) and type = IVorNonceIO() } } @@ -110,6 +118,7 @@ class Evp_Cipher_EX2_or_Simple_Init_Call extends EvpEX2Initializer { result = super.getInput(type) or this.getTarget().getName().toLowerCase().matches("%cipherinit%") and + // the key op subtype is an int, use asExpr result.asExpr() = this.getArgument(4) and type = KeyOperationSubtypeIO() } @@ -129,7 +138,7 @@ class EvpPkeyEncryptDecryptInit extends OperationStep { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = OsslParamIO() + result.asIndirectExpr() = this.getArgument(1) and type = OsslParamIO() } override DataFlow::Node getOutput(IOType type) { @@ -145,6 +154,7 @@ class EvpCipherInitSKeyCall extends EvpEX2Initializer { override DataFlow::Node getInput(IOType type) { result = super.getInput(type) or + // the key op subtype is an int, use asExpr result.asExpr() = this.getArgument(5) and type = KeyOperationSubtypeIO() } @@ -163,11 +173,11 @@ class EvpCipherUpdateCall extends OperationStep { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO() or result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() } @@ -184,13 +194,13 @@ class EvpCipherCall extends EvpCipherOperationFinalStep { override DataFlow::Node getInput(IOType type) { super.getInput(type) = result or - result.asExpr() = this.getArgument(2) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(2) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and type = CiphertextIO() + result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO() } } @@ -234,13 +244,13 @@ class EvpPKeyCipherOperation extends EvpCipherOperationFinalStep { override DataFlow::Node getInput(IOType type) { super.getInput(type) = result or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { super.getOutput(type) = result or - result.asExpr() = this.getArgument(1) and + result.asDefiningArgument() = this.getArgument(1) and type = CiphertextIO() and this.getStepType() = FinalStep() // TODO: could indicate text lengths here, as well diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll index 4abf503462dc..5b15dc6d76a3 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/HashOperation.qll @@ -47,7 +47,7 @@ class EvpDigestUpdateCall extends OperationStep instanceof Call { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(1) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { @@ -70,7 +70,7 @@ class EvpQDigestOperation extends FinalDigestOperation instanceof Call { or result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this.getArgument(3) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(3) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { @@ -87,7 +87,7 @@ class EvpDigestOperation extends FinalDigestOperation instanceof Call { override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(4) and type = PrimaryAlgorithmIO() or - result.asExpr() = this.getArgument(0) and type = PlaintextIO() + result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO() } override DataFlow::Node getOutput(IOType type) { diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll index 6ab2b658e499..e19d65c65aeb 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/KeyGenOperation.qll @@ -16,7 +16,9 @@ class ECKeyGen extends OperationStep instanceof Call { result.asIndirectExpr() = this.(Call).getArgument(0) and type = ContextIO() } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override OperationStepType getStepType() { result = ContextCreationStep() } } @@ -59,7 +61,7 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { override DataFlow::Node getOutput(IOType type) { result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() or - result.asExpr() = this and type = KeyIO() + result.asDefiningArgument() = this and type = KeyIO() } override DataFlow::Node getInput(IOType type) { @@ -68,15 +70,15 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { // When arg 3 is a derived type, it is a curve name, otherwise it is a key size for RSA if provided // and arg 2 is the algorithm type this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = PrimaryAlgorithmIO() or not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(2) and + result.asIndirectExpr() = this.getArgument(2) and type = PrimaryAlgorithmIO() or not this.getArgument(3).getType().getUnderlyingType() instanceof DerivedType and - result.asExpr() = this.getArgument(3) and + result.asIndirectExpr() = this.getArgument(3) and type = KeySizeIO() } } @@ -87,7 +89,9 @@ class EvpPKeyQKeyGen extends KeyGenFinalOperationStep instanceof Call { class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call { EvpRsaGen() { this.getTarget().getName() = "EVP_RSA_gen" } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = KeySizeIO() @@ -100,7 +104,9 @@ class EvpRsaGen extends KeyGenFinalOperationStep instanceof Call { class RsaGenerateKey extends KeyGenFinalOperationStep instanceof Call { RsaGenerateKey() { this.getTarget().getName() = "RSA_generate_key" } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this and type = KeyIO() + } override DataFlow::Node getInput(IOType type) { result.asExpr() = this.getArgument(0) and type = KeySizeIO() @@ -150,12 +156,14 @@ class EvpNewMacKey extends KeyGenFinalOperationStep { override DataFlow::Node getInput(IOType type) { // the raw key that is configured into the output key - result.asExpr() = this.getArgument(2) and type = KeyIO() + result.asIndirectExpr() = this.getArgument(2) and type = KeyIO() or result.asExpr() = this.getArgument(3) and type = KeySizeIO() } - override DataFlow::Node getOutput(IOType type) { result.asExpr() = this and type = KeyIO() } + override DataFlow::Node getOutput(IOType type) { + result.asIndirectExpr() = this and type = KeyIO() + } } /// TODO: https://docs.openssl.org/3.0/man3/EVP_PKEY_new/#synopsis diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index 2324b1fa9539..9462d597d6ea 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -198,7 +198,8 @@ abstract class OperationStep extends Call { * If `sink` is `this`, then this holds true. */ predicate flowsToOperationStep(OperationStep sink) { - OperationStepFlow::flow(this.getAnOutput(), [sink.getAnInput(), sink.getAnOutput()]) + sink = this or + OperationStepCtxFlow::flow(this.getAnOutput(), [sink.getAnInput(), sink.getAnOutput()]) } /** @@ -206,7 +207,8 @@ abstract class OperationStep extends Call { * If `source` is `this`, then this holds true. */ predicate flowsFromOperationStep(OperationStep source) { - OperationStepFlow::flow(source.getAnOutput(), [this.getAnInput(), this.getAnOutput()]) + source = this or + OperationStepCtxFlow::flow(source.getAnOutput(), [this.getAnInput(), this.getAnOutput()]) } /** @@ -224,22 +226,17 @@ abstract class OperationStep extends Call { * the operation allows for multiple inputs (like plaintext for cipher update calls before final). */ OperationStep getDominatingInitializersToStep(IOType type) { - (result.flowsToOperationStep(this) or result = this) and + result.flowsToOperationStep(this) and result.setsValue(type) and ( // Do not consider a 'reset' to occur on updates // but only for resets that are part of the same update/finalize // progression (e.g., an update for an unrelated finalize is ignored) - result.getStepType() = UpdateStep() and - not exists(OperationStep op | - result.flowsToOperationStep(op) and - op.flowsToOperationStep(this) and - op != this and - op.getStepType() = FinalStep() - ) + result.getStepType() = UpdateStep() or not exists(OperationStep reset | result != reset and + result != this and reset.setsValue(type) and reset.flowsToOperationStep(this) and result.flowsToOperationStep(reset) @@ -443,7 +440,7 @@ private class CtxParamGenCall extends CtxPassThroughCall { /** * A flow configuration from any non-final `OperationStep` to any other `OperationStep`. */ -module OperationStepFlowConfig implements DataFlow::ConfigSig { +module OperationStepCtxFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { exists(OperationStep s | s.getAnOutput() = source or @@ -469,7 +466,9 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig { or // Flow only through context and key inputs and outputs // keys and context generally hold unifying context that link multiple steps + // Flow only out of finalize operations through key outputs, otherwise stop at final operations exists(OperationStep s, IOType inType, IOType outType | + (s.getStepType() = FinalStep() implies outType = KeyIO()) and ( inType = ContextIO() or @@ -489,7 +488,7 @@ module OperationStepFlowConfig implements DataFlow::ConfigSig { } } -module OperationStepFlow = DataFlow::Global; +module OperationStepCtxFlow = DataFlow::Global; /** * A flow from AVC to the first `OperationStep` the AVC reaches as an input. diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index 310777bbb6e4..80c9b3114e3c 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -176,7 +176,17 @@ class EvpSignFinal extends SignatureFinalOperation { * A call to EVP_PKEY_sign. */ class EvpPkeySign extends SignatureFinalOperation { - EvpPkeySign() { this.getTarget().getName() = "EVP_PKEY_sign" } + EvpPkeySign() { + this.getTarget().getName() = "EVP_PKEY_sign" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() @@ -215,7 +225,17 @@ class EvpDigestSign extends SignatureOrMacFinalOperation { * A call to EVP_PKEY_sign_message_final. */ class EvpPkeySignFinal extends SignatureFinalOperation { - EvpPkeySignFinal() { this.getTarget().getName() = "EVP_PKEY_sign_message_final" } + EvpPkeySignFinal() { + this.getTarget().getName() = "EVP_PKEY_sign_message_final" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() @@ -235,7 +255,17 @@ class EvpPkeySignFinal extends SignatureFinalOperation { * This is a mac or sign operation. */ class EvpDigestSignFinal extends SignatureOrMacFinalOperation { - EvpDigestSignFinal() { this.getTarget().getName() = "EVP_DigestSignFinal" } + EvpDigestSignFinal() { + this.getTarget().getName() = "EVP_DigestSignFinal" and + // Setting signature to NULL is not a final sign step but an + // intermediary step used to get the required buffer size. + // not tracking these calls. + ( + exists(this.(Call).getArgument(1).getValue()) + implies + this.(Call).getArgument(1).getValue().toInt() != 0 + ) + } override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() @@ -531,6 +561,80 @@ class DSADoSignOrVerify extends SignatureFinalOperation { } } +/** + * A Call to `EVP_VerifyInit` or `EVP_VerifyInit_ex` + * - int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); + * - int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); + */ +class EVP_VerifyInitCall extends OperationStep { + EVP_VerifyInitCall() { this.getTarget().getName() in ["EVP_VerifyInit", "EVP_VerifyInit_ex"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = HashAlgorithmIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = InitializerStep() } +} + +/** + * A call to `EVP_VerifyUpdate` + * - int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); + */ +class EVP_VerifyUpdateCall extends OperationStep { + EVP_VerifyUpdateCall() { this.getTarget().getName() = "EVP_VerifyUpdate" } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = PlaintextIO() + or + result.asIndirectExpr() = this.getArgument(2) and type = PlaintextSizeIO() + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = UpdateStep() } +} + +/** + * A call to `EVP_VerifyFinal` or `EVP_VerifyFinal_ex` + * - int EVP_VerifyFinal_ex(EVP_MD_CTX *ctx, const unsigned char *sigbuf, + * unsigned int siglen, EVP_PKEY *pkey, + * OSSL_LIB_CTX *libctx, const char *propq); + *- int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, unsigned int siglen, + * EVP_PKEY *pkey); * + */ +class EVP_VerifyFinalCall extends SignatureFinalOperation { + EVP_VerifyFinalCall() { this.getTarget().getName() in ["EVP_VerifyFinal", "EVP_VerifyFinal_ex"] } + + override DataFlow::Node getInput(IOType type) { + result.asIndirectExpr() = this.getArgument(0) and type = ContextIO() + or + result.asIndirectExpr() = this.getArgument(1) and type = SignatureIO() + or + result.asExpr() = this.getArgument(2) and type = SignatureSizeIO() + or + result.asIndirectExpr() = this.getArgument(3) and type = KeyIO() + or + result.asIndirectExpr() = this.getArgument(4) and type = OsslLibContextIO() + // TODO: arg 5 propq? + } + + override DataFlow::Node getOutput(IOType type) { + result.asDefiningArgument() = this.getArgument(0) and type = ContextIO() + } + + override OperationStepType getStepType() { result = FinalStep() } +} + /** * An instance of a signature operation. * This is an OpenSSL specific class that extends the base SignatureOperationInstance. diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected index 707643fcaedf..5870bdecd8ed 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -13,7 +13,8 @@ | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | Padding | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | | openssl_basic.c:77:45:77:47 | Key | Source | openssl_basic.c:179:43:179:76 | Constant | | openssl_basic.c:77:50:77:51 | Nonce | Source | openssl_basic.c:180:42:180:59 | Constant | -| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:81:49:81:58 | Message | +| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:35:36:35:45 | KeyOperationOutput | +| openssl_basic.c:81:49:81:58 | Message | Source | openssl_basic.c:40:38:40:53 | KeyOperationOutput | | openssl_basic.c:90:11:90:29 | DecryptOperation | Algorithm | openssl_basic.c:69:33:69:47 | KeyOperationAlgorithm | | openssl_basic.c:90:11:90:29 | DecryptOperation | Input | openssl_basic.c:81:49:81:58 | Message | | openssl_basic.c:90:11:90:29 | DecryptOperation | Key | openssl_basic.c:77:45:77:47 | Key | @@ -75,185 +76,174 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | Nonce | openssl_pkey.c:64:9:64:24 | EncryptOperation | | openssl_pkey.c:64:9:64:24 | EncryptOperation | Output | openssl_pkey.c:64:31:64:39 | KeyOperationOutput | | openssl_pkey.c:64:58:64:66 | Message | Source | openssl_pkey.c:45:49:45:65 | Constant | -| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:574:37:574:74 | Constant | -| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:624:37:624:74 | Constant | -| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:741:37:741:66 | Constant | -| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:575:24:575:30 | HashAlgorithm | -| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:625:24:625:33 | HashAlgorithm | -| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:615:37:615:74 | Constant | +| openssl_signature.c:25:34:25:40 | Message | Source | openssl_signature.c:732:37:732:66 | Constant | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:616:24:616:33 | HashAlgorithm | +| openssl_signature.c:26:9:26:26 | HashOperation | Algorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | | openssl_signature.c:26:9:26:26 | HashOperation | Digest | openssl_signature.c:26:36:26:41 | Digest | | openssl_signature.c:26:9:26:26 | HashOperation | Message | openssl_signature.c:25:34:25:40 | Message | | openssl_signature.c:26:36:26:41 | Digest | Source | openssl_signature.c:26:36:26:41 | Digest | -| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:660:37:660:61 | Constant | -| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:68:28:68:36 | Message | -| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:661:24:661:33 | HashAlgorithm | +| openssl_signature.c:63:32:63:38 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:68:28:68:36 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:73:9:73:21 | SignOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:73:9:73:21 | SignOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm | | openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:63:32:63:38 | Message | | openssl_signature.c:73:9:73:21 | SignOperation | Input | openssl_signature.c:68:28:68:36 | Message | | openssl_signature.c:73:9:73:21 | SignOperation | Key | openssl_signature.c:73:53:73:56 | Key | | openssl_signature.c:73:9:73:21 | SignOperation | Output | openssl_signature.c:73:31:73:40 | SignatureOutput | -| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:675:34:675:37 | Key | -| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:716:34:716:37 | Key | -| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:701:37:701:67 | Constant | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | Output | openssl_signature.c:128:37:128:40 | SignatureOutput | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | +| openssl_signature.c:73:53:73:56 | Key | Source | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:98:34:98:40 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:99:34:99:42 | Message | Source | openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:100:9:100:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:652:24:652:33 | HashAlgorithm | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:98:34:98:40 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Input | openssl_signature.c:99:34:99:42 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Key | openssl_signature.c:100:73:100:76 | Key | +| openssl_signature.c:100:9:100:23 | VerifyOperation | Signature | openssl_signature.c:100:33:100:41 | SignatureInput | +| openssl_signature.c:100:33:100:41 | SignatureInput | Source | openssl_signature.c:73:31:73:40 | SignatureOutput | +| openssl_signature.c:100:73:100:76 | Key | Source | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:126:52:126:55 | Key | Source | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:127:38:127:44 | Message | Source | openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Input | openssl_signature.c:127:38:127:44 | Message | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Key | openssl_signature.c:126:52:126:55 | Key | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | Output | openssl_signature.c:135:37:135:46 | SignatureOutput | -| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:716:34:716:37 | Key | -| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:701:37:701:67 | Constant | -| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:702:24:702:33 | HashAlgorithm | -| openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:127:38:127:44 | Message | +| openssl_signature.c:158:54:158:57 | Key | Source | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:159:40:159:46 | Message | Source | openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:160:9:160:29 | VerifyOperation | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:160:9:160:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:693:24:693:33 | HashAlgorithm | | openssl_signature.c:160:9:160:29 | VerifyOperation | Input | openssl_signature.c:159:40:159:46 | Message | -| openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:126:52:126:55 | Key | | openssl_signature.c:160:9:160:29 | VerifyOperation | Key | openssl_signature.c:158:54:158:57 | Key | | openssl_signature.c:160:9:160:29 | VerifyOperation | Signature | openssl_signature.c:160:39:160:47 | SignatureInput | | openssl_signature.c:160:39:160:47 | SignatureInput | Source | openssl_signature.c:135:37:135:46 | SignatureOutput | -| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:800:34:800:37 | Key | -| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:786:37:786:73 | Constant | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | Output | openssl_signature.c:188:37:188:40 | SignatureOutput | -| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | +| openssl_signature.c:182:57:182:60 | Key | Source | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:187:38:187:44 | Message | Source | openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Input | openssl_signature.c:187:38:187:44 | Message | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Key | openssl_signature.c:182:57:182:60 | Key | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Nonce | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | Output | openssl_signature.c:195:37:195:46 | SignatureOutput | -| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:800:34:800:37 | Key | -| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:786:37:786:73 | Constant | -| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:787:24:787:31 | HashAlgorithm | -| openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:187:38:187:44 | Message | +| openssl_signature.c:218:59:218:62 | Key | Source | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:224:40:224:46 | Message | Source | openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:225:9:225:29 | VerifyOperation | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:225:9:225:29 | VerifyOperation | HashAlgorithm | openssl_signature.c:778:24:778:31 | HashAlgorithm | | openssl_signature.c:225:9:225:29 | VerifyOperation | Input | openssl_signature.c:224:40:224:46 | Message | -| openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:182:57:182:60 | Key | | openssl_signature.c:225:9:225:29 | VerifyOperation | Key | openssl_signature.c:218:59:218:62 | Key | | openssl_signature.c:225:9:225:29 | VerifyOperation | Signature | openssl_signature.c:225:39:225:47 | SignatureInput | | openssl_signature.c:225:39:225:47 | SignatureInput | Source | openssl_signature.c:195:37:195:46 | SignatureOutput | -| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key | -| openssl_signature.c:253:9:253:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:253:9:253:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | -| openssl_signature.c:253:9:253:21 | SignOperation | Input | openssl_signature.c:253:54:253:59 | Message | -| openssl_signature.c:253:9:253:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key | -| openssl_signature.c:253:9:253:21 | SignOperation | Output | openssl_signature.c:253:33:253:36 | SignatureOutput | -| openssl_signature.c:253:54:253:59 | Message | Source | openssl_signature.c:253:54:253:59 | Message | -| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:250:39:250:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:260:9:260:21 | SignOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:260:9:260:21 | SignOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | | openssl_signature.c:260:9:260:21 | SignOperation | Input | openssl_signature.c:260:60:260:65 | Message | | openssl_signature.c:260:9:260:21 | SignOperation | Key | openssl_signature.c:250:39:250:42 | Key | | openssl_signature.c:260:9:260:21 | SignOperation | Output | openssl_signature.c:260:33:260:42 | SignatureOutput | -| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:260:60:260:65 | Message | -| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:760:34:760:37 | Key | -| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:742:24:742:31 | HashAlgorithm | +| openssl_signature.c:260:60:260:65 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:282:39:282:42 | Key | Source | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:285:9:285:23 | VerifyOperation | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:285:9:285:23 | VerifyOperation | HashAlgorithm | openssl_signature.c:733:24:733:31 | HashAlgorithm | | openssl_signature.c:285:9:285:23 | VerifyOperation | Input | openssl_signature.c:285:61:285:66 | Message | -| openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:250:39:250:42 | Key | | openssl_signature.c:285:9:285:23 | VerifyOperation | Key | openssl_signature.c:282:39:282:42 | Key | | openssl_signature.c:285:9:285:23 | VerifyOperation | Signature | openssl_signature.c:285:35:285:43 | SignatureInput | | openssl_signature.c:285:35:285:43 | SignatureInput | Source | openssl_signature.c:260:33:260:42 | SignatureOutput | -| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:285:61:285:66 | Message | -| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key | -| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:826:37:826:63 | Constant | -| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:317:9:317:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | -| openssl_signature.c:317:9:317:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | -| openssl_signature.c:317:9:317:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message | -| openssl_signature.c:317:9:317:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key | -| openssl_signature.c:317:9:317:35 | SignOperation | Output | openssl_signature.c:317:47:317:50 | SignatureOutput | -| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | -| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | +| openssl_signature.c:285:61:285:66 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:311:39:311:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:316:48:316:54 | Message | Source | openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | Algorithm | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:324:9:324:35 | SignOperation | HashAlgorithm | openssl_signature.c:838:85:838:96 | HashAlgorithm | | openssl_signature.c:324:9:324:35 | SignOperation | Input | openssl_signature.c:316:48:316:54 | Message | | openssl_signature.c:324:9:324:35 | SignOperation | Key | openssl_signature.c:311:39:311:42 | Key | | openssl_signature.c:324:9:324:35 | SignOperation | Output | openssl_signature.c:324:47:324:56 | SignatureOutput | -| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:838:34:838:37 | Key | +| openssl_signature.c:347:39:347:42 | Key | Source | openssl_signature.c:829:34:829:37 | Key | | openssl_signature.c:353:42:353:50 | SignatureInput | Source | openssl_signature.c:324:47:324:56 | SignatureOutput | -| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:826:37:826:63 | Constant | -| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | -| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | -| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:847:85:847:96 | HashAlgorithm | -| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:848:87:848:98 | HashAlgorithm | -| openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:316:48:316:54 | Message | +| openssl_signature.c:355:50:355:56 | Message | Source | openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | Algorithm | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | +| openssl_signature.c:356:9:356:37 | VerifyOperation | HashAlgorithm | openssl_signature.c:839:87:839:98 | HashAlgorithm | | openssl_signature.c:356:9:356:37 | VerifyOperation | Input | openssl_signature.c:355:50:355:56 | Message | -| openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:311:39:311:42 | Key | | openssl_signature.c:356:9:356:37 | VerifyOperation | Key | openssl_signature.c:347:39:347:42 | Key | | openssl_signature.c:356:9:356:37 | VerifyOperation | Signature | openssl_signature.c:353:42:353:50 | SignatureInput | -| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | HashAlgorithm | openssl_signature.c:604:37:604:46 | HashAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | Input | openssl_signature.c:388:28:388:33 | Message | -| openssl_signature.c:388:9:388:16 | SignOperation | Key | openssl_signature.c:389:48:389:54 | Key | -| openssl_signature.c:388:9:388:16 | SignOperation | Output | openssl_signature.c:388:48:388:57 | SignatureOutput | -| openssl_signature.c:388:28:388:33 | Message | Source | openssl_signature.c:388:28:388:33 | Message | -| openssl_signature.c:389:48:389:54 | Key | Source | openssl_signature.c:389:48:389:54 | Key | -| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Algorithm | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:606:41:606:50 | HashAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Input | openssl_signature.c:411:33:411:38 | Message | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Key | openssl_signature.c:412:51:412:57 | Key | -| openssl_signature.c:411:12:411:21 | VerifyOperation | Signature | openssl_signature.c:411:53:411:61 | SignatureInput | -| openssl_signature.c:411:33:411:38 | Message | Source | openssl_signature.c:411:33:411:38 | Message | -| openssl_signature.c:411:53:411:61 | SignatureInput | Source | openssl_signature.c:411:53:411:61 | SignatureInput | -| openssl_signature.c:412:51:412:57 | Key | Source | openssl_signature.c:412:51:412:57 | Key | -| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | -| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | -| openssl_signature.c:524:9:524:23 | KeyGeneration | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | -| openssl_signature.c:524:9:524:23 | KeyGeneration | Output | openssl_signature.c:524:34:524:37 | Key | -| openssl_signature.c:524:34:524:37 | Key | Algorithm | openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | -| openssl_signature.c:551:32:551:37 | Key | Source | openssl_signature.c:551:32:551:37 | Key | -| openssl_signature.c:554:9:554:23 | KeyGeneration | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | -| openssl_signature.c:554:9:554:23 | KeyGeneration | KeyInput | openssl_signature.c:551:32:551:37 | Key | -| openssl_signature.c:554:9:554:23 | KeyGeneration | Output | openssl_signature.c:554:34:554:37 | Key | -| openssl_signature.c:554:34:554:37 | Key | Algorithm | openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | -| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:588:9:588:23 | KeyGeneration | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:588:9:588:23 | KeyGeneration | Output | openssl_signature.c:588:34:588:37 | Key | -| openssl_signature.c:588:34:588:37 | Key | Algorithm | openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Mode | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | -| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Padding | openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | -| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:675:9:675:23 | KeyGeneration | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:675:9:675:23 | KeyGeneration | Output | openssl_signature.c:675:34:675:37 | Key | -| openssl_signature.c:675:34:675:37 | Key | Algorithm | openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:716:9:716:23 | KeyGeneration | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:716:9:716:23 | KeyGeneration | Output | openssl_signature.c:716:34:716:37 | Key | -| openssl_signature.c:716:34:716:37 | Key | Algorithm | openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:760:9:760:23 | KeyGeneration | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:760:9:760:23 | KeyGeneration | Output | openssl_signature.c:760:34:760:37 | Key | -| openssl_signature.c:760:34:760:37 | Key | Algorithm | openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:800:9:800:23 | KeyGeneration | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:800:9:800:23 | KeyGeneration | Output | openssl_signature.c:800:34:800:37 | Key | -| openssl_signature.c:800:34:800:37 | Key | Algorithm | openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:838:9:838:23 | KeyGeneration | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:838:9:838:23 | KeyGeneration | Output | openssl_signature.c:838:34:838:37 | Key | -| openssl_signature.c:838:34:838:37 | Key | Algorithm | openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | -| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Mode | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Padding | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | HashAlgorithm | openssl_signature.c:595:37:595:46 | HashAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | Input | openssl_signature.c:384:28:384:34 | Message | +| openssl_signature.c:384:9:384:16 | SignOperation | Key | openssl_signature.c:385:48:385:54 | Key | +| openssl_signature.c:384:9:384:16 | SignOperation | Output | openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:384:28:384:34 | Message | Source | openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:385:48:385:54 | Key | Source | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Mode | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Padding | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | HashAlgorithm | openssl_signature.c:597:41:597:50 | HashAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Input | openssl_signature.c:403:33:403:39 | Message | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Key | openssl_signature.c:404:51:404:57 | Key | +| openssl_signature.c:403:12:403:21 | VerifyOperation | Signature | openssl_signature.c:403:55:403:63 | SignatureInput | +| openssl_signature.c:403:33:403:39 | Message | Source | openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:403:55:403:63 | SignatureInput | Source | openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:404:51:404:57 | Key | Source | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | HashAlgorithm | openssl_signature.c:428:11:428:21 | SignOperation | +| openssl_signature.c:428:11:428:21 | SignOperation | Input | openssl_signature.c:428:23:428:28 | Message | +| openssl_signature.c:428:11:428:21 | SignOperation | Key | openssl_signature.c:428:43:428:49 | Key | +| openssl_signature.c:428:11:428:21 | SignOperation | Output | openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:428:23:428:28 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:428:43:428:49 | Key | Source | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | HashAlgorithm | openssl_signature.c:484:15:484:27 | VerifyOperation | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Input | openssl_signature.c:484:29:484:34 | Message | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Key | openssl_signature.c:484:54:484:60 | Key | +| openssl_signature.c:484:15:484:27 | VerifyOperation | Signature | openssl_signature.c:484:49:484:51 | SignatureInput | +| openssl_signature.c:484:29:484:34 | Message | Source | openssl_signature.c:26:36:26:41 | Digest | +| openssl_signature.c:484:49:484:51 | SignatureInput | Source | openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:484:54:484:60 | Key | Source | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:516:9:516:23 | KeyGeneration | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:516:9:516:23 | KeyGeneration | Output | openssl_signature.c:516:34:516:37 | Key | +| openssl_signature.c:516:34:516:37 | Key | Algorithm | openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:543:32:543:37 | Key | Source | openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:546:9:546:23 | KeyGeneration | KeyInput | openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | Output | openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:546:34:546:37 | Key | Algorithm | openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:579:9:579:23 | KeyGeneration | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:579:9:579:23 | KeyGeneration | Output | openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:579:34:579:37 | Key | Algorithm | openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:666:9:666:23 | KeyGeneration | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:666:9:666:23 | KeyGeneration | Output | openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:666:34:666:37 | Key | Algorithm | openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:707:9:707:23 | KeyGeneration | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:707:9:707:23 | KeyGeneration | Output | openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:707:34:707:37 | Key | Algorithm | openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:751:9:751:23 | KeyGeneration | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:751:9:751:23 | KeyGeneration | Output | openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:751:34:751:37 | Key | Algorithm | openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:222:44:222:64 | PaddingAlgorithm | +| openssl_signature.c:791:9:791:23 | KeyGeneration | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:791:9:791:23 | KeyGeneration | Output | openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:791:34:791:37 | Key | Algorithm | openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Mode | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Padding | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:829:9:829:23 | KeyGeneration | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:829:9:829:23 | KeyGeneration | Output | openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:829:34:829:37 | Key | Algorithm | openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Padding | openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Padding | openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected index ecd846364522..4f435517eef4 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -61,9 +61,9 @@ | openssl_pkey.c:64:9:64:24 | EncryptOperation | KeyOperationSubtype | Encrypt | openssl_pkey.c:64:9:64:24 | openssl_pkey.c:64:9:64:24 | | openssl_signature.c:73:9:73:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:73:9:73:21 | openssl_signature.c:73:9:73:21 | | openssl_signature.c:73:53:73:56 | Key | KeyType | Unknown | openssl_signature.c:73:53:73:56 | openssl_signature.c:73:53:73:56 | +| openssl_signature.c:100:9:100:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:100:9:100:23 | openssl_signature.c:100:9:100:23 | +| openssl_signature.c:100:73:100:76 | Key | KeyType | Unknown | openssl_signature.c:100:73:100:76 | openssl_signature.c:100:73:100:76 | | openssl_signature.c:126:52:126:55 | Key | KeyType | Unknown | openssl_signature.c:126:52:126:55 | openssl_signature.c:126:52:126:55 | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:128:9:128:27 | openssl_signature.c:128:9:128:27 | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:135:9:135:27 | openssl_signature.c:135:9:135:27 | | openssl_signature.c:158:54:158:57 | Key | KeyType | Unknown | openssl_signature.c:158:54:158:57 | openssl_signature.c:158:54:158:57 | @@ -71,8 +71,6 @@ | openssl_signature.c:182:57:182:60 | Key | KeyType | Unknown | openssl_signature.c:182:57:182:60 | openssl_signature.c:182:57:182:60 | | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | Name | PSS | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:185:44:185:64 | openssl_signature.c:185:44:185:64 | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:188:9:188:27 | openssl_signature.c:188:9:188:27 | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Mac | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | KeyOperationSubtype | Sign | openssl_signature.c:195:9:195:27 | openssl_signature.c:195:9:195:27 | | openssl_signature.c:218:59:218:62 | Key | KeyType | Unknown | openssl_signature.c:218:59:218:62 | openssl_signature.c:218:59:218:62 | @@ -80,96 +78,97 @@ | openssl_signature.c:222:44:222:64 | PaddingAlgorithm | RawName | 6 | openssl_signature.c:222:44:222:64 | openssl_signature.c:222:44:222:64 | | openssl_signature.c:225:9:225:29 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:225:9:225:29 | openssl_signature.c:225:9:225:29 | | openssl_signature.c:250:39:250:42 | Key | KeyType | Unknown | openssl_signature.c:250:39:250:42 | openssl_signature.c:250:39:250:42 | -| openssl_signature.c:253:9:253:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:253:9:253:21 | openssl_signature.c:253:9:253:21 | | openssl_signature.c:260:9:260:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:260:9:260:21 | openssl_signature.c:260:9:260:21 | | openssl_signature.c:282:39:282:42 | Key | KeyType | Unknown | openssl_signature.c:282:39:282:42 | openssl_signature.c:282:39:282:42 | | openssl_signature.c:285:9:285:23 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:285:9:285:23 | openssl_signature.c:285:9:285:23 | | openssl_signature.c:311:39:311:42 | Key | KeyType | Unknown | openssl_signature.c:311:39:311:42 | openssl_signature.c:311:39:311:42 | -| openssl_signature.c:317:9:317:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:317:9:317:35 | openssl_signature.c:317:9:317:35 | | openssl_signature.c:324:9:324:35 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:324:9:324:35 | openssl_signature.c:324:9:324:35 | | openssl_signature.c:347:39:347:42 | Key | KeyType | Unknown | openssl_signature.c:347:39:347:42 | openssl_signature.c:347:39:347:42 | | openssl_signature.c:356:9:356:37 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:356:9:356:37 | openssl_signature.c:356:9:356:37 | -| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | -| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | -| openssl_signature.c:388:9:388:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:388:9:388:16 | openssl_signature.c:388:9:388:16 | -| openssl_signature.c:389:48:389:54 | Key | KeyType | Unknown | openssl_signature.c:389:48:389:54 | openssl_signature.c:389:48:389:54 | -| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | -| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | -| openssl_signature.c:411:12:411:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:411:12:411:21 | openssl_signature.c:411:12:411:21 | -| openssl_signature.c:412:51:412:57 | Key | KeyType | Unknown | openssl_signature.c:412:51:412:57 | openssl_signature.c:412:51:412:57 | -| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 | -| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:519:35:519:46 | openssl_signature.c:519:35:519:46 | -| openssl_signature.c:523:51:523:54 | Constant | Description | 2048 | openssl_signature.c:523:51:523:54 | openssl_signature.c:523:51:523:54 | -| openssl_signature.c:524:34:524:37 | Key | KeyType | Asymmetric | openssl_signature.c:524:34:524:37 | openssl_signature.c:524:34:524:37 | -| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 | -| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:541:50:541:54 | openssl_signature.c:541:50:541:54 | -| openssl_signature.c:545:55:545:58 | Constant | Description | 2048 | openssl_signature.c:545:55:545:58 | openssl_signature.c:545:55:545:58 | -| openssl_signature.c:551:32:551:37 | Key | KeyType | Unknown | openssl_signature.c:551:32:551:37 | openssl_signature.c:551:32:551:37 | -| openssl_signature.c:554:34:554:37 | Key | KeyType | Asymmetric | openssl_signature.c:554:34:554:37 | openssl_signature.c:554:34:554:37 | -| openssl_signature.c:574:37:574:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:574:37:574:74 | openssl_signature.c:574:37:574:74 | -| openssl_signature.c:575:24:575:30 | HashAlgorithm | DigestSize | 128 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | -| openssl_signature.c:575:24:575:30 | HashAlgorithm | Name | MD5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | -| openssl_signature.c:575:24:575:30 | HashAlgorithm | RawName | EVP_md5 | openssl_signature.c:575:24:575:30 | openssl_signature.c:575:24:575:30 | -| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 | -| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:583:35:583:46 | openssl_signature.c:583:35:583:46 | -| openssl_signature.c:587:51:587:54 | Constant | Description | 2048 | openssl_signature.c:587:51:587:54 | openssl_signature.c:587:51:587:54 | -| openssl_signature.c:588:34:588:37 | Key | KeyType | Asymmetric | openssl_signature.c:588:34:588:37 | openssl_signature.c:588:34:588:37 | -| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 | -| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | RawName | EVP_PKEY_get1_RSA | openssl_signature.c:596:15:596:31 | openssl_signature.c:596:15:596:31 | -| openssl_signature.c:604:37:604:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | -| openssl_signature.c:604:37:604:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | -| openssl_signature.c:604:37:604:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:604:37:604:46 | openssl_signature.c:604:37:604:46 | -| openssl_signature.c:606:41:606:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | -| openssl_signature.c:606:41:606:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | -| openssl_signature.c:606:41:606:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:606:41:606:50 | openssl_signature.c:606:41:606:50 | -| openssl_signature.c:624:37:624:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:624:37:624:74 | openssl_signature.c:624:37:624:74 | -| openssl_signature.c:625:24:625:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | -| openssl_signature.c:625:24:625:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | -| openssl_signature.c:625:24:625:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:625:24:625:33 | openssl_signature.c:625:24:625:33 | -| openssl_signature.c:660:37:660:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:660:37:660:61 | openssl_signature.c:660:37:660:61 | -| openssl_signature.c:661:24:661:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | -| openssl_signature.c:661:24:661:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | -| openssl_signature.c:661:24:661:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:661:24:661:33 | openssl_signature.c:661:24:661:33 | -| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 | -| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:670:35:670:46 | openssl_signature.c:670:35:670:46 | -| openssl_signature.c:674:51:674:54 | Constant | Description | 2048 | openssl_signature.c:674:51:674:54 | openssl_signature.c:674:51:674:54 | -| openssl_signature.c:675:34:675:37 | Key | KeyType | Asymmetric | openssl_signature.c:675:34:675:37 | openssl_signature.c:675:34:675:37 | -| openssl_signature.c:701:37:701:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:701:37:701:67 | openssl_signature.c:701:37:701:67 | -| openssl_signature.c:702:24:702:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | -| openssl_signature.c:702:24:702:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | -| openssl_signature.c:702:24:702:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:702:24:702:33 | openssl_signature.c:702:24:702:33 | -| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 | -| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:711:35:711:46 | openssl_signature.c:711:35:711:46 | -| openssl_signature.c:715:51:715:54 | Constant | Description | 2048 | openssl_signature.c:715:51:715:54 | openssl_signature.c:715:51:715:54 | -| openssl_signature.c:716:34:716:37 | Key | KeyType | Asymmetric | openssl_signature.c:716:34:716:37 | openssl_signature.c:716:34:716:37 | -| openssl_signature.c:741:37:741:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:741:37:741:66 | openssl_signature.c:741:37:741:66 | -| openssl_signature.c:742:24:742:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | -| openssl_signature.c:742:24:742:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | -| openssl_signature.c:742:24:742:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:742:24:742:31 | openssl_signature.c:742:24:742:31 | -| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 | -| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:755:35:755:46 | openssl_signature.c:755:35:755:46 | -| openssl_signature.c:759:51:759:54 | Constant | Description | 2048 | openssl_signature.c:759:51:759:54 | openssl_signature.c:759:51:759:54 | -| openssl_signature.c:760:34:760:37 | Key | KeyType | Asymmetric | openssl_signature.c:760:34:760:37 | openssl_signature.c:760:34:760:37 | -| openssl_signature.c:786:37:786:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:786:37:786:73 | openssl_signature.c:786:37:786:73 | -| openssl_signature.c:787:24:787:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | -| openssl_signature.c:787:24:787:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | -| openssl_signature.c:787:24:787:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:787:24:787:31 | openssl_signature.c:787:24:787:31 | -| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 | -| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:795:35:795:46 | openssl_signature.c:795:35:795:46 | -| openssl_signature.c:799:51:799:54 | Constant | Description | 2048 | openssl_signature.c:799:51:799:54 | openssl_signature.c:799:51:799:54 | -| openssl_signature.c:800:34:800:37 | Key | KeyType | Asymmetric | openssl_signature.c:800:34:800:37 | openssl_signature.c:800:34:800:37 | -| openssl_signature.c:826:37:826:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:826:37:826:63 | openssl_signature.c:826:37:826:63 | -| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 | -| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:833:35:833:46 | openssl_signature.c:833:35:833:46 | -| openssl_signature.c:837:51:837:54 | Constant | Description | 2048 | openssl_signature.c:837:51:837:54 | openssl_signature.c:837:51:837:54 | -| openssl_signature.c:838:34:838:37 | Key | KeyType | Asymmetric | openssl_signature.c:838:34:838:37 | openssl_signature.c:838:34:838:37 | -| openssl_signature.c:847:85:847:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | -| openssl_signature.c:847:85:847:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | -| openssl_signature.c:847:85:847:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | -| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | -| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:847:85:847:96 | openssl_signature.c:847:85:847:96 | -| openssl_signature.c:848:87:848:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | -| openssl_signature.c:848:87:848:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | -| openssl_signature.c:848:87:848:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | -| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | -| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:848:87:848:98 | openssl_signature.c:848:87:848:98 | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | RawName | RSA_sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:384:9:384:16 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:384:9:384:16 | openssl_signature.c:384:9:384:16 | +| openssl_signature.c:385:48:385:54 | Key | KeyType | Unknown | openssl_signature.c:385:48:385:54 | openssl_signature.c:385:48:385:54 | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | RawName | RSA_verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:403:12:403:21 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:403:12:403:21 | openssl_signature.c:403:12:403:21 | +| openssl_signature.c:404:51:404:57 | Key | KeyType | Unknown | openssl_signature.c:404:51:404:57 | openssl_signature.c:404:51:404:57 | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | RawName | DSA_do_sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:11:428:21 | SignOperation | KeyOperationSubtype | Sign | openssl_signature.c:428:11:428:21 | openssl_signature.c:428:11:428:21 | +| openssl_signature.c:428:43:428:49 | Key | KeyType | Unknown | openssl_signature.c:428:43:428:49 | openssl_signature.c:428:43:428:49 | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | RawName | DSA_do_verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:15:484:27 | VerifyOperation | KeyOperationSubtype | Verify | openssl_signature.c:484:15:484:27 | openssl_signature.c:484:15:484:27 | +| openssl_signature.c:484:54:484:60 | Key | KeyType | Unknown | openssl_signature.c:484:54:484:60 | openssl_signature.c:484:54:484:60 | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:511:35:511:46 | openssl_signature.c:511:35:511:46 | +| openssl_signature.c:515:51:515:54 | Constant | Description | 2048 | openssl_signature.c:515:51:515:54 | openssl_signature.c:515:51:515:54 | +| openssl_signature.c:516:34:516:37 | Key | KeyType | Asymmetric | openssl_signature.c:516:34:516:37 | openssl_signature.c:516:34:516:37 | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | Name | DSA | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | RawName | dsa | openssl_signature.c:533:50:533:54 | openssl_signature.c:533:50:533:54 | +| openssl_signature.c:537:55:537:58 | Constant | Description | 2048 | openssl_signature.c:537:55:537:58 | openssl_signature.c:537:55:537:58 | +| openssl_signature.c:543:32:543:37 | Key | KeyType | Unknown | openssl_signature.c:543:32:543:37 | openssl_signature.c:543:32:543:37 | +| openssl_signature.c:546:34:546:37 | Key | KeyType | Asymmetric | openssl_signature.c:546:34:546:37 | openssl_signature.c:546:34:546:37 | +| openssl_signature.c:566:37:566:74 | Constant | Description | testLowLevelRSASignAndVerify message | openssl_signature.c:566:37:566:74 | openssl_signature.c:566:37:566:74 | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:574:35:574:46 | openssl_signature.c:574:35:574:46 | +| openssl_signature.c:578:51:578:54 | Constant | Description | 2048 | openssl_signature.c:578:51:578:54 | openssl_signature.c:578:51:578:54 | +| openssl_signature.c:579:34:579:37 | Key | KeyType | Asymmetric | openssl_signature.c:579:34:579:37 | openssl_signature.c:579:34:579:37 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | Name | SHA2 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | RawName | 672 | openssl_signature.c:595:37:595:46 | openssl_signature.c:595:37:595:46 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | Name | SHA2 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | RawName | 672 | openssl_signature.c:597:41:597:50 | openssl_signature.c:597:41:597:50 | +| openssl_signature.c:615:37:615:74 | Constant | Description | testLowLevelDSASignAndVerify message | openssl_signature.c:615:37:615:74 | openssl_signature.c:615:37:615:74 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | RawName | EVP_sha256 | openssl_signature.c:616:24:616:33 | openssl_signature.c:616:24:616:33 | +| openssl_signature.c:651:37:651:61 | Constant | Description | testEVP_SignAPI message | openssl_signature.c:651:37:651:61 | openssl_signature.c:651:37:651:61 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:652:24:652:33 | openssl_signature.c:652:24:652:33 | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:661:35:661:46 | openssl_signature.c:661:35:661:46 | +| openssl_signature.c:665:51:665:54 | Constant | Description | 2048 | openssl_signature.c:665:51:665:54 | openssl_signature.c:665:51:665:54 | +| openssl_signature.c:666:34:666:37 | Key | KeyType | Asymmetric | openssl_signature.c:666:34:666:37 | openssl_signature.c:666:34:666:37 | +| openssl_signature.c:692:37:692:67 | Constant | Description | testEVP_DigestSignAPI message | openssl_signature.c:692:37:692:67 | openssl_signature.c:692:37:692:67 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | DigestSize | 224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | Name | SHA2 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | RawName | EVP_sha224 | openssl_signature.c:693:24:693:33 | openssl_signature.c:693:24:693:33 | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:702:35:702:46 | openssl_signature.c:702:35:702:46 | +| openssl_signature.c:706:51:706:54 | Constant | Description | 2048 | openssl_signature.c:706:51:706:54 | openssl_signature.c:706:51:706:54 | +| openssl_signature.c:707:34:707:37 | Key | KeyType | Asymmetric | openssl_signature.c:707:34:707:37 | openssl_signature.c:707:34:707:37 | +| openssl_signature.c:732:37:732:66 | Constant | Description | testEVP_PKEY_signAPI message | openssl_signature.c:732:37:732:66 | openssl_signature.c:732:37:732:66 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:733:24:733:31 | openssl_signature.c:733:24:733:31 | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:746:35:746:46 | openssl_signature.c:746:35:746:46 | +| openssl_signature.c:750:51:750:54 | Constant | Description | 2048 | openssl_signature.c:750:51:750:54 | openssl_signature.c:750:51:750:54 | +| openssl_signature.c:751:34:751:37 | Key | KeyType | Asymmetric | openssl_signature.c:751:34:751:37 | openssl_signature.c:751:34:751:37 | +| openssl_signature.c:777:37:777:73 | Constant | Description | testEVP_DigestSign_with_ctx message | openssl_signature.c:777:37:777:73 | openssl_signature.c:777:37:777:73 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | DigestSize | 160 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | Name | SHA1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | RawName | EVP_sha1 | openssl_signature.c:778:24:778:31 | openssl_signature.c:778:24:778:31 | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:786:35:786:46 | openssl_signature.c:786:35:786:46 | +| openssl_signature.c:790:51:790:54 | Constant | Description | 2048 | openssl_signature.c:790:51:790:54 | openssl_signature.c:790:51:790:54 | +| openssl_signature.c:791:34:791:37 | Key | KeyType | Asymmetric | openssl_signature.c:791:34:791:37 | openssl_signature.c:791:34:791:37 | +| openssl_signature.c:817:37:817:63 | Constant | Description | testEVP_PKEY_sign_message | openssl_signature.c:817:37:817:63 | openssl_signature.c:817:37:817:63 | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | RawName | 6 | openssl_signature.c:824:35:824:46 | openssl_signature.c:824:35:824:46 | +| openssl_signature.c:828:51:828:54 | Constant | Description | 2048 | openssl_signature.c:828:51:828:54 | openssl_signature.c:828:51:828:54 | +| openssl_signature.c:829:34:829:37 | Key | KeyType | Asymmetric | openssl_signature.c:829:34:829:37 | openssl_signature.c:829:34:829:37 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | Name | SHA2 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:838:85:838:96 | openssl_signature.c:838:85:838:96 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | DigestSize | 256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | Name | SHA2 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | Name | RSA | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | RawName | RSA-SHA256 | openssl_signature.c:839:87:839:98 | openssl_signature.c:839:87:839:98 | diff --git a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected index 178495b3d840..62877e561820 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/cpp/ql/test/experimental/library-tests/quantum/nodes.expected @@ -67,10 +67,13 @@ | openssl_signature.c:73:9:73:21 | SignOperation | | openssl_signature.c:73:31:73:40 | SignatureOutput | | openssl_signature.c:73:53:73:56 | Key | +| openssl_signature.c:98:34:98:40 | Message | +| openssl_signature.c:99:34:99:42 | Message | +| openssl_signature.c:100:9:100:23 | VerifyOperation | +| openssl_signature.c:100:33:100:41 | SignatureInput | +| openssl_signature.c:100:73:100:76 | Key | | openssl_signature.c:126:52:126:55 | Key | | openssl_signature.c:127:38:127:44 | Message | -| openssl_signature.c:128:9:128:27 | SignatureOrMACOperation | -| openssl_signature.c:128:37:128:40 | SignatureOutput | | openssl_signature.c:135:9:135:27 | SignatureOrMACOperation | | openssl_signature.c:135:37:135:46 | SignatureOutput | | openssl_signature.c:158:54:158:57 | Key | @@ -80,8 +83,6 @@ | openssl_signature.c:182:57:182:60 | Key | | openssl_signature.c:185:44:185:64 | PaddingAlgorithm | | openssl_signature.c:187:38:187:44 | Message | -| openssl_signature.c:188:9:188:27 | SignatureOrMACOperation | -| openssl_signature.c:188:37:188:40 | SignatureOutput | | openssl_signature.c:195:9:195:27 | SignatureOrMACOperation | | openssl_signature.c:195:37:195:46 | SignatureOutput | | openssl_signature.c:218:59:218:62 | Key | @@ -90,9 +91,6 @@ | openssl_signature.c:225:9:225:29 | VerifyOperation | | openssl_signature.c:225:39:225:47 | SignatureInput | | openssl_signature.c:250:39:250:42 | Key | -| openssl_signature.c:253:9:253:21 | SignOperation | -| openssl_signature.c:253:33:253:36 | SignatureOutput | -| openssl_signature.c:253:54:253:59 | Message | | openssl_signature.c:260:9:260:21 | SignOperation | | openssl_signature.c:260:33:260:42 | SignatureOutput | | openssl_signature.c:260:60:260:65 | Message | @@ -102,74 +100,80 @@ | openssl_signature.c:285:61:285:66 | Message | | openssl_signature.c:311:39:311:42 | Key | | openssl_signature.c:316:48:316:54 | Message | -| openssl_signature.c:317:9:317:35 | SignOperation | -| openssl_signature.c:317:47:317:50 | SignatureOutput | | openssl_signature.c:324:9:324:35 | SignOperation | | openssl_signature.c:324:47:324:56 | SignatureOutput | | openssl_signature.c:347:39:347:42 | Key | | openssl_signature.c:353:42:353:50 | SignatureInput | | openssl_signature.c:355:50:355:56 | Message | | openssl_signature.c:356:9:356:37 | VerifyOperation | -| openssl_signature.c:388:9:388:16 | KeyOperationAlgorithm | -| openssl_signature.c:388:9:388:16 | SignOperation | -| openssl_signature.c:388:28:388:33 | Message | -| openssl_signature.c:388:48:388:57 | SignatureOutput | -| openssl_signature.c:389:48:389:54 | Key | -| openssl_signature.c:411:12:411:21 | KeyOperationAlgorithm | -| openssl_signature.c:411:12:411:21 | VerifyOperation | -| openssl_signature.c:411:33:411:38 | Message | -| openssl_signature.c:411:53:411:61 | SignatureInput | -| openssl_signature.c:412:51:412:57 | Key | -| openssl_signature.c:519:35:519:46 | KeyOperationAlgorithm | -| openssl_signature.c:523:51:523:54 | Constant | -| openssl_signature.c:524:9:524:23 | KeyGeneration | -| openssl_signature.c:524:34:524:37 | Key | -| openssl_signature.c:541:50:541:54 | KeyOperationAlgorithm | -| openssl_signature.c:545:55:545:58 | Constant | -| openssl_signature.c:551:32:551:37 | Key | -| openssl_signature.c:554:9:554:23 | KeyGeneration | -| openssl_signature.c:554:34:554:37 | Key | -| openssl_signature.c:574:37:574:74 | Constant | -| openssl_signature.c:575:24:575:30 | HashAlgorithm | -| openssl_signature.c:583:35:583:46 | KeyOperationAlgorithm | -| openssl_signature.c:587:51:587:54 | Constant | -| openssl_signature.c:588:9:588:23 | KeyGeneration | -| openssl_signature.c:588:34:588:37 | Key | -| openssl_signature.c:596:15:596:31 | KeyOperationAlgorithm | -| openssl_signature.c:604:37:604:46 | HashAlgorithm | -| openssl_signature.c:606:41:606:50 | HashAlgorithm | -| openssl_signature.c:624:37:624:74 | Constant | -| openssl_signature.c:625:24:625:33 | HashAlgorithm | -| openssl_signature.c:660:37:660:61 | Constant | -| openssl_signature.c:661:24:661:33 | HashAlgorithm | -| openssl_signature.c:670:35:670:46 | KeyOperationAlgorithm | -| openssl_signature.c:674:51:674:54 | Constant | -| openssl_signature.c:675:9:675:23 | KeyGeneration | -| openssl_signature.c:675:34:675:37 | Key | -| openssl_signature.c:701:37:701:67 | Constant | -| openssl_signature.c:702:24:702:33 | HashAlgorithm | -| openssl_signature.c:711:35:711:46 | KeyOperationAlgorithm | -| openssl_signature.c:715:51:715:54 | Constant | -| openssl_signature.c:716:9:716:23 | KeyGeneration | -| openssl_signature.c:716:34:716:37 | Key | -| openssl_signature.c:741:37:741:66 | Constant | -| openssl_signature.c:742:24:742:31 | HashAlgorithm | -| openssl_signature.c:755:35:755:46 | KeyOperationAlgorithm | -| openssl_signature.c:759:51:759:54 | Constant | -| openssl_signature.c:760:9:760:23 | KeyGeneration | -| openssl_signature.c:760:34:760:37 | Key | -| openssl_signature.c:786:37:786:73 | Constant | -| openssl_signature.c:787:24:787:31 | HashAlgorithm | -| openssl_signature.c:795:35:795:46 | KeyOperationAlgorithm | -| openssl_signature.c:799:51:799:54 | Constant | -| openssl_signature.c:800:9:800:23 | KeyGeneration | -| openssl_signature.c:800:34:800:37 | Key | -| openssl_signature.c:826:37:826:63 | Constant | -| openssl_signature.c:833:35:833:46 | KeyOperationAlgorithm | -| openssl_signature.c:837:51:837:54 | Constant | -| openssl_signature.c:838:9:838:23 | KeyGeneration | -| openssl_signature.c:838:34:838:37 | Key | -| openssl_signature.c:847:85:847:96 | HashAlgorithm | -| openssl_signature.c:847:85:847:96 | KeyOperationAlgorithm | -| openssl_signature.c:848:87:848:98 | HashAlgorithm | -| openssl_signature.c:848:87:848:98 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | KeyOperationAlgorithm | +| openssl_signature.c:384:9:384:16 | SignOperation | +| openssl_signature.c:384:28:384:34 | Message | +| openssl_signature.c:384:50:384:59 | SignatureOutput | +| openssl_signature.c:385:48:385:54 | Key | +| openssl_signature.c:403:12:403:21 | KeyOperationAlgorithm | +| openssl_signature.c:403:12:403:21 | VerifyOperation | +| openssl_signature.c:403:33:403:39 | Message | +| openssl_signature.c:403:55:403:63 | SignatureInput | +| openssl_signature.c:404:51:404:57 | Key | +| openssl_signature.c:428:11:428:21 | KeyOperationAlgorithm | +| openssl_signature.c:428:11:428:21 | SignOperation | +| openssl_signature.c:428:11:428:21 | SignatureOutput | +| openssl_signature.c:428:23:428:28 | Message | +| openssl_signature.c:428:43:428:49 | Key | +| openssl_signature.c:484:15:484:27 | KeyOperationAlgorithm | +| openssl_signature.c:484:15:484:27 | VerifyOperation | +| openssl_signature.c:484:29:484:34 | Message | +| openssl_signature.c:484:49:484:51 | SignatureInput | +| openssl_signature.c:484:54:484:60 | Key | +| openssl_signature.c:511:35:511:46 | KeyOperationAlgorithm | +| openssl_signature.c:515:51:515:54 | Constant | +| openssl_signature.c:516:9:516:23 | KeyGeneration | +| openssl_signature.c:516:34:516:37 | Key | +| openssl_signature.c:533:50:533:54 | KeyOperationAlgorithm | +| openssl_signature.c:537:55:537:58 | Constant | +| openssl_signature.c:543:32:543:37 | Key | +| openssl_signature.c:546:9:546:23 | KeyGeneration | +| openssl_signature.c:546:34:546:37 | Key | +| openssl_signature.c:566:37:566:74 | Constant | +| openssl_signature.c:574:35:574:46 | KeyOperationAlgorithm | +| openssl_signature.c:578:51:578:54 | Constant | +| openssl_signature.c:579:9:579:23 | KeyGeneration | +| openssl_signature.c:579:34:579:37 | Key | +| openssl_signature.c:595:37:595:46 | HashAlgorithm | +| openssl_signature.c:597:41:597:50 | HashAlgorithm | +| openssl_signature.c:615:37:615:74 | Constant | +| openssl_signature.c:616:24:616:33 | HashAlgorithm | +| openssl_signature.c:651:37:651:61 | Constant | +| openssl_signature.c:652:24:652:33 | HashAlgorithm | +| openssl_signature.c:661:35:661:46 | KeyOperationAlgorithm | +| openssl_signature.c:665:51:665:54 | Constant | +| openssl_signature.c:666:9:666:23 | KeyGeneration | +| openssl_signature.c:666:34:666:37 | Key | +| openssl_signature.c:692:37:692:67 | Constant | +| openssl_signature.c:693:24:693:33 | HashAlgorithm | +| openssl_signature.c:702:35:702:46 | KeyOperationAlgorithm | +| openssl_signature.c:706:51:706:54 | Constant | +| openssl_signature.c:707:9:707:23 | KeyGeneration | +| openssl_signature.c:707:34:707:37 | Key | +| openssl_signature.c:732:37:732:66 | Constant | +| openssl_signature.c:733:24:733:31 | HashAlgorithm | +| openssl_signature.c:746:35:746:46 | KeyOperationAlgorithm | +| openssl_signature.c:750:51:750:54 | Constant | +| openssl_signature.c:751:9:751:23 | KeyGeneration | +| openssl_signature.c:751:34:751:37 | Key | +| openssl_signature.c:777:37:777:73 | Constant | +| openssl_signature.c:778:24:778:31 | HashAlgorithm | +| openssl_signature.c:786:35:786:46 | KeyOperationAlgorithm | +| openssl_signature.c:790:51:790:54 | Constant | +| openssl_signature.c:791:9:791:23 | KeyGeneration | +| openssl_signature.c:791:34:791:37 | Key | +| openssl_signature.c:817:37:817:63 | Constant | +| openssl_signature.c:824:35:824:46 | KeyOperationAlgorithm | +| openssl_signature.c:828:51:828:54 | Constant | +| openssl_signature.c:829:9:829:23 | KeyGeneration | +| openssl_signature.c:829:34:829:37 | Key | +| openssl_signature.c:838:85:838:96 | HashAlgorithm | +| openssl_signature.c:838:85:838:96 | KeyOperationAlgorithm | +| openssl_signature.c:839:87:839:98 | HashAlgorithm | +| openssl_signature.c:839:87:839:98 | KeyOperationAlgorithm | diff --git a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c index 4aec1ae90fe3..6d72c5366dde 100644 --- a/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c +++ b/cpp/ql/test/experimental/library-tests/quantum/openssl_signature.c @@ -374,7 +374,7 @@ int verify_using_evp_pkey_verify_message(const unsigned char *message, size_t me */ int sign_using_rsa_sign(const unsigned char *message, size_t message_len, unsigned char **signature, size_t *signature_len, - RSA *rsa_key, int hash_nid, const EVP_MD *md) { + RSA *rsa_key, int hash_nid) { int ret = 0; *signature_len = RSA_size(rsa_key); @@ -398,7 +398,7 @@ int sign_using_rsa_sign(const unsigned char *message, size_t message_len, */ int verify_using_rsa_verify(const unsigned char *message, size_t message_len, const unsigned char *signature, size_t signature_len, - RSA *rsa_key, int hash_nid, const EVP_MD *md) { + RSA *rsa_key, int hash_nid) { return RSA_verify(hash_nid, message, message_len, signature, (unsigned int)signature_len, rsa_key); @@ -564,7 +564,6 @@ int testLowLevelRSASignAndVerify(){ EVP_PKEY *key = NULL; RSA *rsa_key = NULL; const unsigned char message[] = "testLowLevelRSASignAndVerify message"; - const EVP_MD *md = EVP_md5(); const size_t message_len = strlen((char *)message); unsigned char *sig = NULL; size_t sig_len = 0; @@ -593,9 +592,9 @@ int testLowLevelRSASignAndVerify(){ } if (sign_using_rsa_sign(message, message_len, &sig, &sig_len, - rsa_key, NID_sha256, md) && + rsa_key, NID_sha256) && verify_using_rsa_verify(message, message_len, sig, sig_len, - rsa_key, NID_sha256, md)) { + rsa_key, NID_sha256)) { printf("PASS\n"); } else { printf("FAIL\n"); From 7c8177de97be23eef713f8f57f318d953f9994d5 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Tue, 26 Aug 2025 17:12:21 -0400 Subject: [PATCH 018/307] Crypto: Added missing ArtifactPassthrough.qll (forgot to add to merged in branch). Acronym casing fix. --- .../quantum/OpenSSL/ArtifactPassthrough.qll | 107 ++++++++++++++++++ .../OpenSSL/Operations/SignatureOperation.qll | 4 +- 2 files changed, 109 insertions(+), 2 deletions(-) create mode 100644 cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll new file mode 100644 index 000000000000..190271372151 --- /dev/null +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/ArtifactPassthrough.qll @@ -0,0 +1,107 @@ +private import experimental.quantum.Language + +/** + * A call to `BN_bn2bin`. + * Commonly used to extract partial bytes from a signature, + * e.g., a signature from DSA_do_sign, passed to DSA_do_verify + * - int BN_bn2bin(const BIGNUM *a, unsigned char *to); + */ +class BnBn2BinCalStep extends AdditionalFlowInputStep { + Call call; + + BnBn2BinCalStep() { + call.getTarget().getName() = "BN_bn2bin" and + call.getArgument(0) = this.asIndirectExpr() + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(1) } +} + +/** + * A call to `BN_bin2bn`. + * Commonly used to convert to a signature for DSA_do_verify + * - BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret); + */ +class BnBin2BnCallStep extends AdditionalFlowInputStep { + Call call; + + BnBin2BnCallStep() { + call.getTarget().getName() = "BN_bin2bn" and + call.getArgument(0) = this.asIndirectExpr() + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(2) } +} + +/** + * A call to `RSA_set0_key` or `DSA_SIG_set0`. + * Often used in combination with BN_bin2bn, to construct a signature. + */ +class RsaSet0KeyCallStep extends AdditionalFlowInputStep { + Call call; + + RsaSet0KeyCallStep() { + (call.getTarget().getName() = "RSA_set0_key" or call.getTarget().getName() = "DSA_SIG_set0") and + this.asIndirectExpr() in [call.getArgument(1), call.getArgument(2), call.getArgument(3)] + } + + override DataFlow::Node getOutput() { result.asDefiningArgument() = call.getArgument(0) } +} + +/** + * A call to `d2i_DSA_SIG`. This is a pass through of a signature of one form to another. + * - DSA_SIG *d2i_DSA_SIG(DSA_SIG **sig, const unsigned char **pp, long length); + */ +class D2iDsaSigCallStep extends AdditionalFlowInputStep { + Call call; + + D2iDsaSigCallStep() { + call.getTarget().getName() = "d2i_DSA_SIG" and + this.asIndirectExpr() = call.getArgument(1) + } + + override DataFlow::Node getOutput() { + // If arg 0 specified, the same pointer is returned, if not specified + // a new allocation is returned. + result.asDefiningArgument() = call.getArgument(0) or + result.asIndirectExpr() = call + } +} + +/** + * A call to `DSA_SIG_get0`. + * Converts a DSA_Sig into its components, which are commonly used with BN_bn2Bin to + * construct a char* signature. + * - void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + */ +class DsaSigGet0CallStep extends AdditionalFlowInputStep { + Call call; + + DsaSigGet0CallStep() { + call.getTarget().getName() = "DSA_SIG_get0" and + this.asIndirectExpr() = call.getArgument(0) + } + + override DataFlow::Node getOutput() { + result.asDefiningArgument() = call.getArgument(1) + or + result.asDefiningArgument() = call.getArgument(2) + } +} + +/** + * A call to `EVP_PKEY_get1_RSA` or `EVP_PKEY_get1_DSA` + * - RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); + * - DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); + * A key input is converted into a key output, a key is not generated. + */ +class EvpPkeyGet1RsaOrDsa extends AdditionalFlowInputStep { + Call c; + + EvpPkeyGet1RsaOrDsa() { + c.getTarget().getName() = ["EVP_PKEY_get1_RSA", "EVP_PKEY_get1_DSA"] and + this.asIndirectExpr() = c.getArgument(0) + } + + override DataFlow::Node getOutput() { result.asIndirectExpr() = c } +} diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll index 80c9b3114e3c..f5e9ad354ada 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/SignatureOperation.qll @@ -533,8 +533,8 @@ class RsaSignorVerify extends SignatureFinalOperation { /** * A call to `DSA_do_sign` or `DSA_do_verify` */ -class DSADoSignOrVerify extends SignatureFinalOperation { - DSADoSignOrVerify() { this.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] } +class DsaDoSignOrVerify extends SignatureFinalOperation { + DsaDoSignOrVerify() { this.getTarget().getName() in ["DSA_do_sign", "DSA_do_verify"] } override DataFlow::Node getInput(IOType type) { result.asIndirectExpr() = this.getArgument(0) and type = PlaintextIO() From 74ce7cd188d45ff8eac3ea0fc6b21968dbe80b88 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 28 Aug 2025 20:40:05 -0400 Subject: [PATCH 019/307] Crypto: Moving all data flow analyses to taint tracking. --- cpp/ql/lib/experimental/quantum/Language.qll | 2 +- .../quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll | 4 ++-- cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll | 4 ++-- .../quantum/OpenSSL/Operations/OpenSSLOperationBase.qll | 8 ++++---- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/Language.qll b/cpp/ql/lib/experimental/quantum/Language.qll index faa72f0f50e3..e9c14245da87 100644 --- a/cpp/ql/lib/experimental/quantum/Language.qll +++ b/cpp/ql/lib/experimental/quantum/Language.qll @@ -53,7 +53,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig { } } -module ArtifactFlow = DataFlow::Global; +module ArtifactFlow = TaintTracking::Global; /** * An artifact output to node input configuration diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll index e976b671d194..eafc839fbb8a 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/AlgToAVCFlow.qll @@ -50,7 +50,7 @@ module KnownOpenSslAlgorithmToAlgorithmValueConsumerConfig implements DataFlow:: } module KnownOpenSslAlgorithmToAlgorithmValueConsumerFlow = - DataFlow::Global; + TaintTracking::Global; module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { @@ -67,7 +67,7 @@ module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerConfig implements DataF } module RsaPaddingAlgorithmToPaddingAlgorithmValueConsumerFlow = - DataFlow::Global; + TaintTracking::Global; class OpenSslAlgorithmAdditionalFlowStep extends AdditionalFlowInputStep { OpenSslAlgorithmAdditionalFlowStep() { exists(AlgorithmPassthroughCall c | c.getInNode() = this) } diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll index 13a54351f8b4..1ad988d2ea6e 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AvcFlow.qll @@ -1,4 +1,4 @@ -import semmle.code.cpp.dataflow.new.DataFlow +import semmle.code.cpp.dataflow.new.TaintTracking private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers /** @@ -18,4 +18,4 @@ module AvcToCallArgConfig implements DataFlow::ConfigSig { } } -module AvcToCallArgFlow = DataFlow::Global; +module AvcToCallArgFlow = TaintTracking::Global; diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll index 9462d597d6ea..5c0aa98dd0c5 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/Operations/OpenSSLOperationBase.qll @@ -1,6 +1,6 @@ private import experimental.quantum.Language private import experimental.quantum.OpenSSL.AlgorithmValueConsumers.OpenSSLAlgorithmValueConsumers -import semmle.code.cpp.dataflow.new.DataFlow +import semmle.code.cpp.dataflow.new.TaintTracking // Importing these intializers here to ensure the are part of any model that is // using OpenSslOperationBase. This further ensures that initializers are tied to opeartions // even if only importing the operation by itself. @@ -488,7 +488,7 @@ module OperationStepCtxFlowConfig implements DataFlow::ConfigSig { } } -module OperationStepCtxFlow = DataFlow::Global; +module OperationStepCtxFlow = TaintTracking::Global; /** * A flow from AVC to the first `OperationStep` the AVC reaches as an input. @@ -514,7 +514,7 @@ module AvcToOperationStepFlowConfig implements DataFlow::ConfigSig { } } -module AvcToOperationStepFlow = DataFlow::Global; +module AvcToOperationStepFlow = TaintTracking::Global; module EncValToInitEncArgConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr().getValue().toInt() in [0, 1] } @@ -524,7 +524,7 @@ module EncValToInitEncArgConfig implements DataFlow::ConfigSig { } } -module EncValToInitEncArgFlow = DataFlow::Global; +module EncValToInitEncArgFlow = TaintTracking::Global; private Crypto::KeyOperationSubtype intToCipherOperationSubtype(int i) { i = 0 and From f55ace83113b4647a353f8567870afe6bde3ffb8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:05:38 +0100 Subject: [PATCH 020/307] C++: Make the return type a bit more precise. --- cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index d48a48dfb445..80b1d550627f 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -498,7 +498,9 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse { int getArgumentIndex() { result = p.getIndex() } - override Node getNode() { finalParameterNodeHasParameterAndIndex(result, p, indirectionIndex) } + override FinalParameterNode getNode() { + finalParameterNodeHasParameterAndIndex(result, p, indirectionIndex) + } override int getIndirection() { result = indirectionIndex + 1 } From f47dd2bbc68602ddf43af9c79e988b74778717fc Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:06:22 +0100 Subject: [PATCH 021/307] C++: Add a 'hasInputFromBlock' predicate. --- .../semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index 80b1d550627f..3b6f21d594c8 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -1126,7 +1126,15 @@ predicate ssaFlow(Node nodeFrom, Node nodeTo) { */ class PhiNode extends Definition instanceof SsaImpl::PhiNode { /** Gets a definition that is an input to this phi node. */ - final Definition getAnInput() { phiHasInputFromBlock(this, result, _) } + final Definition getAnInput() { this.hasInputFromBlock(result, _) } + + /** + * Holds if `input` is an input to this phi node along the edge originating + * in `bb`. + */ + final predicate hasInputFromBlock(Definition input, IRBlock bb) { + phiHasInputFromBlock(this, input, bb) + } } /** An static single assignment (SSA) definition. */ From be8195ab7dc810e4a59e149fd16d4fd12d7f44a5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:08:45 +0100 Subject: [PATCH 022/307] C++: Do not rely on dataflow nodes when implement 'getAUse' and 'getAnIndirectUse'. This will solve a non-monotonic recursion issue later. --- cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index 3b6f21d594c8..002e0ca61bc9 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -1159,7 +1159,7 @@ class Definition extends SsaImpl::Definition { exists(SourceVariable sv, IRBlock bb, int i, UseImpl use | ssaDefReachesRead(sv, this, bb, i) and use.hasIndexInBlock(bb, i, sv) and - result = use.getNode().asOperand() + use = TDirectUseImpl(result, 0) ) } @@ -1177,10 +1177,11 @@ class Definition extends SsaImpl::Definition { * value that was defined by the definition. */ Operand getAnIndirectUse(int indirectionIndex) { + indirectionIndex > 0 and exists(SourceVariable sv, IRBlock bb, int i, UseImpl use | ssaDefReachesRead(sv, this, bb, i) and use.hasIndexInBlock(bb, i, sv) and - result = use.getNode().asIndirectOperand(indirectionIndex) + use = TDirectUseImpl(result, indirectionIndex) ) } From 19b8e0db9c4d2653a2cf4fc1d6580ba07b564952 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:09:31 +0100 Subject: [PATCH 023/307] C++: Add a few subclasses to 'EdgeKind'. --- .../code/cpp/ir/implementation/EdgeKind.qll | 63 ++++++++++++------- 1 file changed, 42 insertions(+), 21 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll index c7ab5edf6249..b449b21c3e47 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/EdgeKind.qll @@ -52,11 +52,18 @@ class GotoEdge extends EdgeKindImpl, TGotoEdge { final override string toString() { result = "Goto" } } +/** + * A "true" or "false" edge representing a successor of a conditional branch. + */ +abstract private class BooleanEdgeKindImpl extends EdgeKindImpl { } + +final class BooleanEdge = BooleanEdgeKindImpl; + /** * A "true" edge, representing the successor of a conditional branch when the * condition is non-zero. */ -class TrueEdge extends EdgeKindImpl, TTrueEdge { +class TrueEdge extends BooleanEdgeKindImpl, TTrueEdge { final override string toString() { result = "True" } } @@ -64,7 +71,7 @@ class TrueEdge extends EdgeKindImpl, TTrueEdge { * A "false" edge, representing the successor of a conditional branch when the * condition is zero. */ -class FalseEdge extends EdgeKindImpl, TFalseEdge { +class FalseEdge extends BooleanEdgeKindImpl, TFalseEdge { final override string toString() { result = "False" } } @@ -95,19 +102,48 @@ class SehExceptionEdge extends ExceptionEdgeImpl, TSehExceptionEdge { final override string toString() { result = "SEH Exception" } } +/** + * An edge from a `Switch` instruction to one of the cases, or to the default + * branch. + */ +abstract private class SwitchEdgeKindImpl extends EdgeKindImpl { + /** + * Gets the smallest value of the switch expression for which control will flow along this edge. + */ + string getMinValue() { none() } + + /** + * Gets the largest value of the switch expression for which control will flow along this edge. + */ + string getMaxValue() { none() } + + /** + * Gets the unique value of the switch expression for which control will + * flow along this edge, if any. + */ + final string getValue() { result = unique( | | [this.getMinValue(), this.getMaxValue()]) } + + /** Holds if this edge is the default edge. */ + predicate isDefault() { none() } +} + +final class SwitchEdge = SwitchEdgeKindImpl; + /** * A "default" edge, representing the successor of a `Switch` instruction when * none of the case values matches the condition value. */ -class DefaultEdge extends EdgeKindImpl, TDefaultEdge { +class DefaultEdge extends SwitchEdgeKindImpl, TDefaultEdge { final override string toString() { result = "Default" } + + final override predicate isDefault() { any() } } /** * A "case" edge, representing the successor of a `Switch` instruction when the * the condition value matches a corresponding `case` label. */ -class CaseEdge extends EdgeKindImpl, TCaseEdge { +class CaseEdge extends SwitchEdgeKindImpl, TCaseEdge { string minValue; string maxValue; @@ -119,24 +155,9 @@ class CaseEdge extends EdgeKindImpl, TCaseEdge { else result = "Case[" + minValue + ".." + maxValue + "]" } - /** - * Gets the smallest value of the switch expression for which control will flow along this edge. - */ - final string getMinValue() { result = minValue } + final override string getMinValue() { result = minValue } - /** - * Gets the largest value of the switch expression for which control will flow along this edge. - */ - final string getMaxValue() { result = maxValue } - - /** - * Gets the unique value of the switch expression for which control will - * flow along this edge, if any. - */ - final string getValue() { - minValue = maxValue and - result = minValue - } + final override string getMaxValue() { result = maxValue } } /** From 70a8364a38f5b84f9a38a7ed21a234cb2409d15b Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:10:39 +0100 Subject: [PATCH 024/307] C++: Add another convenience predicate on 'BinaryInstruction'. --- .../code/cpp/ir/implementation/aliased_ssa/Instruction.qll | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll index a564508e16b4..8d3e960c3f87 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/aliased_ssa/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** From f0f4311b6560b9d3fa23b4bed5659029ea0e8ba8 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:10:59 +0100 Subject: [PATCH 025/307] C++: Sync identical files. --- .../semmle/code/cpp/ir/implementation/raw/Instruction.qll | 6 ++++++ .../cpp/ir/implementation/unaliased_ssa/Instruction.qll | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll index a564508e16b4..8d3e960c3f87 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** diff --git a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll index a564508e16b4..8d3e960c3f87 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/implementation/unaliased_ssa/Instruction.qll @@ -1084,6 +1084,12 @@ class BinaryInstruction extends Instruction { or op1 = this.getRightOperand() and op2 = this.getLeftOperand() } + + /** + * Gets the instruction whose result provides the value of the left or right + * operand of this binary instruction. + */ + Instruction getAnInput() { result = this.getLeft() or result = this.getRight() } } /** From 2b0b8402ce4e29ee75b16c4078d0be908043fb48 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 10:01:55 +0100 Subject: [PATCH 026/307] C++: Delete a bunch of predicates. Also set up things so that they work after instantiating the shared guards library. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 425 +++++------------- 1 file changed, 119 insertions(+), 306 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index f782a2c117d5..7e53c83494bb 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -21,70 +21,61 @@ private predicate isUnreachedBlock(IRBlock block) { block.getFirstInstruction() instanceof UnreachedInstruction } -private newtype TAbstractValue = - TBooleanValue(boolean b) { b = true or b = false } or - TMatchValue(CaseEdge c) - /** + * DEPRECATED: Use `GuardValue` instead. + * * An abstract value. This is either a boolean value, or a `switch` case. */ -abstract class AbstractValue extends TAbstractValue { - /** Gets an abstract value that represents the dual of this value, if any. */ - abstract AbstractValue getDualValue(); +deprecated class AbstractValue extends GuardValue { } - /** Gets a textual representation of this abstract value. */ - abstract string toString(); -} +/** + * DEPRECATED: Use `GuardValue` instead. + * + * A Boolean value. + */ +deprecated class BooleanValue extends AbstractValue { + BooleanValue() { exists(this.asBooleanValue()) } -/** A Boolean value. */ -class BooleanValue extends AbstractValue, TBooleanValue { /** Gets the underlying Boolean value. */ - boolean getValue() { this = TBooleanValue(result) } - - override BooleanValue getDualValue() { result.getValue() = this.getValue().booleanNot() } - - override string toString() { result = this.getValue().toString() } + boolean getValue() { result = this.asBooleanValue() } } -/** A value that represents a match against a specific `switch` case. */ -class MatchValue extends AbstractValue, TMatchValue { - /** Gets the case. */ - CaseEdge getCase() { this = TMatchValue(result) } - - override MatchValue getDualValue() { - // A `MatchValue` has no dual. - none() +/** + * DEPRECATED: Use `GuardValue` instead. + * + * A value that represents a match against a specific `switch` case. + */ +deprecated class MatchValue extends AbstractValue { + MatchValue() { + exists(this.asIntValue()) + or + this.asConstantValue().isRange(_, _) } - override string toString() { result = this.getCase().toString() } + /** Gets the case. */ + CaseEdge getCase() { + result.getValue().toInt() = this.asIntValue() + or + exists(string minValue, string maxValue | + result.getMinValue() = minValue and + result.getMaxValue() = maxValue and + this.asConstantValue().isRange(minValue, maxValue) + ) + } } /** * A Boolean condition in the AST that guards one or more basic blocks. This includes * operands of logical operators but not switch statements. */ -abstract private class GuardConditionImpl extends Expr { +private class GuardConditionImpl extends Element { /** * Holds if this condition controls `controlled`, meaning that `controlled` is only * entered if the value of this condition is `v`. * * For details on what "controls" mean, see the QLDoc for `controls`. */ - abstract predicate valueControls(BasicBlock controlled, AbstractValue v); - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `v`. - */ - abstract predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v); - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * this the value of this condition is `testIsTrue`. - */ - final predicate controlsEdge(BasicBlock pred, BasicBlock succ, boolean testIsTrue) { - this.valueControlsEdge(pred, succ, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } + abstract predicate valueControls(BasicBlock controlled, GuardValue v); /** * Holds if this condition controls `controlled`, meaning that `controlled` is only @@ -113,7 +104,21 @@ abstract private class GuardConditionImpl extends Expr { * true (for `&&`) or false (for `||`) branch. */ final predicate controls(BasicBlock controlled, boolean testIsTrue) { - this.valueControls(controlled, any(BooleanValue bv | bv.getValue() = testIsTrue)) + this.valueControls(controlled, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) + } + + /** + * Holds if the control-flow edge `(pred, succ)` may be taken only if + * the value of this condition is `v`. + */ + abstract predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v); + + /** + * Holds if the control-flow edge `(pred, succ)` may be taken only if + * this the value of this condition is `testIsTrue`. + */ + final predicate controlsEdge(BasicBlock pred, BasicBlock succ, boolean testIsTrue) { + this.valueControlsEdge(pred, succ, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) } /** @@ -138,7 +143,7 @@ abstract private class GuardConditionImpl extends Expr { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value); + abstract predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value); /** * Holds if (determined by this guard) `e < k` must be `isLessThan` in `block`. @@ -180,7 +185,7 @@ abstract private class GuardConditionImpl extends Expr { * necessarily integer). */ pragma[inline] - abstract predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value); + abstract predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value); /** * Holds if (determined by this guard) `e == k` must be `areEqual` in `block`. @@ -210,7 +215,7 @@ abstract private class GuardConditionImpl extends Expr { */ pragma[inline] final predicate ensuresEqEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean areEqual) { - exists(AbstractValue v | + exists(GuardValue v | this.comparesEq(e, k, areEqual, v) and this.valueControlsEdge(pred, succ, v) ) @@ -236,7 +241,7 @@ abstract private class GuardConditionImpl extends Expr { */ pragma[inline] final predicate ensuresLtEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan) { - exists(AbstractValue v | + exists(GuardValue v | this.comparesLt(e, k, isLessThan, v) and this.valueControlsEdge(pred, succ, v) ) @@ -248,28 +253,25 @@ final class GuardCondition = GuardConditionImpl; /** * A binary logical operator in the AST that guards one or more basic blocks. */ -private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl { - GuardConditionFromBinaryLogicalOperator() { - this.(BinaryLogicalOperation).getAnOperand() instanceof GuardCondition - } - - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { +private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl instanceof BinaryLogicalOperation +{ + override predicate valueControls(BasicBlock controlled, GuardValue v) { exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | this = binop and lhs = binop.getLeftOperand() and rhs = binop.getRightOperand() and - lhs.valueControlsEdge(pred, succ, v) and - rhs.valueControlsEdge(pred, succ, v) + lhs.valueControls(controlled, v) and + rhs.valueControls(controlled, v) ) } - override predicate valueControls(BasicBlock controlled, AbstractValue v) { + override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | this = binop and lhs = binop.getLeftOperand() and rhs = binop.getRightOperand() and - lhs.valueControls(controlled, v) and - rhs.valueControls(controlled, v) + lhs.valueControlsEdge(pred, succ, v) and + rhs.valueControlsEdge(pred, succ, v) ) } @@ -281,10 +283,10 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl ) } - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { - exists(BooleanValue partValue, GuardCondition part | + override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { + exists(GuardValue partValue, GuardCondition part | this.(BinaryLogicalOperation) - .impliesValue(part, partValue.getValue(), value.(BooleanValue).getValue()) + .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesLt(e, k, isLessThan, partValue) ) @@ -299,7 +301,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl pragma[inline] override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(AbstractValue value | + exists(GuardValue value | this.comparesLt(e, k, isLessThan, value) and this.valueControls(block, value) ) } @@ -319,10 +321,10 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl ) } - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { - exists(BooleanValue partValue, GuardCondition part | + override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { + exists(GuardValue partValue, GuardCondition part | this.(BinaryLogicalOperation) - .impliesValue(part, partValue.getValue(), value.(BooleanValue).getValue()) + .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesEq(e, k, areEqual, partValue) ) @@ -330,7 +332,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl pragma[inline] override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | this.comparesEq(e, k, areEqual, value) and this.valueControls(block, value) ) } @@ -342,7 +344,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl * predicate does not necessarily hold for binary logical operations like * `&&` and `||`. See the detailed explanation on predicate `controls`. */ -private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, AbstractValue v) { +private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, GuardValue v) { exists(IRBlock irb | ir.valueControls(irb, v) and nonExcludedIRAndBasicBlock(irb, controlled) and @@ -357,11 +359,9 @@ private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, Abst * like `&&` and `||`. * See the detailed explanation on predicate `controlsEdge`. */ -private predicate controlsEdge( - IRGuardCondition ir, BasicBlock pred, BasicBlock succ, AbstractValue v -) { +private predicate controlsEdge(IRGuardCondition ir, BasicBlock pred, BasicBlock succ, GuardValue v) { exists(IRBlock irPred, IRBlock irSucc | - ir.valueControlsEdge(irPred, irSucc, v) and + ir.valueControlsBranchEdge(irPred, irSucc, v) and nonExcludedIRAndBasicBlock(irPred, pred) and nonExcludedIRAndBasicBlock(irSucc, succ) and not isUnreachedBlock(irPred) and @@ -378,19 +378,20 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { // comparison against 0 so it's not included as a normal // `IRGuardCondition`. So to align with user expectations we make that `x` // a `GuardCondition`. - exists(NotExpr notExpr | - this = notExpr.getOperand() and + exists(NotExpr notExpr | this = notExpr.getOperand() | ir.getUnconvertedResultExpression() = notExpr + or + ir.(ConditionalBranchInstruction).getCondition().getUnconvertedResultExpression() = notExpr ) } - override predicate valueControls(BasicBlock controlled, AbstractValue v) { + override predicate valueControls(BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v.getDualValue()) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { + override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v.getDualValue()) } @@ -404,7 +405,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { + override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) @@ -423,7 +424,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { pragma[inline] override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(Instruction i, AbstractValue value | + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) and this.valueControls(block, value) @@ -450,7 +451,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { + override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) @@ -459,7 +460,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { pragma[inline] override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(Instruction i, AbstractValue value | + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) and this.valueControls(block, value) @@ -474,15 +475,21 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { private class GuardConditionFromIR extends GuardConditionImpl { IRGuardCondition ir; - GuardConditionFromIR() { this = ir.getUnconvertedResultExpression() } + GuardConditionFromIR() { + ir.(InitializeParameterInstruction).getParameter() = this + or + ir.(ConditionalBranchInstruction).getCondition().getUnconvertedResultExpression() = this + or + ir.getUnconvertedResultExpression() = this + } - override predicate valueControls(BasicBlock controlled, AbstractValue v) { + override predicate valueControls(BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, AbstractValue v) { + override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v) } @@ -496,7 +503,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, AbstractValue value) { + override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) @@ -515,7 +522,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { pragma[inline] override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { - exists(Instruction i, AbstractValue value | + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) and this.valueControls(block, value) @@ -542,7 +549,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, AbstractValue value) { + override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) @@ -551,7 +558,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { pragma[inline] override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { - exists(Instruction i, AbstractValue value | + exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) and this.valueControls(block, value) @@ -584,20 +591,17 @@ pragma[nomagic] private predicate nonExcludedIRAndBasicBlock(IRBlock irb, BasicBlock controlled) { exists(Instruction instr | instr = irb.getAnInstruction() and - instr.getAst().(ControlFlowNode).getBasicBlock() = controlled and + instr.getAst() = controlled.getANode() and not excludeAsControlledInstruction(instr) ) } /** - * A Boolean condition in the IR that guards one or more basic blocks. - * - * Note that `&&` and `||` don't have an explicit representation in the IR, - * and therefore will not appear as IRGuardConditions. + * A guard. This may be any expression whose value determines subsequent + * control flow. It may also be a switch case, which as a guard is considered + * to evaluate to either true or false depending on whether the case matches. */ -class IRGuardCondition extends Instruction { - Instruction branch; - +final class IRGuardCondition extends Guards_v1::Guard { /* * An `IRGuardCondition` supports reasoning about four different kinds of * relations: @@ -625,119 +629,12 @@ class IRGuardCondition extends Instruction { * `e1 + k1 == e2 + k2` into canonical the form `e1 == e2 + (k2 - k1)`. */ - IRGuardCondition() { branch = getBranchForCondition(this) } - - /** - * Holds if this condition controls `controlled`, meaning that `controlled` is only - * entered if the value of this condition is `v`. - * - * For details on what "controls" mean, see the QLDoc for `controls`. - */ - predicate valueControls(IRBlock controlled, AbstractValue v) { - // This condition must determine the flow of control; that is, this - // node must be a top-level condition. - this.controlsBlock(controlled, v) - or - exists(IRGuardCondition ne | - this = ne.(LogicalNotInstruction).getUnary() and - ne.valueControls(controlled, v.getDualValue()) - ) - } - - /** - * Holds if this condition controls `controlled`, meaning that `controlled` is only - * entered if the value of this condition is `testIsTrue`. - * - * Illustration: - * - * ``` - * [ (testIsTrue) ] - * [ this ----------------succ ---- controlled ] - * [ | | ] - * [ (testIsFalse) | ------ ... ] - * [ other ] - * ``` - * - * The predicate holds if all paths to `controlled` go via the `testIsTrue` - * edge of the control-flow graph. In other words, the `testIsTrue` edge - * must dominate `controlled`. This means that `controlled` must be - * dominated by both `this` and `succ` (the target of the `testIsTrue` - * edge). It also means that any other edge into `succ` must be a back-edge - * from a node which is dominated by `succ`. - * - * The short-circuit boolean operations have slightly surprising behavior - * here: because the operation itself only dominates one branch (due to - * being short-circuited) then it will only control blocks dominated by the - * true (for `&&`) or false (for `||`) branch. - */ - predicate controls(IRBlock controlled, boolean testIsTrue) { - this.valueControls(controlled, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `v`. - */ - predicate valueControlsEdge(IRBlock pred, IRBlock succ, AbstractValue v) { - pred.getASuccessor() = succ and - this.valueControls(pred, v) - or - succ = this.getBranchSuccessor(v) and - ( - branch.(ConditionalBranchInstruction).getCondition() = this and - branch.getBlock() = pred - or - branch.(SwitchInstruction).getExpression() = this and - branch.getBlock() = pred - ) - } - - /** - * Holds if the control-flow edge `(pred, succ)` may be taken only if - * the value of this condition is `testIsTrue`. - */ - final predicate controlsEdge(IRBlock pred, IRBlock succ, boolean testIsTrue) { - this.valueControlsEdge(pred, succ, any(BooleanValue bv | bv.getValue() = testIsTrue)) - } - - /** - * Gets the block to which `branch` jumps directly when the value of this condition is `v`. - * - * This predicate is intended to help with situations in which an inference can only be made - * based on an edge between a block with multiple successors and a block with multiple - * predecessors. For example, in the following situation, an inference can be made about the - * value of `x` at the end of the `if` statement, but there is no block which is controlled by - * the `if` statement when `x >= y`. - * ``` - * if (x < y) { - * x = y; - * } - * return x; - * ``` - */ - private IRBlock getBranchSuccessor(AbstractValue v) { - branch.(ConditionalBranchInstruction).getCondition() = this and - exists(BooleanValue bv | bv = v | - bv.getValue() = true and - result.getFirstInstruction() = branch.(ConditionalBranchInstruction).getTrueSuccessor() - or - bv.getValue() = false and - result.getFirstInstruction() = branch.(ConditionalBranchInstruction).getFalseSuccessor() - ) - or - exists(SwitchInstruction switch, CaseEdge kind | switch = branch | - switch.getExpression() = this and - result.getFirstInstruction() = switch.getSuccessor(kind) and - kind = v.(MatchValue).getCase() - ) - } - /** Holds if (determined by this guard) `left < right + k` evaluates to `isLessThan` if this expression evaluates to `testIsTrue`. */ pragma[inline] predicate comparesLt(Operand left, Operand right, int k, boolean isLessThan, boolean testIsTrue) { - exists(BooleanValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and - value.getValue() = testIsTrue + value.asBooleanValue() = testIsTrue ) } @@ -746,7 +643,7 @@ class IRGuardCondition extends Instruction { * this expression evaluates to `value`. */ pragma[inline] - predicate comparesLt(Operand op, int k, boolean isLessThan, AbstractValue value) { + predicate comparesLt(Operand op, int k, boolean isLessThan, GuardValue value) { compares_lt(valueNumber(this), op, k, isLessThan, value) } @@ -756,7 +653,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLt(Operand left, Operand right, int k, IRBlock block, boolean isLessThan) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and this.valueControls(block, value) ) @@ -768,7 +665,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLt(Operand op, int k, IRBlock block, boolean isLessThan) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), op, k, isLessThan, value) and this.valueControls(block, value) ) @@ -782,9 +679,9 @@ class IRGuardCondition extends Instruction { predicate ensuresLtEdge( Operand left, Operand right, int k, IRBlock pred, IRBlock succ, boolean isLessThan ) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, right, k, isLessThan, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } @@ -794,24 +691,24 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresLtEdge(Operand left, int k, IRBlock pred, IRBlock succ, boolean isLessThan) { - exists(AbstractValue value | + exists(GuardValue value | compares_lt(valueNumber(this), left, k, isLessThan, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } /** Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this expression evaluates to `testIsTrue`. */ pragma[inline] predicate comparesEq(Operand left, Operand right, int k, boolean areEqual, boolean testIsTrue) { - exists(BooleanValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and - value.getValue() = testIsTrue + value.asBooleanValue() = testIsTrue ) } /** Holds if (determined by this guard) `op == k` evaluates to `areEqual` if this expression evaluates to `value`. */ pragma[inline] - predicate comparesEq(Operand op, int k, boolean areEqual, AbstractValue value) { + predicate comparesEq(Operand op, int k, boolean areEqual, GuardValue value) { unary_compares_eq(valueNumber(this), op, k, areEqual, value) } @@ -821,7 +718,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEq(Operand left, Operand right, int k, IRBlock block, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and this.valueControls(block, value) ) @@ -833,7 +730,7 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEq(Operand op, int k, IRBlock block, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | unary_compares_eq(valueNumber(this), op, k, areEqual, value) and this.valueControls(block, value) ) @@ -847,9 +744,9 @@ class IRGuardCondition extends Instruction { predicate ensuresEqEdge( Operand left, Operand right, int k, IRBlock pred, IRBlock succ, boolean areEqual ) { - exists(AbstractValue value | + exists(GuardValue value | compares_eq(valueNumber(this), left, right, k, areEqual, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } @@ -859,102 +756,18 @@ class IRGuardCondition extends Instruction { */ pragma[inline] predicate ensuresEqEdge(Operand op, int k, IRBlock pred, IRBlock succ, boolean areEqual) { - exists(AbstractValue value | + exists(GuardValue value | unary_compares_eq(valueNumber(this), op, k, areEqual, value) and - this.valueControlsEdge(pred, succ, value) + this.valueControlsBranchEdge(pred, succ, value) ) } /** - * Holds if this condition controls `block`, meaning that `block` is only - * entered if the value of this condition is `v`. This helper - * predicate does not necessarily hold for binary logical operations like - * `&&` and `||`. See the detailed explanation on predicate `controls`. + * DEPRECATED: Use `controlsBranchEdge` instead. */ - private predicate controlsBlock(IRBlock controlled, AbstractValue v) { - not isUnreachedBlock(controlled) and - // - // For this block to control the block `controlled` with `testIsTrue` the - // following must hold: Execution must have passed through the test; that - // is, `this` must strictly dominate `controlled`. Execution must have - // passed through the `testIsTrue` edge leaving `this`. - // - // Although "passed through the true edge" implies that - // `getBranchSuccessor(true)` dominates `controlled`, the reverse is not - // true, as flow may have passed through another edge to get to - // `getBranchSuccessor(true)`, so we need to assert that - // `getBranchSuccessor(true)` dominates `controlled` *and* that all - // predecessors of `getBranchSuccessor(true)` are either `this` or - // dominated by `getBranchSuccessor(true)`. - // - // For example, in the following snippet: - // - // if (x) - // controlled; - // false_successor; - // uncontrolled; - // - // `false_successor` dominates `uncontrolled`, but not all of its - // predecessors are `this` (`if (x)`) or dominated by itself. Whereas in - // the following code: - // - // if (x) - // while (controlled) - // also_controlled; - // false_successor; - // uncontrolled; - // - // the block `while (controlled)` is controlled because all of its - // predecessors are `this` (`if (x)`) or (in the case of `also_controlled`) - // dominated by itself. - // - // The additional constraint on the predecessors of the test successor implies - // that `this` strictly dominates `controlled` so that isn't necessary to check - // directly. - exists(IRBlock succ | - succ = this.getBranchSuccessor(v) and - this.hasDominatingEdgeTo(succ) and - succ.dominates(controlled) - ) + deprecated predicate controlsEdge(IRBlock bb1, IRBlock bb2, boolean branch) { + this.controlsBranchEdge(bb1, bb2, branch) } - - /** - * Holds if `(this, succ)` is an edge that dominates `succ`, that is, all other - * predecessors of `succ` are dominated by `succ`. This implies that `this` is the - * immediate dominator of `succ`. - * - * This is a necessary and sufficient condition for an edge to dominate anything, - * and in particular `bb1.hasDominatingEdgeTo(bb2) and bb2.dominates(bb3)` means - * that the edge `(bb1, bb2)` dominates `bb3`. - */ - private predicate hasDominatingEdgeTo(IRBlock succ) { - exists(IRBlock branchBlock | branchBlock = this.getBranchBlock() | - branchBlock.immediatelyDominates(succ) and - branchBlock.getASuccessor() = succ and - forall(IRBlock pred | pred = succ.getAPredecessor() and pred != branchBlock | - succ.dominates(pred) - or - // An unreachable `pred` is vacuously dominated by `succ` since all - // paths from the entry to `pred` go through `succ`. Such vacuous - // dominance is not included in the `dominates` predicate since that - // could cause quadratic blow-up. - not pred.isReachableFromFunctionEntry() - ) - ) - } - - pragma[noinline] - private IRBlock getBranchBlock() { result = branch.getBlock() } -} - -private Instruction getBranchForCondition(Instruction guard) { - result.(ConditionalBranchInstruction).getCondition() = guard - or - result.(SwitchInstruction).getExpression() = guard - or - exists(LogicalNotInstruction cond | - result = getBranchForCondition(cond) and cond.getUnary() = guard - ) } cached From 3a8f77d6f4bd2bdb3dc506e49ac1394a157b0262 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 10:02:30 +0100 Subject: [PATCH 027/307] C++: Qualified import of cpp. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 158 +++++++++++------- 1 file changed, 99 insertions(+), 59 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 7e53c83494bb..622b1f1468a9 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -3,7 +3,7 @@ * flow elements controlled by those guards. */ -import cpp +import cpp as Cpp import semmle.code.cpp.ir.IR private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedExpr @@ -68,14 +68,14 @@ deprecated class MatchValue extends AbstractValue { * A Boolean condition in the AST that guards one or more basic blocks. This includes * operands of logical operators but not switch statements. */ -private class GuardConditionImpl extends Element { +private class GuardConditionImpl extends Cpp::Element { /** * Holds if this condition controls `controlled`, meaning that `controlled` is only * entered if the value of this condition is `v`. * * For details on what "controls" mean, see the QLDoc for `controls`. */ - abstract predicate valueControls(BasicBlock controlled, GuardValue v); + abstract predicate valueControls(Cpp::BasicBlock controlled, GuardValue v); /** * Holds if this condition controls `controlled`, meaning that `controlled` is only @@ -103,7 +103,7 @@ private class GuardConditionImpl extends Element { * being short-circuited) then it will only control blocks dominated by the * true (for `&&`) or false (for `||`) branch. */ - final predicate controls(BasicBlock controlled, boolean testIsTrue) { + final predicate controls(Cpp::BasicBlock controlled, boolean testIsTrue) { this.valueControls(controlled, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) } @@ -111,13 +111,13 @@ private class GuardConditionImpl extends Element { * Holds if the control-flow edge `(pred, succ)` may be taken only if * the value of this condition is `v`. */ - abstract predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v); + abstract predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v); /** * Holds if the control-flow edge `(pred, succ)` may be taken only if * this the value of this condition is `testIsTrue`. */ - final predicate controlsEdge(BasicBlock pred, BasicBlock succ, boolean testIsTrue) { + final predicate controlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean testIsTrue) { this.valueControlsEdge(pred, succ, any(GuardValue bv | bv.asBooleanValue() = testIsTrue)) } @@ -127,7 +127,9 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue); + abstract predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ); /** * Holds if (determined by this guard) `left < right + k` must be `isLessThan` in `block`. @@ -135,7 +137,9 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan); + abstract predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ); /** * Holds if (determined by this guard) `e < k` evaluates to `isLessThan` if @@ -143,7 +147,7 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value); + abstract predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value); /** * Holds if (determined by this guard) `e < k` must be `isLessThan` in `block`. @@ -151,7 +155,7 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan); + abstract predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan); /** * Holds if (determined by this guard) `left == right + k` evaluates to `areEqual` if this @@ -164,7 +168,9 @@ private class GuardConditionImpl extends Element { * necessarily integer). */ pragma[inline] - abstract predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue); + abstract predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ); /** * Holds if (determined by this guard) `left == right + k` must be `areEqual` in `block`. @@ -172,7 +178,9 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual); + abstract predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ); /** * Holds if (determined by this guard) `e == k` evaluates to `areEqual` if this expression @@ -185,7 +193,7 @@ private class GuardConditionImpl extends Element { * necessarily integer). */ pragma[inline] - abstract predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value); + abstract predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value); /** * Holds if (determined by this guard) `e == k` must be `areEqual` in `block`. @@ -193,7 +201,7 @@ private class GuardConditionImpl extends Element { * ("unary") and a 5-argument ("binary") version of this predicate (see `comparesEq`). */ pragma[inline] - abstract predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual); + abstract predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual); /** * Holds if (determined by this guard) `left == right + k` must be `areEqual` on the edge from @@ -201,7 +209,8 @@ private class GuardConditionImpl extends Element { */ pragma[inline] final predicate ensuresEqEdge( - Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean areEqual + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, + boolean areEqual ) { exists(boolean testIsTrue | this.comparesEq(left, right, k, areEqual, testIsTrue) and @@ -214,7 +223,9 @@ private class GuardConditionImpl extends Element { * `pred` to `succ`. If `areEqual = false` then this implies `e != k`. */ pragma[inline] - final predicate ensuresEqEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean areEqual) { + final predicate ensuresEqEdge( + Cpp::Expr e, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean areEqual + ) { exists(GuardValue v | this.comparesEq(e, k, areEqual, v) and this.valueControlsEdge(pred, succ, v) @@ -227,7 +238,8 @@ private class GuardConditionImpl extends Element { */ pragma[inline] final predicate ensuresLtEdge( - Expr left, Expr right, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, + boolean isLessThan ) { exists(boolean testIsTrue | this.comparesLt(left, right, k, isLessThan, testIsTrue) and @@ -240,7 +252,9 @@ private class GuardConditionImpl extends Element { * `pred` to `succ`. If `isLessThan = false` then this implies `e >= k`. */ pragma[inline] - final predicate ensuresLtEdge(Expr e, int k, BasicBlock pred, BasicBlock succ, boolean isLessThan) { + final predicate ensuresLtEdge( + Cpp::Expr e, int k, Cpp::BasicBlock pred, Cpp::BasicBlock succ, boolean isLessThan + ) { exists(GuardValue v | this.comparesLt(e, k, isLessThan, v) and this.valueControlsEdge(pred, succ, v) @@ -253,10 +267,10 @@ final class GuardCondition = GuardConditionImpl; /** * A binary logical operator in the AST that guards one or more basic blocks. */ -private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl instanceof BinaryLogicalOperation +private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl instanceof Cpp::BinaryLogicalOperation { - override predicate valueControls(BasicBlock controlled, GuardValue v) { - exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { + exists(Cpp::BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | this = binop and lhs = binop.getLeftOperand() and rhs = binop.getRightOperand() and @@ -265,8 +279,8 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl ) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { - exists(BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { + exists(Cpp::BinaryLogicalOperation binop, GuardCondition lhs, GuardCondition rhs | this = binop and lhs = binop.getLeftOperand() and rhs = binop.getRightOperand() and @@ -275,17 +289,19 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl ) } - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(boolean partIsTrue, GuardCondition part | - this.(BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) + this.(Cpp::BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) | part.comparesLt(left, right, k, isLessThan, partIsTrue) ) } - override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { exists(GuardValue partValue, GuardCondition part | - this.(BinaryLogicalOperation) + this.(Cpp::BinaryLogicalOperation) .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesLt(e, k, isLessThan, partValue) @@ -293,37 +309,43 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(boolean testIsTrue | this.comparesLt(left, right, k, isLessThan, testIsTrue) and this.controls(block, testIsTrue) ) } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { exists(GuardValue value | this.comparesLt(e, k, isLessThan, value) and this.valueControls(block, value) ) } - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(boolean partIsTrue, GuardCondition part | - this.(BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) + this.(Cpp::BinaryLogicalOperation).impliesValue(part, partIsTrue, testIsTrue) | part.comparesEq(left, right, k, areEqual, partIsTrue) ) } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(boolean testIsTrue | this.comparesEq(left, right, k, areEqual, testIsTrue) and this.controls(block, testIsTrue) ) } - override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { exists(GuardValue partValue, GuardCondition part | - this.(BinaryLogicalOperation) + this.(Cpp::BinaryLogicalOperation) .impliesValue(part, partValue.asBooleanValue(), value.asBooleanValue()) | part.comparesEq(e, k, areEqual, partValue) @@ -331,7 +353,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { exists(GuardValue value | this.comparesEq(e, k, areEqual, value) and this.valueControls(block, value) ) @@ -344,7 +366,7 @@ private class GuardConditionFromBinaryLogicalOperator extends GuardConditionImpl * predicate does not necessarily hold for binary logical operations like * `&&` and `||`. See the detailed explanation on predicate `controls`. */ -private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, GuardValue v) { +private predicate controlsBlock(IRGuardCondition ir, Cpp::BasicBlock controlled, GuardValue v) { exists(IRBlock irb | ir.valueControls(irb, v) and nonExcludedIRAndBasicBlock(irb, controlled) and @@ -359,7 +381,9 @@ private predicate controlsBlock(IRGuardCondition ir, BasicBlock controlled, Guar * like `&&` and `||`. * See the detailed explanation on predicate `controlsEdge`. */ -private predicate controlsEdge(IRGuardCondition ir, BasicBlock pred, BasicBlock succ, GuardValue v) { +private predicate controlsEdge( + IRGuardCondition ir, Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v +) { exists(IRBlock irPred, IRBlock irSucc | ir.valueControlsBranchEdge(irPred, irSucc, v) and nonExcludedIRAndBasicBlock(irPred, pred) and @@ -378,25 +402,27 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { // comparison against 0 so it's not included as a normal // `IRGuardCondition`. So to align with user expectations we make that `x` // a `GuardCondition`. - exists(NotExpr notExpr | this = notExpr.getOperand() | + exists(Cpp::NotExpr notExpr | this = notExpr.getOperand() | ir.getUnconvertedResultExpression() = notExpr or ir.(ConditionalBranchInstruction).getCondition().getUnconvertedResultExpression() = notExpr ) } - override predicate valueControls(BasicBlock controlled, GuardValue v) { + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v.getDualValue()) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v.getDualValue()) } pragma[inline] - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -405,7 +431,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) @@ -413,7 +439,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -423,7 +451,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value.getDualValue()) and @@ -432,7 +460,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -441,7 +471,9 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -451,7 +483,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) @@ -459,7 +491,7 @@ private class GuardConditionFromNotExpr extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value.getDualValue()) and @@ -483,18 +515,20 @@ private class GuardConditionFromIR extends GuardConditionImpl { ir.getUnconvertedResultExpression() = this } - override predicate valueControls(BasicBlock controlled, GuardValue v) { + override predicate valueControls(Cpp::BasicBlock controlled, GuardValue v) { // This condition must determine the flow of control; that is, this // node must be a top-level condition. controlsBlock(ir, controlled, v) } - override predicate valueControlsEdge(BasicBlock pred, BasicBlock succ, GuardValue v) { + override predicate valueControlsEdge(Cpp::BasicBlock pred, Cpp::BasicBlock succ, GuardValue v) { controlsEdge(ir, pred, succ, v) } pragma[inline] - override predicate comparesLt(Expr left, Expr right, int k, boolean isLessThan, boolean testIsTrue) { + override predicate comparesLt( + Cpp::Expr left, Cpp::Expr right, int k, boolean isLessThan, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -503,7 +537,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesLt(Expr e, int k, boolean isLessThan, GuardValue value) { + override predicate comparesLt(Cpp::Expr e, int k, boolean isLessThan, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) @@ -511,7 +545,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr left, Expr right, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean isLessThan + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -521,7 +557,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresLt(Expr e, int k, BasicBlock block, boolean isLessThan) { + override predicate ensuresLt(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean isLessThan) { exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesLt(i.getAUse(), k, isLessThan, value) and @@ -530,7 +566,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr left, Expr right, int k, boolean areEqual, boolean testIsTrue) { + override predicate comparesEq( + Cpp::Expr left, Cpp::Expr right, int k, boolean areEqual, boolean testIsTrue + ) { exists(Instruction li, Instruction ri | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -539,7 +577,9 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr left, Expr right, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq( + Cpp::Expr left, Cpp::Expr right, int k, Cpp::BasicBlock block, boolean areEqual + ) { exists(Instruction li, Instruction ri, boolean testIsTrue | li.getUnconvertedResultExpression() = left and ri.getUnconvertedResultExpression() = right and @@ -549,7 +589,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate comparesEq(Expr e, int k, boolean areEqual, GuardValue value) { + override predicate comparesEq(Cpp::Expr e, int k, boolean areEqual, GuardValue value) { exists(Instruction i | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) @@ -557,7 +597,7 @@ private class GuardConditionFromIR extends GuardConditionImpl { } pragma[inline] - override predicate ensuresEq(Expr e, int k, BasicBlock block, boolean areEqual) { + override predicate ensuresEq(Cpp::Expr e, int k, Cpp::BasicBlock block, boolean areEqual) { exists(Instruction i, GuardValue value | i.getUnconvertedResultExpression() = e and ir.comparesEq(i.getAUse(), k, areEqual, value) and @@ -588,7 +628,7 @@ private predicate excludeAsControlledInstruction(Instruction instr) { * the `irb` be ignored. */ pragma[nomagic] -private predicate nonExcludedIRAndBasicBlock(IRBlock irb, BasicBlock controlled) { +private predicate nonExcludedIRAndBasicBlock(IRBlock irb, Cpp::BasicBlock controlled) { exists(Instruction instr | instr = irb.getAnInstruction() and instr.getAst() = controlled.getANode() and From 840097f121868d2e52d9af740d2aceb65f02504f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:39:37 +0100 Subject: [PATCH 028/307] C++: Instantiate the shared guards library. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 448 ++++++++++++++++++ 1 file changed, 448 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 622b1f1468a9..da87ee21a545 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -5,10 +5,458 @@ import cpp as Cpp import semmle.code.cpp.ir.IR +private import codeql.util.Void +private import codeql.controlflow.Guards as SharedGuards private import semmle.code.cpp.ir.ValueNumbering private import semmle.code.cpp.ir.implementation.raw.internal.TranslatedExpr private import semmle.code.cpp.ir.implementation.raw.internal.InstructionTag +private class BasicBlock = IRCfg::BasicBlock; + +/** + * INTERNAL: Do not use. + */ +module GuardsInput implements SharedGuards::InputSig { + private import cpp as Cpp + + class NormalExitNode = ExitFunctionInstruction; + + class AstNode = Instruction; + + /** The `Guards` library uses `Instruction`s as expressions. */ + class Expr extends Instruction { + Instruction getControlFlowNode() { result = this } + + IRCfg::BasicBlock getBasicBlock() { result = this.getBlock() } + } + + private newtype TConstantValue = + TRange(string minValue, string maxValue) { + minValue != maxValue and + exists(EdgeKind::caseEdge(minValue, maxValue)) + } + + /** + * The constant values that can be inferred. The only additional constant + * value required is the GCC extension for case ranges. + */ + class ConstantValue extends TConstantValue { + /** + * Holds if this constant value is the case range `minValue..maxValue`. + */ + predicate isRange(string minValue, string maxValue) { this = TRange(minValue, maxValue) } + + string toString() { + exists(string minValue, string maxValue | + this.isRange(minValue, maxValue) and + result = minValue + ".." + maxValue + ) + } + } + + private class EqualityExpr extends CompareInstruction { + EqualityExpr() { + this instanceof CompareEQInstruction + or + this instanceof CompareNEInstruction + } + + boolean getPolarity() { + result = true and + this instanceof CompareEQInstruction + or + result = false and + this instanceof CompareNEInstruction + } + } + + /** A constant expression. */ + abstract class ConstantExpr extends Expr { + /** Holds if this expression is the null constant. */ + predicate isNull() { none() } + + /** Holds if this expression is a boolean constant. */ + boolean asBooleanValue() { none() } + + /** Holds if this expression is an integer constant. */ + int asIntegerValue() { none() } + + /** + * Holds if this expression is a C/C++ specific constant value such as + * a GCC case range. + */ + ConstantValue asConstantValue() { none() } + } + + private class NullConstant extends ConstantExpr instanceof ConstantInstruction { + NullConstant() { + this.getValue() = "0" and + this.getResultIRType() instanceof IRAddressType + } + + override predicate isNull() { any() } + } + + private class BooleanConstant extends ConstantExpr instanceof ConstantInstruction { + BooleanConstant() { this.getResultIRType() instanceof IRBooleanType } + + override boolean asBooleanValue() { + super.getValue() = "0" and + result = false + or + super.getValue() = "1" and + result = true + } + } + + private class IntegerConstant extends ConstantExpr { + int value; + + IntegerConstant() { + this.(ConstantInstruction).getValue().toInt() = value and + this.getResultIRType() instanceof IRIntegerType + or + // In order to have an "integer constant" for a switch case + // we misuse the first instruction (which is always a NoOp instruction) + // as a constant with the switch case's value. + exists(CaseEdge edge | + this = any(SwitchInstruction switch).getSuccessor(edge) and + value = edge.getValue().toInt() + ) + } + + override int asIntegerValue() { result = value } + } + + /** + * The instruction representing the constant expression in a case statement. + * + * Since the IR does not have an instruction for this (as this is represented + * by the edge) we use the `NoOp` instruction which is always generated. + */ + private class CaseConstant extends ConstantExpr instanceof NoOpInstruction { + SwitchInstruction switch; + SwitchEdge edge; + + CaseConstant() { this = switch.getSuccessor(edge) } + + override ConstantValue asConstantValue() { + exists(string minValue, string maxValue | + edge.getMinValue() = minValue and + edge.getMaxValue() = maxValue and + result.isRange(minValue, maxValue) + ) + } + + predicate hasEdge(SwitchInstruction switch_, SwitchEdge edge_) { + switch_ = switch and + edge_ = edge + } + } + + private predicate nonNullExpr(Instruction i) { + i instanceof VariableAddressInstruction + or + i.(PointerConstantInstruction).getValue() != "0" + or + i instanceof TypeidInstruction + or + nonNullExpr(i.(FieldAddressInstruction).getObjectAddress()) + or + nonNullExpr(i.(PointerAddInstruction).getLeft()) + or + nonNullExpr(i.(CopyInstruction).getSourceValue()) + or + nonNullExpr(i.(ConvertInstruction).getUnary()) + or + nonNullExpr(i.(CheckedConvertOrThrowInstruction).getUnary()) + or + nonNullExpr(i.(CompleteObjectAddressInstruction).getUnary()) + or + nonNullExpr(i.(InheritanceConversionInstruction).getUnary()) + or + nonNullExpr(i.(BitOrInstruction).getAnInput()) + } + + /** + * An expression that is guaranteed to not be `null`. + */ + class NonNullExpr extends Expr { + NonNullExpr() { nonNullExpr(this) } + } + + /** A `case` in a `switch` instruction. */ + class Case extends Expr { + SwitchInstruction switch; + SwitchEdge edge; + + Case() { switch.getSuccessor(edge) = this } + + /** + * Gets the edge for which control flows from the `Switch` instruction to + * the target case. + */ + SwitchEdge getEdge() { result = edge } + + /** + * Holds if this case takes control-flow from `bb1` to `bb2` when + * the case matches the scrutinee. + */ + predicate matchEdge(BasicBlock bb1, BasicBlock bb2) { + switch.getBlock() = bb1 and + this.getBasicBlock() = bb2 + } + + /** + * Holds if case takes control-flow from `bb1` to `bb2` when the + * case does not match the scrutinee. + * + * This predicate never holds for C/C++. + */ + predicate nonMatchEdge(BasicBlock bb1, BasicBlock bb2) { none() } + + /** + * Gets the scrutinee expression. + */ + Expr getSwitchExpr() { result = switch.getExpression() } + + /** + * Holds if this case is the default case. + */ + predicate isDefaultCase() { edge.isDefault() } + + /** + * Gets the constant expression of this case. + */ + ConstantExpr asConstantCase() { result.(CaseConstant).hasEdge(switch, edge) } + } + + abstract private class BinExpr extends Expr instanceof BinaryInstruction { + Expr getAnOperand() { result = super.getAnInput() } + } + + /** + * A bitwise "AND" expression. + * + * This does not include logical AND expressions since these are desugared as + * part of IR generation. + */ + class AndExpr extends BinExpr instanceof BitAndInstruction { } + + /** + * A bitwise "OR" expression. + * + * This does not include logical OR expressions since these are desugared as + * part of IR generation. + */ + class OrExpr extends BinExpr instanceof BitOrInstruction { } + + /** A (bitwise or logical) "NOT" expression. */ + class NotExpr extends Expr instanceof UnaryInstruction { + NotExpr() { + this instanceof LogicalNotInstruction + or + this instanceof BitComplementInstruction + } + + /** Gets the operand of this expression. */ + Expr getOperand() { result = super.getUnary() } + } + + private predicate isBoolToIntConversion(ConvertInstruction convert, Instruction unary) { + convert.getUnary() = unary and + unary.getResultIRType() instanceof IRBooleanType and + convert.getResultIRType() instanceof IRIntegerType + } + + /** + * A value preserving expression. + */ + class IdExpr extends Expr { + IdExpr() { + this instanceof CopyInstruction + or + not isBoolToIntConversion(this, _) and + this instanceof ConvertInstruction + or + this instanceof InheritanceConversionInstruction + } + + /** Get the child expression that defines the value of this expression. */ + Expr getEqualChildExpr() { + result = this.(CopyInstruction).getSourceValue() + or + result = this.(ConvertInstruction).getUnary() + or + result = this.(InheritanceConversionInstruction).getUnary() + } + } + + /** + * Holds if `eqtest` tests the equality (or inequality) of `left` and + * `right.` + * + * If `polarity` is `true` then `eqtest` is an equality test, and otherwise + * `eqtest` is an inequality test. + */ + pragma[nomagic] + predicate equalityTest(Expr eqtest, Expr left, Expr right, boolean polarity) { + exists(EqualityExpr eq | eqtest = eq | + eq.getLeft() = left and + eq.getRight() = right and + polarity = eq.getPolarity() + ) + } + + /** + * A conditional expression (i.e., `b ? e1 : e2`). This expression is desugared + * as part of IR generation. + */ + class ConditionalExpr extends Expr { + ConditionalExpr() { none() } + + /** Gets the condition of this conditional expression. */ + Expr getCondition() { none() } + + /** Gets the true branch of this conditional expression. */ + Expr getThen() { none() } + + /** Gets the false branch of this conditional expression. */ + Expr getElse() { none() } + } + + private import semmle.code.cpp.dataflow.new.DataFlow::DataFlow as DataFlow + private import semmle.code.cpp.ir.dataflow.internal.DataFlowPrivate as Private + + class Parameter = Cpp::Parameter; + + /** + * A (direct) parameter position. The value `-1` represents the position of + * the implicit `this` parameter. + */ + private int parameterPosition() { result in [-1, any(Cpp::Parameter p).getIndex()] } + + /** A parameter position represented by an integer. */ + class ParameterPosition extends int { + ParameterPosition() { this = parameterPosition() } + } + + /** An argument position represented by an integer. */ + class ArgumentPosition extends int { + ArgumentPosition() { this = parameterPosition() } + } + + /** Holds if arguments at position `apos` match parameters at position `ppos`. */ + overlay[caller?] + pragma[inline] + predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { ppos = apos } + + final private class FinalMethod = Cpp::Function; + + /** + * A non-overridable function. + * + * This function is non-overrideable either because it is not a member function, or + * because it is a final member function. + */ + class NonOverridableMethod extends FinalMethod { + NonOverridableMethod() { + not this instanceof Cpp::MemberFunction + or + exists(Cpp::MemberFunction mf | this = mf | + not mf.isVirtual() + or + mf.isFinal() + ) + } + + /** Gets the `Parameter` at `pos` of this function, if any. */ + Parameter getParameter(ParameterPosition ppos) { super.getParameter(ppos) = result } + + /** Gets an expression returned from this function. */ + GuardsInput::Expr getAReturnExpr() { + exists(ReturnValueInstruction ret | + ret.getEnclosingFunction() = this and + result = ret.getReturnValue() + ) + } + } + + private predicate nonOverridableMethodCall(CallInstruction call, NonOverridableMethod m) { + call.getStaticCallTarget() = m + } + + /** + * A call to a `NonOverridableMethod`. + */ + class NonOverridableMethodCall extends GuardsInput::Expr instanceof CallInstruction { + NonOverridableMethodCall() { nonOverridableMethodCall(this, _) } + + /** Gets the function that is called. */ + NonOverridableMethod getMethod() { nonOverridableMethodCall(this, result) } + + /** Gets the argument at `apos`, if any. */ + GuardsInput::Expr getArgument(ArgumentPosition apos) { result = super.getArgument(apos) } + } +} + +private module GuardsImpl = SharedGuards::Make; + +private module LogicInput_v1 implements GuardsImpl::LogicInputSig { + private import semmle.code.cpp.dataflow.new.DataFlow::DataFlow::Ssa + + final private class FinalBaseSsaVariable = Definition; + + class SsaDefinition extends FinalBaseSsaVariable { + GuardsInput::Expr getARead() { result = this.getAUse().getDef() } + } + + class SsaWriteDefinition extends SsaDefinition instanceof ExplicitDefinition { + GuardsInput::Expr getDefinition() { result = super.getAssignedInstruction() } + } + + class SsaPhiNode extends SsaDefinition instanceof PhiNode { + predicate hasInputFromBlock(SsaDefinition inp, BasicBlock bb) { + super.hasInputFromBlock(inp, bb) + } + } + + predicate parameterDefinition(GuardsInput::Parameter p, SsaDefinition def) { + def.isParameterDefinition(p) + } + + predicate additionalImpliesStep( + GuardsImpl::PreGuard g1, GuardValue v1, GuardsImpl::PreGuard g2, GuardValue v2 + ) { + g1.(ConditionalBranchInstruction).getCondition() = g2 and + v1.asBooleanValue() = v2.asBooleanValue() + or + exists(SwitchInstruction switch, SwitchEdge edge | + g1 = switch.getSuccessor(edge) and + g2 = switch.getExpression() + | + v1.asBooleanValue() = true and + ( + v2.asIntValue() = edge.getValue().toInt() + or + v2.asConstantValue().isRange(edge.getMinValue(), edge.getMaxValue()) + ) + or + v1.asBooleanValue() = false and + ( + v2.getDualValue().asIntValue() = edge.getValue().toInt() + or + v2.getDualValue().asConstantValue().isRange(edge.getMinValue(), edge.getMaxValue()) + ) + ) + } +} + +class GuardValue = GuardsImpl::GuardValue; + +/** INTERNAL: Don't use. */ +module Guards_v1 = GuardsImpl::Logic; + /** * Holds if `block` consists of an `UnreachedInstruction`. * From ac5233d19c199c96dc3a8d61f17b327b903b6935 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:41:11 +0100 Subject: [PATCH 029/307] C++: Lots of renamings. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 116 +++++++++--------- 1 file changed, 56 insertions(+), 60 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index da87ee21a545..d0f3de4fb3c5 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -1418,10 +1418,10 @@ private module Cached { */ cached predicate compares_eq( - ValueNumber test, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */ - exists(AbstractValue v | simple_comparison_eq(test, left, right, k, v) | + exists(GuardValue v | simple_comparison_eq(test, left, right, k, v) | areEqual = true and value = v or areEqual = false and value = v.getDualValue() @@ -1436,15 +1436,15 @@ private module Cached { complex_eq(test, left, right, k, areEqual, value) or /* (x is true => (left == right + k)) => (!x is false => (left == right + k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | + exists(GuardValue dual | value = dual.getDualValue() | compares_eq(test.(LogicalNotValueNumber).getUnary(), left, right, k, areEqual, dual) ) or compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, areEqual, value) or - exists(Operand l, BooleanValue bv | + exists(Operand l, GuardValue bv | // 1. test = value -> int(l) = 0 is !bv - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and // 2. l = bv -> left + right is areEqual compares_eq(valueNumber(BooleanInstruction::get(l.getDef())), left, right, k, areEqual, bv) @@ -1461,10 +1461,10 @@ private module Cached { */ cached predicate unary_compares_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { /* The simple case where the test *is* the comparison so areEqual = testIsTrue xor eq. */ - exists(AbstractValue v | unary_simple_comparison_eq(test, op, k, v) | + exists(GuardValue v | unary_simple_comparison_eq(test, op, k, v) | areEqual = true and value = v or areEqual = false and value = v.getDualValue() @@ -1473,7 +1473,7 @@ private module Cached { unary_complex_eq(test, op, k, areEqual, value) or /* (x is true => (op == k)) => (!x is false => (op == k)) */ - exists(AbstractValue dual | + exists(GuardValue dual | value = dual.getDualValue() and unary_compares_eq(test.(LogicalNotValueNumber).getUnary(), op, k, areEqual, dual) ) @@ -1487,18 +1487,18 @@ private module Cached { ) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and unary_compares_eq(valueNumber(BooleanInstruction::get(l.getDef())), op, k, areEqual, bv) ) or unary_compares_eq(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, areEqual, value) or - exists(BinaryLogicalOperation logical, Expr operand, boolean b | + exists(Cpp::BinaryLogicalOperation logical, Cpp::Expr operand, boolean b | test.getAnInstruction().getUnconvertedResultExpression() = logical and op.getDef().getUnconvertedResultExpression() = operand and - logical.impliesValue(operand, b, value.(BooleanValue).getValue()) + logical.impliesValue(operand, b, value.asBooleanValue()) | k = 1 and areEqual = b @@ -1510,17 +1510,17 @@ private module Cached { /** Rearrange various simple comparisons into `left == right + k` form. */ private predicate simple_comparison_eq( - CompareValueNumber cmp, Operand left, Operand right, int k, AbstractValue value + CompareValueNumber cmp, Operand left, Operand right, int k, GuardValue value ) { cmp instanceof CompareEQValueNumber and cmp.hasOperands(left, right) and k = 0 and - value.(BooleanValue).getValue() = true + value.asBooleanValue() = true or cmp instanceof CompareNEValueNumber and cmp.hasOperands(left, right) and k = 0 and - value.(BooleanValue).getValue() = false + value.asBooleanValue() = false } /** @@ -1556,35 +1556,33 @@ private module Cached { } /** Rearrange various simple comparisons into `op == k` form. */ - private predicate unary_simple_comparison_eq( - ValueNumber test, Operand op, int k, AbstractValue value - ) { - exists(CaseEdge case, SwitchConditionValueNumber condition | + private predicate unary_simple_comparison_eq(ValueNumber test, Operand op, int k, GuardValue value) { + exists(SwitchConditionValueNumber condition, CaseEdge edge | condition = test and op = condition.getExpressionOperand() and - case = value.(MatchValue).getCase() and - exists(condition.getSuccessor(case)) and - case.getValue().toInt() = k + value.asIntValue() = k and + edge.getValue().toInt() = k and + exists(condition.getSuccessor(edge)) ) or exists(Instruction const | int_value(const) = k | - value.(BooleanValue).getValue() = true and + value.asBooleanValue() = true and test.(CompareEQValueNumber).hasOperands(op, const.getAUse()) or - value.(BooleanValue).getValue() = false and + value.asBooleanValue() = false and test.(CompareNEValueNumber).hasOperands(op, const.getAUse()) ) or - exists(BooleanValue bv | + exists(GuardValue bv | bv = value and mayBranchOn(op.getDef()) and op = test.getAUse() | k = 0 and - bv.getValue() = false + bv.asBooleanValue() = false or k = 1 and - bv.getValue() = true + bv.asBooleanValue() = true ) } @@ -1603,7 +1601,7 @@ private module Cached { } private predicate complex_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { sub_eq(cmp, left, right, k, areEqual, value) or @@ -1611,7 +1609,7 @@ private module Cached { } private predicate unary_complex_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { unary_sub_eq(test, op, k, areEqual, value) or @@ -1626,11 +1624,11 @@ private module Cached { /** Holds if `left < right + k` evaluates to `isLt` given that test is `value`. */ cached predicate compares_lt( - ValueNumber test, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { /* In the simple case, the test is the comparison, so isLt = testIsTrue */ simple_comparison_lt(test, left, right, k) and - value.(BooleanValue).getValue() = isLt + value.asBooleanValue() = isLt or complex_lt(test, left, right, k, isLt, value) or @@ -1638,15 +1636,15 @@ private module Cached { exists(boolean isGe | isLt = isGe.booleanNot() | compares_ge(test, left, right, k, isGe, value)) or /* (x is true => (left < right + k)) => (!x is false => (left < right + k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | + exists(GuardValue dual | value = dual.getDualValue() | compares_lt(test.(LogicalNotValueNumber).getUnary(), left, right, k, isLt, dual) ) or compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), left, right, k, isLt, value) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), left, right, k, isLt, bv) ) @@ -1654,13 +1652,13 @@ private module Cached { /** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */ cached - predicate compares_lt(ValueNumber test, Operand op, int k, boolean isLt, AbstractValue value) { + predicate compares_lt(ValueNumber test, Operand op, int k, boolean isLt, GuardValue value) { unary_simple_comparison_lt(test, op, k, isLt, value) or complex_lt(test, op, k, isLt, value) or /* (x is true => (op < k)) => (!x is false => (op < k)) */ - exists(AbstractValue dual | value = dual.getDualValue() | + exists(GuardValue dual | value = dual.getDualValue() | compares_lt(test.(LogicalNotValueNumber).getUnary(), op, k, isLt, dual) ) or @@ -1673,8 +1671,8 @@ private module Cached { compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value) or // See argument for why this is correct in compares_eq - exists(Operand l, BooleanValue bv | - unary_compares_eq(test, l, 0, bv.getValue().booleanNot(), value) and + exists(Operand l, GuardValue bv | + unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), op, k, isLt, bv) ) @@ -1682,7 +1680,7 @@ private module Cached { /** `(a < b + k) => (b > a - k) => (b >= a + (1-k))` */ private predicate compares_ge( - ValueNumber test, Operand left, Operand right, int k, boolean isGe, AbstractValue value + ValueNumber test, Operand left, Operand right, int k, boolean isGe, GuardValue value ) { exists(int onemk | k = 1 - onemk | compares_lt(test, right, left, onemk, isGe, value)) } @@ -1708,34 +1706,32 @@ private module Cached { /** Rearrange various simple comparisons into `op < k` form. */ private predicate unary_simple_comparison_lt( - SwitchConditionValueNumber test, Operand op, int k, boolean isLt, AbstractValue value + SwitchConditionValueNumber test, Operand op, int k, boolean isLt, GuardValue value ) { - exists(CaseEdge case | + exists(string minValue, string maxValue | test.getExpressionOperand() = op and - case = value.(MatchValue).getCase() and - exists(test.getSuccessor(case)) and - case.getMaxValue() > case.getMinValue() + exists(test.getSuccessor(EdgeKind::caseEdge(minValue, maxValue))) and + value.asConstantValue().isRange(minValue, maxValue) and + minValue < maxValue | // op <= k => op < k - 1 isLt = true and - case.getMaxValue().toInt() = k - 1 + maxValue.toInt() = k - 1 or isLt = false and - case.getMinValue().toInt() = k + minValue.toInt() = k ) } private predicate complex_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { sub_lt(cmp, left, right, k, isLt, value) or add_lt(cmp, left, right, k, isLt, value) } - private predicate complex_lt( - ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value - ) { + private predicate complex_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { sub_lt(test, left, k, isLt, value) or add_lt(test, left, k, isLt, value) @@ -1744,7 +1740,7 @@ private module Cached { // left - x < right + c => left < right + (c+x) // left < (right - x) + c => left < right + (c-x) private predicate sub_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { exists(SubInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, value) and @@ -1775,7 +1771,7 @@ private module Cached { ) } - private predicate sub_lt(ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value) { + private predicate sub_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(SubInstruction lhs, int c, int x | compares_lt(test, lhs.getAUse(), c, isLt, value) and left = lhs.getLeftOperand() and @@ -1794,7 +1790,7 @@ private module Cached { // left + x < right + c => left < right + (c-x) // left < (right + x) + c => left < right + (c+x) private predicate add_lt( - ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean isLt, GuardValue value ) { exists(AddInstruction lhs, int c, int x | compares_lt(cmp, lhs.getAUse(), right, c, isLt, value) and @@ -1837,7 +1833,7 @@ private module Cached { ) } - private predicate add_lt(ValueNumber test, Operand left, int k, boolean isLt, AbstractValue value) { + private predicate add_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(AddInstruction lhs, int c, int x | compares_lt(test, lhs.getAUse(), c, isLt, value) and ( @@ -1862,7 +1858,7 @@ private module Cached { // left - x == right + c => left == right + (c+x) // left == (right - x) + c => left == right + (c-x) private predicate sub_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { exists(SubInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, value) and @@ -1895,7 +1891,7 @@ private module Cached { // op - x == c => op == (c+x) private predicate unary_sub_eq( - ValueNumber test, Operand op, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand op, int k, boolean areEqual, GuardValue value ) { exists(SubInstruction sub, int c, int x | unary_compares_eq(test, sub.getAUse(), c, areEqual, value) and @@ -1915,7 +1911,7 @@ private module Cached { // left + x == right + c => left == right + (c-x) // left == (right + x) + c => left == right + (c+x) private predicate add_eq( - ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, AbstractValue value + ValueNumber cmp, Operand left, Operand right, int k, boolean areEqual, GuardValue value ) { exists(AddInstruction lhs, int c, int x | compares_eq(cmp, lhs.getAUse(), right, c, areEqual, value) and @@ -1960,7 +1956,7 @@ private module Cached { // left + x == right + c => left == right + (c-x) private predicate unary_add_eq( - ValueNumber test, Operand left, int k, boolean areEqual, AbstractValue value + ValueNumber test, Operand left, int k, boolean areEqual, GuardValue value ) { exists(AddInstruction lhs, int c, int x | unary_compares_eq(test, lhs.getAUse(), c, areEqual, value) and @@ -2003,7 +1999,7 @@ private import Cached * To find the specific guard that performs the comparison * use `IRGuards.comparesLt`. */ -predicate comparesLt(Operand left, Operand right, int k, boolean isLt, AbstractValue value) { +predicate comparesLt(Operand left, Operand right, int k, boolean isLt, GuardValue value) { compares_lt(_, left, right, k, isLt, value) } @@ -2014,6 +2010,6 @@ predicate comparesLt(Operand left, Operand right, int k, boolean isLt, AbstractV * To find the specific guard that performs the comparison * use `IRGuards.comparesEq`. */ -predicate comparesEq(Operand left, Operand right, int k, boolean isLt, AbstractValue value) { +predicate comparesEq(Operand left, Operand right, int k, boolean isLt, GuardValue value) { compares_eq(_, left, right, k, isLt, value) } From 9ed8b75c5d1218240a12b9a967a580e4c8b7a134 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 10:07:32 +0100 Subject: [PATCH 030/307] C++: Add a few helper predicates on 'Definition' which the guards library needs. --- .../code/cpp/ir/dataflow/internal/SsaImpl.qll | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index 002e0ca61bc9..47e36a0a1079 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -1163,6 +1163,49 @@ class Definition extends SsaImpl::Definition { ) } + /** + * Holds if this definition defines the parameter `p` upon entry into the + * enclosing function. + */ + pragma[nomagic] + predicate isParameterDefinition(Parameter p) { + this.getIndirectionIndex() = 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).getParameter() = p + } + + /** + * Holds if this definition defines the `indirectionIndex`'th indirection of + * parameter `p` upon entry into the enclosing function. + */ + pragma[nomagic] + predicate isIndirectParameterDefinition(Parameter p, int indirectionIndex) { + this.getIndirectionIndex() = indirectionIndex and + indirectionIndex > 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).getParameter() = p + } + + /** + * Holds if this definition defines the implicit `this` parameter upon entry into + * the enclosing member function. + */ + pragma[nomagic] + predicate isThisDefinition() { + this.getIndirectionIndex() = 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).hasIndex(-1) + } + + /** + * Holds if this definition defines the implicit `*this` parameter (i.e., the + * indirection of the `this` parameter) upon entry into the enclosing member + * function. + */ + pragma[nomagic] + predicate isIndirectThisDefinition(int indirectionIndex) { + this.getIndirectionIndex() = indirectionIndex and + indirectionIndex > 0 and + getDefImpl(this).getValue().asInstruction().(InitializeParameterInstruction).hasIndex(-1) + } + /** * Gets an `Operand` that represents an indirect use of this definition. * From 0b81fbbb2b89dbb26b02c27add51bc85443b809f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:42:15 +0100 Subject: [PATCH 031/307] C++: Fixup tests. --- cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql | 4 ++-- cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql | 2 +- cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql | 2 +- .../dataflow-tests/guard-condition-regression-test.ql | 2 +- cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql index 0f147f9ea8d3..e1009307880c 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql @@ -23,7 +23,7 @@ query predicate astGuardsCompare(int startLine, string msg) { ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesEq(left, k, true, value) and op = " == " or guard.comparesEq(left, k, false, value) and op = " != " @@ -95,7 +95,7 @@ query predicate irGuardsCompare(int startLine, string msg) { ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesLt(left, k, true, value) and op = " < " or guard.comparesLt(left, k, false, value) and op = " >= " diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql index 59996548113a..a925bf91407c 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.ql @@ -27,7 +27,7 @@ where ) ) or - exists(AbstractValue value | + exists(GuardValue value | guard.comparesLt(left, k, true, value) and op = " < " or guard.comparesLt(left, k, false, value) and op = " >= " diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql index 698b80a06a02..1d9282807bd1 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.ql @@ -7,6 +7,6 @@ import cpp import semmle.code.cpp.controlflow.Guards -from GuardCondition guard, AbstractValue value, BasicBlock block +from GuardCondition guard, GuardValue value, BasicBlock block where guard.valueControls(block, value) select guard, value, block diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql b/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql index a21cd910a2ae..1218fe396c84 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/guard-condition-regression-test.ql @@ -17,7 +17,7 @@ module IRTestAllocationConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { - exists(GuardCondition gc | node.asExpr() = gc.getAChild*()) + exists(GuardCondition gc | node.asExpr() = gc.(Expr).getAChild*()) } } diff --git a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql index 15b165a7de11..20610c55385c 100644 --- a/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql +++ b/cpp/ql/test/library-tests/dataflow/ir-barrier-guards/test.ql @@ -7,7 +7,7 @@ predicate instructionGuardChecks(IRGuardCondition gc, Instruction checked, boole exists(CallInstruction call | call.getStaticCallTarget().hasName("checkArgument") and checked = call.getAnArgument() and - gc.comparesEq(call.getAUse(), 0, false, any(BooleanValue bv | bv.getValue() = branch)) + gc.comparesEq(call.getAUse(), 0, false, any(GuardValue bv | bv.asBooleanValue() = branch)) ) } From 2dc783d91f1430bcd77a30d7401977b40ce8282f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:43:49 +0100 Subject: [PATCH 032/307] C++: Accept test changes. --- .../rangeanalysis/RangeAnalysis.expected | 1 - .../controlflow/guards-ir/tests.expected | 151 ++ .../controlflow/guards/Guards.expected | 1436 +++++++++++++++++ .../controlflow/guards/GuardsCompare.expected | 273 +++- .../controlflow/guards/GuardsControl.expected | 142 +- .../controlflow/guards/GuardsEnsure.expected | 70 + .../IncorrectCheckScanf.expected | 1 + .../MissingCheckScanf.expected | 3 - .../Critical/MissingCheckScanf/test.cpp | 2 +- 9 files changed, 2063 insertions(+), 16 deletions(-) diff --git a/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected b/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected index 15125038d19c..abdb752ca69e 100644 --- a/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected +++ b/cpp/ql/test/experimental/library-tests/rangeanalysis/rangeanalysis/RangeAnalysis.expected @@ -60,7 +60,6 @@ | test.cpp:177:10:177:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 1 | false | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:179:10:179:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | true | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:183:10:183:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | -1 | true | CompareLT: ... < ... | test.cpp:182:9:182:13 | test.cpp:182:9:182:13 | -| test.cpp:185:10:185:10 | Load: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | true | CompareLT: ... < ... | test.cpp:176:7:176:11 | test.cpp:176:7:176:11 | | test.cpp:187:10:187:10 | Store: i | test.cpp:175:23:175:23 | ValueNumberBound | 0 | false | CompareLT: ... < ... | test.cpp:182:9:182:13 | test.cpp:182:9:182:13 | | test.cpp:194:8:194:8 | Load: l | test.cpp:191:16:191:16 | ValueNumberBound | 0 | false | NoReason | file://:0:0:0:0 | file://:0:0:0:0 | | test.cpp:194:8:194:8 | Load: l | test.cpp:191:16:191:16 | ValueNumberBound | 0 | true | NoReason | file://:0:0:0:0 | file://:0:0:0:0 | diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected index 1d138afcbeac..900b65eb7bd8 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected @@ -425,7 +425,9 @@ astGuardsControl | test.c:126:7:126:7 | 1 | true | 131 | 132 | | test.c:126:7:126:7 | 1 | true | 134 | 123 | | test.c:126:7:126:28 | ... && ... | true | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | true | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | true | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | true | 131 | 132 | | test.c:131:7:131:7 | b | true | 131 | 132 | | test.c:137:7:137:7 | 0 | false | 142 | 136 | | test.c:146:7:146:8 | ! ... | true | 146 | 147 | @@ -832,11 +834,17 @@ astGuardsEnsure_const | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | 131 | 132 | | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | 134 | 123 | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | 131 | 132 | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | 126 | 128 | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | 131 | 132 | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | 126 | 128 | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | 131 | 132 | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | 131 | 132 | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | == | 1 | 131 | 132 | | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | != | 1 | 142 | 136 | @@ -1139,13 +1147,21 @@ irGuardsCompare | 146 | x != 0 when CompareEQ: ! ... is false | | 146 | x == 0 when CompareEQ: ! ... is true | | 152 | x != 0 when CompareNE: x is true | +| 152 | x != 0 when Load: ... && ... is true | +| 152 | x != 0 when Phi: ... && ... is true | | 152 | x != 1 when CompareNE: x is false | | 152 | x == 0 when CompareNE: x is false | | 152 | x == 1 when CompareNE: x is true | +| 152 | x == 1 when Load: ... && ... is true | +| 152 | x == 1 when Phi: ... && ... is true | | 152 | y != 0 when CompareNE: y is true | +| 152 | y != 0 when Load: ... && ... is true | +| 152 | y != 0 when Phi: ... && ... is true | | 152 | y != 1 when CompareNE: y is false | | 152 | y == 0 when CompareNE: y is false | | 152 | y == 1 when CompareNE: y is true | +| 152 | y == 1 when Load: ... && ... is true | +| 152 | y == 1 when Phi: ... && ... is true | | 156 | ... + ... != x+0 when CompareEQ: ... == ... is false | | 156 | ... + ... == x+0 when CompareEQ: ... == ... is true | | 156 | ... == ... != 0 when CompareEQ: ... == ... is true | @@ -1211,9 +1227,14 @@ irGuardsCompare irGuardsControl | test.c:7:9:7:13 | CompareGT: ... > ... | false | 11 | 11 | | test.c:7:9:7:13 | CompareGT: ... > ... | true | 8 | 8 | +| test.c:7:9:7:13 | ConditionalBranch: ... > ... | false | 11 | 11 | +| test.c:7:9:7:13 | ConditionalBranch: ... > ... | true | 8 | 8 | | test.c:17:8:17:12 | CompareLT: ... < ... | true | 17 | 17 | | test.c:17:8:17:12 | CompareLT: ... < ... | true | 18 | 18 | +| test.c:17:8:17:12 | ConditionalBranch: ... < ... | true | 17 | 17 | +| test.c:17:8:17:12 | ConditionalBranch: ... < ... | true | 18 | 18 | | test.c:17:17:17:21 | CompareGT: ... > ... | true | 18 | 18 | +| test.c:17:17:17:21 | ConditionalBranch: ... > ... | true | 18 | 18 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 2 | 2 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 31 | 31 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 34 | 34 | @@ -1229,6 +1250,21 @@ irGuardsControl | test.c:26:11:26:15 | CompareGT: ... > ... | false | 59 | 59 | | test.c:26:11:26:15 | CompareGT: ... > ... | false | 62 | 62 | | test.c:26:11:26:15 | CompareGT: ... > ... | true | 27 | 27 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 2 | 2 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 31 | 31 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 34 | 34 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 35 | 35 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 39 | 39 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 42 | 42 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 43 | 43 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 45 | 45 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 46 | 46 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 52 | 52 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 56 | 56 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 58 | 58 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 59 | 59 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | false | 62 | 62 | +| test.c:26:11:26:15 | ConditionalBranch: ... > ... | true | 27 | 27 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 2 | 2 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 39 | 39 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 42 | 42 | @@ -1241,22 +1277,56 @@ irGuardsControl | test.c:34:16:34:21 | CompareLT: ... < ... | false | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | false | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | true | 35 | 35 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 2 | 2 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 39 | 39 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 42 | 42 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 43 | 43 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 45 | 45 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 46 | 46 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 52 | 52 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 56 | 56 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 58 | 58 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 59 | 59 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | false | 62 | 62 | +| test.c:34:16:34:21 | ConditionalBranch: ... < ... | true | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | true | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | true | 52 | 52 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 2 | 2 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 43 | 43 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 45 | 45 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 46 | 46 | +| test.c:42:16:42:21 | ConditionalBranch: ... < ... | true | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | false | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | true | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | true | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | true | 46 | 46 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | false | 52 | 52 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 2 | 2 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 45 | 45 | +| test.c:44:12:44:16 | ConditionalBranch: ... > ... | true | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | false | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | true | 46 | 46 | +| test.c:45:16:45:20 | ConditionalBranch: ... > ... | false | 2 | 2 | +| test.c:45:16:45:20 | ConditionalBranch: ... > ... | true | 46 | 46 | | test.c:58:9:58:14 | CompareEQ: ... == ... | false | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | false | 62 | 62 | +| test.c:58:9:58:14 | ConditionalBranch: ... == ... | false | 58 | 58 | +| test.c:58:9:58:14 | ConditionalBranch: ... == ... | false | 62 | 62 | | test.c:58:19:58:23 | CompareLT: ... < ... | false | 62 | 62 | +| test.c:58:19:58:23 | ConditionalBranch: ... < ... | false | 62 | 62 | | test.c:75:9:75:14 | CompareEQ: ... == ... | false | 79 | 79 | | test.c:75:9:75:14 | CompareEQ: ... == ... | true | 76 | 76 | +| test.c:75:9:75:14 | ConditionalBranch: ... == ... | false | 79 | 79 | +| test.c:75:9:75:14 | ConditionalBranch: ... == ... | true | 76 | 76 | | test.c:85:8:85:13 | CompareEQ: ... == ... | true | 85 | 85 | | test.c:85:8:85:13 | CompareEQ: ... == ... | true | 86 | 86 | +| test.c:85:8:85:13 | ConditionalBranch: ... == ... | true | 85 | 85 | +| test.c:85:8:85:13 | ConditionalBranch: ... == ... | true | 86 | 86 | | test.c:85:18:85:23 | CompareNE: ... != ... | true | 86 | 86 | +| test.c:85:18:85:23 | ConditionalBranch: ... != ... | true | 86 | 86 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 70 | 70 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 99 | 99 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 102 | 102 | @@ -1266,40 +1336,89 @@ irGuardsControl | test.c:94:11:94:16 | CompareNE: ... != ... | false | 110 | 110 | | test.c:94:11:94:16 | CompareNE: ... != ... | false | 113 | 113 | | test.c:94:11:94:16 | CompareNE: ... != ... | true | 95 | 95 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 70 | 70 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 99 | 99 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 102 | 102 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 103 | 103 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 107 | 107 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 109 | 109 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 110 | 110 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | false | 113 | 113 | +| test.c:94:11:94:16 | ConditionalBranch: ... != ... | true | 95 | 95 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 70 | 70 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 107 | 107 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 109 | 109 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 110 | 110 | | test.c:102:16:102:21 | CompareLT: ... < ... | false | 113 | 113 | | test.c:102:16:102:21 | CompareLT: ... < ... | true | 103 | 103 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 70 | 70 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 107 | 107 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 109 | 109 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 110 | 110 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | false | 113 | 113 | +| test.c:102:16:102:21 | ConditionalBranch: ... < ... | true | 103 | 103 | | test.c:109:9:109:14 | CompareEQ: ... == ... | false | 109 | 109 | | test.c:109:9:109:14 | CompareEQ: ... == ... | false | 113 | 113 | +| test.c:109:9:109:14 | ConditionalBranch: ... == ... | false | 109 | 109 | +| test.c:109:9:109:14 | ConditionalBranch: ... == ... | false | 113 | 113 | | test.c:109:19:109:23 | CompareLT: ... < ... | false | 113 | 113 | +| test.c:109:19:109:23 | ConditionalBranch: ... < ... | false | 113 | 113 | +| test.c:126:7:126:7 | CompareNE: 1 | false | 123 | 123 | | test.c:126:7:126:7 | CompareNE: 1 | true | 126 | 126 | | test.c:126:7:126:7 | CompareNE: 1 | true | 127 | 127 | | test.c:126:7:126:7 | CompareNE: 1 | true | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | true | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | true | 134 | 134 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | false | 123 | 123 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 126 | 126 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 127 | 127 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 131 | 131 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 132 | 132 | +| test.c:126:7:126:7 | ConditionalBranch: 1 | true | 134 | 134 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | true | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | true | 132 | 132 | +| test.c:126:12:126:26 | ConditionalBranch: call to test3_condition | true | 127 | 127 | +| test.c:126:12:126:26 | ConditionalBranch: call to test3_condition | true | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | true | 132 | 132 | +| test.c:131:7:131:7 | ConditionalBranch: b | true | 132 | 132 | | test.c:137:7:137:7 | CompareNE: 0 | false | 142 | 142 | +| test.c:137:7:137:7 | CompareNE: 0 | true | 136 | 136 | +| test.c:137:7:137:7 | ConditionalBranch: 0 | false | 142 | 142 | +| test.c:137:7:137:7 | ConditionalBranch: 0 | true | 136 | 136 | | test.c:146:7:146:8 | CompareEQ: ! ... | true | 147 | 147 | +| test.c:146:7:146:8 | ConditionalBranch: ! ... | true | 147 | 147 | | test.c:152:10:152:10 | CompareNE: x | true | 152 | 152 | +| test.c:152:10:152:10 | ConditionalBranch: x | true | 152 | 152 | | test.c:152:15:152:15 | CompareNE: y | true | 152 | 152 | +| test.c:152:15:152:15 | ConditionalBranch: y | true | 152 | 152 | | test.c:156:9:156:19 | CompareEQ: ... == ... | true | 156 | 157 | +| test.c:156:9:156:19 | ConditionalBranch: ... == ... | true | 156 | 157 | | test.c:159:9:159:19 | CompareEQ: ... == ... | true | 159 | 160 | +| test.c:159:9:159:19 | ConditionalBranch: ... == ... | true | 159 | 160 | | test.c:162:9:162:18 | CompareLT: ... < ... | true | 162 | 163 | +| test.c:162:9:162:18 | ConditionalBranch: ... < ... | true | 162 | 163 | | test.c:165:9:165:18 | CompareLT: ... < ... | true | 165 | 166 | +| test.c:165:9:165:18 | ConditionalBranch: ... < ... | true | 165 | 166 | | test.c:175:13:175:32 | CompareEQ: ... == ... | false | 175 | 175 | | test.c:175:13:175:32 | CompareEQ: ... == ... | true | 175 | 175 | +| test.c:175:13:175:32 | ConditionalBranch: ... == ... | false | 175 | 175 | +| test.c:175:13:175:32 | ConditionalBranch: ... == ... | true | 175 | 175 | | test.c:181:9:181:9 | CompareNE: x | false | 184 | 184 | | test.c:181:9:181:9 | CompareNE: x | true | 182 | 182 | +| test.c:181:9:181:9 | ConditionalBranch: x | false | 184 | 184 | +| test.c:181:9:181:9 | ConditionalBranch: x | true | 182 | 182 | | test.cpp:18:8:18:12 | CompareNE: (bool)... | true | 19 | 19 | +| test.cpp:18:8:18:12 | ConditionalBranch: (bool)... | true | 19 | 19 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | false | 34 | 34 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 30 | 30 | | test.cpp:31:7:31:13 | CompareEQ: ... == ... | true | 32 | 32 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | false | 34 | 34 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | true | 30 | 30 | +| test.cpp:31:7:31:13 | ConditionalBranch: ... == ... | true | 32 | 32 | | test.cpp:42:13:42:20 | Call: call to getABool | true | 44 | 44 | | test.cpp:42:13:42:20 | Call: call to getABool | true | 45 | 45 | +| test.cpp:42:13:42:20 | ConditionalBranch: call to getABool | true | 44 | 44 | +| test.cpp:42:13:42:20 | ConditionalBranch: call to getABool | true | 45 | 45 | irGuardsEnsure | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | < | test.c:7:13:7:13 | Constant: 0 | 1 | 11 | 11 | | test.c:7:9:7:13 | CompareGT: ... > ... | test.c:7:9:7:9 | Load: x | >= | test.c:7:13:7:13 | Constant: 0 | 1 | 8 | 8 | @@ -1365,22 +1484,28 @@ irGuardsEnsure | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | < | test.c:34:16:34:16 | Load: j | 1 | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | < | test.c:34:16:34:16 | Load: j | 1 | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:20:34:21 | Constant: 10 | >= | test.c:34:16:34:16 | Load: j | 1 | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | test.c:42:20:42:21 | Constant: 10 | 0 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:20:42:21 | Constant: 10 | >= | test.c:42:16:42:16 | Load: j | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | < | test.c:44:16:44:16 | Constant: 0 | 1 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | test.c:44:16:44:16 | Constant: 0 | 1 | 46 | 46 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | < | test.c:44:12:44:12 | Load: z | 0 | 46 | 46 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:16:44:16 | Constant: 0 | >= | test.c:44:12:44:12 | Load: z | 0 | 52 | 52 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | < | test.c:45:20:45:20 | Constant: (long)... | 1 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | >= | test.c:45:20:45:20 | Constant: (long)... | 1 | 46 | 46 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:20:45:20 | Constant: (long)... | < | test.c:45:16:45:16 | Load: y | 0 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:20:45:20 | Constant: (long)... | >= | test.c:45:16:45:16 | Load: y | 0 | 2 | 2 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | test.c:58:14:58:14 | Constant: 0 | 0 | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | test.c:58:14:58:14 | Constant: 0 | 0 | 62 | 62 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:14:58:14 | Constant: 0 | != | test.c:58:9:58:9 | Load: x | 0 | 58 | 58 | @@ -1451,10 +1576,16 @@ irGuardsEnsure | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 134 | 134 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | test.c:126:7:126:7 | Constant: 1 | 0 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | test.c:126:7:126:7 | Constant: 1 | 0 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | test.c:126:7:126:7 | Constant: 1 | 0 | 123 | 123 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | test.c:126:12:126:26 | Constant: call to test3_condition | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | test.c:126:12:126:26 | Constant: call to test3_condition | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Constant: call to test3_condition | != | test.c:126:12:126:26 | Call: call to test3_condition | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Constant: call to test3_condition | != | test.c:126:12:126:26 | Call: call to test3_condition | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Constant: b | != | test.c:131:7:131:7 | Load: b | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Load: b | != | test.c:131:7:131:7 | Constant: b | 0 | 132 | 132 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | test.c:137:7:137:7 | Constant: 0 | 0 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | test.c:137:7:137:7 | Constant: 0 | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | test.c:137:7:137:7 | Constant: 0 | 0 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | test.c:137:7:137:7 | Constant: 0 | 0 | 142 | 142 | | test.c:146:7:146:8 | CompareEQ: ! ... | test.c:146:7:146:8 | Constant: ! ... | == | test.c:146:8:146:8 | Load: x | 0 | 147 | 147 | @@ -1592,29 +1723,38 @@ irGuardsEnsure_const | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 0 | 59 | 59 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 0 | 62 | 62 | | test.c:34:16:34:21 | CompareLT: ... < ... | test.c:34:16:34:21 | CompareLT: ... < ... | == | 1 | 35 | 35 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:16 | Load: j | < | 10 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | != | 0 | 52 | 52 | +| test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 2 | 2 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 43 | 43 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 45 | 45 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 46 | 46 | | test.c:42:16:42:21 | CompareLT: ... < ... | test.c:42:16:42:21 | CompareLT: ... < ... | == | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | < | 1 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:12 | Load: z | >= | 1 | 46 | 46 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 0 | 46 | 46 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | != | 1 | 52 | 52 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 0 | 52 | 52 | +| test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 2 | 2 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 45 | 45 | | test.c:44:12:44:16 | CompareGT: ... > ... | test.c:44:12:44:16 | CompareGT: ... > ... | == | 1 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | < | 1 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:16 | Load: y | >= | 1 | 46 | 46 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | != | 0 | 46 | 46 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | != | 1 | 2 | 2 | +| test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | == | 0 | 2 | 2 | | test.c:45:16:45:20 | CompareGT: ... > ... | test.c:45:16:45:20 | CompareGT: ... > ... | == | 1 | 46 | 46 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | 0 | 58 | 58 | | test.c:58:9:58:14 | CompareEQ: ... == ... | test.c:58:9:58:9 | Load: x | != | 0 | 62 | 62 | @@ -1711,6 +1851,8 @@ irGuardsEnsure_const | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 0 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | != | 1 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 0 | 123 | 123 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 126 | 126 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 127 | 127 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | CompareNE: 1 | == | 1 | 131 | 131 | @@ -1726,14 +1868,23 @@ irGuardsEnsure_const | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 131 | 131 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 132 | 132 | | test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | != | 1 | 134 | 134 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | 0 | 123 | 123 | +| test.c:126:7:126:7 | CompareNE: 1 | test.c:126:7:126:7 | Constant: 1 | == | 1 | 123 | 123 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | Call: call to test3_condition | != | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | != | 0 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | != | 0 | 132 | 132 | | test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | == | 1 | 127 | 127 | +| test.c:126:12:126:26 | CompareNE: call to test3_condition | test.c:126:12:126:26 | CompareNE: call to test3_condition | == | 1 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | CompareNE: b | != | 0 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | CompareNE: b | == | 1 | 132 | 132 | | test.c:131:7:131:7 | CompareNE: b | test.c:131:7:131:7 | Load: b | != | 0 | 132 | 132 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | != | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | != | 1 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | == | 0 | 142 | 142 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | CompareNE: 0 | == | 1 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | 0 | 136 | 136 | +| test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | != | 0 | 136 | 136 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 | | test.c:137:7:137:7 | CompareNE: 0 | test.c:137:7:137:7 | Constant: 0 | == | 0 | 142 | 142 | | test.c:146:7:146:8 | CompareEQ: ! ... | test.c:146:7:146:8 | CompareEQ: ! ... | != | 0 | 147 | 147 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected index 70290c7e2260..d26dd740e64e 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected @@ -1,108 +1,1544 @@ +| file://:0:0:0:0 | | +| file://:0:0:0:0 | & | +| file://:0:0:0:0 | && | +| file://:0:0:0:0 | (global namespace) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 0) | +| file://:0:0:0:0 | (unnamed parameter 1) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..()(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ..(*)(..) | +| file://:0:0:0:0 | ../../../library-tests | +| file://:0:0:0:0 | ../../controlflow | +| file://:0:0:0:0 | ../guards | +| file://:0:0:0:0 | / | +| file://:0:0:0:0 | /Users | +| file://:0:0:0:0 | /Users/mathias | +| file://:0:0:0:0 | /Users/mathias/semmle-code | +| file://:0:0:0:0 | /Users/mathias/semmle-code/ql | +| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp | +| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp/ql | +| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp/ql/test | +| file://:0:0:0:0 | Error & | +| file://:0:0:0:0 | Error && | +| file://:0:0:0:0 | Error * | +| file://:0:0:0:0 | Mystruct & | +| file://:0:0:0:0 | Mystruct && | +| file://:0:0:0:0 | X & | +| file://:0:0:0:0 | X && | +| file://:0:0:0:0 | X * | +| file://:0:0:0:0 | Y & | +| file://:0:0:0:0 | Y && | +| file://:0:0:0:0 | Y * | +| file://:0:0:0:0 | _Complex _Float16 | +| file://:0:0:0:0 | _Complex _Float32 | +| file://:0:0:0:0 | _Complex _Float32x | +| file://:0:0:0:0 | _Complex _Float64 | +| file://:0:0:0:0 | _Complex _Float64x | +| file://:0:0:0:0 | _Complex _Float128 | +| file://:0:0:0:0 | _Complex __bf16 | +| file://:0:0:0:0 | _Complex __float128 | +| file://:0:0:0:0 | _Complex __fp16 | +| file://:0:0:0:0 | _Complex double | +| file://:0:0:0:0 | _Complex float | +| file://:0:0:0:0 | _Complex long double | +| file://:0:0:0:0 | _Complex std::float16_t | +| file://:0:0:0:0 | _Decimal32 | +| file://:0:0:0:0 | _Decimal64 | +| file://:0:0:0:0 | _Decimal128 | +| file://:0:0:0:0 | _Float16 | +| file://:0:0:0:0 | _Float32 | +| file://:0:0:0:0 | _Float32x | +| file://:0:0:0:0 | _Float64 | +| file://:0:0:0:0 | _Float64x | +| file://:0:0:0:0 | _Float128 | +| file://:0:0:0:0 | _Imaginary double | +| file://:0:0:0:0 | _Imaginary float | +| file://:0:0:0:0 | _Imaginary long double | +| file://:0:0:0:0 | __SVCount_t | +| file://:0:0:0:0 | __bf16 | +| file://:0:0:0:0 | __block | +| file://:0:0:0:0 | __builtin_expect | +| file://:0:0:0:0 | __float128 | +| file://:0:0:0:0 | __fp16 | +| file://:0:0:0:0 | __int128 | +| file://:0:0:0:0 | __interface | +| file://:0:0:0:0 | __mfp8 | +| file://:0:0:0:0 | __ptr32 | +| file://:0:0:0:0 | __ptr64 | +| file://:0:0:0:0 | __sptr | +| file://:0:0:0:0 | __super | +| file://:0:0:0:0 | __uptr | +| file://:0:0:0:0 | __va_list_tag | +| file://:0:0:0:0 | __va_list_tag & | +| file://:0:0:0:0 | __va_list_tag && | +| file://:0:0:0:0 | abstract | +| file://:0:0:0:0 | atomic | +| file://:0:0:0:0 | auto | +| file://:0:0:0:0 | auto | +| file://:0:0:0:0 | bool | +| file://:0:0:0:0 | bool & | +| file://:0:0:0:0 | c_linkage | +| file://:0:0:0:0 | cdecl | +| file://:0:0:0:0 | char | +| file://:0:0:0:0 | char8_t | +| file://:0:0:0:0 | char16_t | +| file://:0:0:0:0 | char32_t | +| file://:0:0:0:0 | char * | +| file://:0:0:0:0 | clrcall | +| file://:0:0:0:0 | const | +| file://:0:0:0:0 | const Error | +| file://:0:0:0:0 | const Error & | +| file://:0:0:0:0 | const Mystruct | +| file://:0:0:0:0 | const Mystruct & | +| file://:0:0:0:0 | const X | +| file://:0:0:0:0 | const X & | +| file://:0:0:0:0 | const X * | +| file://:0:0:0:0 | const Y | +| file://:0:0:0:0 | const Y & | +| file://:0:0:0:0 | const Y * | +| file://:0:0:0:0 | const __va_list_tag | +| file://:0:0:0:0 | const __va_list_tag & | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declaration of (unnamed parameter 0) | +| file://:0:0:0:0 | declared_constexpr | +| file://:0:0:0:0 | declared_constinit | +| file://:0:0:0:0 | declared_virtual | +| file://:0:0:0:0 | decltype(nullptr) | +| file://:0:0:0:0 | definition of fp_offset | +| file://:0:0:0:0 | definition of gp_offset | +| file://:0:0:0:0 | definition of overflow_arg_area | +| file://:0:0:0:0 | definition of reg_save_area | +| file://:0:0:0:0 | dllexport | +| file://:0:0:0:0 | dllimport | +| file://:0:0:0:0 | double | +| file://:0:0:0:0 | error | +| file://:0:0:0:0 | explicit | +| file://:0:0:0:0 | extern | +| file://:0:0:0:0 | far | +| file://:0:0:0:0 | fastcall | +| file://:0:0:0:0 | final | +| file://:0:0:0:0 | float | +| file://:0:0:0:0 | forceinline | +| file://:0:0:0:0 | fp_offset | +| file://:0:0:0:0 | gp_offset | +| file://:0:0:0:0 | has_trailing_return_type | +| file://:0:0:0:0 | implicit_int | +| file://:0:0:0:0 | inline | +| file://:0:0:0:0 | int | +| file://:0:0:0:0 | is_consteval | +| file://:0:0:0:0 | is_constexpr | +| file://:0:0:0:0 | is_thread_local | +| file://:0:0:0:0 | long | +| file://:0:0:0:0 | long double | +| file://:0:0:0:0 | long long | +| file://:0:0:0:0 | microsoft_inline | +| file://:0:0:0:0 | naked | +| file://:0:0:0:0 | near | +| file://:0:0:0:0 | noalias | +| file://:0:0:0:0 | noinline | +| file://:0:0:0:0 | nonnull | +| file://:0:0:0:0 | noreturn | +| file://:0:0:0:0 | nothrow | +| file://:0:0:0:0 | novtable | +| file://:0:0:0:0 | null_unspecified | +| file://:0:0:0:0 | nullable | +| file://:0:0:0:0 | operator delete | +| file://:0:0:0:0 | operator new | +| file://:0:0:0:0 | operator= | +| file://:0:0:0:0 | operator= | +| file://:0:0:0:0 | optional | +| file://:0:0:0:0 | overflow_arg_area | +| file://:0:0:0:0 | override | +| file://:0:0:0:0 | private | +| file://:0:0:0:0 | protected | +| file://:0:0:0:0 | public | +| file://:0:0:0:0 | pure | +| file://:0:0:0:0 | reg_save_area | +| file://:0:0:0:0 | register | +| file://:0:0:0:0 | restrict | +| file://:0:0:0:0 | sealed | +| file://:0:0:0:0 | selectany | +| file://:0:0:0:0 | short | +| file://:0:0:0:0 | signed __int128 | +| file://:0:0:0:0 | signed char | +| file://:0:0:0:0 | signed int | +| file://:0:0:0:0 | signed long | +| file://:0:0:0:0 | signed long long | +| file://:0:0:0:0 | signed short | +| file://:0:0:0:0 | static | +| file://:0:0:0:0 | std::float16_t | +| file://:0:0:0:0 | stdcall | +| file://:0:0:0:0 | thiscall | +| file://:0:0:0:0 | thread | +| file://:0:0:0:0 | unaligned | +| file://:0:0:0:0 | unknown | +| file://:0:0:0:0 | unsigned __int128 | +| file://:0:0:0:0 | unsigned char | +| file://:0:0:0:0 | unsigned int | +| file://:0:0:0:0 | unsigned long | +| file://:0:0:0:0 | unsigned long long | +| file://:0:0:0:0 | unsigned short | +| file://:0:0:0:0 | varargs | +| file://:0:0:0:0 | vectorcall | +| file://:0:0:0:0 | virtual | +| file://:0:0:0:0 | void | +| file://:0:0:0:0 | void * | +| file://:0:0:0:0 | volatile | +| file://:0:0:0:0 | wchar_t | +| test.c:0:0:0:0 | test.c | +| test.c:2:5:2:8 | definition of test | +| test.c:2:5:2:8 | test | +| test.c:2:14:2:14 | definition of x | +| test.c:2:14:2:14 | x | +| test.c:2:21:2:21 | definition of w | +| test.c:2:21:2:21 | w | +| test.c:2:28:2:28 | definition of z | +| test.c:2:28:2:28 | z | +| test.c:2:31:67:1 | { ... } | +| test.c:3:5:3:10 | declaration | +| test.c:3:9:3:9 | definition of j | +| test.c:3:9:3:9 | j | +| test.c:4:5:4:16 | declaration | +| test.c:4:10:4:10 | definition of y | +| test.c:4:10:4:10 | y | +| test.c:4:13:4:15 | initializer for y | +| test.c:4:14:4:15 | 50 | +| test.c:4:14:4:15 | (long)... | +| test.c:6:5:6:24 | // simple comparison | +| test.c:7:5:12:5 | if (...) ... | +| test.c:7:9:7:9 | x | | test.c:7:9:7:13 | ... > ... | +| test.c:7:13:7:13 | 0 | +| test.c:7:16:10:5 | { ... } | +| test.c:8:9:8:9 | y | +| test.c:8:9:8:14 | ... = ... | +| test.c:8:9:8:15 | ExprStmt | +| test.c:8:13:8:14 | 20 | +| test.c:8:13:8:14 | (long)... | +| test.c:9:9:9:9 | z | +| test.c:9:9:9:14 | ... = ... | +| test.c:9:9:9:15 | ExprStmt | +| test.c:9:13:9:14 | 10 | +| test.c:10:12:12:5 | { ... } | +| test.c:11:9:11:9 | y | +| test.c:11:9:11:14 | ... = ... | +| test.c:11:9:11:15 | ExprStmt | +| test.c:11:13:11:14 | 30 | +| test.c:11:13:11:14 | (long)... | +| test.c:14:5:14:5 | z | +| test.c:14:5:14:13 | ... = ... | +| test.c:14:5:14:14 | ExprStmt | +| test.c:14:9:14:9 | (long)... | +| test.c:14:9:14:9 | x | +| test.c:14:9:14:13 | (int)... | +| test.c:14:9:14:13 | ... + ... | +| test.c:14:13:14:13 | y | +| test.c:16:5:16:19 | // More complex | +| test.c:17:5:20:15 | if (...) ... | +| test.c:17:8:17:8 | x | | test.c:17:8:17:12 | ... < ... | | test.c:17:8:17:21 | ... && ... | +| test.c:17:12:17:12 | 0 | +| test.c:17:17:17:17 | y | | test.c:17:17:17:21 | ... > ... | +| test.c:17:21:17:21 | 1 | +| test.c:17:21:17:21 | (long)... | +| test.c:18:9:18:9 | y | +| test.c:18:9:18:14 | ... = ... | +| test.c:18:9:18:15 | ExprStmt | +| test.c:18:13:18:14 | 40 | +| test.c:18:13:18:14 | (long)... | +| test.c:20:9:20:9 | y | +| test.c:20:9:20:14 | ... = ... | +| test.c:20:9:20:15 | ExprStmt | +| test.c:20:13:20:14 | 20 | +| test.c:20:13:20:14 | (long)... | +| test.c:20:18:20:111 | /* The && expression does not control this block as the x<0 expression jumps here if false. */ | +| test.c:23:5:23:5 | z | +| test.c:23:5:23:10 | ... = ... | +| test.c:23:5:23:11 | ExprStmt | +| test.c:23:9:23:10 | 10 | +| test.c:25:5:25:17 | // while loop | +| test.c:26:5:29:5 | while (...) ... | +| test.c:26:11:26:11 | x | | test.c:26:11:26:15 | ... > ... | +| test.c:26:15:26:15 | 0 | +| test.c:26:18:29:5 | { ... } | +| test.c:27:9:27:9 | y | +| test.c:27:9:27:14 | ... = ... | +| test.c:27:9:27:15 | ExprStmt | +| test.c:27:13:27:14 | 10 | +| test.c:27:13:27:14 | (long)... | +| test.c:28:9:28:9 | x | +| test.c:28:9:28:11 | ... -- | +| test.c:28:9:28:12 | ExprStmt | +| test.c:31:5:31:5 | z | +| test.c:31:5:31:10 | ... += ... | +| test.c:31:5:31:11 | ExprStmt | +| test.c:31:10:31:10 | y | +| test.c:33:5:33:15 | // for loop | +| test.c:34:5:37:5 | for(...;...;...) ... | +| test.c:34:9:34:9 | j | +| test.c:34:9:34:13 | ... = ... | +| test.c:34:9:34:14 | ExprStmt | +| test.c:34:13:34:13 | 0 | +| test.c:34:16:34:16 | j | | test.c:34:16:34:21 | ... < ... | +| test.c:34:20:34:21 | 10 | +| test.c:34:24:34:24 | j | +| test.c:34:24:34:26 | ... ++ | +| test.c:34:29:37:5 | { ... } | +| test.c:35:9:35:9 | y | +| test.c:35:9:35:13 | ... = ... | +| test.c:35:9:35:14 | ExprStmt | +| test.c:35:13:35:13 | 0 | +| test.c:35:13:35:13 | (long)... | +| test.c:36:9:36:9 | w | +| test.c:36:9:36:14 | ... = ... | +| test.c:36:9:36:15 | ExprStmt | +| test.c:36:13:36:14 | 10 | +| test.c:39:5:39:5 | z | +| test.c:39:5:39:10 | ... += ... | +| test.c:39:5:39:11 | ExprStmt | +| test.c:39:10:39:10 | w | +| test.c:41:5:41:26 | // nested control flow | +| test.c:42:5:42:5 | label ...: | +| test.c:42:5:42:5 | { ... } | +| test.c:42:5:56:5 | for(...;...;...) ... | +| test.c:42:9:42:9 | j | +| test.c:42:9:42:13 | ... = ... | +| test.c:42:9:42:14 | ExprStmt | +| test.c:42:13:42:13 | 0 | +| test.c:42:16:42:16 | j | | test.c:42:16:42:21 | ... < ... | +| test.c:42:20:42:21 | 10 | +| test.c:42:24:42:24 | j | +| test.c:42:24:42:26 | ... ++ | +| test.c:42:29:56:5 | { ... } | +| test.c:43:9:43:9 | y | +| test.c:43:9:43:14 | ... = ... | +| test.c:43:9:43:15 | ExprStmt | +| test.c:43:13:43:14 | 30 | +| test.c:43:13:43:14 | (long)... | +| test.c:44:9:54:9 | if (...) ... | +| test.c:44:12:44:12 | z | | test.c:44:12:44:16 | ... > ... | +| test.c:44:16:44:16 | 0 | +| test.c:45:13:50:13 | if (...) ... | +| test.c:45:16:45:16 | y | | test.c:45:16:45:20 | ... > ... | +| test.c:45:20:45:20 | 0 | +| test.c:45:20:45:20 | (long)... | +| test.c:45:23:48:13 | { ... } | +| test.c:46:17:46:17 | w | +| test.c:46:17:46:21 | ... = ... | +| test.c:46:17:46:22 | ExprStmt | +| test.c:46:21:46:21 | 0 | +| test.c:47:17:47:22 | break; | +| test.c:48:20:50:13 | { ... } | +| test.c:49:17:49:17 | w | +| test.c:49:17:49:22 | ... = ... | +| test.c:49:17:49:23 | ExprStmt | +| test.c:49:21:49:22 | 20 | +| test.c:51:14:54:9 | { ... } | +| test.c:52:13:52:13 | w | +| test.c:52:13:52:18 | ... = ... | +| test.c:52:13:52:19 | ExprStmt | +| test.c:52:17:52:18 | 10 | +| test.c:53:13:53:21 | continue; | +| test.c:55:9:55:9 | x | +| test.c:55:9:55:13 | ... = ... | +| test.c:55:9:55:14 | ExprStmt | +| test.c:55:13:55:13 | 0 | +| test.c:56:5:56:5 | label ...: | +| test.c:58:5:62:17 | if (...) ... | +| test.c:58:9:58:9 | x | | test.c:58:9:58:14 | ... == ... | | test.c:58:9:58:23 | ... \|\| ... | +| test.c:58:14:58:14 | 0 | +| test.c:58:19:58:19 | y | | test.c:58:19:58:23 | ... < ... | +| test.c:58:23:58:23 | 0 | +| test.c:58:23:58:23 | (long)... | +| test.c:58:26:61:5 | { ... } | +| test.c:59:9:59:9 | y | +| test.c:59:9:59:14 | ... = ... | +| test.c:59:9:59:15 | ExprStmt | +| test.c:59:13:59:14 | 60 | +| test.c:59:13:59:14 | (long)... | +| test.c:60:9:60:9 | z | +| test.c:60:9:60:14 | ... = ... | +| test.c:60:9:60:15 | ExprStmt | +| test.c:60:13:60:14 | 10 | +| test.c:62:9:62:17 | return ... | +| test.c:62:16:62:16 | z | +| test.c:64:5:64:5 | z | +| test.c:64:5:64:10 | ... += ... | +| test.c:64:5:64:11 | ExprStmt | +| test.c:64:10:64:10 | x | +| test.c:66:5:66:13 | return ... | +| test.c:66:12:66:12 | 0 | +| test.c:70:5:70:9 | definition of test2 | +| test.c:70:5:70:9 | test2 | +| test.c:70:15:70:15 | definition of x | +| test.c:70:15:70:15 | x | +| test.c:70:22:70:22 | definition of w | +| test.c:70:22:70:22 | w | +| test.c:70:29:70:29 | definition of z | +| test.c:70:29:70:29 | z | +| test.c:70:32:118:1 | { ... } | +| test.c:71:5:71:10 | declaration | +| test.c:71:9:71:9 | definition of j | +| test.c:71:9:71:9 | j | +| test.c:72:5:72:16 | declaration | +| test.c:72:10:72:10 | definition of y | +| test.c:72:10:72:10 | y | +| test.c:72:13:72:15 | initializer for y | +| test.c:72:14:72:15 | 50 | +| test.c:72:14:72:15 | (long)... | +| test.c:74:5:74:24 | // simple comparison | +| test.c:75:5:80:5 | if (...) ... | +| test.c:75:9:75:9 | x | | test.c:75:9:75:14 | ... == ... | +| test.c:75:14:75:14 | 0 | +| test.c:75:17:78:5 | { ... } | +| test.c:76:9:76:9 | y | +| test.c:76:9:76:14 | ... = ... | +| test.c:76:9:76:15 | ExprStmt | +| test.c:76:13:76:14 | 20 | +| test.c:76:13:76:14 | (long)... | +| test.c:77:9:77:9 | z | +| test.c:77:9:77:14 | ... = ... | +| test.c:77:9:77:15 | ExprStmt | +| test.c:77:13:77:14 | 10 | +| test.c:78:12:80:5 | { ... } | +| test.c:79:9:79:9 | y | +| test.c:79:9:79:14 | ... = ... | +| test.c:79:9:79:15 | ExprStmt | +| test.c:79:13:79:14 | 30 | +| test.c:79:13:79:14 | (long)... | +| test.c:82:5:82:5 | z | +| test.c:82:5:82:13 | ... = ... | +| test.c:82:5:82:14 | ExprStmt | +| test.c:82:9:82:9 | (long)... | +| test.c:82:9:82:9 | x | +| test.c:82:9:82:13 | (int)... | +| test.c:82:9:82:13 | ... + ... | +| test.c:82:13:82:13 | y | +| test.c:84:5:84:19 | // More complex | +| test.c:85:5:88:15 | if (...) ... | +| test.c:85:8:85:8 | x | | test.c:85:8:85:13 | ... == ... | | test.c:85:8:85:23 | ... && ... | +| test.c:85:13:85:13 | 0 | +| test.c:85:18:85:18 | y | | test.c:85:18:85:23 | ... != ... | +| test.c:85:23:85:23 | 0 | +| test.c:85:23:85:23 | (long)... | +| test.c:86:9:86:9 | y | +| test.c:86:9:86:14 | ... = ... | +| test.c:86:9:86:15 | ExprStmt | +| test.c:86:13:86:14 | 40 | +| test.c:86:13:86:14 | (long)... | +| test.c:88:9:88:9 | y | +| test.c:88:9:88:14 | ... = ... | +| test.c:88:9:88:15 | ExprStmt | +| test.c:88:13:88:14 | 20 | +| test.c:88:13:88:14 | (long)... | +| test.c:91:5:91:5 | z | +| test.c:91:5:91:10 | ... = ... | +| test.c:91:5:91:11 | ExprStmt | +| test.c:91:9:91:10 | 10 | +| test.c:93:5:93:17 | // while loop | +| test.c:94:5:97:5 | while (...) ... | +| test.c:94:11:94:11 | x | | test.c:94:11:94:16 | ... != ... | +| test.c:94:16:94:16 | 0 | +| test.c:94:19:97:5 | { ... } | +| test.c:95:9:95:9 | y | +| test.c:95:9:95:14 | ... = ... | +| test.c:95:9:95:15 | ExprStmt | +| test.c:95:13:95:14 | 10 | +| test.c:95:13:95:14 | (long)... | +| test.c:96:9:96:9 | x | +| test.c:96:9:96:11 | ... -- | +| test.c:96:9:96:12 | ExprStmt | +| test.c:99:5:99:5 | z | +| test.c:99:5:99:10 | ... += ... | +| test.c:99:5:99:11 | ExprStmt | +| test.c:99:10:99:10 | y | +| test.c:101:5:101:15 | // for loop | +| test.c:102:5:105:5 | for(...;...;...) ... | +| test.c:102:9:102:9 | j | +| test.c:102:9:102:13 | ... = ... | +| test.c:102:9:102:14 | ExprStmt | +| test.c:102:13:102:13 | 0 | +| test.c:102:16:102:16 | j | | test.c:102:16:102:21 | ... < ... | +| test.c:102:20:102:21 | 10 | +| test.c:102:24:102:24 | j | +| test.c:102:24:102:26 | ... ++ | +| test.c:102:29:105:5 | { ... } | +| test.c:103:9:103:9 | y | +| test.c:103:9:103:13 | ... = ... | +| test.c:103:9:103:14 | ExprStmt | +| test.c:103:13:103:13 | 0 | +| test.c:103:13:103:13 | (long)... | +| test.c:104:9:104:9 | w | +| test.c:104:9:104:14 | ... = ... | +| test.c:104:9:104:15 | ExprStmt | +| test.c:104:13:104:14 | 10 | +| test.c:107:5:107:5 | z | +| test.c:107:5:107:10 | ... += ... | +| test.c:107:5:107:11 | ExprStmt | +| test.c:107:10:107:10 | w | +| test.c:109:5:113:17 | if (...) ... | +| test.c:109:9:109:9 | x | | test.c:109:9:109:14 | ... == ... | | test.c:109:9:109:23 | ... \|\| ... | +| test.c:109:14:109:14 | 0 | +| test.c:109:19:109:19 | y | | test.c:109:19:109:23 | ... < ... | +| test.c:109:23:109:23 | 0 | +| test.c:109:23:109:23 | (long)... | +| test.c:109:26:112:5 | { ... } | +| test.c:110:9:110:9 | y | +| test.c:110:9:110:14 | ... = ... | +| test.c:110:9:110:15 | ExprStmt | +| test.c:110:13:110:14 | 60 | +| test.c:110:13:110:14 | (long)... | +| test.c:111:9:111:9 | z | +| test.c:111:9:111:14 | ... = ... | +| test.c:111:9:111:15 | ExprStmt | +| test.c:111:13:111:14 | 10 | +| test.c:113:9:113:17 | return ... | +| test.c:113:16:113:16 | z | +| test.c:115:5:115:5 | z | +| test.c:115:5:115:10 | ... += ... | +| test.c:115:5:115:11 | ExprStmt | +| test.c:115:10:115:10 | x | +| test.c:117:5:117:13 | return ... | +| test.c:117:12:117:12 | 0 | +| test.c:120:5:120:19 | declaration of test3_condition | +| test.c:120:5:120:19 | test3_condition | +| test.c:121:6:121:17 | declaration of test3_action | +| test.c:121:6:121:17 | test3_action | +| test.c:123:6:123:10 | definition of test3 | +| test.c:123:6:123:10 | test3 | +| test.c:123:14:134:1 | { ... } | +| test.c:124:3:124:12 | declaration | +| test.c:124:7:124:7 | b | +| test.c:124:7:124:7 | definition of b | +| test.c:124:10:124:11 | 0 | +| test.c:124:10:124:11 | initializer for b | +| test.c:126:3:129:3 | if (...) ... | | test.c:126:7:126:7 | 1 | | test.c:126:7:126:28 | ... && ... | | test.c:126:12:126:26 | call to test3_condition | +| test.c:126:31:129:3 | { ... } | +| test.c:127:5:127:5 | b | +| test.c:127:5:127:9 | ... = ... | +| test.c:127:5:127:10 | ExprStmt | +| test.c:127:9:127:9 | 1 | +| test.c:128:5:128:16 | call to test3_action | +| test.c:128:5:128:19 | ExprStmt | +| test.c:131:3:133:3 | if (...) ... | | test.c:131:7:131:7 | b | +| test.c:131:10:133:3 | { ... } | +| test.c:132:5:132:16 | call to test3_action | +| test.c:132:5:132:19 | ExprStmt | +| test.c:134:1:134:1 | return ... | +| test.c:136:6:136:10 | definition of test4 | +| test.c:136:6:136:10 | test4 | +| test.c:136:16:136:16 | definition of i | +| test.c:136:16:136:16 | i | +| test.c:136:19:143:1 | { ... } | +| test.c:137:3:141:3 | if (...) ... | | test.c:137:7:137:7 | 0 | +| test.c:137:10:141:3 | { ... } | +| test.c:138:5:140:5 | if (...) ... | +| test.c:138:9:138:9 | i | +| test.c:138:12:140:5 | { ... } | +| test.c:139:7:139:7 | ; | +| test.c:142:3:142:9 | return ... | +| test.c:145:6:145:10 | definition of test5 | +| test.c:145:6:145:10 | test5 | +| test.c:145:16:145:16 | definition of x | +| test.c:145:16:145:16 | x | +| test.c:145:19:149:1 | { ... } | +| test.c:146:3:148:3 | if (...) ... | | test.c:146:7:146:8 | ! ... | | test.c:146:8:146:8 | x | +| test.c:146:11:148:3 | { ... } | +| test.c:147:5:147:9 | call to test3 | +| test.c:147:5:147:12 | ExprStmt | +| test.c:149:1:149:1 | return ... | +| test.c:151:6:151:10 | definition of test6 | +| test.c:151:6:151:10 | test6 | +| test.c:151:18:151:18 | definition of p | +| test.c:151:18:151:18 | p | +| test.c:151:21:155:1 | { ... } | +| test.c:152:5:154:5 | if (...) ... | | test.c:152:8:152:8 | p | +| test.c:152:11:154:5 | { ... } | +| test.c:155:1:155:1 | return ... | +| test.c:157:6:157:10 | definition of test7 | +| test.c:157:6:157:10 | test7 | +| test.c:157:18:157:18 | definition of p | +| test.c:157:18:157:18 | p | +| test.c:157:21:161:1 | { ... } | +| test.c:158:5:160:5 | if (...) ... | | test.c:158:8:158:9 | ! ... | | test.c:158:9:158:9 | p | +| test.c:158:12:160:5 | { ... } | +| test.c:161:1:161:1 | return ... | +| test.c:163:6:163:10 | definition of test8 | +| test.c:163:6:163:10 | test8 | +| test.c:163:18:163:18 | definition of s | +| test.c:163:18:163:18 | s | +| test.c:163:21:167:1 | { ... } | +| test.c:164:5:166:5 | if (...) ... | | test.c:164:8:164:8 | s | +| test.c:164:11:166:5 | { ... } | +| test.c:167:1:167:1 | return ... | +| test.c:169:6:169:10 | definition of test9 | +| test.c:169:6:169:10 | test9 | +| test.c:169:18:169:18 | definition of s | +| test.c:169:18:169:18 | s | +| test.c:169:21:173:1 | { ... } | +| test.c:170:5:172:5 | if (...) ... | | test.c:170:8:170:9 | ! ... | | test.c:170:9:170:9 | s | +| test.c:170:12:172:5 | { ... } | +| test.c:173:1:173:1 | return ... | +| test.c:175:6:175:11 | definition of test10 | +| test.c:175:6:175:11 | test10 | +| test.c:175:17:175:17 | a | +| test.c:175:17:175:17 | definition of a | +| test.c:175:24:175:24 | b | +| test.c:175:24:175:24 | definition of b | +| test.c:175:27:179:1 | { ... } | +| test.c:176:5:178:5 | if (...) ... | | test.c:176:8:176:15 | ! ... | +| test.c:176:9:176:15 | (...) | +| test.c:176:10:176:10 | a | | test.c:176:10:176:14 | ... < ... | +| test.c:176:14:176:14 | b | +| test.c:176:18:178:5 | { ... } | +| test.c:179:1:179:1 | return ... | +| test.c:181:6:181:11 | definition of test11 | +| test.c:181:6:181:11 | test11 | +| test.c:181:20:181:22 | definition of foo | +| test.c:181:20:181:22 | foo | +| test.c:181:25:185:1 | { ... } | +| test.c:182:5:184:5 | if (...) ... | | test.c:182:8:182:34 | ! ... | +| test.c:182:9:182:34 | (...) | +| test.c:182:10:182:12 | foo | | test.c:182:10:182:20 | ... >= ... | | test.c:182:10:182:33 | ... && ... | +| test.c:182:17:182:20 | 9.999999999999999547e-07 | +| test.c:182:25:182:27 | foo | | test.c:182:25:182:33 | ... < ... | +| test.c:182:31:182:33 | 1.0 | +| test.c:182:37:184:5 | { ... } | +| test.c:185:1:185:1 | return ... | +| test.c:187:6:187:11 | definition of test12 | +| test.c:187:6:187:11 | test12 | +| test.c:187:17:187:17 | a | +| test.c:187:17:187:17 | definition of a | +| test.c:187:24:187:24 | b | +| test.c:187:24:187:24 | definition of b | +| test.c:187:27:193:1 | { ... } | +| test.c:188:3:188:17 | declaration | +| test.c:188:7:188:7 | c | +| test.c:188:7:188:7 | definition of c | +| test.c:188:10:188:16 | initializer for c | +| test.c:188:11:188:11 | a | +| test.c:188:11:188:16 | ... != ... | +| test.c:188:16:188:16 | b | +| test.c:190:3:192:3 | if (...) ... | | test.c:190:7:190:8 | ! ... | | test.c:190:8:190:8 | c | +| test.c:190:11:192:3 | { ... } | +| test.c:193:1:193:1 | return ... | +| test.c:195:6:195:11 | definition of test13 | +| test.c:195:6:195:11 | test13 | +| test.c:195:17:195:17 | a | +| test.c:195:17:195:17 | definition of a | +| test.c:195:20:201:1 | { ... } | +| test.c:196:3:196:17 | declaration | +| test.c:196:7:196:7 | b | +| test.c:196:7:196:7 | definition of b | +| test.c:196:10:196:16 | initializer for b | +| test.c:196:11:196:11 | a | +| test.c:196:11:196:16 | ... > ... | +| test.c:196:15:196:16 | 10 | +| test.c:198:3:200:3 | if (...) ... | | test.c:198:7:198:8 | ! ... | | test.c:198:8:198:8 | b | +| test.c:198:11:200:3 | { ... } | +| test.c:201:1:201:1 | return ... | +| test.c:203:6:203:11 | definition of test14 | +| test.c:203:6:203:11 | test14 | +| test.c:203:17:203:17 | a | +| test.c:203:17:203:17 | definition of a | +| test.c:203:24:203:24 | b | +| test.c:203:24:203:24 | definition of b | +| test.c:203:27:209:1 | { ... } | +| test.c:204:3:204:16 | declaration | +| test.c:204:7:204:7 | c | +| test.c:204:7:204:7 | definition of c | +| test.c:204:10:204:15 | initializer for c | +| test.c:204:11:204:11 | a | +| test.c:204:11:204:15 | ... > ... | +| test.c:204:15:204:15 | b | +| test.c:206:3:208:3 | if (...) ... | | test.c:206:7:206:8 | ! ... | | test.c:206:8:206:8 | c | +| test.c:206:11:208:3 | { ... } | +| test.c:209:1:209:1 | return ... | +| test.c:211:1:211:45 | #define likely(x) __builtin_expect(!!(x), 1) | +| test.c:213:6:213:11 | definition of test15 | +| test.c:213:6:213:11 | test15 | +| test.c:213:17:213:17 | a | +| test.c:213:17:213:17 | definition of a | +| test.c:213:24:213:24 | b | +| test.c:213:24:213:24 | definition of b | +| test.c:214:1:222:1 | { ... } | +| test.c:215:2:217:5 | if (...) ... | +| test.c:215:6:215:18 | 1 | +| test.c:215:6:215:18 | ! ... | +| test.c:215:6:215:18 | ! ... | +| test.c:215:6:215:18 | (...) | +| test.c:215:6:215:18 | (long)... | +| test.c:215:6:215:18 | (long)... | | test.c:215:6:215:18 | call to __builtin_expect | +| test.c:215:6:215:18 | likely(x) | +| test.c:215:13:215:13 | a | +| test.c:215:13:215:17 | ... > ... | +| test.c:215:17:215:17 | b | +| test.c:215:21:217:5 | { ... } | +| test.c:219:5:221:5 | if (...) ... | +| test.c:219:9:219:22 | 1 | +| test.c:219:9:219:22 | ! ... | +| test.c:219:9:219:22 | ! ... | +| test.c:219:9:219:22 | (...) | +| test.c:219:9:219:22 | (long)... | +| test.c:219:9:219:22 | (long)... | | test.c:219:9:219:22 | call to __builtin_expect | +| test.c:219:9:219:22 | likely(x) | +| test.c:219:16:219:16 | a | +| test.c:219:16:219:21 | ... > ... | +| test.c:219:20:219:21 | 42 | +| test.c:219:25:221:5 | { ... } | +| test.c:222:1:222:1 | return ... | +| test.cpp:0:0:0:0 | test.cpp | +| test.cpp:1:7:1:7 | X | +| test.cpp:1:7:1:7 | declaration of operator= | +| test.cpp:1:7:1:7 | declaration of operator= | +| test.cpp:1:7:1:7 | definition of X | +| test.cpp:1:7:1:7 | operator= | +| test.cpp:1:7:1:7 | operator= | +| test.cpp:4:8:4:10 | declaration of set | +| test.cpp:4:8:4:10 | set | +| test.cpp:7:7:7:7 | Y | +| test.cpp:7:7:7:7 | declaration of operator= | +| test.cpp:7:7:7:7 | declaration of operator= | +| test.cpp:7:7:7:7 | definition of Y | +| test.cpp:7:7:7:7 | operator= | +| test.cpp:7:7:7:7 | operator= | +| test.cpp:10:3:10:3 | type mention | +| test.cpp:10:6:10:6 | declaration of f | +| test.cpp:12:9:12:9 | type mention | +| test.cpp:12:12:12:14 | definition of get | +| test.cpp:12:12:12:14 | get | +| test.cpp:12:24:12:36 | { ... } | +| test.cpp:12:26:12:34 | return ... | +| test.cpp:12:33:12:33 | 0 | +| test.cpp:12:33:12:33 | (const X *)... | +| test.cpp:13:3:13:3 | type mention | +| test.cpp:13:6:13:8 | definition of get | +| test.cpp:13:6:13:8 | get | +| test.cpp:13:12:13:24 | { ... } | +| test.cpp:13:14:13:22 | return ... | +| test.cpp:13:21:13:21 | 0 | +| test.cpp:13:21:13:21 | (X *)... | +| test.cpp:16:1:16:1 | type mention | +| test.cpp:16:4:16:4 | type mention | +| test.cpp:16:4:16:7 | definition of f | +| test.cpp:16:4:16:7 | f | +| test.cpp:17:1:21:1 | { ... } | +| test.cpp:18:3:19:17 | if (...) ... | | test.cpp:18:8:18:10 | call to get | +| test.cpp:18:8:18:10 | this | +| test.cpp:18:8:18:12 | (bool)... | +| test.cpp:19:5:19:7 | call to get | +| test.cpp:19:5:19:7 | this | +| test.cpp:19:5:19:17 | ExprStmt | +| test.cpp:19:12:19:14 | call to set | +| test.cpp:20:3:20:11 | return ... | +| test.cpp:20:10:20:10 | 0 | +| test.cpp:20:10:20:10 | (Y *)... | +| test.cpp:23:7:23:7 | Error | +| test.cpp:23:7:23:7 | Error | +| test.cpp:23:7:23:7 | declaration of Error | +| test.cpp:23:7:23:7 | declaration of Error | +| test.cpp:23:7:23:7 | declaration of operator= | +| test.cpp:23:7:23:7 | declaration of operator= | +| test.cpp:23:7:23:7 | operator= | +| test.cpp:23:7:23:7 | operator= | +| test.cpp:23:7:23:11 | Error | +| test.cpp:23:7:23:11 | definition of Error | +| test.cpp:25:3:25:7 | Error | +| test.cpp:25:3:25:7 | definition of Error | +| test.cpp:25:11:25:12 | { ... } | +| test.cpp:25:12:25:12 | return ... | +| test.cpp:28:6:28:13 | declaration of getABool | +| test.cpp:28:6:28:13 | getABool | +| test.cpp:30:6:30:16 | definition of doSomething | +| test.cpp:30:6:30:16 | doSomething | +| test.cpp:30:22:30:22 | definition of x | +| test.cpp:30:22:30:22 | x | +| test.cpp:30:25:34:1 | { ... } | +| test.cpp:31:3:33:3 | if (...) ... | +| test.cpp:31:7:31:7 | x | | test.cpp:31:7:31:13 | ... == ... | +| test.cpp:31:12:31:13 | - ... | +| test.cpp:31:13:31:13 | 1 | +| test.cpp:31:16:33:3 | { ... } | +| test.cpp:32:5:32:21 | throw ... | +| test.cpp:32:5:32:22 | ExprStmt | +| test.cpp:32:11:32:21 | call to Error | +| test.cpp:32:11:32:21 | new | +| test.cpp:32:15:32:19 | type mention | +| test.cpp:34:1:34:1 | return ... | +| test.cpp:36:6:36:20 | declaration of doSomethingElse | +| test.cpp:36:6:36:20 | doSomethingElse | +| test.cpp:36:26:36:26 | declaration of x | +| test.cpp:36:26:36:26 | x | +| test.cpp:38:6:38:19 | definition of testWithCatch0 | +| test.cpp:38:6:38:19 | testWithCatch0 | +| test.cpp:38:25:38:25 | definition of v | +| test.cpp:38:25:38:25 | v | +| test.cpp:39:1:54:1 | { ... } | +| test.cpp:40:5:47:5 | try { ... } | +| test.cpp:41:5:47:5 | { ... } | +| test.cpp:42:9:46:9 | if (...) ... | | test.cpp:42:13:42:20 | call to getABool | +| test.cpp:43:9:46:9 | { ... } | +| test.cpp:44:13:44:23 | call to doSomething | +| test.cpp:44:13:44:27 | ExprStmt | +| test.cpp:44:25:44:25 | v | +| test.cpp:45:13:45:24 | return ... | +| test.cpp:45:20:45:23 | 1 | +| test.cpp:48:11:48:15 | type mention | +| test.cpp:48:18:48:18 | definition of e | +| test.cpp:48:18:48:18 | e | +| test.cpp:49:5:51:5 | | +| test.cpp:49:5:51:5 | { ... } | +| test.cpp:50:7:50:21 | call to doSomethingElse | +| test.cpp:50:7:50:25 | ExprStmt | +| test.cpp:50:23:50:23 | v | +| test.cpp:53:5:53:17 | return ... | +| test.cpp:53:12:53:16 | 0 | +| test.cpp:56:6:56:9 | declaration of use1 | +| test.cpp:56:6:56:9 | use1 | +| test.cpp:56:11:56:13 | (unnamed parameter 0) | +| test.cpp:56:11:56:13 | declaration of (unnamed parameter 0) | +| test.cpp:57:6:57:9 | declaration of use2 | +| test.cpp:57:6:57:9 | use2 | +| test.cpp:57:11:57:13 | (unnamed parameter 0) | +| test.cpp:57:11:57:13 | declaration of (unnamed parameter 0) | +| test.cpp:58:6:58:9 | declaration of use3 | +| test.cpp:58:6:58:9 | use3 | +| test.cpp:58:11:58:13 | (unnamed parameter 0) | +| test.cpp:58:11:58:13 | declaration of (unnamed parameter 0) | +| test.cpp:60:6:60:25 | definition of test_switches_simple | +| test.cpp:60:6:60:25 | test_switches_simple | +| test.cpp:60:31:60:31 | definition of i | +| test.cpp:60:31:60:31 | i | +| test.cpp:60:34:71:1 | { ... } | +| test.cpp:61:3:70:3 | switch (...) ... | | test.cpp:61:10:61:10 | i | +| test.cpp:61:13:70:3 | { ... } | +| test.cpp:62:5:62:11 | case ...: | +| test.cpp:62:10:62:10 | 0 | +| test.cpp:63:7:63:10 | call to use1 | +| test.cpp:63:7:63:14 | ExprStmt | +| test.cpp:63:12:63:12 | i | +| test.cpp:64:7:64:12 | break; | +| test.cpp:65:5:65:11 | case ...: | +| test.cpp:65:10:65:10 | 1 | +| test.cpp:66:7:66:10 | call to use2 | +| test.cpp:66:7:66:14 | ExprStmt | +| test.cpp:66:12:66:12 | i | +| test.cpp:67:7:67:29 | /* NOTE: fallthrough */ | +| test.cpp:68:5:68:11 | case ...: | +| test.cpp:68:10:68:10 | 2 | +| test.cpp:69:7:69:10 | call to use3 | +| test.cpp:69:7:69:14 | ExprStmt | +| test.cpp:69:12:69:12 | i | +| test.cpp:70:3:70:3 | label ...: | +| test.cpp:71:1:71:1 | return ... | +| test.cpp:73:6:73:24 | definition of test_switches_range | +| test.cpp:73:6:73:24 | test_switches_range | +| test.cpp:73:30:73:30 | definition of i | +| test.cpp:73:30:73:30 | i | +| test.cpp:73:33:81:1 | { ... } | +| test.cpp:74:3:80:3 | switch (...) ... | | test.cpp:74:10:74:10 | i | +| test.cpp:74:13:80:3 | { ... } | +| test.cpp:75:5:75:18 | case ...: | +| test.cpp:75:10:75:10 | 0 | +| test.cpp:75:16:75:17 | 10 | +| test.cpp:76:7:76:10 | call to use1 | +| test.cpp:76:7:76:14 | ExprStmt | +| test.cpp:76:12:76:12 | i | +| test.cpp:77:7:77:12 | break; | +| test.cpp:78:5:78:19 | case ...: | +| test.cpp:78:10:78:11 | 11 | +| test.cpp:78:17:78:18 | 20 | +| test.cpp:79:7:79:10 | call to use2 | +| test.cpp:79:7:79:14 | ExprStmt | +| test.cpp:79:12:79:12 | i | +| test.cpp:80:3:80:3 | label ...: | +| test.cpp:81:1:81:1 | return ... | +| test.cpp:83:6:83:26 | definition of test_switches_default | +| test.cpp:83:6:83:26 | test_switches_default | +| test.cpp:83:32:83:32 | definition of i | +| test.cpp:83:32:83:32 | i | +| test.cpp:83:35:88:1 | { ... } | +| test.cpp:84:3:87:3 | switch (...) ... | | test.cpp:84:10:84:10 | i | +| test.cpp:84:13:87:3 | { ... } | +| test.cpp:85:5:85:12 | default: | +| test.cpp:86:7:86:10 | call to use1 | +| test.cpp:86:7:86:14 | ExprStmt | +| test.cpp:86:12:86:12 | i | +| test.cpp:88:1:88:1 | return ... | +| test.cpp:90:6:90:8 | declaration of use | +| test.cpp:90:6:90:8 | use | +| test.cpp:92:6:92:23 | definition of pointer_comparison | +| test.cpp:92:6:92:23 | pointer_comparison | +| test.cpp:92:31:92:31 | c | +| test.cpp:92:31:92:31 | definition of c | +| test.cpp:92:34:96:1 | { ... } | +| test.cpp:93:3:95:3 | if (...) ... | +| test.cpp:93:6:93:6 | (bool)... | | test.cpp:93:6:93:6 | c | +| test.cpp:93:9:95:3 | { ... } | +| test.cpp:94:5:94:7 | call to use | +| test.cpp:94:5:94:11 | ExprStmt | +| test.cpp:94:9:94:9 | c | +| test.cpp:96:1:96:1 | return ... | +| test.cpp:98:6:98:30 | definition of implicit_float_comparison | +| test.cpp:98:6:98:30 | implicit_float_comparison | +| test.cpp:98:38:98:38 | definition of f | +| test.cpp:98:38:98:38 | f | +| test.cpp:98:41:102:1 | { ... } | +| test.cpp:99:3:101:3 | if (...) ... | +| test.cpp:99:6:99:6 | (bool)... | | test.cpp:99:6:99:6 | f | +| test.cpp:99:9:101:3 | { ... } | +| test.cpp:100:5:100:7 | call to use | +| test.cpp:100:5:100:11 | ExprStmt | +| test.cpp:100:9:100:9 | (double)... | +| test.cpp:100:9:100:9 | f | +| test.cpp:102:1:102:1 | return ... | +| test.cpp:104:6:104:30 | definition of explicit_float_comparison | +| test.cpp:104:6:104:30 | explicit_float_comparison | +| test.cpp:104:38:104:38 | definition of f | +| test.cpp:104:38:104:38 | f | +| test.cpp:104:41:108:1 | { ... } | +| test.cpp:105:3:107:3 | if (...) ... | +| test.cpp:105:6:105:6 | f | | test.cpp:105:6:105:14 | ... != ... | +| test.cpp:105:11:105:14 | 0.0 | +| test.cpp:105:17:107:3 | { ... } | +| test.cpp:106:5:106:7 | call to use | +| test.cpp:106:5:106:11 | ExprStmt | +| test.cpp:106:9:106:9 | (double)... | +| test.cpp:106:9:106:9 | f | +| test.cpp:108:1:108:1 | return ... | +| test.cpp:110:6:110:25 | definition of int_float_comparison | +| test.cpp:110:6:110:25 | int_float_comparison | +| test.cpp:110:31:110:31 | definition of i | +| test.cpp:110:31:110:31 | i | +| test.cpp:110:34:114:1 | { ... } | +| test.cpp:111:3:113:3 | if (...) ... | +| test.cpp:111:6:111:6 | (float)... | +| test.cpp:111:6:111:6 | i | | test.cpp:111:6:111:14 | ... != ... | +| test.cpp:111:11:111:14 | 0.0 | +| test.cpp:111:17:113:3 | { ... } | +| test.cpp:112:5:112:7 | call to use | +| test.cpp:112:5:112:11 | ExprStmt | +| test.cpp:112:9:112:9 | i | +| test.cpp:114:1:114:1 | return ... | +| test.cpp:116:5:116:10 | declaration of source | +| test.cpp:116:5:116:10 | source | +| test.cpp:117:6:117:9 | declaration of safe | +| test.cpp:117:6:117:9 | safe | +| test.cpp:117:11:117:13 | (unnamed parameter 0) | +| test.cpp:117:11:117:13 | declaration of (unnamed parameter 0) | +| test.cpp:119:6:119:9 | definition of test | +| test.cpp:119:6:119:9 | test | +| test.cpp:119:16:119:16 | b | +| test.cpp:119:16:119:16 | definition of b | +| test.cpp:120:1:128:1 | { ... } | +| test.cpp:121:5:121:10 | declaration | +| test.cpp:121:9:121:9 | definition of x | +| test.cpp:121:9:121:9 | x | +| test.cpp:122:5:126:5 | if (...) ... | | test.cpp:122:9:122:9 | b | +| test.cpp:123:5:126:5 | { ... } | +| test.cpp:124:9:124:9 | x | +| test.cpp:124:9:124:20 | ... = ... | +| test.cpp:124:9:124:21 | ExprStmt | +| test.cpp:124:13:124:18 | call to source | +| test.cpp:125:9:125:29 | if (...) ... | | test.cpp:125:13:125:20 | ! ... | | test.cpp:125:14:125:17 | call to safe | +| test.cpp:125:19:125:19 | x | +| test.cpp:125:23:125:29 | return ... | +| test.cpp:127:5:127:7 | call to use | +| test.cpp:127:5:127:11 | ExprStmt | +| test.cpp:127:9:127:9 | x | +| test.cpp:128:1:128:1 | return ... | +| test.cpp:130:6:130:33 | binary_test_builtin_expected | +| test.cpp:130:6:130:33 | definition of binary_test_builtin_expected | +| test.cpp:130:39:130:39 | a | +| test.cpp:130:39:130:39 | definition of a | +| test.cpp:130:46:130:46 | b | +| test.cpp:130:46:130:46 | definition of b | +| test.cpp:130:49:138:1 | { ... } | +| test.cpp:131:3:133:3 | if (...) ... | | test.cpp:131:6:131:21 | call to __builtin_expect | +| test.cpp:131:6:131:37 | (bool)... | +| test.cpp:131:23:131:23 | a | +| test.cpp:131:23:131:33 | (long)... | +| test.cpp:131:23:131:33 | ... == ... | +| test.cpp:131:28:131:28 | b | +| test.cpp:131:28:131:33 | ... + ... | +| test.cpp:131:32:131:33 | 42 | +| test.cpp:131:36:131:36 | 0 | +| test.cpp:131:36:131:36 | (long)... | +| test.cpp:131:40:133:3 | { ... } | +| test.cpp:132:7:132:9 | call to use | +| test.cpp:132:7:132:13 | ExprStmt | +| test.cpp:132:11:132:11 | a | +| test.cpp:135:3:137:3 | if (...) ... | | test.cpp:135:6:135:21 | call to __builtin_expect | +| test.cpp:135:6:135:37 | (bool)... | +| test.cpp:135:23:135:23 | a | +| test.cpp:135:23:135:33 | (long)... | +| test.cpp:135:23:135:33 | ... != ... | +| test.cpp:135:28:135:28 | b | +| test.cpp:135:28:135:33 | ... + ... | +| test.cpp:135:32:135:33 | 42 | +| test.cpp:135:36:135:36 | 0 | +| test.cpp:135:36:135:36 | (long)... | +| test.cpp:135:40:137:3 | { ... } | +| test.cpp:136:7:136:9 | call to use | +| test.cpp:136:7:136:13 | ExprStmt | +| test.cpp:136:11:136:11 | a | +| test.cpp:138:1:138:1 | return ... | +| test.cpp:140:6:140:32 | definition of unary_test_builtin_expected | +| test.cpp:140:6:140:32 | unary_test_builtin_expected | +| test.cpp:140:38:140:38 | a | +| test.cpp:140:38:140:38 | definition of a | +| test.cpp:140:41:148:1 | { ... } | +| test.cpp:141:3:143:3 | if (...) ... | | test.cpp:141:6:141:21 | call to __builtin_expect | +| test.cpp:141:6:141:33 | (bool)... | +| test.cpp:141:23:141:23 | a | +| test.cpp:141:23:141:29 | (long)... | +| test.cpp:141:23:141:29 | ... == ... | +| test.cpp:141:28:141:29 | 42 | +| test.cpp:141:32:141:32 | 0 | +| test.cpp:141:32:141:32 | (long)... | +| test.cpp:141:36:143:3 | { ... } | +| test.cpp:142:7:142:9 | call to use | +| test.cpp:142:7:142:13 | ExprStmt | +| test.cpp:142:11:142:11 | a | +| test.cpp:145:3:147:3 | if (...) ... | | test.cpp:145:6:145:21 | call to __builtin_expect | +| test.cpp:145:6:145:33 | (bool)... | +| test.cpp:145:23:145:23 | a | +| test.cpp:145:23:145:29 | (long)... | +| test.cpp:145:23:145:29 | ... != ... | +| test.cpp:145:28:145:29 | 42 | +| test.cpp:145:32:145:32 | 0 | +| test.cpp:145:32:145:32 | (long)... | +| test.cpp:145:36:147:3 | { ... } | +| test.cpp:146:7:146:9 | call to use | +| test.cpp:146:7:146:13 | ExprStmt | +| test.cpp:146:11:146:11 | a | +| test.cpp:148:1:148:1 | return ... | +| test.cpp:150:6:150:24 | definition of test_with_reference | +| test.cpp:150:6:150:24 | test_with_reference | +| test.cpp:150:32:150:32 | b | +| test.cpp:150:32:150:32 | definition of b | +| test.cpp:150:39:150:39 | a | +| test.cpp:150:39:150:39 | definition of a | +| test.cpp:150:42:155:1 | { ... } | +| test.cpp:151:4:151:4 | (reference dereference) | +| test.cpp:151:4:151:4 | b | +| test.cpp:151:4:151:13 | ... = ... | +| test.cpp:151:4:151:14 | ExprStmt | +| test.cpp:151:8:151:8 | a | +| test.cpp:151:8:151:13 | ... < ... | +| test.cpp:151:12:151:13 | 10 | +| test.cpp:152:4:154:4 | if (...) ... | | test.cpp:152:7:152:8 | ! ... | +| test.cpp:152:8:152:8 | (reference dereference) | | test.cpp:152:8:152:8 | b | +| test.cpp:152:11:154:4 | { ... } | +| test.cpp:153:7:153:9 | call to use | +| test.cpp:153:7:153:13 | ExprStmt | +| test.cpp:153:11:153:11 | a | +| test.cpp:155:1:155:1 | return ... | +| test.cpp:157:6:157:38 | definition of test_with_negated_binary_equality | +| test.cpp:157:6:157:38 | test_with_negated_binary_equality | +| test.cpp:157:44:157:44 | a | +| test.cpp:157:44:157:44 | definition of a | +| test.cpp:157:51:157:51 | b | +| test.cpp:157:51:157:51 | definition of b | +| test.cpp:157:54:163:1 | { ... } | +| test.cpp:158:3:158:18 | declaration | +| test.cpp:158:8:158:8 | c | +| test.cpp:158:8:158:8 | definition of c | +| test.cpp:158:11:158:17 | initializer for c | +| test.cpp:158:12:158:12 | a | +| test.cpp:158:12:158:17 | ... != ... | +| test.cpp:158:17:158:17 | b | +| test.cpp:160:3:162:3 | if (...) ... | | test.cpp:160:7:160:8 | ! ... | | test.cpp:160:8:160:8 | c | +| test.cpp:160:11:162:3 | { ... } | +| test.cpp:163:1:163:1 | return ... | +| test.cpp:165:6:165:39 | definition of test_with_negated_unary_relational | +| test.cpp:165:6:165:39 | test_with_negated_unary_relational | +| test.cpp:165:45:165:45 | a | +| test.cpp:165:45:165:45 | definition of a | +| test.cpp:165:48:171:1 | { ... } | +| test.cpp:166:3:166:18 | declaration | +| test.cpp:166:8:166:8 | b | +| test.cpp:166:8:166:8 | definition of b | +| test.cpp:166:11:166:17 | initializer for b | +| test.cpp:166:12:166:12 | a | +| test.cpp:166:12:166:17 | ... > ... | +| test.cpp:166:16:166:17 | 10 | +| test.cpp:168:3:170:3 | if (...) ... | | test.cpp:168:7:168:8 | ! ... | | test.cpp:168:8:168:8 | b | +| test.cpp:168:11:170:3 | { ... } | +| test.cpp:171:1:171:1 | return ... | +| test.cpp:173:6:173:40 | definition of test_with_negated_binary_relational | +| test.cpp:173:6:173:40 | test_with_negated_binary_relational | +| test.cpp:173:46:173:46 | a | +| test.cpp:173:46:173:46 | definition of a | +| test.cpp:173:53:173:53 | b | +| test.cpp:173:53:173:53 | definition of b | +| test.cpp:173:56:179:1 | { ... } | +| test.cpp:174:3:174:17 | declaration | +| test.cpp:174:8:174:8 | c | +| test.cpp:174:8:174:8 | definition of c | +| test.cpp:174:11:174:16 | initializer for c | +| test.cpp:174:12:174:12 | a | +| test.cpp:174:12:174:16 | ... > ... | +| test.cpp:174:16:174:16 | b | +| test.cpp:176:3:178:3 | if (...) ... | | test.cpp:176:7:176:8 | ! ... | | test.cpp:176:8:176:8 | c | +| test.cpp:176:11:178:3 | { ... } | +| test.cpp:179:1:179:1 | return ... | +| test.cpp:181:6:181:21 | definition of test_logical_and | +| test.cpp:181:6:181:21 | test_logical_and | +| test.cpp:181:28:181:29 | b1 | +| test.cpp:181:28:181:29 | definition of b1 | +| test.cpp:181:37:181:38 | b2 | +| test.cpp:181:37:181:38 | definition of b2 | +| test.cpp:181:41:190:1 | { ... } | +| test.cpp:182:3:189:3 | if (...) ... | | test.cpp:182:6:182:16 | ! ... | +| test.cpp:182:7:182:16 | (...) | | test.cpp:182:8:182:9 | b1 | | test.cpp:182:8:182:15 | ... && ... | | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:19:185:3 | { ... } | +| test.cpp:183:5:183:7 | call to use | +| test.cpp:183:5:183:12 | ExprStmt | +| test.cpp:183:9:183:10 | (int)... | +| test.cpp:183:9:183:10 | b1 | +| test.cpp:184:5:184:7 | call to use | +| test.cpp:184:5:184:12 | ExprStmt | +| test.cpp:184:9:184:10 | (int)... | +| test.cpp:184:9:184:10 | b2 | +| test.cpp:185:10:189:3 | { ... } | +| test.cpp:186:5:186:30 | // b1 = true and b2 = true | +| test.cpp:187:5:187:7 | call to use | +| test.cpp:187:5:187:12 | ExprStmt | +| test.cpp:187:9:187:10 | (int)... | +| test.cpp:187:9:187:10 | b1 | +| test.cpp:188:5:188:7 | call to use | +| test.cpp:188:5:188:12 | ExprStmt | +| test.cpp:188:9:188:10 | (int)... | +| test.cpp:188:9:188:10 | b2 | +| test.cpp:190:1:190:1 | return ... | +| test.cpp:192:6:192:20 | definition of test_logical_or | +| test.cpp:192:6:192:20 | test_logical_or | +| test.cpp:192:27:192:28 | b1 | +| test.cpp:192:27:192:28 | definition of b1 | +| test.cpp:192:36:192:37 | b2 | +| test.cpp:192:36:192:37 | definition of b2 | +| test.cpp:192:40:201:1 | { ... } | +| test.cpp:193:3:200:3 | if (...) ... | | test.cpp:193:6:193:16 | ! ... | +| test.cpp:193:7:193:16 | (...) | | test.cpp:193:8:193:9 | b1 | | test.cpp:193:8:193:15 | ... \|\| ... | | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:19:197:3 | { ... } | +| test.cpp:194:5:194:32 | // b1 = false and b2 = false | +| test.cpp:195:5:195:7 | call to use | +| test.cpp:195:5:195:12 | ExprStmt | +| test.cpp:195:9:195:10 | (int)... | +| test.cpp:195:9:195:10 | b1 | +| test.cpp:196:5:196:7 | call to use | +| test.cpp:196:5:196:12 | ExprStmt | +| test.cpp:196:9:196:10 | (int)... | +| test.cpp:196:9:196:10 | b2 | +| test.cpp:197:10:200:3 | { ... } | +| test.cpp:198:5:198:7 | call to use | +| test.cpp:198:5:198:12 | ExprStmt | +| test.cpp:198:9:198:10 | (int)... | +| test.cpp:198:9:198:10 | b1 | +| test.cpp:199:5:199:7 | call to use | +| test.cpp:199:5:199:12 | ExprStmt | +| test.cpp:199:9:199:10 | (int)... | +| test.cpp:199:9:199:10 | b2 | +| test.cpp:201:1:201:1 | return ... | +| test.cpp:203:8:203:8 | declaration of operator= | +| test.cpp:203:8:203:8 | declaration of operator= | +| test.cpp:203:8:203:8 | operator= | +| test.cpp:203:8:203:8 | operator= | +| test.cpp:203:8:203:15 | Mystruct | +| test.cpp:203:8:203:15 | definition of Mystruct | +| test.cpp:204:7:204:7 | definition of i | +| test.cpp:204:7:204:7 | i | +| test.cpp:205:9:205:9 | definition of f | +| test.cpp:205:9:205:9 | f | +| test.cpp:208:5:208:14 | definition of test_types | +| test.cpp:208:5:208:14 | test_types | +| test.cpp:208:28:208:29 | definition of sc | +| test.cpp:208:28:208:29 | sc | +| test.cpp:208:46:208:47 | definition of ul | +| test.cpp:208:46:208:47 | ul | +| test.cpp:208:56:208:56 | definition of f | +| test.cpp:208:56:208:56 | f | +| test.cpp:208:66:208:66 | d | +| test.cpp:208:66:208:66 | definition of d | +| test.cpp:208:74:208:74 | b | +| test.cpp:208:74:208:74 | definition of b | +| test.cpp:208:77:208:84 | type mention | +| test.cpp:208:87:208:88 | definition of ms | +| test.cpp:208:87:208:88 | ms | +| test.cpp:208:91:244:1 | { ... } | +| test.cpp:209:5:209:16 | declaration | +| test.cpp:209:9:209:11 | ctr | +| test.cpp:209:9:209:11 | definition of ctr | +| test.cpp:209:14:209:15 | 0 | +| test.cpp:209:14:209:15 | initializer for ctr | +| test.cpp:211:5:213:5 | if (...) ... | +| test.cpp:211:9:211:10 | (int)... | +| test.cpp:211:9:211:10 | sc | | test.cpp:211:9:211:15 | ... == ... | +| test.cpp:211:15:211:15 | 0 | +| test.cpp:211:18:213:5 | { ... } | +| test.cpp:212:9:212:11 | ctr | +| test.cpp:212:9:212:13 | ... ++ | +| test.cpp:212:9:212:14 | ExprStmt | +| test.cpp:214:5:216:5 | if (...) ... | +| test.cpp:214:9:214:10 | (int)... | +| test.cpp:214:9:214:10 | sc | | test.cpp:214:9:214:17 | ... == ... | +| test.cpp:214:15:214:17 | 0 | +| test.cpp:214:20:216:5 | { ... } | +| test.cpp:215:9:215:11 | ctr | +| test.cpp:215:9:215:13 | ... ++ | +| test.cpp:215:9:215:14 | ExprStmt | +| test.cpp:217:5:219:5 | if (...) ... | +| test.cpp:217:9:217:10 | ul | | test.cpp:217:9:217:15 | ... == ... | +| test.cpp:217:15:217:15 | 0 | +| test.cpp:217:15:217:15 | (unsigned long)... | +| test.cpp:217:18:219:5 | { ... } | +| test.cpp:218:9:218:11 | ctr | +| test.cpp:218:9:218:13 | ... ++ | +| test.cpp:218:9:218:14 | ExprStmt | +| test.cpp:220:5:222:5 | if (...) ... | +| test.cpp:220:9:220:9 | f | | test.cpp:220:9:220:14 | ... == ... | +| test.cpp:220:14:220:14 | 0 | +| test.cpp:220:14:220:14 | (float)... | +| test.cpp:220:17:222:5 | { ... } | +| test.cpp:221:9:221:11 | ctr | +| test.cpp:221:9:221:13 | ... ++ | +| test.cpp:221:9:221:14 | ExprStmt | +| test.cpp:223:5:225:5 | if (...) ... | +| test.cpp:223:9:223:9 | (double)... | +| test.cpp:223:9:223:9 | f | | test.cpp:223:9:223:16 | ... == ... | +| test.cpp:223:14:223:16 | 0.0 | +| test.cpp:223:19:225:5 | { ... } | +| test.cpp:224:9:224:11 | ctr | +| test.cpp:224:9:224:13 | ... ++ | +| test.cpp:224:9:224:14 | ExprStmt | +| test.cpp:226:5:228:5 | if (...) ... | +| test.cpp:226:9:226:9 | d | | test.cpp:226:9:226:14 | ... == ... | +| test.cpp:226:14:226:14 | 0 | +| test.cpp:226:14:226:14 | (double)... | +| test.cpp:226:17:228:5 | { ... } | +| test.cpp:227:9:227:11 | ctr | +| test.cpp:227:9:227:13 | ... ++ | +| test.cpp:227:9:227:14 | ExprStmt | +| test.cpp:229:5:231:5 | if (...) ... | +| test.cpp:229:9:229:9 | (int)... | +| test.cpp:229:9:229:9 | b | | test.cpp:229:9:229:14 | ... == ... | +| test.cpp:229:14:229:14 | 0 | +| test.cpp:229:17:231:5 | { ... } | +| test.cpp:230:9:230:11 | ctr | +| test.cpp:230:9:230:13 | ... ++ | +| test.cpp:230:9:230:14 | ExprStmt | +| test.cpp:232:5:234:5 | if (...) ... | +| test.cpp:232:9:232:9 | (int)... | +| test.cpp:232:9:232:9 | b | | test.cpp:232:9:232:18 | ... == ... | +| test.cpp:232:14:232:18 | 0 | +| test.cpp:232:14:232:18 | (int)... | +| test.cpp:232:21:234:5 | { ... } | +| test.cpp:233:9:233:11 | ctr | +| test.cpp:233:9:233:13 | ... ++ | +| test.cpp:233:9:233:14 | ExprStmt | +| test.cpp:235:5:237:5 | if (...) ... | +| test.cpp:235:9:235:10 | (reference dereference) | +| test.cpp:235:9:235:10 | ms | | test.cpp:235:9:235:17 | ... == ... | +| test.cpp:235:12:235:12 | i | +| test.cpp:235:17:235:17 | 0 | +| test.cpp:235:20:237:5 | { ... } | +| test.cpp:236:9:236:11 | ctr | +| test.cpp:236:9:236:13 | ... ++ | +| test.cpp:236:9:236:14 | ExprStmt | +| test.cpp:238:5:240:5 | if (...) ... | +| test.cpp:238:9:238:10 | (reference dereference) | +| test.cpp:238:9:238:10 | ms | | test.cpp:238:9:238:17 | ... == ... | +| test.cpp:238:12:238:12 | f | +| test.cpp:238:17:238:17 | 0 | +| test.cpp:238:17:238:17 | (float)... | +| test.cpp:238:20:240:5 | { ... } | +| test.cpp:239:9:239:11 | ctr | +| test.cpp:239:9:239:13 | ... ++ | +| test.cpp:239:9:239:14 | ExprStmt | +| test.cpp:241:5:243:5 | if (...) ... | +| test.cpp:241:9:241:10 | (reference dereference) | +| test.cpp:241:9:241:10 | ms | | test.cpp:241:9:241:17 | ... == ... | | test.cpp:241:9:241:30 | ... && ... | | test.cpp:241:9:241:43 | ... && ... | +| test.cpp:241:12:241:12 | i | +| test.cpp:241:17:241:17 | 0 | +| test.cpp:241:22:241:23 | (reference dereference) | +| test.cpp:241:22:241:23 | ms | | test.cpp:241:22:241:30 | ... == ... | +| test.cpp:241:25:241:25 | f | +| test.cpp:241:30:241:30 | 0 | +| test.cpp:241:30:241:30 | (float)... | +| test.cpp:241:35:241:36 | (reference dereference) | +| test.cpp:241:35:241:36 | ms | | test.cpp:241:35:241:43 | ... == ... | +| test.cpp:241:38:241:38 | i | +| test.cpp:241:43:241:43 | 0 | +| test.cpp:241:46:243:5 | { ... } | +| test.cpp:242:9:242:11 | ctr | +| test.cpp:242:9:242:13 | ... ++ | +| test.cpp:242:9:242:14 | ExprStmt | +| test.cpp:244:1:244:1 | return ... | +| test.cpp:246:6:246:21 | definition of test_cmp_implies | +| test.cpp:246:6:246:21 | test_cmp_implies | +| test.cpp:246:27:246:27 | a | +| test.cpp:246:27:246:27 | definition of a | +| test.cpp:246:34:246:34 | b | +| test.cpp:246:34:246:34 | definition of b | +| test.cpp:246:37:284:1 | { ... } | +| test.cpp:247:3:251:3 | if (...) ... | +| test.cpp:247:6:247:13 | (...) | +| test.cpp:247:6:247:13 | (int)... | | test.cpp:247:6:247:18 | ... == ... | +| test.cpp:247:7:247:7 | a | +| test.cpp:247:7:247:12 | ... == ... | +| test.cpp:247:12:247:12 | b | +| test.cpp:247:18:247:18 | 0 | +| test.cpp:247:21:249:3 | { ... } | +| test.cpp:249:10:251:3 | { ... } | +| test.cpp:253:3:257:3 | if (...) ... | +| test.cpp:253:6:253:13 | (...) | +| test.cpp:253:6:253:13 | (int)... | | test.cpp:253:6:253:18 | ... != ... | +| test.cpp:253:7:253:7 | a | +| test.cpp:253:7:253:12 | ... == ... | +| test.cpp:253:12:253:12 | b | +| test.cpp:253:18:253:18 | 0 | +| test.cpp:253:21:255:3 | { ... } | +| test.cpp:255:10:257:3 | { ... } | +| test.cpp:260:3:264:3 | if (...) ... | +| test.cpp:260:6:260:13 | (...) | +| test.cpp:260:6:260:13 | (int)... | | test.cpp:260:6:260:18 | ... == ... | +| test.cpp:260:7:260:7 | a | +| test.cpp:260:7:260:12 | ... != ... | +| test.cpp:260:12:260:12 | b | +| test.cpp:260:18:260:18 | 0 | +| test.cpp:260:21:262:3 | { ... } | +| test.cpp:262:10:264:3 | { ... } | +| test.cpp:266:3:270:3 | if (...) ... | +| test.cpp:266:6:266:13 | (...) | +| test.cpp:266:6:266:13 | (int)... | | test.cpp:266:6:266:18 | ... != ... | +| test.cpp:266:7:266:7 | a | +| test.cpp:266:7:266:12 | ... != ... | +| test.cpp:266:12:266:12 | b | +| test.cpp:266:18:266:18 | 0 | +| test.cpp:266:21:268:3 | { ... } | +| test.cpp:268:10:270:3 | { ... } | +| test.cpp:273:3:277:3 | if (...) ... | +| test.cpp:273:6:273:12 | (...) | +| test.cpp:273:6:273:12 | (int)... | | test.cpp:273:6:273:17 | ... == ... | +| test.cpp:273:7:273:7 | a | +| test.cpp:273:7:273:11 | ... < ... | +| test.cpp:273:11:273:11 | b | +| test.cpp:273:17:273:17 | 0 | +| test.cpp:273:20:275:3 | { ... } | +| test.cpp:275:10:277:3 | { ... } | +| test.cpp:279:3:283:3 | if (...) ... | +| test.cpp:279:6:279:12 | (...) | +| test.cpp:279:6:279:12 | (int)... | | test.cpp:279:6:279:17 | ... != ... | +| test.cpp:279:7:279:7 | a | +| test.cpp:279:7:279:11 | ... < ... | +| test.cpp:279:11:279:11 | b | +| test.cpp:279:17:279:17 | 0 | +| test.cpp:279:20:281:3 | { ... } | +| test.cpp:281:10:283:3 | { ... } | +| test.cpp:284:1:284:1 | return ... | +| test.cpp:286:6:286:27 | definition of test_cmp_implies_unary | +| test.cpp:286:6:286:27 | test_cmp_implies_unary | +| test.cpp:286:33:286:33 | a | +| test.cpp:286:33:286:33 | definition of a | +| test.cpp:286:36:323:1 | { ... } | +| test.cpp:287:3:291:3 | if (...) ... | +| test.cpp:287:6:287:14 | (...) | +| test.cpp:287:6:287:14 | (int)... | | test.cpp:287:6:287:19 | ... == ... | +| test.cpp:287:7:287:7 | a | +| test.cpp:287:7:287:13 | ... == ... | +| test.cpp:287:12:287:13 | 42 | +| test.cpp:287:19:287:19 | 0 | +| test.cpp:287:22:289:3 | { ... } | +| test.cpp:289:10:291:3 | { ... } | +| test.cpp:293:3:297:3 | if (...) ... | +| test.cpp:293:6:293:14 | (...) | +| test.cpp:293:6:293:14 | (int)... | | test.cpp:293:6:293:19 | ... != ... | +| test.cpp:293:7:293:7 | a | +| test.cpp:293:7:293:13 | ... == ... | +| test.cpp:293:12:293:13 | 42 | +| test.cpp:293:19:293:19 | 0 | +| test.cpp:293:22:295:3 | { ... } | +| test.cpp:295:10:297:3 | { ... } | +| test.cpp:300:3:304:3 | if (...) ... | +| test.cpp:300:6:300:14 | (...) | +| test.cpp:300:6:300:14 | (int)... | | test.cpp:300:6:300:19 | ... == ... | +| test.cpp:300:7:300:7 | a | +| test.cpp:300:7:300:13 | ... != ... | +| test.cpp:300:12:300:13 | 42 | +| test.cpp:300:19:300:19 | 0 | +| test.cpp:300:22:302:3 | { ... } | +| test.cpp:302:10:304:3 | { ... } | +| test.cpp:306:3:310:3 | if (...) ... | +| test.cpp:306:6:306:14 | (...) | +| test.cpp:306:6:306:14 | (int)... | | test.cpp:306:6:306:19 | ... != ... | +| test.cpp:306:7:306:7 | a | +| test.cpp:306:7:306:13 | ... != ... | +| test.cpp:306:12:306:13 | 42 | +| test.cpp:306:19:306:19 | 0 | +| test.cpp:306:22:308:3 | { ... } | +| test.cpp:308:10:310:3 | { ... } | +| test.cpp:312:3:316:3 | if (...) ... | +| test.cpp:312:6:312:13 | (...) | +| test.cpp:312:6:312:13 | (int)... | | test.cpp:312:6:312:18 | ... == ... | +| test.cpp:312:7:312:7 | a | +| test.cpp:312:7:312:12 | ... < ... | +| test.cpp:312:11:312:12 | 42 | +| test.cpp:312:18:312:18 | 0 | +| test.cpp:312:21:314:3 | { ... } | +| test.cpp:314:10:316:3 | { ... } | +| test.cpp:318:3:322:3 | if (...) ... | +| test.cpp:318:6:318:13 | (...) | +| test.cpp:318:6:318:13 | (int)... | | test.cpp:318:6:318:18 | ... != ... | +| test.cpp:318:7:318:7 | a | +| test.cpp:318:7:318:12 | ... < ... | +| test.cpp:318:11:318:12 | 42 | +| test.cpp:318:18:318:18 | 0 | +| test.cpp:318:21:320:3 | { ... } | +| test.cpp:320:10:322:3 | { ... } | +| test.cpp:323:1:323:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index 5d3232d50faa..d1a3f22d7660 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -392,6 +392,12 @@ | test.c:206:8:206:8 | c | b >= a+0 when c is false | | test.c:206:8:206:8 | c | c != 0 when c is true | | test.c:206:8:206:8 | c | c == 0 when c is false | +| test.c:215:6:215:18 | ! ... | ... > ... != 0 when ! ... is false | +| test.c:215:6:215:18 | ! ... | ... > ... == 0 when ! ... is true | +| test.c:215:6:215:18 | ! ... | a < b+1 when ! ... is true | +| test.c:215:6:215:18 | ! ... | a >= b+1 when ! ... is false | +| test.c:215:6:215:18 | ! ... | b < a+0 when ! ... is false | +| test.c:215:6:215:18 | ! ... | b >= a+0 when ! ... is true | | test.c:215:6:215:18 | call to __builtin_expect | ... > ... != 0 when call to __builtin_expect is true | | test.c:215:6:215:18 | call to __builtin_expect | ... > ... == 0 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | a < b+1 when call to __builtin_expect is false | @@ -402,6 +408,20 @@ | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.c:215:6:215:18 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.c:215:13:215:17 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.c:215:13:215:17 | ... > ... | a < b+1 when ... > ... is false | +| test.c:215:13:215:17 | ... > ... | a >= b+1 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | b < a+0 when ... > ... is true | +| test.c:215:13:215:17 | ... > ... | b >= a+0 when ... > ... is false | +| test.c:219:9:219:22 | ! ... | 42 < a+0 when ! ... is false | +| test.c:219:9:219:22 | ! ... | 42 >= a+0 when ! ... is true | +| test.c:219:9:219:22 | ! ... | ... > ... != 0 when ! ... is false | +| test.c:219:9:219:22 | ! ... | ... > ... == 0 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a < 42+1 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a < 43 when ! ... is true | +| test.c:219:9:219:22 | ! ... | a >= 42+1 when ! ... is false | +| test.c:219:9:219:22 | ! ... | a >= 43 when ! ... is false | | test.c:219:9:219:22 | call to __builtin_expect | 42 < a+0 when call to __builtin_expect is true | | test.c:219:9:219:22 | call to __builtin_expect | 42 >= a+0 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | ... > ... != 0 when call to __builtin_expect is true | @@ -414,6 +434,14 @@ | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.c:219:9:219:22 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.c:219:16:219:21 | ... > ... | 42 < a+0 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | 42 >= a+0 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a < 42+1 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a < 43 when ... > ... is false | +| test.c:219:16:219:21 | ... > ... | a >= 42+1 when ... > ... is true | +| test.c:219:16:219:21 | ... > ... | a >= 43 when ... > ... is true | | test.cpp:18:8:18:10 | call to get | call to get != 0 when call to get is true | | test.cpp:18:8:18:10 | call to get | call to get != 1 when call to get is false | | test.cpp:18:8:18:10 | call to get | call to get == 0 when call to get is false | @@ -432,13 +460,52 @@ | test.cpp:42:13:42:20 | call to getABool | call to getABool != 1 when call to getABool is false | | test.cpp:42:13:42:20 | call to getABool | call to getABool == 0 when call to getABool is false | | test.cpp:42:13:42:20 | call to getABool | call to getABool == 1 when call to getABool is true | -| test.cpp:61:10:61:10 | i | i == 0 when i is Case[0] | -| test.cpp:61:10:61:10 | i | i == 1 when i is Case[1] | -| test.cpp:61:10:61:10 | i | i == 2 when i is Case[2] | -| test.cpp:74:10:74:10 | i | i < 11 when i is Case[0..10] | -| test.cpp:74:10:74:10 | i | i < 21 when i is Case[11..20] | -| test.cpp:74:10:74:10 | i | i >= 0 when i is Case[0..10] | -| test.cpp:74:10:74:10 | i | i >= 11 when i is Case[11..20] | +| test.cpp:60:31:60:31 | i | i != 0 when i is not 0 | +| test.cpp:60:31:60:31 | i | i != 1 when i is not 1 | +| test.cpp:60:31:60:31 | i | i != 2 when i is not 2 | +| test.cpp:60:31:60:31 | i | i == 0 when i is 0 | +| test.cpp:60:31:60:31 | i | i == 1 when i is 1 | +| test.cpp:60:31:60:31 | i | i == 2 when i is 2 | +| test.cpp:61:10:61:10 | i | i != 0 when i is not 0 | +| test.cpp:61:10:61:10 | i | i != 1 when i is not 1 | +| test.cpp:61:10:61:10 | i | i != 2 when i is not 2 | +| test.cpp:61:10:61:10 | i | i == 0 when i is 0 | +| test.cpp:61:10:61:10 | i | i == 1 when i is 1 | +| test.cpp:61:10:61:10 | i | i == 2 when i is 2 | +| test.cpp:63:12:63:12 | i | i != 0 when i is not 0 | +| test.cpp:63:12:63:12 | i | i != 1 when i is not 1 | +| test.cpp:63:12:63:12 | i | i != 2 when i is not 2 | +| test.cpp:63:12:63:12 | i | i == 0 when i is 0 | +| test.cpp:63:12:63:12 | i | i == 1 when i is 1 | +| test.cpp:63:12:63:12 | i | i == 2 when i is 2 | +| test.cpp:66:12:66:12 | i | i != 0 when i is not 0 | +| test.cpp:66:12:66:12 | i | i != 1 when i is not 1 | +| test.cpp:66:12:66:12 | i | i != 2 when i is not 2 | +| test.cpp:66:12:66:12 | i | i == 0 when i is 0 | +| test.cpp:66:12:66:12 | i | i == 1 when i is 1 | +| test.cpp:66:12:66:12 | i | i == 2 when i is 2 | +| test.cpp:69:12:69:12 | i | i != 0 when i is not 0 | +| test.cpp:69:12:69:12 | i | i != 1 when i is not 1 | +| test.cpp:69:12:69:12 | i | i != 2 when i is not 2 | +| test.cpp:69:12:69:12 | i | i == 0 when i is 0 | +| test.cpp:69:12:69:12 | i | i == 1 when i is 1 | +| test.cpp:69:12:69:12 | i | i == 2 when i is 2 | +| test.cpp:73:30:73:30 | i | i < 11 when i is 0..10 | +| test.cpp:73:30:73:30 | i | i < 21 when i is 11..20 | +| test.cpp:73:30:73:30 | i | i >= 0 when i is 0..10 | +| test.cpp:73:30:73:30 | i | i >= 11 when i is 11..20 | +| test.cpp:74:10:74:10 | i | i < 11 when i is 0..10 | +| test.cpp:74:10:74:10 | i | i < 21 when i is 11..20 | +| test.cpp:74:10:74:10 | i | i >= 0 when i is 0..10 | +| test.cpp:74:10:74:10 | i | i >= 11 when i is 11..20 | +| test.cpp:76:12:76:12 | i | i < 11 when i is 0..10 | +| test.cpp:76:12:76:12 | i | i < 21 when i is 11..20 | +| test.cpp:76:12:76:12 | i | i >= 0 when i is 0..10 | +| test.cpp:76:12:76:12 | i | i >= 11 when i is 11..20 | +| test.cpp:79:12:79:12 | i | i < 11 when i is 0..10 | +| test.cpp:79:12:79:12 | i | i < 21 when i is 11..20 | +| test.cpp:79:12:79:12 | i | i >= 0 when i is 0..10 | +| test.cpp:79:12:79:12 | i | i >= 11 when i is 11..20 | | test.cpp:93:6:93:6 | c | c != 0 when c is true | | test.cpp:93:6:93:6 | c | c != 1 when c is false | | test.cpp:93:6:93:6 | c | c == 0 when c is false | @@ -463,6 +530,10 @@ | test.cpp:111:6:111:14 | ... != ... | ... != ... == 1 when ... != ... is true | | test.cpp:111:6:111:14 | ... != ... | i != 0.0+0 when ... != ... is true | | test.cpp:111:6:111:14 | ... != ... | i == 0.0+0 when ... != ... is false | +| test.cpp:119:16:119:16 | b | b != 0 when b is true | +| test.cpp:119:16:119:16 | b | b != 1 when b is false | +| test.cpp:119:16:119:16 | b | b == 0 when b is false | +| test.cpp:119:16:119:16 | b | b == 1 when b is true | | test.cpp:122:9:122:9 | b | b != 0 when b is true | | test.cpp:122:9:122:9 | b | b != 1 when b is false | | test.cpp:122:9:122:9 | b | b == 0 when b is false | @@ -495,6 +566,14 @@ | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:131:6:131:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:131:23:131:33 | ... == ... | ... + ... != a+0 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | ... + ... == a+0 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | a != ... + ...+0 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | a != b+42 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | a == ... + ...+0 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | a == b+42 when ... == ... is true | +| test.cpp:131:23:131:33 | ... == ... | b != a+-42 when ... == ... is false | +| test.cpp:131:23:131:33 | ... == ... | b == a+-42 when ... == ... is true | | test.cpp:135:6:135:21 | call to __builtin_expect | ... + ... != a+0 when call to __builtin_expect is true | | test.cpp:135:6:135:21 | call to __builtin_expect | ... + ... == a+0 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | a != ... + ...+0 when call to __builtin_expect is true | @@ -507,6 +586,14 @@ | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:135:6:135:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:135:23:135:33 | ... != ... | ... + ... != a+0 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | ... + ... == a+0 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | a != ... + ...+0 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | a != b+42 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | a == ... + ...+0 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | a == b+42 when ... != ... is false | +| test.cpp:135:23:135:33 | ... != ... | b != a+-42 when ... != ... is true | +| test.cpp:135:23:135:33 | ... != ... | b == a+-42 when ... != ... is false | | test.cpp:141:6:141:21 | call to __builtin_expect | 42 != a+0 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | 42 == a+0 when call to __builtin_expect is true | | test.cpp:141:6:141:21 | call to __builtin_expect | a != 42 when call to __builtin_expect is false | @@ -517,6 +604,12 @@ | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:141:6:141:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:141:23:141:29 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:141:23:141:29 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:141:23:141:29 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:141:23:141:29 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:145:6:145:21 | call to __builtin_expect | 42 != a+0 when call to __builtin_expect is true | | test.cpp:145:6:145:21 | call to __builtin_expect | 42 == a+0 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | a != 42 when call to __builtin_expect is true | @@ -527,6 +620,26 @@ | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect != 1 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect == 0 when call to __builtin_expect is false | | test.cpp:145:6:145:21 | call to __builtin_expect | call to __builtin_expect == 1 when call to __builtin_expect is true | +| test.cpp:145:23:145:29 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:145:23:145:29 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:145:23:145:29 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:145:23:145:29 | ... != ... | a == 42+0 when ... != ... is false | +| test.cpp:151:8:151:13 | ... < ... | 10 < a+1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | 10 >= a+1 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | ... < ... != 0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | ... < ... != 1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | ... < ... == 0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | ... < ... == 1 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a < 10 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a < 10+0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | a >= 10 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | a >= 10+0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b != 0 when ... < ... is true | +| test.cpp:151:8:151:13 | ... < ... | b != 1 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b == 0 when ... < ... is false | +| test.cpp:151:8:151:13 | ... < ... | b == 1 when ... < ... is true | | test.cpp:152:7:152:8 | ! ... | 10 < a+1 when ! ... is true | | test.cpp:152:7:152:8 | ! ... | 10 >= a+1 when ! ... is false | | test.cpp:152:7:152:8 | ! ... | ! ... != 0 when ! ... is true | @@ -563,6 +676,18 @@ | test.cpp:152:8:152:8 | b | b != 1 when b is false | | test.cpp:152:8:152:8 | b | b == 0 when b is false | | test.cpp:152:8:152:8 | b | b == 1 when b is true | +| test.cpp:158:12:158:17 | ... != ... | ... != ... != 0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | ... != ... != 1 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | ... != ... == 0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | ... != ... == 1 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | b == a+0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c != 0 when ... != ... is true | +| test.cpp:158:12:158:17 | ... != ... | c != 1 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c == 0 when ... != ... is false | +| test.cpp:158:12:158:17 | ... != ... | c == 1 when ... != ... is true | | test.cpp:160:7:160:8 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:160:7:160:8 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:160:7:160:8 | ! ... | ! ... == 0 when ! ... is false | @@ -595,6 +720,20 @@ | test.cpp:160:8:160:8 | c | c != 1 when c is false | | test.cpp:160:8:160:8 | c | c == 0 when c is false | | test.cpp:160:8:160:8 | c | c == 1 when c is true | +| test.cpp:166:12:166:17 | ... > ... | 10 < a+0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | 10 >= a+0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | ... > ... != 1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | ... > ... == 1 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | a < 10+1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | a < 11 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | a >= 10+1 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | a >= 11 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | b != 0 when ... > ... is true | +| test.cpp:166:12:166:17 | ... > ... | b != 1 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | b == 0 when ... > ... is false | +| test.cpp:166:12:166:17 | ... > ... | b == 1 when ... > ... is true | | test.cpp:168:7:168:8 | ! ... | 10 < a+0 when ! ... is false | | test.cpp:168:7:168:8 | ! ... | 10 >= a+0 when ! ... is true | | test.cpp:168:7:168:8 | ! ... | ! ... != 0 when ! ... is true | @@ -631,6 +770,18 @@ | test.cpp:168:8:168:8 | b | b != 1 when b is false | | test.cpp:168:8:168:8 | b | b == 0 when b is false | | test.cpp:168:8:168:8 | b | b == 1 when b is true | +| test.cpp:174:12:174:16 | ... > ... | ... > ... != 0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | ... > ... != 1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | ... > ... == 0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | ... > ... == 1 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | a < b+1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | a >= b+1 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | b < a+0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | b >= a+0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c != 0 when ... > ... is true | +| test.cpp:174:12:174:16 | ... > ... | c != 1 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c == 0 when ... > ... is false | +| test.cpp:174:12:174:16 | ... > ... | c == 1 when ... > ... is true | | test.cpp:176:7:176:8 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:176:7:176:8 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:176:7:176:8 | ! ... | ! ... == 0 when ! ... is false | @@ -663,6 +814,14 @@ | test.cpp:176:8:176:8 | c | c != 1 when c is false | | test.cpp:176:8:176:8 | c | c == 0 when c is false | | test.cpp:176:8:176:8 | c | c == 1 when c is true | +| test.cpp:181:28:181:29 | b1 | b1 != 0 when b1 is true | +| test.cpp:181:28:181:29 | b1 | b1 != 1 when b1 is false | +| test.cpp:181:28:181:29 | b1 | b1 == 0 when b1 is false | +| test.cpp:181:28:181:29 | b1 | b1 == 1 when b1 is true | +| test.cpp:181:37:181:38 | b2 | b2 != 0 when b2 is true | +| test.cpp:181:37:181:38 | b2 | b2 != 1 when b2 is false | +| test.cpp:181:37:181:38 | b2 | b2 == 0 when b2 is false | +| test.cpp:181:37:181:38 | b2 | b2 == 1 when b2 is true | | test.cpp:182:6:182:16 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:182:6:182:16 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:182:6:182:16 | ! ... | ! ... == 0 when ! ... is false | @@ -695,6 +854,30 @@ | test.cpp:182:14:182:15 | b2 | b2 != 1 when b2 is false | | test.cpp:182:14:182:15 | b2 | b2 == 0 when b2 is false | | test.cpp:182:14:182:15 | b2 | b2 == 1 when b2 is true | +| test.cpp:183:9:183:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:183:9:183:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:183:9:183:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:183:9:183:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:184:9:184:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:184:9:184:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:184:9:184:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:184:9:184:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:187:9:187:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:187:9:187:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:187:9:187:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:187:9:187:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:188:9:188:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:188:9:188:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:188:9:188:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:188:9:188:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:192:27:192:28 | b1 | b1 != 0 when b1 is true | +| test.cpp:192:27:192:28 | b1 | b1 != 1 when b1 is false | +| test.cpp:192:27:192:28 | b1 | b1 == 0 when b1 is false | +| test.cpp:192:27:192:28 | b1 | b1 == 1 when b1 is true | +| test.cpp:192:36:192:37 | b2 | b2 != 0 when b2 is true | +| test.cpp:192:36:192:37 | b2 | b2 != 1 when b2 is false | +| test.cpp:192:36:192:37 | b2 | b2 == 0 when b2 is false | +| test.cpp:192:36:192:37 | b2 | b2 == 1 when b2 is true | | test.cpp:193:6:193:16 | ! ... | ! ... != 0 when ! ... is true | | test.cpp:193:6:193:16 | ! ... | ! ... != 1 when ! ... is false | | test.cpp:193:6:193:16 | ! ... | ! ... == 0 when ! ... is false | @@ -727,6 +910,22 @@ | test.cpp:193:14:193:15 | b2 | b2 != 1 when b2 is false | | test.cpp:193:14:193:15 | b2 | b2 == 0 when b2 is false | | test.cpp:193:14:193:15 | b2 | b2 == 1 when b2 is true | +| test.cpp:195:9:195:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:195:9:195:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:195:9:195:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:195:9:195:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:196:9:196:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:196:9:196:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:196:9:196:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:196:9:196:10 | b2 | b2 == 1 when b2 is true | +| test.cpp:198:9:198:10 | b1 | b1 != 0 when b1 is true | +| test.cpp:198:9:198:10 | b1 | b1 != 1 when b1 is false | +| test.cpp:198:9:198:10 | b1 | b1 == 0 when b1 is false | +| test.cpp:198:9:198:10 | b1 | b1 == 1 when b1 is true | +| test.cpp:199:9:199:10 | b2 | b2 != 0 when b2 is true | +| test.cpp:199:9:199:10 | b2 | b2 != 1 when b2 is false | +| test.cpp:199:9:199:10 | b2 | b2 == 0 when b2 is false | +| test.cpp:199:9:199:10 | b2 | b2 == 1 when b2 is true | | test.cpp:211:9:211:15 | ... == ... | 0 != sc+0 when ... == ... is false | | test.cpp:211:9:211:15 | ... == ... | 0 == sc+0 when ... == ... is true | | test.cpp:211:9:211:15 | ... == ... | ... == ... != 0 when ... == ... is true | @@ -875,6 +1074,10 @@ | test.cpp:247:6:247:18 | ... == ... | a == b+0 when ... == ... is false | | test.cpp:247:6:247:18 | ... == ... | b != a+0 when ... == ... is true | | test.cpp:247:6:247:18 | ... == ... | b == a+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | a != b+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | a == b+0 when ... == ... is true | +| test.cpp:247:7:247:12 | ... == ... | b != a+0 when ... == ... is false | +| test.cpp:247:7:247:12 | ... == ... | b == a+0 when ... == ... is true | | test.cpp:253:6:253:18 | ... != ... | 0 != ... == ...+0 when ... != ... is true | | test.cpp:253:6:253:18 | ... != ... | 0 == ... == ...+0 when ... != ... is false | | test.cpp:253:6:253:18 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -889,6 +1092,10 @@ | test.cpp:253:6:253:18 | ... != ... | a == b+0 when ... != ... is true | | test.cpp:253:6:253:18 | ... != ... | b != a+0 when ... != ... is false | | test.cpp:253:6:253:18 | ... != ... | b == a+0 when ... != ... is true | +| test.cpp:253:7:253:12 | ... == ... | a != b+0 when ... == ... is false | +| test.cpp:253:7:253:12 | ... == ... | a == b+0 when ... == ... is true | +| test.cpp:253:7:253:12 | ... == ... | b != a+0 when ... == ... is false | +| test.cpp:253:7:253:12 | ... == ... | b == a+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | 0 != ... != ...+0 when ... == ... is false | | test.cpp:260:6:260:18 | ... == ... | 0 == ... != ...+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | ... != ... != 0 when ... == ... is false | @@ -903,6 +1110,10 @@ | test.cpp:260:6:260:18 | ... == ... | a == b+0 when ... == ... is true | | test.cpp:260:6:260:18 | ... == ... | b != a+0 when ... == ... is false | | test.cpp:260:6:260:18 | ... == ... | b == a+0 when ... == ... is true | +| test.cpp:260:7:260:12 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:260:7:260:12 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:260:7:260:12 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:260:7:260:12 | ... != ... | b == a+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | 0 != ... != ...+0 when ... != ... is true | | test.cpp:266:6:266:18 | ... != ... | 0 == ... != ...+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -915,6 +1126,10 @@ | test.cpp:266:6:266:18 | ... != ... | a == b+0 when ... != ... is false | | test.cpp:266:6:266:18 | ... != ... | b != a+0 when ... != ... is true | | test.cpp:266:6:266:18 | ... != ... | b == a+0 when ... != ... is false | +| test.cpp:266:7:266:12 | ... != ... | a != b+0 when ... != ... is true | +| test.cpp:266:7:266:12 | ... != ... | a == b+0 when ... != ... is false | +| test.cpp:266:7:266:12 | ... != ... | b != a+0 when ... != ... is true | +| test.cpp:266:7:266:12 | ... != ... | b == a+0 when ... != ... is false | | test.cpp:273:6:273:17 | ... == ... | 0 != ... < ...+0 when ... == ... is false | | test.cpp:273:6:273:17 | ... == ... | 0 == ... < ...+0 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | ... < ... != 0 when ... == ... is false | @@ -929,6 +1144,10 @@ | test.cpp:273:6:273:17 | ... == ... | a >= b+0 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | b < a+1 when ... == ... is true | | test.cpp:273:6:273:17 | ... == ... | b >= a+1 when ... == ... is false | +| test.cpp:273:7:273:11 | ... < ... | a < b+0 when ... < ... is true | +| test.cpp:273:7:273:11 | ... < ... | a >= b+0 when ... < ... is false | +| test.cpp:273:7:273:11 | ... < ... | b < a+1 when ... < ... is false | +| test.cpp:273:7:273:11 | ... < ... | b >= a+1 when ... < ... is true | | test.cpp:279:6:279:17 | ... != ... | 0 != ... < ...+0 when ... != ... is true | | test.cpp:279:6:279:17 | ... != ... | 0 == ... < ...+0 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | ... != ... != 0 when ... != ... is true | @@ -943,6 +1162,10 @@ | test.cpp:279:6:279:17 | ... != ... | a >= b+0 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | b < a+1 when ... != ... is false | | test.cpp:279:6:279:17 | ... != ... | b >= a+1 when ... != ... is true | +| test.cpp:279:7:279:11 | ... < ... | a < b+0 when ... < ... is true | +| test.cpp:279:7:279:11 | ... < ... | a >= b+0 when ... < ... is false | +| test.cpp:279:7:279:11 | ... < ... | b < a+1 when ... < ... is false | +| test.cpp:279:7:279:11 | ... < ... | b >= a+1 when ... < ... is true | | test.cpp:287:6:287:19 | ... == ... | 0 != ... == ...+0 when ... == ... is false | | test.cpp:287:6:287:19 | ... == ... | 0 == ... == ...+0 when ... == ... is true | | test.cpp:287:6:287:19 | ... == ... | 42 != a+0 when ... == ... is true | @@ -959,6 +1182,12 @@ | test.cpp:287:6:287:19 | ... == ... | a != 42+0 when ... == ... is true | | test.cpp:287:6:287:19 | ... == ... | a == 42 when ... == ... is false | | test.cpp:287:6:287:19 | ... == ... | a == 42+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:287:7:287:13 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:287:7:287:13 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:287:7:287:13 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:293:6:293:19 | ... != ... | 0 != ... == ...+0 when ... != ... is true | | test.cpp:293:6:293:19 | ... != ... | 0 == ... == ...+0 when ... != ... is false | | test.cpp:293:6:293:19 | ... != ... | 42 != a+0 when ... != ... is false | @@ -975,6 +1204,12 @@ | test.cpp:293:6:293:19 | ... != ... | a != 42+0 when ... != ... is false | | test.cpp:293:6:293:19 | ... != ... | a == 42 when ... != ... is true | | test.cpp:293:6:293:19 | ... != ... | a == 42+0 when ... != ... is true | +| test.cpp:293:7:293:13 | ... == ... | 42 != a+0 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | 42 == a+0 when ... == ... is true | +| test.cpp:293:7:293:13 | ... == ... | a != 42 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | a != 42+0 when ... == ... is false | +| test.cpp:293:7:293:13 | ... == ... | a == 42 when ... == ... is true | +| test.cpp:293:7:293:13 | ... == ... | a == 42+0 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | 0 != ... != ...+0 when ... == ... is false | | test.cpp:300:6:300:19 | ... == ... | 0 == ... != ...+0 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | 42 != a+0 when ... == ... is false | @@ -991,6 +1226,12 @@ | test.cpp:300:6:300:19 | ... == ... | a != 42+0 when ... == ... is false | | test.cpp:300:6:300:19 | ... == ... | a == 42 when ... == ... is true | | test.cpp:300:6:300:19 | ... == ... | a == 42+0 when ... == ... is true | +| test.cpp:300:7:300:13 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:300:7:300:13 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:300:7:300:13 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:300:7:300:13 | ... != ... | a == 42+0 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | 0 != ... != ...+0 when ... != ... is true | | test.cpp:306:6:306:19 | ... != ... | 0 == ... != ...+0 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | 42 != a+0 when ... != ... is true | @@ -1005,6 +1246,12 @@ | test.cpp:306:6:306:19 | ... != ... | a != 42+0 when ... != ... is true | | test.cpp:306:6:306:19 | ... != ... | a == 42 when ... != ... is false | | test.cpp:306:6:306:19 | ... != ... | a == 42+0 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | 42 != a+0 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | 42 == a+0 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | a != 42 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | a != 42+0 when ... != ... is true | +| test.cpp:306:7:306:13 | ... != ... | a == 42 when ... != ... is false | +| test.cpp:306:7:306:13 | ... != ... | a == 42+0 when ... != ... is false | | test.cpp:312:6:312:18 | ... == ... | 0 != ... < ...+0 when ... == ... is false | | test.cpp:312:6:312:18 | ... == ... | 0 == ... < ...+0 when ... == ... is true | | test.cpp:312:6:312:18 | ... == ... | 42 < a+1 when ... == ... is true | @@ -1021,6 +1268,12 @@ | test.cpp:312:6:312:18 | ... == ... | a < 42+0 when ... == ... is false | | test.cpp:312:6:312:18 | ... == ... | a >= 42 when ... == ... is true | | test.cpp:312:6:312:18 | ... == ... | a >= 42+0 when ... == ... is true | +| test.cpp:312:7:312:12 | ... < ... | 42 < a+1 when ... < ... is false | +| test.cpp:312:7:312:12 | ... < ... | 42 >= a+1 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a < 42 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a < 42+0 when ... < ... is true | +| test.cpp:312:7:312:12 | ... < ... | a >= 42 when ... < ... is false | +| test.cpp:312:7:312:12 | ... < ... | a >= 42+0 when ... < ... is false | | test.cpp:318:6:318:18 | ... != ... | 0 != ... < ...+0 when ... != ... is true | | test.cpp:318:6:318:18 | ... != ... | 0 == ... < ...+0 when ... != ... is false | | test.cpp:318:6:318:18 | ... != ... | 42 < a+1 when ... != ... is false | @@ -1037,3 +1290,9 @@ | test.cpp:318:6:318:18 | ... != ... | a < 42+0 when ... != ... is true | | test.cpp:318:6:318:18 | ... != ... | a >= 42 when ... != ... is false | | test.cpp:318:6:318:18 | ... != ... | a >= 42+0 when ... != ... is false | +| test.cpp:318:7:318:12 | ... < ... | 42 < a+1 when ... < ... is false | +| test.cpp:318:7:318:12 | ... < ... | 42 >= a+1 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a < 42 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a < 42+0 when ... < ... is true | +| test.cpp:318:7:318:12 | ... < ... | a >= 42 when ... < ... is false | +| test.cpp:318:7:318:12 | ... < ... | a >= 42+0 when ... < ... is false | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index 05afe345b8c4..078d8aeea086 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -43,16 +43,36 @@ | test.c:44:12:44:16 | ... > ... | true | test.c:45:13:45:20 | if (...) ... | | test.c:44:12:44:16 | ... > ... | true | test.c:45:23:47:22 | { ... } | | test.c:45:16:45:20 | ... > ... | true | test.c:45:23:47:22 | { ... } | +| test.c:58:9:58:9 | x | not 0 | test.c:58:19:58:23 | y | +| test.c:58:9:58:9 | x | not 0 | test.c:62:9:62:16 | return ... | | test.c:58:9:58:14 | ... == ... | false | test.c:58:19:58:23 | y | | test.c:58:9:58:14 | ... == ... | false | test.c:62:9:62:16 | return ... | | test.c:58:9:58:23 | ... \|\| ... | false | test.c:62:9:62:16 | return ... | | test.c:58:19:58:23 | ... < ... | false | test.c:62:9:62:16 | return ... | +| test.c:70:15:70:15 | x | 0 | test.c:75:17:77:14 | { ... } | +| test.c:70:15:70:15 | x | 0 | test.c:85:18:85:23 | y | +| test.c:70:15:70:15 | x | 0 | test.c:86:9:86:14 | ExprStmt | +| test.c:70:15:70:15 | x | not 0 | test.c:78:12:79:14 | { ... } | +| test.c:75:9:75:9 | x | 0 | test.c:75:17:77:14 | { ... } | +| test.c:75:9:75:9 | x | not 0 | test.c:78:12:79:14 | { ... } | | test.c:75:9:75:14 | ... == ... | false | test.c:78:12:79:14 | { ... } | | test.c:75:9:75:14 | ... == ... | true | test.c:75:17:77:14 | { ... } | +| test.c:85:8:85:8 | x | 0 | test.c:85:18:85:23 | y | +| test.c:85:8:85:8 | x | 0 | test.c:86:9:86:14 | ExprStmt | | test.c:85:8:85:13 | ... == ... | true | test.c:85:18:85:23 | y | | test.c:85:8:85:13 | ... == ... | true | test.c:86:9:86:14 | ExprStmt | | test.c:85:8:85:23 | ... && ... | true | test.c:86:9:86:14 | ExprStmt | +| test.c:85:18:85:18 | y | not 0 | test.c:86:9:86:14 | ExprStmt | | test.c:85:18:85:23 | ... != ... | true | test.c:86:9:86:14 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:70:5:70:9 | test2 | +| test.c:94:11:94:11 | x | 0 | test.c:99:5:102:13 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:102:16:102:21 | j | +| test.c:94:11:94:11 | x | 0 | test.c:102:29:102:26 | { ... } | +| test.c:94:11:94:11 | x | 0 | test.c:107:5:109:14 | ExprStmt | +| test.c:94:11:94:11 | x | 0 | test.c:109:19:109:23 | y | +| test.c:94:11:94:11 | x | 0 | test.c:109:26:117:12 | { ... } | +| test.c:94:11:94:11 | x | 0 | test.c:113:9:113:16 | return ... | +| test.c:94:11:94:11 | x | not 0 | test.c:94:19:96:11 | { ... } | | test.c:94:11:94:16 | ... != ... | false | test.c:70:5:70:9 | test2 | | test.c:94:11:94:16 | ... != ... | false | test.c:99:5:102:13 | ExprStmt | | test.c:94:11:94:16 | ... != ... | false | test.c:102:16:102:21 | j | @@ -68,98 +88,184 @@ | test.c:102:16:102:21 | ... < ... | false | test.c:109:26:117:12 | { ... } | | test.c:102:16:102:21 | ... < ... | false | test.c:113:9:113:16 | return ... | | test.c:102:16:102:21 | ... < ... | true | test.c:102:29:102:26 | { ... } | +| test.c:109:9:109:9 | x | not 0 | test.c:109:19:109:23 | y | +| test.c:109:9:109:9 | x | not 0 | test.c:113:9:113:16 | return ... | | test.c:109:9:109:14 | ... == ... | false | test.c:109:19:109:23 | y | | test.c:109:9:109:14 | ... == ... | false | test.c:113:9:113:16 | return ... | | test.c:109:9:109:23 | ... \|\| ... | false | test.c:113:9:113:16 | return ... | | test.c:109:19:109:23 | ... < ... | false | test.c:113:9:113:16 | return ... | +| test.c:126:7:126:7 | 1 | not 0 | test.c:126:12:126:26 | call to test3_condition | +| test.c:126:7:126:7 | 1 | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:7 | 1 | not 0 | test.c:131:3:131:7 | if (...) ... | +| test.c:126:7:126:7 | 1 | not 0 | test.c:131:10:132:16 | { ... } | +| test.c:126:7:126:7 | 1 | not 0 | test.c:134:1:123:10 | return ... | | test.c:126:7:126:7 | 1 | true | test.c:126:12:126:26 | call to test3_condition | | test.c:126:7:126:7 | 1 | true | test.c:126:31:128:16 | { ... } | | test.c:126:7:126:7 | 1 | true | test.c:131:3:131:7 | if (...) ... | | test.c:126:7:126:7 | 1 | true | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:7 | 1 | true | test.c:134:1:123:10 | return ... | +| test.c:126:7:126:28 | ... && ... | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | not 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | true | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | true | test.c:131:10:132:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | not 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | not 0 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | true | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | true | test.c:131:10:132:16 | { ... } | +| test.c:127:9:127:9 | 1 | not 0 | test.c:131:10:132:16 | { ... } | +| test.c:131:7:131:7 | b | not 0 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | true | test.c:131:10:132:16 | { ... } | +| test.c:137:7:137:7 | 0 | 0 | test.c:142:3:136:10 | return ... | | test.c:137:7:137:7 | 0 | false | test.c:142:3:136:10 | return ... | +| test.c:145:16:145:16 | x | 0 | test.c:146:11:147:9 | { ... } | | test.c:146:7:146:8 | ! ... | true | test.c:146:11:147:9 | { ... } | +| test.c:146:8:146:8 | x | 0 | test.c:146:11:147:9 | { ... } | | test.c:146:8:146:8 | x | false | test.c:146:11:147:9 | { ... } | +| test.c:151:18:151:18 | p | not null | test.c:152:11:154:5 | { ... } | +| test.c:152:8:152:8 | p | not null | test.c:152:11:154:5 | { ... } | | test.c:152:8:152:8 | p | true | test.c:152:11:154:5 | { ... } | +| test.c:157:18:157:18 | p | null | test.c:158:12:160:5 | { ... } | | test.c:158:8:158:9 | ! ... | true | test.c:158:12:160:5 | { ... } | | test.c:158:9:158:9 | p | false | test.c:158:12:160:5 | { ... } | +| test.c:158:9:158:9 | p | null | test.c:158:12:160:5 | { ... } | +| test.c:163:18:163:18 | s | not 0 | test.c:164:11:166:5 | { ... } | +| test.c:164:8:164:8 | s | not 0 | test.c:164:11:166:5 | { ... } | | test.c:164:8:164:8 | s | true | test.c:164:11:166:5 | { ... } | +| test.c:169:18:169:18 | s | 0 | test.c:170:12:172:5 | { ... } | | test.c:170:8:170:9 | ! ... | true | test.c:170:12:172:5 | { ... } | +| test.c:170:9:170:9 | s | 0 | test.c:170:12:172:5 | { ... } | | test.c:170:9:170:9 | s | false | test.c:170:12:172:5 | { ... } | | test.c:176:8:176:15 | ! ... | true | test.c:176:18:178:5 | { ... } | +| test.c:176:10:176:14 | ... < ... | 0 | test.c:176:18:178:5 | { ... } | | test.c:176:10:176:14 | ... < ... | false | test.c:176:18:178:5 | { ... } | | test.c:182:8:182:34 | ! ... | true | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:20 | ... >= ... | true | test.c:181:25:182:20 | { ... } | | test.c:182:10:182:20 | ... >= ... | true | test.c:182:25:182:33 | foo | +| test.c:182:10:182:33 | ... && ... | 0 | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:33 | ... && ... | false | test.c:182:37:184:5 | { ... } | | test.c:182:10:182:33 | ... && ... | true | test.c:181:25:182:20 | { ... } | | test.c:182:25:182:33 | ... < ... | true | test.c:181:25:182:20 | { ... } | +| test.c:188:11:188:16 | ... != ... | 0 | test.c:190:11:192:3 | { ... } | | test.c:190:7:190:8 | ! ... | true | test.c:190:11:192:3 | { ... } | +| test.c:190:8:190:8 | c | 0 | test.c:190:11:192:3 | { ... } | | test.c:190:8:190:8 | c | false | test.c:190:11:192:3 | { ... } | +| test.c:196:11:196:16 | ... > ... | 0 | test.c:198:11:200:3 | { ... } | | test.c:198:7:198:8 | ! ... | true | test.c:198:11:200:3 | { ... } | +| test.c:198:8:198:8 | b | 0 | test.c:198:11:200:3 | { ... } | | test.c:198:8:198:8 | b | false | test.c:198:11:200:3 | { ... } | +| test.c:204:11:204:15 | ... > ... | 0 | test.c:206:11:208:3 | { ... } | | test.c:206:7:206:8 | ! ... | true | test.c:206:11:208:3 | { ... } | +| test.c:206:8:206:8 | c | 0 | test.c:206:11:208:3 | { ... } | | test.c:206:8:206:8 | c | false | test.c:206:11:208:3 | { ... } | +| test.c:215:6:215:18 | call to __builtin_expect | not 0 | test.c:215:21:217:5 | { ... } | | test.c:215:6:215:18 | call to __builtin_expect | true | test.c:215:21:217:5 | { ... } | +| test.c:219:9:219:22 | call to __builtin_expect | not 0 | test.c:219:25:221:5 | { ... } | | test.c:219:9:219:22 | call to __builtin_expect | true | test.c:219:25:221:5 | { ... } | +| test.cpp:18:8:18:10 | call to get | not null | test.cpp:19:5:19:14 | ExprStmt | | test.cpp:18:8:18:10 | call to get | true | test.cpp:19:5:19:14 | ExprStmt | +| test.cpp:30:22:30:22 | x | -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:30:22:30:22 | x | -1 | test.cpp:31:16:32:21 | { ... } | +| test.cpp:30:22:30:22 | x | not -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:30:22:30:22 | x | not -1 | test.cpp:34:1:34:1 | return ... | +| test.cpp:31:7:31:7 | x | -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:31:7:31:7 | x | -1 | test.cpp:31:16:32:21 | { ... } | +| test.cpp:31:7:31:7 | x | not -1 | test.cpp:30:6:30:16 | doSomething | +| test.cpp:31:7:31:7 | x | not -1 | test.cpp:34:1:34:1 | return ... | | test.cpp:31:7:31:13 | ... == ... | false | test.cpp:30:6:30:16 | doSomething | | test.cpp:31:7:31:13 | ... == ... | false | test.cpp:34:1:34:1 | return ... | | test.cpp:31:7:31:13 | ... == ... | true | test.cpp:30:6:30:16 | doSomething | | test.cpp:31:7:31:13 | ... == ... | true | test.cpp:31:16:32:21 | { ... } | | test.cpp:42:13:42:20 | call to getABool | true | test.cpp:43:9:45:23 | { ... } | -| test.cpp:61:10:61:10 | i | Case[0] | test.cpp:62:5:64:12 | case ...: | -| test.cpp:61:10:61:10 | i | Case[1] | test.cpp:65:5:66:10 | case ...: | -| test.cpp:74:10:74:10 | i | Case[0..10] | test.cpp:75:5:77:12 | case ...: | -| test.cpp:74:10:74:10 | i | Case[11..20] | test.cpp:78:5:79:10 | case ...: | +| test.cpp:60:31:60:31 | i | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:60:31:60:31 | i | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:61:10:61:10 | i | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:61:10:61:10 | i | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:73:30:73:30 | i | 0..10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | 11..20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:74:10:74:10 | i | 0..10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:74:10:74:10 | i | 11..20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:92:31:92:31 | c | not null | test.cpp:93:9:94:7 | { ... } | +| test.cpp:93:6:93:6 | c | not null | test.cpp:93:9:94:7 | { ... } | | test.cpp:93:6:93:6 | c | true | test.cpp:93:9:94:7 | { ... } | | test.cpp:99:6:99:6 | f | true | test.cpp:99:9:100:7 | { ... } | | test.cpp:105:6:105:14 | ... != ... | true | test.cpp:105:17:106:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | true | test.cpp:111:17:112:7 | { ... } | +| test.cpp:119:16:119:16 | b | true | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | true | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | true | test.cpp:123:5:125:20 | { ... } | | test.cpp:122:9:122:9 | b | true | test.cpp:125:23:125:29 | return ... | | test.cpp:125:13:125:20 | ! ... | true | test.cpp:125:23:125:29 | return ... | | test.cpp:125:14:125:17 | call to safe | false | test.cpp:125:23:125:29 | return ... | +| test.cpp:131:6:131:21 | call to __builtin_expect | not 0 | test.cpp:131:40:132:9 | { ... } | | test.cpp:131:6:131:21 | call to __builtin_expect | true | test.cpp:131:40:132:9 | { ... } | +| test.cpp:135:6:135:21 | call to __builtin_expect | not 0 | test.cpp:135:40:136:9 | { ... } | | test.cpp:135:6:135:21 | call to __builtin_expect | true | test.cpp:135:40:136:9 | { ... } | +| test.cpp:141:6:141:21 | call to __builtin_expect | not 0 | test.cpp:141:36:142:9 | { ... } | | test.cpp:141:6:141:21 | call to __builtin_expect | true | test.cpp:141:36:142:9 | { ... } | +| test.cpp:145:6:145:21 | call to __builtin_expect | not 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | true | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | false | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | true | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | false | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | false | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | true | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | false | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | false | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | true | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | false | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | false | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | true | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | false | test.cpp:176:11:178:3 | { ... } | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | true | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | false | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | true | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:9 | b1 | true | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | true | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | false | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | true | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | true | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | true | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | true | test.cpp:185:10:188:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | false | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | false | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | true | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | false | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | false | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | false | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | true | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:14:193:15 | b2 | false | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | false | test.cpp:193:19:196:7 | { ... } | +| test.cpp:208:28:208:29 | sc | 0 | test.cpp:211:18:212:13 | { ... } | +| test.cpp:208:28:208:29 | sc | 0 | test.cpp:214:20:215:13 | { ... } | +| test.cpp:208:46:208:47 | ul | 0 | test.cpp:217:18:218:13 | { ... } | +| test.cpp:208:74:208:74 | b | 0 | test.cpp:229:17:230:13 | { ... } | +| test.cpp:208:74:208:74 | b | 0 | test.cpp:232:21:233:13 | { ... } | +| test.cpp:211:9:211:10 | sc | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | true | test.cpp:211:18:212:13 | { ... } | +| test.cpp:214:9:214:10 | sc | 0 | test.cpp:214:20:215:13 | { ... } | | test.cpp:214:9:214:17 | ... == ... | true | test.cpp:214:20:215:13 | { ... } | +| test.cpp:217:9:217:10 | ul | 0 | test.cpp:217:18:218:13 | { ... } | | test.cpp:217:9:217:15 | ... == ... | true | test.cpp:217:18:218:13 | { ... } | | test.cpp:220:9:220:14 | ... == ... | true | test.cpp:220:17:221:13 | { ... } | | test.cpp:223:9:223:16 | ... == ... | true | test.cpp:223:19:224:13 | { ... } | | test.cpp:226:9:226:14 | ... == ... | true | test.cpp:226:17:227:13 | { ... } | +| test.cpp:229:9:229:9 | b | 0 | test.cpp:229:17:230:13 | { ... } | | test.cpp:229:9:229:14 | ... == ... | true | test.cpp:229:17:230:13 | { ... } | +| test.cpp:232:9:232:9 | b | 0 | test.cpp:232:21:233:13 | { ... } | | test.cpp:232:9:232:18 | ... == ... | true | test.cpp:232:21:233:13 | { ... } | | test.cpp:235:9:235:17 | ... == ... | true | test.cpp:235:20:236:13 | { ... } | +| test.cpp:235:12:235:12 | i | 0 | test.cpp:235:20:236:13 | { ... } | | test.cpp:238:9:238:17 | ... == ... | true | test.cpp:238:20:239:13 | { ... } | | test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:22:241:30 | ms | | test.cpp:241:9:241:17 | ... == ... | true | test.cpp:241:35:241:43 | ms | @@ -167,30 +273,58 @@ | test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:35:241:43 | ms | | test.cpp:241:9:241:30 | ... && ... | true | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:9:241:43 | ... && ... | true | test.cpp:241:46:242:13 | { ... } | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:22:241:30 | ms | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:35:241:43 | ms | +| test.cpp:241:12:241:12 | i | 0 | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:35:241:43 | ms | | test.cpp:241:22:241:30 | ... == ... | true | test.cpp:241:46:242:13 | { ... } | | test.cpp:241:35:241:43 | ... == ... | true | test.cpp:241:46:242:13 | { ... } | +| test.cpp:241:38:241:38 | i | 0 | test.cpp:241:46:242:13 | { ... } | | test.cpp:247:6:247:18 | ... == ... | false | test.cpp:249:10:251:3 | { ... } | | test.cpp:247:6:247:18 | ... == ... | true | test.cpp:247:21:249:3 | { ... } | +| test.cpp:247:7:247:12 | ... == ... | 0 | test.cpp:247:21:249:3 | { ... } | +| test.cpp:247:7:247:12 | ... == ... | not 0 | test.cpp:249:10:251:3 | { ... } | | test.cpp:253:6:253:18 | ... != ... | false | test.cpp:255:10:257:3 | { ... } | | test.cpp:253:6:253:18 | ... != ... | true | test.cpp:253:21:255:3 | { ... } | +| test.cpp:253:7:253:12 | ... == ... | 0 | test.cpp:255:10:257:3 | { ... } | +| test.cpp:253:7:253:12 | ... == ... | not 0 | test.cpp:253:21:255:3 | { ... } | | test.cpp:260:6:260:18 | ... == ... | false | test.cpp:262:10:264:3 | { ... } | | test.cpp:260:6:260:18 | ... == ... | true | test.cpp:260:21:262:3 | { ... } | +| test.cpp:260:7:260:12 | ... != ... | 0 | test.cpp:260:21:262:3 | { ... } | +| test.cpp:260:7:260:12 | ... != ... | not 0 | test.cpp:262:10:264:3 | { ... } | | test.cpp:266:6:266:18 | ... != ... | false | test.cpp:268:10:270:3 | { ... } | | test.cpp:266:6:266:18 | ... != ... | true | test.cpp:266:21:268:3 | { ... } | +| test.cpp:266:7:266:12 | ... != ... | 0 | test.cpp:268:10:270:3 | { ... } | +| test.cpp:266:7:266:12 | ... != ... | not 0 | test.cpp:266:21:268:3 | { ... } | | test.cpp:273:6:273:17 | ... == ... | false | test.cpp:275:10:277:3 | { ... } | | test.cpp:273:6:273:17 | ... == ... | true | test.cpp:273:20:275:3 | { ... } | +| test.cpp:273:7:273:11 | ... < ... | 0 | test.cpp:273:20:275:3 | { ... } | +| test.cpp:273:7:273:11 | ... < ... | not 0 | test.cpp:275:10:277:3 | { ... } | | test.cpp:279:6:279:17 | ... != ... | false | test.cpp:281:10:283:3 | { ... } | | test.cpp:279:6:279:17 | ... != ... | true | test.cpp:279:20:281:3 | { ... } | +| test.cpp:279:7:279:11 | ... < ... | 0 | test.cpp:281:10:283:3 | { ... } | +| test.cpp:279:7:279:11 | ... < ... | not 0 | test.cpp:279:20:281:3 | { ... } | | test.cpp:287:6:287:19 | ... == ... | false | test.cpp:289:10:291:3 | { ... } | | test.cpp:287:6:287:19 | ... == ... | true | test.cpp:287:22:289:3 | { ... } | +| test.cpp:287:7:287:13 | ... == ... | 0 | test.cpp:287:22:289:3 | { ... } | +| test.cpp:287:7:287:13 | ... == ... | not 0 | test.cpp:289:10:291:3 | { ... } | | test.cpp:293:6:293:19 | ... != ... | false | test.cpp:295:10:297:3 | { ... } | | test.cpp:293:6:293:19 | ... != ... | true | test.cpp:293:22:295:3 | { ... } | +| test.cpp:293:7:293:13 | ... == ... | 0 | test.cpp:295:10:297:3 | { ... } | +| test.cpp:293:7:293:13 | ... == ... | not 0 | test.cpp:293:22:295:3 | { ... } | | test.cpp:300:6:300:19 | ... == ... | false | test.cpp:302:10:304:3 | { ... } | | test.cpp:300:6:300:19 | ... == ... | true | test.cpp:300:22:302:3 | { ... } | +| test.cpp:300:7:300:13 | ... != ... | 0 | test.cpp:300:22:302:3 | { ... } | +| test.cpp:300:7:300:13 | ... != ... | not 0 | test.cpp:302:10:304:3 | { ... } | | test.cpp:306:6:306:19 | ... != ... | false | test.cpp:308:10:310:3 | { ... } | | test.cpp:306:6:306:19 | ... != ... | true | test.cpp:306:22:308:3 | { ... } | +| test.cpp:306:7:306:13 | ... != ... | 0 | test.cpp:308:10:310:3 | { ... } | +| test.cpp:306:7:306:13 | ... != ... | not 0 | test.cpp:306:22:308:3 | { ... } | | test.cpp:312:6:312:18 | ... == ... | false | test.cpp:314:10:316:3 | { ... } | | test.cpp:312:6:312:18 | ... == ... | true | test.cpp:312:21:314:3 | { ... } | +| test.cpp:312:7:312:12 | ... < ... | 0 | test.cpp:312:21:314:3 | { ... } | +| test.cpp:312:7:312:12 | ... < ... | not 0 | test.cpp:314:10:316:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | false | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | true | test.cpp:318:21:320:3 | { ... } | +| test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:318:7:318:12 | ... < ... | not 0 | test.cpp:318:21:320:3 | { ... } | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index c9f52e5f190c..da36308f8786 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -219,18 +219,26 @@ binary | test.cpp:141:6:141:21 | call to __builtin_expect | test.cpp:141:28:141:29 | 42 | == | test.cpp:141:23:141:23 | a | 0 | test.cpp:141:36:142:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:23:145:23 | a | != | test.cpp:145:28:145:29 | 42 | 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:28:145:29 | 42 | != | test.cpp:145:23:145:23 | a | 0 | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:151:8:151:8 | a | >= | test.cpp:151:12:151:13 | 10 | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:151:12:151:13 | 10 | < | test.cpp:151:8:151:8 | a | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:158:12:158:12 | a | == | test.cpp:158:17:158:17 | b | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:158:17:158:17 | b | == | test.cpp:158:12:158:12 | a | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:166:12:166:12 | a | < | test.cpp:166:16:166:17 | 10 | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:166:16:166:17 | 10 | >= | test.cpp:166:12:166:12 | a | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:16:174:16 | b | >= | test.cpp:174:12:174:12 | a | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:16:174:16 | b | >= | test.cpp:174:12:174:12 | a | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:174:12:174:12 | a | < | test.cpp:174:16:174:16 | b | 1 | test.cpp:176:11:178:3 | { ... } | @@ -736,11 +744,17 @@ unary | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:7 | 1 | test.c:126:7:126:7 | 1 | == | 1 | test.c:134:1:123:10 | return ... | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:7:126:7 | 1 | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:7:126:28 | ... && ... | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:126:31:128:16 | { ... } | +| test.c:126:12:126:26 | call to test3_condition | test.c:126:12:126:26 | call to test3_condition | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | != | 0 | test.c:131:10:132:16 | { ... } | | test.c:131:7:131:7 | b | test.c:131:7:131:7 | b | == | 1 | test.c:131:10:132:16 | { ... } | | test.c:137:7:137:7 | 0 | test.c:137:7:137:7 | 0 | != | 1 | test.c:142:3:136:10 | return ... | @@ -835,8 +849,14 @@ unary | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | test.cpp:31:16:32:21 | { ... } | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | test.cpp:43:9:45:23 | { ... } | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | test.cpp:43:9:45:23 | { ... } | +| test.cpp:60:31:60:31 | i | test.cpp:61:10:61:10 | i | == | 0 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:60:31:60:31 | i | test.cpp:61:10:61:10 | i | == | 1 | test.cpp:65:5:66:10 | case ...: | | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 0 | test.cpp:62:5:64:12 | case ...: | | test.cpp:61:10:61:10 | i | test.cpp:61:10:61:10 | i | == | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | < | 11 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | < | 21 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | >= | 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | test.cpp:74:10:74:10 | i | >= | 11 | test.cpp:78:5:79:10 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 11 | test.cpp:75:5:77:12 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | < | 21 | test.cpp:78:5:79:10 | case ...: | | test.cpp:74:10:74:10 | i | test.cpp:74:10:74:10 | i | >= | 0 | test.cpp:75:5:77:12 | case ...: | @@ -849,6 +869,10 @@ unary | test.cpp:105:6:105:14 | ... != ... | test.cpp:105:6:105:14 | ... != ... | == | 1 | test.cpp:105:17:106:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | test.cpp:111:6:111:14 | ... != ... | != | 0 | test.cpp:111:17:112:7 | { ... } | | test.cpp:111:6:111:14 | ... != ... | test.cpp:111:6:111:14 | ... != ... | == | 1 | test.cpp:111:17:112:7 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:125:23:125:29 | return ... | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:123:5:125:20 | { ... } | +| test.cpp:119:16:119:16 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:123:5:125:20 | { ... } | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | != | 0 | test.cpp:125:23:125:29 | return ... | | test.cpp:122:9:122:9 | b | test.cpp:122:9:122:9 | b | == | 1 | test.cpp:123:5:125:20 | { ... } | @@ -871,6 +895,11 @@ unary | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:6:145:21 | call to __builtin_expect | != | 0 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:6:145:21 | call to __builtin_expect | == | 1 | test.cpp:145:36:146:9 | { ... } | | test.cpp:145:6:145:21 | call to __builtin_expect | test.cpp:145:23:145:23 | a | != | 42 | test.cpp:145:36:146:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:8 | a | >= | 10 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:13 | ... < ... | != | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:151:8:151:13 | ... < ... | == | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:152:8:152:8 | b | != | 1 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:151:8:151:13 | ... < ... | test.cpp:152:8:152:8 | b | == | 0 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:8 | a | >= | 10 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:13 | ... < ... | != | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:7:152:8 | ! ... | test.cpp:151:8:151:13 | ... < ... | == | 0 | test.cpp:152:11:153:9 | { ... } | @@ -885,6 +914,10 @@ unary | test.cpp:152:8:152:8 | b | test.cpp:152:7:152:8 | ! ... | == | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:152:8:152:8 | b | != | 1 | test.cpp:152:11:153:9 | { ... } | | test.cpp:152:8:152:8 | b | test.cpp:152:8:152:8 | b | == | 0 | test.cpp:152:11:153:9 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:17 | ... != ... | != | 1 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:158:12:158:17 | ... != ... | == | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:160:8:160:8 | c | != | 1 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:158:12:158:17 | ... != ... | test.cpp:160:8:160:8 | c | == | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:17 | ... != ... | != | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:158:12:158:17 | ... != ... | == | 0 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:7:160:8 | ! ... | test.cpp:160:7:160:8 | ! ... | != | 0 | test.cpp:160:11:162:3 | { ... } | @@ -897,6 +930,11 @@ unary | test.cpp:160:8:160:8 | c | test.cpp:160:7:160:8 | ! ... | == | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:160:8:160:8 | c | != | 1 | test.cpp:160:11:162:3 | { ... } | | test.cpp:160:8:160:8 | c | test.cpp:160:8:160:8 | c | == | 0 | test.cpp:160:11:162:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:12 | a | < | 11 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:17 | ... > ... | != | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:166:12:166:17 | ... > ... | == | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:168:8:168:8 | b | != | 1 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:166:12:166:17 | ... > ... | test.cpp:168:8:168:8 | b | == | 0 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:12 | a | < | 11 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:17 | ... > ... | != | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:7:168:8 | ! ... | test.cpp:166:12:166:17 | ... > ... | == | 0 | test.cpp:168:11:170:3 | { ... } | @@ -911,6 +949,10 @@ unary | test.cpp:168:8:168:8 | b | test.cpp:168:7:168:8 | ! ... | == | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:168:8:168:8 | b | != | 1 | test.cpp:168:11:170:3 | { ... } | | test.cpp:168:8:168:8 | b | test.cpp:168:8:168:8 | b | == | 0 | test.cpp:168:11:170:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:16 | ... > ... | != | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:174:12:174:16 | ... > ... | == | 0 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:176:8:176:8 | c | != | 1 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:174:12:174:16 | ... > ... | test.cpp:176:8:176:8 | c | == | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:16 | ... > ... | != | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:174:12:174:16 | ... > ... | == | 0 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:7:176:8 | ! ... | test.cpp:176:7:176:8 | ! ... | != | 0 | test.cpp:176:11:178:3 | { ... } | @@ -923,6 +965,16 @@ unary | test.cpp:176:8:176:8 | c | test.cpp:176:7:176:8 | ! ... | == | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | != | 1 | test.cpp:176:11:178:3 | { ... } | | test.cpp:176:8:176:8 | c | test.cpp:176:8:176:8 | c | == | 0 | test.cpp:176:11:178:3 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:182:14:182:15 | b2 | +| test.cpp:181:28:181:29 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:181:37:181:38 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 0 | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:6:182:16 | ! ... | test.cpp:182:6:182:16 | ! ... | == | 0 | test.cpp:185:10:188:7 | { ... } | @@ -937,8 +989,10 @@ unary | test.cpp:182:6:182:16 | ! ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | != | 0 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:182:14:182:15 | b2 | +| test.cpp:182:8:182:9 | b1 | test.cpp:182:8:182:9 | b1 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 0 | test.cpp:182:19:184:7 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:6:182:16 | ! ... | != | 1 | test.cpp:185:10:188:7 | { ... } | @@ -960,7 +1014,19 @@ unary | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | | test.cpp:182:8:182:15 | ... && ... | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | != | 0 | test.cpp:185:10:188:7 | { ... } | | test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:181:41:182:9 | { ... } | +| test.cpp:182:14:182:15 | b2 | test.cpp:182:14:182:15 | b2 | == | 1 | test.cpp:185:10:188:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:14:193:15 | b2 | +| test.cpp:192:27:192:28 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:193:19:196:7 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:192:36:192:37 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | != | 1 | test.cpp:197:10:199:7 | { ... } | | test.cpp:193:6:193:16 | ! ... | test.cpp:193:6:193:16 | ! ... | == | 0 | test.cpp:197:10:199:7 | { ... } | @@ -975,8 +1041,10 @@ unary | test.cpp:193:6:193:16 | ! ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | != | 1 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:14:193:15 | b2 | +| test.cpp:193:8:193:9 | b1 | test.cpp:193:8:193:9 | b1 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:6:193:16 | ! ... | != | 1 | test.cpp:197:10:199:7 | { ... } | @@ -998,7 +1066,9 @@ unary | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | | test.cpp:193:8:193:15 | ... \|\| ... | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | != | 1 | test.cpp:193:19:196:7 | { ... } | | test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:192:40:193:9 | { ... } | +| test.cpp:193:14:193:15 | b2 | test.cpp:193:14:193:15 | b2 | == | 0 | test.cpp:193:19:196:7 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:10 | sc | == | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:15 | ... == ... | != | 0 | test.cpp:211:18:212:13 | { ... } | | test.cpp:211:9:211:15 | ... == ... | test.cpp:211:9:211:15 | ... == ... | == | 1 | test.cpp:211:18:212:13 | { ... } | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected index c0ed43fee9b3..1591a287d9fb 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/IncorrectCheckScanf.expected @@ -1,5 +1,6 @@ | test.cpp:162:7:162:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:171:7:171:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | +| test.cpp:193:7:193:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:204:7:204:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:436:7:436:11 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | | test.cpp:443:11:443:15 | call to scanf | The result of scanf is only checked against 0, but it can also return EOF. | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected index 6dfe60dcb8ca..9b7564b9123d 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/MissingCheckScanf.expected @@ -15,7 +15,6 @@ edges | test.cpp:141:19:141:20 | scanf output argument | test.cpp:143:8:143:8 | i | provenance | | | test.cpp:150:23:150:24 | scanf output argument | test.cpp:154:9:154:9 | i | provenance | | | test.cpp:181:19:181:20 | scanf output argument | test.cpp:185:8:185:8 | i | provenance | | -| test.cpp:193:19:193:20 | scanf output argument | test.cpp:197:8:197:8 | i | provenance | | | test.cpp:211:22:211:23 | scanf output argument | test.cpp:213:8:213:8 | i | provenance | | | test.cpp:221:22:221:23 | scanf output argument | test.cpp:223:8:223:8 | i | provenance | | | test.cpp:221:26:221:27 | scanf output argument | test.cpp:224:8:224:8 | j | provenance | | @@ -89,8 +88,6 @@ nodes | test.cpp:154:9:154:9 | i | semmle.label | i | | test.cpp:181:19:181:20 | scanf output argument | semmle.label | scanf output argument | | test.cpp:185:8:185:8 | i | semmle.label | i | -| test.cpp:193:19:193:20 | scanf output argument | semmle.label | scanf output argument | -| test.cpp:197:8:197:8 | i | semmle.label | i | | test.cpp:211:22:211:23 | scanf output argument | semmle.label | scanf output argument | | test.cpp:213:8:213:8 | i | semmle.label | i | | test.cpp:221:22:221:23 | scanf output argument | semmle.label | scanf output argument | diff --git a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp index 92f5d10ddd9e..346cf607977b 100644 --- a/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp +++ b/cpp/ql/test/query-tests/Critical/MissingCheckScanf/test.cpp @@ -194,7 +194,7 @@ int main() if (b >= 1) { - use(i); // BAD [NOT DETECTED]: scanf can return EOF (boolifies true) + use(i); // BAD: scanf can return EOF (boolifies true) } } From fbd877a11881d86730e217582e28d55086b4056c Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:44:17 +0100 Subject: [PATCH 033/307] C++: Delete a test. This is no longer useful when every expression is a guard condition. --- .../controlflow/guards-ir/tests.expected | 75 - .../controlflow/guards-ir/tests.ql | 4 - .../controlflow/guards/Guards.expected | 1544 ----------------- .../controlflow/guards/Guards.ql | 5 - 4 files changed, 1628 deletions(-) delete mode 100644 cpp/ql/test/library-tests/controlflow/guards/Guards.expected delete mode 100644 cpp/ql/test/library-tests/controlflow/guards/Guards.ql diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected index 900b65eb7bd8..2e18dcd7a620 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.expected @@ -1,44 +1,3 @@ -astGuards -| test.c:7:9:7:13 | ... > ... | -| test.c:17:8:17:12 | ... < ... | -| test.c:17:8:17:21 | ... && ... | -| test.c:17:17:17:21 | ... > ... | -| test.c:26:11:26:15 | ... > ... | -| test.c:34:16:34:21 | ... < ... | -| test.c:42:16:42:21 | ... < ... | -| test.c:44:12:44:16 | ... > ... | -| test.c:45:16:45:20 | ... > ... | -| test.c:58:9:58:14 | ... == ... | -| test.c:58:9:58:23 | ... \|\| ... | -| test.c:58:19:58:23 | ... < ... | -| test.c:75:9:75:14 | ... == ... | -| test.c:85:8:85:13 | ... == ... | -| test.c:85:8:85:23 | ... && ... | -| test.c:85:18:85:23 | ... != ... | -| test.c:94:11:94:16 | ... != ... | -| test.c:102:16:102:21 | ... < ... | -| test.c:109:9:109:14 | ... == ... | -| test.c:109:9:109:23 | ... \|\| ... | -| test.c:109:19:109:23 | ... < ... | -| test.c:126:7:126:7 | 1 | -| test.c:126:7:126:28 | ... && ... | -| test.c:126:12:126:26 | call to test3_condition | -| test.c:131:7:131:7 | b | -| test.c:137:7:137:7 | 0 | -| test.c:146:7:146:8 | ! ... | -| test.c:146:8:146:8 | x | -| test.c:152:10:152:10 | x | -| test.c:152:10:152:15 | ... && ... | -| test.c:152:15:152:15 | y | -| test.c:156:9:156:19 | ... == ... | -| test.c:159:9:159:19 | ... == ... | -| test.c:162:9:162:18 | ... < ... | -| test.c:165:9:165:18 | ... < ... | -| test.c:175:13:175:32 | ... == ... | -| test.c:181:9:181:9 | x | -| test.cpp:18:8:18:10 | call to get | -| test.cpp:31:7:31:13 | ... == ... | -| test.cpp:42:13:42:20 | call to getABool | astGuardsCompare | 7 | 0 < x+0 when ... > ... is true | | 7 | 0 >= x+0 when ... > ... is false | @@ -901,40 +860,6 @@ astGuardsEnsure_const | test.cpp:31:7:31:13 | ... == ... | test.cpp:31:7:31:13 | ... == ... | == | 1 | 31 | 32 | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | != | 0 | 43 | 45 | | test.cpp:42:13:42:20 | call to getABool | test.cpp:42:13:42:20 | call to getABool | == | 1 | 43 | 45 | -irGuards -| test.c:7:9:7:13 | CompareGT: ... > ... | -| test.c:17:8:17:12 | CompareLT: ... < ... | -| test.c:17:17:17:21 | CompareGT: ... > ... | -| test.c:26:11:26:15 | CompareGT: ... > ... | -| test.c:34:16:34:21 | CompareLT: ... < ... | -| test.c:42:16:42:21 | CompareLT: ... < ... | -| test.c:44:12:44:16 | CompareGT: ... > ... | -| test.c:45:16:45:20 | CompareGT: ... > ... | -| test.c:58:9:58:14 | CompareEQ: ... == ... | -| test.c:58:19:58:23 | CompareLT: ... < ... | -| test.c:75:9:75:14 | CompareEQ: ... == ... | -| test.c:85:8:85:13 | CompareEQ: ... == ... | -| test.c:85:18:85:23 | CompareNE: ... != ... | -| test.c:94:11:94:16 | CompareNE: ... != ... | -| test.c:102:16:102:21 | CompareLT: ... < ... | -| test.c:109:9:109:14 | CompareEQ: ... == ... | -| test.c:109:19:109:23 | CompareLT: ... < ... | -| test.c:126:7:126:7 | CompareNE: 1 | -| test.c:126:12:126:26 | CompareNE: call to test3_condition | -| test.c:131:7:131:7 | CompareNE: b | -| test.c:137:7:137:7 | CompareNE: 0 | -| test.c:146:7:146:8 | CompareEQ: ! ... | -| test.c:152:10:152:10 | CompareNE: x | -| test.c:152:15:152:15 | CompareNE: y | -| test.c:156:9:156:19 | CompareEQ: ... == ... | -| test.c:159:9:159:19 | CompareEQ: ... == ... | -| test.c:162:9:162:18 | CompareLT: ... < ... | -| test.c:165:9:165:18 | CompareLT: ... < ... | -| test.c:175:13:175:32 | CompareEQ: ... == ... | -| test.c:181:9:181:9 | CompareNE: x | -| test.cpp:18:8:18:12 | CompareNE: (bool)... | -| test.cpp:31:7:31:13 | CompareEQ: ... == ... | -| test.cpp:42:13:42:20 | Call: call to getABool | irGuardsCompare | 7 | 0 < x+0 when CompareGT: ... > ... is true | | 7 | 0 >= x+0 when CompareGT: ... > ... is false | diff --git a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql index e1009307880c..f91ae1e423d8 100644 --- a/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql +++ b/cpp/ql/test/library-tests/controlflow/guards-ir/tests.ql @@ -1,8 +1,6 @@ import cpp import semmle.code.cpp.controlflow.IRGuards -query predicate astGuards(GuardCondition guard) { any() } - query predicate astGuardsCompare(int startLine, string msg) { exists(GuardCondition guard, Expr left, int k, string op | exists(boolean sense, string which | @@ -70,8 +68,6 @@ query predicate astGuardsEnsure_const( ) } -query predicate irGuards(IRGuardCondition guard) { any() } - query predicate irGuardsCompare(int startLine, string msg) { exists(IRGuardCondition guard, Operand left, int k, string op | exists(boolean sense, string which | diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected b/cpp/ql/test/library-tests/controlflow/guards/Guards.expected deleted file mode 100644 index d26dd740e64e..000000000000 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.expected +++ /dev/null @@ -1,1544 +0,0 @@ -| file://:0:0:0:0 | | -| file://:0:0:0:0 | & | -| file://:0:0:0:0 | && | -| file://:0:0:0:0 | (global namespace) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 0) | -| file://:0:0:0:0 | (unnamed parameter 1) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..()(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ..(*)(..) | -| file://:0:0:0:0 | ../../../library-tests | -| file://:0:0:0:0 | ../../controlflow | -| file://:0:0:0:0 | ../guards | -| file://:0:0:0:0 | / | -| file://:0:0:0:0 | /Users | -| file://:0:0:0:0 | /Users/mathias | -| file://:0:0:0:0 | /Users/mathias/semmle-code | -| file://:0:0:0:0 | /Users/mathias/semmle-code/ql | -| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp | -| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp/ql | -| file://:0:0:0:0 | /Users/mathias/semmle-code/ql/cpp/ql/test | -| file://:0:0:0:0 | Error & | -| file://:0:0:0:0 | Error && | -| file://:0:0:0:0 | Error * | -| file://:0:0:0:0 | Mystruct & | -| file://:0:0:0:0 | Mystruct && | -| file://:0:0:0:0 | X & | -| file://:0:0:0:0 | X && | -| file://:0:0:0:0 | X * | -| file://:0:0:0:0 | Y & | -| file://:0:0:0:0 | Y && | -| file://:0:0:0:0 | Y * | -| file://:0:0:0:0 | _Complex _Float16 | -| file://:0:0:0:0 | _Complex _Float32 | -| file://:0:0:0:0 | _Complex _Float32x | -| file://:0:0:0:0 | _Complex _Float64 | -| file://:0:0:0:0 | _Complex _Float64x | -| file://:0:0:0:0 | _Complex _Float128 | -| file://:0:0:0:0 | _Complex __bf16 | -| file://:0:0:0:0 | _Complex __float128 | -| file://:0:0:0:0 | _Complex __fp16 | -| file://:0:0:0:0 | _Complex double | -| file://:0:0:0:0 | _Complex float | -| file://:0:0:0:0 | _Complex long double | -| file://:0:0:0:0 | _Complex std::float16_t | -| file://:0:0:0:0 | _Decimal32 | -| file://:0:0:0:0 | _Decimal64 | -| file://:0:0:0:0 | _Decimal128 | -| file://:0:0:0:0 | _Float16 | -| file://:0:0:0:0 | _Float32 | -| file://:0:0:0:0 | _Float32x | -| file://:0:0:0:0 | _Float64 | -| file://:0:0:0:0 | _Float64x | -| file://:0:0:0:0 | _Float128 | -| file://:0:0:0:0 | _Imaginary double | -| file://:0:0:0:0 | _Imaginary float | -| file://:0:0:0:0 | _Imaginary long double | -| file://:0:0:0:0 | __SVCount_t | -| file://:0:0:0:0 | __bf16 | -| file://:0:0:0:0 | __block | -| file://:0:0:0:0 | __builtin_expect | -| file://:0:0:0:0 | __float128 | -| file://:0:0:0:0 | __fp16 | -| file://:0:0:0:0 | __int128 | -| file://:0:0:0:0 | __interface | -| file://:0:0:0:0 | __mfp8 | -| file://:0:0:0:0 | __ptr32 | -| file://:0:0:0:0 | __ptr64 | -| file://:0:0:0:0 | __sptr | -| file://:0:0:0:0 | __super | -| file://:0:0:0:0 | __uptr | -| file://:0:0:0:0 | __va_list_tag | -| file://:0:0:0:0 | __va_list_tag & | -| file://:0:0:0:0 | __va_list_tag && | -| file://:0:0:0:0 | abstract | -| file://:0:0:0:0 | atomic | -| file://:0:0:0:0 | auto | -| file://:0:0:0:0 | auto | -| file://:0:0:0:0 | bool | -| file://:0:0:0:0 | bool & | -| file://:0:0:0:0 | c_linkage | -| file://:0:0:0:0 | cdecl | -| file://:0:0:0:0 | char | -| file://:0:0:0:0 | char8_t | -| file://:0:0:0:0 | char16_t | -| file://:0:0:0:0 | char32_t | -| file://:0:0:0:0 | char * | -| file://:0:0:0:0 | clrcall | -| file://:0:0:0:0 | const | -| file://:0:0:0:0 | const Error | -| file://:0:0:0:0 | const Error & | -| file://:0:0:0:0 | const Mystruct | -| file://:0:0:0:0 | const Mystruct & | -| file://:0:0:0:0 | const X | -| file://:0:0:0:0 | const X & | -| file://:0:0:0:0 | const X * | -| file://:0:0:0:0 | const Y | -| file://:0:0:0:0 | const Y & | -| file://:0:0:0:0 | const Y * | -| file://:0:0:0:0 | const __va_list_tag | -| file://:0:0:0:0 | const __va_list_tag & | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declaration of (unnamed parameter 0) | -| file://:0:0:0:0 | declared_constexpr | -| file://:0:0:0:0 | declared_constinit | -| file://:0:0:0:0 | declared_virtual | -| file://:0:0:0:0 | decltype(nullptr) | -| file://:0:0:0:0 | definition of fp_offset | -| file://:0:0:0:0 | definition of gp_offset | -| file://:0:0:0:0 | definition of overflow_arg_area | -| file://:0:0:0:0 | definition of reg_save_area | -| file://:0:0:0:0 | dllexport | -| file://:0:0:0:0 | dllimport | -| file://:0:0:0:0 | double | -| file://:0:0:0:0 | error | -| file://:0:0:0:0 | explicit | -| file://:0:0:0:0 | extern | -| file://:0:0:0:0 | far | -| file://:0:0:0:0 | fastcall | -| file://:0:0:0:0 | final | -| file://:0:0:0:0 | float | -| file://:0:0:0:0 | forceinline | -| file://:0:0:0:0 | fp_offset | -| file://:0:0:0:0 | gp_offset | -| file://:0:0:0:0 | has_trailing_return_type | -| file://:0:0:0:0 | implicit_int | -| file://:0:0:0:0 | inline | -| file://:0:0:0:0 | int | -| file://:0:0:0:0 | is_consteval | -| file://:0:0:0:0 | is_constexpr | -| file://:0:0:0:0 | is_thread_local | -| file://:0:0:0:0 | long | -| file://:0:0:0:0 | long double | -| file://:0:0:0:0 | long long | -| file://:0:0:0:0 | microsoft_inline | -| file://:0:0:0:0 | naked | -| file://:0:0:0:0 | near | -| file://:0:0:0:0 | noalias | -| file://:0:0:0:0 | noinline | -| file://:0:0:0:0 | nonnull | -| file://:0:0:0:0 | noreturn | -| file://:0:0:0:0 | nothrow | -| file://:0:0:0:0 | novtable | -| file://:0:0:0:0 | null_unspecified | -| file://:0:0:0:0 | nullable | -| file://:0:0:0:0 | operator delete | -| file://:0:0:0:0 | operator new | -| file://:0:0:0:0 | operator= | -| file://:0:0:0:0 | operator= | -| file://:0:0:0:0 | optional | -| file://:0:0:0:0 | overflow_arg_area | -| file://:0:0:0:0 | override | -| file://:0:0:0:0 | private | -| file://:0:0:0:0 | protected | -| file://:0:0:0:0 | public | -| file://:0:0:0:0 | pure | -| file://:0:0:0:0 | reg_save_area | -| file://:0:0:0:0 | register | -| file://:0:0:0:0 | restrict | -| file://:0:0:0:0 | sealed | -| file://:0:0:0:0 | selectany | -| file://:0:0:0:0 | short | -| file://:0:0:0:0 | signed __int128 | -| file://:0:0:0:0 | signed char | -| file://:0:0:0:0 | signed int | -| file://:0:0:0:0 | signed long | -| file://:0:0:0:0 | signed long long | -| file://:0:0:0:0 | signed short | -| file://:0:0:0:0 | static | -| file://:0:0:0:0 | std::float16_t | -| file://:0:0:0:0 | stdcall | -| file://:0:0:0:0 | thiscall | -| file://:0:0:0:0 | thread | -| file://:0:0:0:0 | unaligned | -| file://:0:0:0:0 | unknown | -| file://:0:0:0:0 | unsigned __int128 | -| file://:0:0:0:0 | unsigned char | -| file://:0:0:0:0 | unsigned int | -| file://:0:0:0:0 | unsigned long | -| file://:0:0:0:0 | unsigned long long | -| file://:0:0:0:0 | unsigned short | -| file://:0:0:0:0 | varargs | -| file://:0:0:0:0 | vectorcall | -| file://:0:0:0:0 | virtual | -| file://:0:0:0:0 | void | -| file://:0:0:0:0 | void * | -| file://:0:0:0:0 | volatile | -| file://:0:0:0:0 | wchar_t | -| test.c:0:0:0:0 | test.c | -| test.c:2:5:2:8 | definition of test | -| test.c:2:5:2:8 | test | -| test.c:2:14:2:14 | definition of x | -| test.c:2:14:2:14 | x | -| test.c:2:21:2:21 | definition of w | -| test.c:2:21:2:21 | w | -| test.c:2:28:2:28 | definition of z | -| test.c:2:28:2:28 | z | -| test.c:2:31:67:1 | { ... } | -| test.c:3:5:3:10 | declaration | -| test.c:3:9:3:9 | definition of j | -| test.c:3:9:3:9 | j | -| test.c:4:5:4:16 | declaration | -| test.c:4:10:4:10 | definition of y | -| test.c:4:10:4:10 | y | -| test.c:4:13:4:15 | initializer for y | -| test.c:4:14:4:15 | 50 | -| test.c:4:14:4:15 | (long)... | -| test.c:6:5:6:24 | // simple comparison | -| test.c:7:5:12:5 | if (...) ... | -| test.c:7:9:7:9 | x | -| test.c:7:9:7:13 | ... > ... | -| test.c:7:13:7:13 | 0 | -| test.c:7:16:10:5 | { ... } | -| test.c:8:9:8:9 | y | -| test.c:8:9:8:14 | ... = ... | -| test.c:8:9:8:15 | ExprStmt | -| test.c:8:13:8:14 | 20 | -| test.c:8:13:8:14 | (long)... | -| test.c:9:9:9:9 | z | -| test.c:9:9:9:14 | ... = ... | -| test.c:9:9:9:15 | ExprStmt | -| test.c:9:13:9:14 | 10 | -| test.c:10:12:12:5 | { ... } | -| test.c:11:9:11:9 | y | -| test.c:11:9:11:14 | ... = ... | -| test.c:11:9:11:15 | ExprStmt | -| test.c:11:13:11:14 | 30 | -| test.c:11:13:11:14 | (long)... | -| test.c:14:5:14:5 | z | -| test.c:14:5:14:13 | ... = ... | -| test.c:14:5:14:14 | ExprStmt | -| test.c:14:9:14:9 | (long)... | -| test.c:14:9:14:9 | x | -| test.c:14:9:14:13 | (int)... | -| test.c:14:9:14:13 | ... + ... | -| test.c:14:13:14:13 | y | -| test.c:16:5:16:19 | // More complex | -| test.c:17:5:20:15 | if (...) ... | -| test.c:17:8:17:8 | x | -| test.c:17:8:17:12 | ... < ... | -| test.c:17:8:17:21 | ... && ... | -| test.c:17:12:17:12 | 0 | -| test.c:17:17:17:17 | y | -| test.c:17:17:17:21 | ... > ... | -| test.c:17:21:17:21 | 1 | -| test.c:17:21:17:21 | (long)... | -| test.c:18:9:18:9 | y | -| test.c:18:9:18:14 | ... = ... | -| test.c:18:9:18:15 | ExprStmt | -| test.c:18:13:18:14 | 40 | -| test.c:18:13:18:14 | (long)... | -| test.c:20:9:20:9 | y | -| test.c:20:9:20:14 | ... = ... | -| test.c:20:9:20:15 | ExprStmt | -| test.c:20:13:20:14 | 20 | -| test.c:20:13:20:14 | (long)... | -| test.c:20:18:20:111 | /* The && expression does not control this block as the x<0 expression jumps here if false. */ | -| test.c:23:5:23:5 | z | -| test.c:23:5:23:10 | ... = ... | -| test.c:23:5:23:11 | ExprStmt | -| test.c:23:9:23:10 | 10 | -| test.c:25:5:25:17 | // while loop | -| test.c:26:5:29:5 | while (...) ... | -| test.c:26:11:26:11 | x | -| test.c:26:11:26:15 | ... > ... | -| test.c:26:15:26:15 | 0 | -| test.c:26:18:29:5 | { ... } | -| test.c:27:9:27:9 | y | -| test.c:27:9:27:14 | ... = ... | -| test.c:27:9:27:15 | ExprStmt | -| test.c:27:13:27:14 | 10 | -| test.c:27:13:27:14 | (long)... | -| test.c:28:9:28:9 | x | -| test.c:28:9:28:11 | ... -- | -| test.c:28:9:28:12 | ExprStmt | -| test.c:31:5:31:5 | z | -| test.c:31:5:31:10 | ... += ... | -| test.c:31:5:31:11 | ExprStmt | -| test.c:31:10:31:10 | y | -| test.c:33:5:33:15 | // for loop | -| test.c:34:5:37:5 | for(...;...;...) ... | -| test.c:34:9:34:9 | j | -| test.c:34:9:34:13 | ... = ... | -| test.c:34:9:34:14 | ExprStmt | -| test.c:34:13:34:13 | 0 | -| test.c:34:16:34:16 | j | -| test.c:34:16:34:21 | ... < ... | -| test.c:34:20:34:21 | 10 | -| test.c:34:24:34:24 | j | -| test.c:34:24:34:26 | ... ++ | -| test.c:34:29:37:5 | { ... } | -| test.c:35:9:35:9 | y | -| test.c:35:9:35:13 | ... = ... | -| test.c:35:9:35:14 | ExprStmt | -| test.c:35:13:35:13 | 0 | -| test.c:35:13:35:13 | (long)... | -| test.c:36:9:36:9 | w | -| test.c:36:9:36:14 | ... = ... | -| test.c:36:9:36:15 | ExprStmt | -| test.c:36:13:36:14 | 10 | -| test.c:39:5:39:5 | z | -| test.c:39:5:39:10 | ... += ... | -| test.c:39:5:39:11 | ExprStmt | -| test.c:39:10:39:10 | w | -| test.c:41:5:41:26 | // nested control flow | -| test.c:42:5:42:5 | label ...: | -| test.c:42:5:42:5 | { ... } | -| test.c:42:5:56:5 | for(...;...;...) ... | -| test.c:42:9:42:9 | j | -| test.c:42:9:42:13 | ... = ... | -| test.c:42:9:42:14 | ExprStmt | -| test.c:42:13:42:13 | 0 | -| test.c:42:16:42:16 | j | -| test.c:42:16:42:21 | ... < ... | -| test.c:42:20:42:21 | 10 | -| test.c:42:24:42:24 | j | -| test.c:42:24:42:26 | ... ++ | -| test.c:42:29:56:5 | { ... } | -| test.c:43:9:43:9 | y | -| test.c:43:9:43:14 | ... = ... | -| test.c:43:9:43:15 | ExprStmt | -| test.c:43:13:43:14 | 30 | -| test.c:43:13:43:14 | (long)... | -| test.c:44:9:54:9 | if (...) ... | -| test.c:44:12:44:12 | z | -| test.c:44:12:44:16 | ... > ... | -| test.c:44:16:44:16 | 0 | -| test.c:45:13:50:13 | if (...) ... | -| test.c:45:16:45:16 | y | -| test.c:45:16:45:20 | ... > ... | -| test.c:45:20:45:20 | 0 | -| test.c:45:20:45:20 | (long)... | -| test.c:45:23:48:13 | { ... } | -| test.c:46:17:46:17 | w | -| test.c:46:17:46:21 | ... = ... | -| test.c:46:17:46:22 | ExprStmt | -| test.c:46:21:46:21 | 0 | -| test.c:47:17:47:22 | break; | -| test.c:48:20:50:13 | { ... } | -| test.c:49:17:49:17 | w | -| test.c:49:17:49:22 | ... = ... | -| test.c:49:17:49:23 | ExprStmt | -| test.c:49:21:49:22 | 20 | -| test.c:51:14:54:9 | { ... } | -| test.c:52:13:52:13 | w | -| test.c:52:13:52:18 | ... = ... | -| test.c:52:13:52:19 | ExprStmt | -| test.c:52:17:52:18 | 10 | -| test.c:53:13:53:21 | continue; | -| test.c:55:9:55:9 | x | -| test.c:55:9:55:13 | ... = ... | -| test.c:55:9:55:14 | ExprStmt | -| test.c:55:13:55:13 | 0 | -| test.c:56:5:56:5 | label ...: | -| test.c:58:5:62:17 | if (...) ... | -| test.c:58:9:58:9 | x | -| test.c:58:9:58:14 | ... == ... | -| test.c:58:9:58:23 | ... \|\| ... | -| test.c:58:14:58:14 | 0 | -| test.c:58:19:58:19 | y | -| test.c:58:19:58:23 | ... < ... | -| test.c:58:23:58:23 | 0 | -| test.c:58:23:58:23 | (long)... | -| test.c:58:26:61:5 | { ... } | -| test.c:59:9:59:9 | y | -| test.c:59:9:59:14 | ... = ... | -| test.c:59:9:59:15 | ExprStmt | -| test.c:59:13:59:14 | 60 | -| test.c:59:13:59:14 | (long)... | -| test.c:60:9:60:9 | z | -| test.c:60:9:60:14 | ... = ... | -| test.c:60:9:60:15 | ExprStmt | -| test.c:60:13:60:14 | 10 | -| test.c:62:9:62:17 | return ... | -| test.c:62:16:62:16 | z | -| test.c:64:5:64:5 | z | -| test.c:64:5:64:10 | ... += ... | -| test.c:64:5:64:11 | ExprStmt | -| test.c:64:10:64:10 | x | -| test.c:66:5:66:13 | return ... | -| test.c:66:12:66:12 | 0 | -| test.c:70:5:70:9 | definition of test2 | -| test.c:70:5:70:9 | test2 | -| test.c:70:15:70:15 | definition of x | -| test.c:70:15:70:15 | x | -| test.c:70:22:70:22 | definition of w | -| test.c:70:22:70:22 | w | -| test.c:70:29:70:29 | definition of z | -| test.c:70:29:70:29 | z | -| test.c:70:32:118:1 | { ... } | -| test.c:71:5:71:10 | declaration | -| test.c:71:9:71:9 | definition of j | -| test.c:71:9:71:9 | j | -| test.c:72:5:72:16 | declaration | -| test.c:72:10:72:10 | definition of y | -| test.c:72:10:72:10 | y | -| test.c:72:13:72:15 | initializer for y | -| test.c:72:14:72:15 | 50 | -| test.c:72:14:72:15 | (long)... | -| test.c:74:5:74:24 | // simple comparison | -| test.c:75:5:80:5 | if (...) ... | -| test.c:75:9:75:9 | x | -| test.c:75:9:75:14 | ... == ... | -| test.c:75:14:75:14 | 0 | -| test.c:75:17:78:5 | { ... } | -| test.c:76:9:76:9 | y | -| test.c:76:9:76:14 | ... = ... | -| test.c:76:9:76:15 | ExprStmt | -| test.c:76:13:76:14 | 20 | -| test.c:76:13:76:14 | (long)... | -| test.c:77:9:77:9 | z | -| test.c:77:9:77:14 | ... = ... | -| test.c:77:9:77:15 | ExprStmt | -| test.c:77:13:77:14 | 10 | -| test.c:78:12:80:5 | { ... } | -| test.c:79:9:79:9 | y | -| test.c:79:9:79:14 | ... = ... | -| test.c:79:9:79:15 | ExprStmt | -| test.c:79:13:79:14 | 30 | -| test.c:79:13:79:14 | (long)... | -| test.c:82:5:82:5 | z | -| test.c:82:5:82:13 | ... = ... | -| test.c:82:5:82:14 | ExprStmt | -| test.c:82:9:82:9 | (long)... | -| test.c:82:9:82:9 | x | -| test.c:82:9:82:13 | (int)... | -| test.c:82:9:82:13 | ... + ... | -| test.c:82:13:82:13 | y | -| test.c:84:5:84:19 | // More complex | -| test.c:85:5:88:15 | if (...) ... | -| test.c:85:8:85:8 | x | -| test.c:85:8:85:13 | ... == ... | -| test.c:85:8:85:23 | ... && ... | -| test.c:85:13:85:13 | 0 | -| test.c:85:18:85:18 | y | -| test.c:85:18:85:23 | ... != ... | -| test.c:85:23:85:23 | 0 | -| test.c:85:23:85:23 | (long)... | -| test.c:86:9:86:9 | y | -| test.c:86:9:86:14 | ... = ... | -| test.c:86:9:86:15 | ExprStmt | -| test.c:86:13:86:14 | 40 | -| test.c:86:13:86:14 | (long)... | -| test.c:88:9:88:9 | y | -| test.c:88:9:88:14 | ... = ... | -| test.c:88:9:88:15 | ExprStmt | -| test.c:88:13:88:14 | 20 | -| test.c:88:13:88:14 | (long)... | -| test.c:91:5:91:5 | z | -| test.c:91:5:91:10 | ... = ... | -| test.c:91:5:91:11 | ExprStmt | -| test.c:91:9:91:10 | 10 | -| test.c:93:5:93:17 | // while loop | -| test.c:94:5:97:5 | while (...) ... | -| test.c:94:11:94:11 | x | -| test.c:94:11:94:16 | ... != ... | -| test.c:94:16:94:16 | 0 | -| test.c:94:19:97:5 | { ... } | -| test.c:95:9:95:9 | y | -| test.c:95:9:95:14 | ... = ... | -| test.c:95:9:95:15 | ExprStmt | -| test.c:95:13:95:14 | 10 | -| test.c:95:13:95:14 | (long)... | -| test.c:96:9:96:9 | x | -| test.c:96:9:96:11 | ... -- | -| test.c:96:9:96:12 | ExprStmt | -| test.c:99:5:99:5 | z | -| test.c:99:5:99:10 | ... += ... | -| test.c:99:5:99:11 | ExprStmt | -| test.c:99:10:99:10 | y | -| test.c:101:5:101:15 | // for loop | -| test.c:102:5:105:5 | for(...;...;...) ... | -| test.c:102:9:102:9 | j | -| test.c:102:9:102:13 | ... = ... | -| test.c:102:9:102:14 | ExprStmt | -| test.c:102:13:102:13 | 0 | -| test.c:102:16:102:16 | j | -| test.c:102:16:102:21 | ... < ... | -| test.c:102:20:102:21 | 10 | -| test.c:102:24:102:24 | j | -| test.c:102:24:102:26 | ... ++ | -| test.c:102:29:105:5 | { ... } | -| test.c:103:9:103:9 | y | -| test.c:103:9:103:13 | ... = ... | -| test.c:103:9:103:14 | ExprStmt | -| test.c:103:13:103:13 | 0 | -| test.c:103:13:103:13 | (long)... | -| test.c:104:9:104:9 | w | -| test.c:104:9:104:14 | ... = ... | -| test.c:104:9:104:15 | ExprStmt | -| test.c:104:13:104:14 | 10 | -| test.c:107:5:107:5 | z | -| test.c:107:5:107:10 | ... += ... | -| test.c:107:5:107:11 | ExprStmt | -| test.c:107:10:107:10 | w | -| test.c:109:5:113:17 | if (...) ... | -| test.c:109:9:109:9 | x | -| test.c:109:9:109:14 | ... == ... | -| test.c:109:9:109:23 | ... \|\| ... | -| test.c:109:14:109:14 | 0 | -| test.c:109:19:109:19 | y | -| test.c:109:19:109:23 | ... < ... | -| test.c:109:23:109:23 | 0 | -| test.c:109:23:109:23 | (long)... | -| test.c:109:26:112:5 | { ... } | -| test.c:110:9:110:9 | y | -| test.c:110:9:110:14 | ... = ... | -| test.c:110:9:110:15 | ExprStmt | -| test.c:110:13:110:14 | 60 | -| test.c:110:13:110:14 | (long)... | -| test.c:111:9:111:9 | z | -| test.c:111:9:111:14 | ... = ... | -| test.c:111:9:111:15 | ExprStmt | -| test.c:111:13:111:14 | 10 | -| test.c:113:9:113:17 | return ... | -| test.c:113:16:113:16 | z | -| test.c:115:5:115:5 | z | -| test.c:115:5:115:10 | ... += ... | -| test.c:115:5:115:11 | ExprStmt | -| test.c:115:10:115:10 | x | -| test.c:117:5:117:13 | return ... | -| test.c:117:12:117:12 | 0 | -| test.c:120:5:120:19 | declaration of test3_condition | -| test.c:120:5:120:19 | test3_condition | -| test.c:121:6:121:17 | declaration of test3_action | -| test.c:121:6:121:17 | test3_action | -| test.c:123:6:123:10 | definition of test3 | -| test.c:123:6:123:10 | test3 | -| test.c:123:14:134:1 | { ... } | -| test.c:124:3:124:12 | declaration | -| test.c:124:7:124:7 | b | -| test.c:124:7:124:7 | definition of b | -| test.c:124:10:124:11 | 0 | -| test.c:124:10:124:11 | initializer for b | -| test.c:126:3:129:3 | if (...) ... | -| test.c:126:7:126:7 | 1 | -| test.c:126:7:126:28 | ... && ... | -| test.c:126:12:126:26 | call to test3_condition | -| test.c:126:31:129:3 | { ... } | -| test.c:127:5:127:5 | b | -| test.c:127:5:127:9 | ... = ... | -| test.c:127:5:127:10 | ExprStmt | -| test.c:127:9:127:9 | 1 | -| test.c:128:5:128:16 | call to test3_action | -| test.c:128:5:128:19 | ExprStmt | -| test.c:131:3:133:3 | if (...) ... | -| test.c:131:7:131:7 | b | -| test.c:131:10:133:3 | { ... } | -| test.c:132:5:132:16 | call to test3_action | -| test.c:132:5:132:19 | ExprStmt | -| test.c:134:1:134:1 | return ... | -| test.c:136:6:136:10 | definition of test4 | -| test.c:136:6:136:10 | test4 | -| test.c:136:16:136:16 | definition of i | -| test.c:136:16:136:16 | i | -| test.c:136:19:143:1 | { ... } | -| test.c:137:3:141:3 | if (...) ... | -| test.c:137:7:137:7 | 0 | -| test.c:137:10:141:3 | { ... } | -| test.c:138:5:140:5 | if (...) ... | -| test.c:138:9:138:9 | i | -| test.c:138:12:140:5 | { ... } | -| test.c:139:7:139:7 | ; | -| test.c:142:3:142:9 | return ... | -| test.c:145:6:145:10 | definition of test5 | -| test.c:145:6:145:10 | test5 | -| test.c:145:16:145:16 | definition of x | -| test.c:145:16:145:16 | x | -| test.c:145:19:149:1 | { ... } | -| test.c:146:3:148:3 | if (...) ... | -| test.c:146:7:146:8 | ! ... | -| test.c:146:8:146:8 | x | -| test.c:146:11:148:3 | { ... } | -| test.c:147:5:147:9 | call to test3 | -| test.c:147:5:147:12 | ExprStmt | -| test.c:149:1:149:1 | return ... | -| test.c:151:6:151:10 | definition of test6 | -| test.c:151:6:151:10 | test6 | -| test.c:151:18:151:18 | definition of p | -| test.c:151:18:151:18 | p | -| test.c:151:21:155:1 | { ... } | -| test.c:152:5:154:5 | if (...) ... | -| test.c:152:8:152:8 | p | -| test.c:152:11:154:5 | { ... } | -| test.c:155:1:155:1 | return ... | -| test.c:157:6:157:10 | definition of test7 | -| test.c:157:6:157:10 | test7 | -| test.c:157:18:157:18 | definition of p | -| test.c:157:18:157:18 | p | -| test.c:157:21:161:1 | { ... } | -| test.c:158:5:160:5 | if (...) ... | -| test.c:158:8:158:9 | ! ... | -| test.c:158:9:158:9 | p | -| test.c:158:12:160:5 | { ... } | -| test.c:161:1:161:1 | return ... | -| test.c:163:6:163:10 | definition of test8 | -| test.c:163:6:163:10 | test8 | -| test.c:163:18:163:18 | definition of s | -| test.c:163:18:163:18 | s | -| test.c:163:21:167:1 | { ... } | -| test.c:164:5:166:5 | if (...) ... | -| test.c:164:8:164:8 | s | -| test.c:164:11:166:5 | { ... } | -| test.c:167:1:167:1 | return ... | -| test.c:169:6:169:10 | definition of test9 | -| test.c:169:6:169:10 | test9 | -| test.c:169:18:169:18 | definition of s | -| test.c:169:18:169:18 | s | -| test.c:169:21:173:1 | { ... } | -| test.c:170:5:172:5 | if (...) ... | -| test.c:170:8:170:9 | ! ... | -| test.c:170:9:170:9 | s | -| test.c:170:12:172:5 | { ... } | -| test.c:173:1:173:1 | return ... | -| test.c:175:6:175:11 | definition of test10 | -| test.c:175:6:175:11 | test10 | -| test.c:175:17:175:17 | a | -| test.c:175:17:175:17 | definition of a | -| test.c:175:24:175:24 | b | -| test.c:175:24:175:24 | definition of b | -| test.c:175:27:179:1 | { ... } | -| test.c:176:5:178:5 | if (...) ... | -| test.c:176:8:176:15 | ! ... | -| test.c:176:9:176:15 | (...) | -| test.c:176:10:176:10 | a | -| test.c:176:10:176:14 | ... < ... | -| test.c:176:14:176:14 | b | -| test.c:176:18:178:5 | { ... } | -| test.c:179:1:179:1 | return ... | -| test.c:181:6:181:11 | definition of test11 | -| test.c:181:6:181:11 | test11 | -| test.c:181:20:181:22 | definition of foo | -| test.c:181:20:181:22 | foo | -| test.c:181:25:185:1 | { ... } | -| test.c:182:5:184:5 | if (...) ... | -| test.c:182:8:182:34 | ! ... | -| test.c:182:9:182:34 | (...) | -| test.c:182:10:182:12 | foo | -| test.c:182:10:182:20 | ... >= ... | -| test.c:182:10:182:33 | ... && ... | -| test.c:182:17:182:20 | 9.999999999999999547e-07 | -| test.c:182:25:182:27 | foo | -| test.c:182:25:182:33 | ... < ... | -| test.c:182:31:182:33 | 1.0 | -| test.c:182:37:184:5 | { ... } | -| test.c:185:1:185:1 | return ... | -| test.c:187:6:187:11 | definition of test12 | -| test.c:187:6:187:11 | test12 | -| test.c:187:17:187:17 | a | -| test.c:187:17:187:17 | definition of a | -| test.c:187:24:187:24 | b | -| test.c:187:24:187:24 | definition of b | -| test.c:187:27:193:1 | { ... } | -| test.c:188:3:188:17 | declaration | -| test.c:188:7:188:7 | c | -| test.c:188:7:188:7 | definition of c | -| test.c:188:10:188:16 | initializer for c | -| test.c:188:11:188:11 | a | -| test.c:188:11:188:16 | ... != ... | -| test.c:188:16:188:16 | b | -| test.c:190:3:192:3 | if (...) ... | -| test.c:190:7:190:8 | ! ... | -| test.c:190:8:190:8 | c | -| test.c:190:11:192:3 | { ... } | -| test.c:193:1:193:1 | return ... | -| test.c:195:6:195:11 | definition of test13 | -| test.c:195:6:195:11 | test13 | -| test.c:195:17:195:17 | a | -| test.c:195:17:195:17 | definition of a | -| test.c:195:20:201:1 | { ... } | -| test.c:196:3:196:17 | declaration | -| test.c:196:7:196:7 | b | -| test.c:196:7:196:7 | definition of b | -| test.c:196:10:196:16 | initializer for b | -| test.c:196:11:196:11 | a | -| test.c:196:11:196:16 | ... > ... | -| test.c:196:15:196:16 | 10 | -| test.c:198:3:200:3 | if (...) ... | -| test.c:198:7:198:8 | ! ... | -| test.c:198:8:198:8 | b | -| test.c:198:11:200:3 | { ... } | -| test.c:201:1:201:1 | return ... | -| test.c:203:6:203:11 | definition of test14 | -| test.c:203:6:203:11 | test14 | -| test.c:203:17:203:17 | a | -| test.c:203:17:203:17 | definition of a | -| test.c:203:24:203:24 | b | -| test.c:203:24:203:24 | definition of b | -| test.c:203:27:209:1 | { ... } | -| test.c:204:3:204:16 | declaration | -| test.c:204:7:204:7 | c | -| test.c:204:7:204:7 | definition of c | -| test.c:204:10:204:15 | initializer for c | -| test.c:204:11:204:11 | a | -| test.c:204:11:204:15 | ... > ... | -| test.c:204:15:204:15 | b | -| test.c:206:3:208:3 | if (...) ... | -| test.c:206:7:206:8 | ! ... | -| test.c:206:8:206:8 | c | -| test.c:206:11:208:3 | { ... } | -| test.c:209:1:209:1 | return ... | -| test.c:211:1:211:45 | #define likely(x) __builtin_expect(!!(x), 1) | -| test.c:213:6:213:11 | definition of test15 | -| test.c:213:6:213:11 | test15 | -| test.c:213:17:213:17 | a | -| test.c:213:17:213:17 | definition of a | -| test.c:213:24:213:24 | b | -| test.c:213:24:213:24 | definition of b | -| test.c:214:1:222:1 | { ... } | -| test.c:215:2:217:5 | if (...) ... | -| test.c:215:6:215:18 | 1 | -| test.c:215:6:215:18 | ! ... | -| test.c:215:6:215:18 | ! ... | -| test.c:215:6:215:18 | (...) | -| test.c:215:6:215:18 | (long)... | -| test.c:215:6:215:18 | (long)... | -| test.c:215:6:215:18 | call to __builtin_expect | -| test.c:215:6:215:18 | likely(x) | -| test.c:215:13:215:13 | a | -| test.c:215:13:215:17 | ... > ... | -| test.c:215:17:215:17 | b | -| test.c:215:21:217:5 | { ... } | -| test.c:219:5:221:5 | if (...) ... | -| test.c:219:9:219:22 | 1 | -| test.c:219:9:219:22 | ! ... | -| test.c:219:9:219:22 | ! ... | -| test.c:219:9:219:22 | (...) | -| test.c:219:9:219:22 | (long)... | -| test.c:219:9:219:22 | (long)... | -| test.c:219:9:219:22 | call to __builtin_expect | -| test.c:219:9:219:22 | likely(x) | -| test.c:219:16:219:16 | a | -| test.c:219:16:219:21 | ... > ... | -| test.c:219:20:219:21 | 42 | -| test.c:219:25:221:5 | { ... } | -| test.c:222:1:222:1 | return ... | -| test.cpp:0:0:0:0 | test.cpp | -| test.cpp:1:7:1:7 | X | -| test.cpp:1:7:1:7 | declaration of operator= | -| test.cpp:1:7:1:7 | declaration of operator= | -| test.cpp:1:7:1:7 | definition of X | -| test.cpp:1:7:1:7 | operator= | -| test.cpp:1:7:1:7 | operator= | -| test.cpp:4:8:4:10 | declaration of set | -| test.cpp:4:8:4:10 | set | -| test.cpp:7:7:7:7 | Y | -| test.cpp:7:7:7:7 | declaration of operator= | -| test.cpp:7:7:7:7 | declaration of operator= | -| test.cpp:7:7:7:7 | definition of Y | -| test.cpp:7:7:7:7 | operator= | -| test.cpp:7:7:7:7 | operator= | -| test.cpp:10:3:10:3 | type mention | -| test.cpp:10:6:10:6 | declaration of f | -| test.cpp:12:9:12:9 | type mention | -| test.cpp:12:12:12:14 | definition of get | -| test.cpp:12:12:12:14 | get | -| test.cpp:12:24:12:36 | { ... } | -| test.cpp:12:26:12:34 | return ... | -| test.cpp:12:33:12:33 | 0 | -| test.cpp:12:33:12:33 | (const X *)... | -| test.cpp:13:3:13:3 | type mention | -| test.cpp:13:6:13:8 | definition of get | -| test.cpp:13:6:13:8 | get | -| test.cpp:13:12:13:24 | { ... } | -| test.cpp:13:14:13:22 | return ... | -| test.cpp:13:21:13:21 | 0 | -| test.cpp:13:21:13:21 | (X *)... | -| test.cpp:16:1:16:1 | type mention | -| test.cpp:16:4:16:4 | type mention | -| test.cpp:16:4:16:7 | definition of f | -| test.cpp:16:4:16:7 | f | -| test.cpp:17:1:21:1 | { ... } | -| test.cpp:18:3:19:17 | if (...) ... | -| test.cpp:18:8:18:10 | call to get | -| test.cpp:18:8:18:10 | this | -| test.cpp:18:8:18:12 | (bool)... | -| test.cpp:19:5:19:7 | call to get | -| test.cpp:19:5:19:7 | this | -| test.cpp:19:5:19:17 | ExprStmt | -| test.cpp:19:12:19:14 | call to set | -| test.cpp:20:3:20:11 | return ... | -| test.cpp:20:10:20:10 | 0 | -| test.cpp:20:10:20:10 | (Y *)... | -| test.cpp:23:7:23:7 | Error | -| test.cpp:23:7:23:7 | Error | -| test.cpp:23:7:23:7 | declaration of Error | -| test.cpp:23:7:23:7 | declaration of Error | -| test.cpp:23:7:23:7 | declaration of operator= | -| test.cpp:23:7:23:7 | declaration of operator= | -| test.cpp:23:7:23:7 | operator= | -| test.cpp:23:7:23:7 | operator= | -| test.cpp:23:7:23:11 | Error | -| test.cpp:23:7:23:11 | definition of Error | -| test.cpp:25:3:25:7 | Error | -| test.cpp:25:3:25:7 | definition of Error | -| test.cpp:25:11:25:12 | { ... } | -| test.cpp:25:12:25:12 | return ... | -| test.cpp:28:6:28:13 | declaration of getABool | -| test.cpp:28:6:28:13 | getABool | -| test.cpp:30:6:30:16 | definition of doSomething | -| test.cpp:30:6:30:16 | doSomething | -| test.cpp:30:22:30:22 | definition of x | -| test.cpp:30:22:30:22 | x | -| test.cpp:30:25:34:1 | { ... } | -| test.cpp:31:3:33:3 | if (...) ... | -| test.cpp:31:7:31:7 | x | -| test.cpp:31:7:31:13 | ... == ... | -| test.cpp:31:12:31:13 | - ... | -| test.cpp:31:13:31:13 | 1 | -| test.cpp:31:16:33:3 | { ... } | -| test.cpp:32:5:32:21 | throw ... | -| test.cpp:32:5:32:22 | ExprStmt | -| test.cpp:32:11:32:21 | call to Error | -| test.cpp:32:11:32:21 | new | -| test.cpp:32:15:32:19 | type mention | -| test.cpp:34:1:34:1 | return ... | -| test.cpp:36:6:36:20 | declaration of doSomethingElse | -| test.cpp:36:6:36:20 | doSomethingElse | -| test.cpp:36:26:36:26 | declaration of x | -| test.cpp:36:26:36:26 | x | -| test.cpp:38:6:38:19 | definition of testWithCatch0 | -| test.cpp:38:6:38:19 | testWithCatch0 | -| test.cpp:38:25:38:25 | definition of v | -| test.cpp:38:25:38:25 | v | -| test.cpp:39:1:54:1 | { ... } | -| test.cpp:40:5:47:5 | try { ... } | -| test.cpp:41:5:47:5 | { ... } | -| test.cpp:42:9:46:9 | if (...) ... | -| test.cpp:42:13:42:20 | call to getABool | -| test.cpp:43:9:46:9 | { ... } | -| test.cpp:44:13:44:23 | call to doSomething | -| test.cpp:44:13:44:27 | ExprStmt | -| test.cpp:44:25:44:25 | v | -| test.cpp:45:13:45:24 | return ... | -| test.cpp:45:20:45:23 | 1 | -| test.cpp:48:11:48:15 | type mention | -| test.cpp:48:18:48:18 | definition of e | -| test.cpp:48:18:48:18 | e | -| test.cpp:49:5:51:5 | | -| test.cpp:49:5:51:5 | { ... } | -| test.cpp:50:7:50:21 | call to doSomethingElse | -| test.cpp:50:7:50:25 | ExprStmt | -| test.cpp:50:23:50:23 | v | -| test.cpp:53:5:53:17 | return ... | -| test.cpp:53:12:53:16 | 0 | -| test.cpp:56:6:56:9 | declaration of use1 | -| test.cpp:56:6:56:9 | use1 | -| test.cpp:56:11:56:13 | (unnamed parameter 0) | -| test.cpp:56:11:56:13 | declaration of (unnamed parameter 0) | -| test.cpp:57:6:57:9 | declaration of use2 | -| test.cpp:57:6:57:9 | use2 | -| test.cpp:57:11:57:13 | (unnamed parameter 0) | -| test.cpp:57:11:57:13 | declaration of (unnamed parameter 0) | -| test.cpp:58:6:58:9 | declaration of use3 | -| test.cpp:58:6:58:9 | use3 | -| test.cpp:58:11:58:13 | (unnamed parameter 0) | -| test.cpp:58:11:58:13 | declaration of (unnamed parameter 0) | -| test.cpp:60:6:60:25 | definition of test_switches_simple | -| test.cpp:60:6:60:25 | test_switches_simple | -| test.cpp:60:31:60:31 | definition of i | -| test.cpp:60:31:60:31 | i | -| test.cpp:60:34:71:1 | { ... } | -| test.cpp:61:3:70:3 | switch (...) ... | -| test.cpp:61:10:61:10 | i | -| test.cpp:61:13:70:3 | { ... } | -| test.cpp:62:5:62:11 | case ...: | -| test.cpp:62:10:62:10 | 0 | -| test.cpp:63:7:63:10 | call to use1 | -| test.cpp:63:7:63:14 | ExprStmt | -| test.cpp:63:12:63:12 | i | -| test.cpp:64:7:64:12 | break; | -| test.cpp:65:5:65:11 | case ...: | -| test.cpp:65:10:65:10 | 1 | -| test.cpp:66:7:66:10 | call to use2 | -| test.cpp:66:7:66:14 | ExprStmt | -| test.cpp:66:12:66:12 | i | -| test.cpp:67:7:67:29 | /* NOTE: fallthrough */ | -| test.cpp:68:5:68:11 | case ...: | -| test.cpp:68:10:68:10 | 2 | -| test.cpp:69:7:69:10 | call to use3 | -| test.cpp:69:7:69:14 | ExprStmt | -| test.cpp:69:12:69:12 | i | -| test.cpp:70:3:70:3 | label ...: | -| test.cpp:71:1:71:1 | return ... | -| test.cpp:73:6:73:24 | definition of test_switches_range | -| test.cpp:73:6:73:24 | test_switches_range | -| test.cpp:73:30:73:30 | definition of i | -| test.cpp:73:30:73:30 | i | -| test.cpp:73:33:81:1 | { ... } | -| test.cpp:74:3:80:3 | switch (...) ... | -| test.cpp:74:10:74:10 | i | -| test.cpp:74:13:80:3 | { ... } | -| test.cpp:75:5:75:18 | case ...: | -| test.cpp:75:10:75:10 | 0 | -| test.cpp:75:16:75:17 | 10 | -| test.cpp:76:7:76:10 | call to use1 | -| test.cpp:76:7:76:14 | ExprStmt | -| test.cpp:76:12:76:12 | i | -| test.cpp:77:7:77:12 | break; | -| test.cpp:78:5:78:19 | case ...: | -| test.cpp:78:10:78:11 | 11 | -| test.cpp:78:17:78:18 | 20 | -| test.cpp:79:7:79:10 | call to use2 | -| test.cpp:79:7:79:14 | ExprStmt | -| test.cpp:79:12:79:12 | i | -| test.cpp:80:3:80:3 | label ...: | -| test.cpp:81:1:81:1 | return ... | -| test.cpp:83:6:83:26 | definition of test_switches_default | -| test.cpp:83:6:83:26 | test_switches_default | -| test.cpp:83:32:83:32 | definition of i | -| test.cpp:83:32:83:32 | i | -| test.cpp:83:35:88:1 | { ... } | -| test.cpp:84:3:87:3 | switch (...) ... | -| test.cpp:84:10:84:10 | i | -| test.cpp:84:13:87:3 | { ... } | -| test.cpp:85:5:85:12 | default: | -| test.cpp:86:7:86:10 | call to use1 | -| test.cpp:86:7:86:14 | ExprStmt | -| test.cpp:86:12:86:12 | i | -| test.cpp:88:1:88:1 | return ... | -| test.cpp:90:6:90:8 | declaration of use | -| test.cpp:90:6:90:8 | use | -| test.cpp:92:6:92:23 | definition of pointer_comparison | -| test.cpp:92:6:92:23 | pointer_comparison | -| test.cpp:92:31:92:31 | c | -| test.cpp:92:31:92:31 | definition of c | -| test.cpp:92:34:96:1 | { ... } | -| test.cpp:93:3:95:3 | if (...) ... | -| test.cpp:93:6:93:6 | (bool)... | -| test.cpp:93:6:93:6 | c | -| test.cpp:93:9:95:3 | { ... } | -| test.cpp:94:5:94:7 | call to use | -| test.cpp:94:5:94:11 | ExprStmt | -| test.cpp:94:9:94:9 | c | -| test.cpp:96:1:96:1 | return ... | -| test.cpp:98:6:98:30 | definition of implicit_float_comparison | -| test.cpp:98:6:98:30 | implicit_float_comparison | -| test.cpp:98:38:98:38 | definition of f | -| test.cpp:98:38:98:38 | f | -| test.cpp:98:41:102:1 | { ... } | -| test.cpp:99:3:101:3 | if (...) ... | -| test.cpp:99:6:99:6 | (bool)... | -| test.cpp:99:6:99:6 | f | -| test.cpp:99:9:101:3 | { ... } | -| test.cpp:100:5:100:7 | call to use | -| test.cpp:100:5:100:11 | ExprStmt | -| test.cpp:100:9:100:9 | (double)... | -| test.cpp:100:9:100:9 | f | -| test.cpp:102:1:102:1 | return ... | -| test.cpp:104:6:104:30 | definition of explicit_float_comparison | -| test.cpp:104:6:104:30 | explicit_float_comparison | -| test.cpp:104:38:104:38 | definition of f | -| test.cpp:104:38:104:38 | f | -| test.cpp:104:41:108:1 | { ... } | -| test.cpp:105:3:107:3 | if (...) ... | -| test.cpp:105:6:105:6 | f | -| test.cpp:105:6:105:14 | ... != ... | -| test.cpp:105:11:105:14 | 0.0 | -| test.cpp:105:17:107:3 | { ... } | -| test.cpp:106:5:106:7 | call to use | -| test.cpp:106:5:106:11 | ExprStmt | -| test.cpp:106:9:106:9 | (double)... | -| test.cpp:106:9:106:9 | f | -| test.cpp:108:1:108:1 | return ... | -| test.cpp:110:6:110:25 | definition of int_float_comparison | -| test.cpp:110:6:110:25 | int_float_comparison | -| test.cpp:110:31:110:31 | definition of i | -| test.cpp:110:31:110:31 | i | -| test.cpp:110:34:114:1 | { ... } | -| test.cpp:111:3:113:3 | if (...) ... | -| test.cpp:111:6:111:6 | (float)... | -| test.cpp:111:6:111:6 | i | -| test.cpp:111:6:111:14 | ... != ... | -| test.cpp:111:11:111:14 | 0.0 | -| test.cpp:111:17:113:3 | { ... } | -| test.cpp:112:5:112:7 | call to use | -| test.cpp:112:5:112:11 | ExprStmt | -| test.cpp:112:9:112:9 | i | -| test.cpp:114:1:114:1 | return ... | -| test.cpp:116:5:116:10 | declaration of source | -| test.cpp:116:5:116:10 | source | -| test.cpp:117:6:117:9 | declaration of safe | -| test.cpp:117:6:117:9 | safe | -| test.cpp:117:11:117:13 | (unnamed parameter 0) | -| test.cpp:117:11:117:13 | declaration of (unnamed parameter 0) | -| test.cpp:119:6:119:9 | definition of test | -| test.cpp:119:6:119:9 | test | -| test.cpp:119:16:119:16 | b | -| test.cpp:119:16:119:16 | definition of b | -| test.cpp:120:1:128:1 | { ... } | -| test.cpp:121:5:121:10 | declaration | -| test.cpp:121:9:121:9 | definition of x | -| test.cpp:121:9:121:9 | x | -| test.cpp:122:5:126:5 | if (...) ... | -| test.cpp:122:9:122:9 | b | -| test.cpp:123:5:126:5 | { ... } | -| test.cpp:124:9:124:9 | x | -| test.cpp:124:9:124:20 | ... = ... | -| test.cpp:124:9:124:21 | ExprStmt | -| test.cpp:124:13:124:18 | call to source | -| test.cpp:125:9:125:29 | if (...) ... | -| test.cpp:125:13:125:20 | ! ... | -| test.cpp:125:14:125:17 | call to safe | -| test.cpp:125:19:125:19 | x | -| test.cpp:125:23:125:29 | return ... | -| test.cpp:127:5:127:7 | call to use | -| test.cpp:127:5:127:11 | ExprStmt | -| test.cpp:127:9:127:9 | x | -| test.cpp:128:1:128:1 | return ... | -| test.cpp:130:6:130:33 | binary_test_builtin_expected | -| test.cpp:130:6:130:33 | definition of binary_test_builtin_expected | -| test.cpp:130:39:130:39 | a | -| test.cpp:130:39:130:39 | definition of a | -| test.cpp:130:46:130:46 | b | -| test.cpp:130:46:130:46 | definition of b | -| test.cpp:130:49:138:1 | { ... } | -| test.cpp:131:3:133:3 | if (...) ... | -| test.cpp:131:6:131:21 | call to __builtin_expect | -| test.cpp:131:6:131:37 | (bool)... | -| test.cpp:131:23:131:23 | a | -| test.cpp:131:23:131:33 | (long)... | -| test.cpp:131:23:131:33 | ... == ... | -| test.cpp:131:28:131:28 | b | -| test.cpp:131:28:131:33 | ... + ... | -| test.cpp:131:32:131:33 | 42 | -| test.cpp:131:36:131:36 | 0 | -| test.cpp:131:36:131:36 | (long)... | -| test.cpp:131:40:133:3 | { ... } | -| test.cpp:132:7:132:9 | call to use | -| test.cpp:132:7:132:13 | ExprStmt | -| test.cpp:132:11:132:11 | a | -| test.cpp:135:3:137:3 | if (...) ... | -| test.cpp:135:6:135:21 | call to __builtin_expect | -| test.cpp:135:6:135:37 | (bool)... | -| test.cpp:135:23:135:23 | a | -| test.cpp:135:23:135:33 | (long)... | -| test.cpp:135:23:135:33 | ... != ... | -| test.cpp:135:28:135:28 | b | -| test.cpp:135:28:135:33 | ... + ... | -| test.cpp:135:32:135:33 | 42 | -| test.cpp:135:36:135:36 | 0 | -| test.cpp:135:36:135:36 | (long)... | -| test.cpp:135:40:137:3 | { ... } | -| test.cpp:136:7:136:9 | call to use | -| test.cpp:136:7:136:13 | ExprStmt | -| test.cpp:136:11:136:11 | a | -| test.cpp:138:1:138:1 | return ... | -| test.cpp:140:6:140:32 | definition of unary_test_builtin_expected | -| test.cpp:140:6:140:32 | unary_test_builtin_expected | -| test.cpp:140:38:140:38 | a | -| test.cpp:140:38:140:38 | definition of a | -| test.cpp:140:41:148:1 | { ... } | -| test.cpp:141:3:143:3 | if (...) ... | -| test.cpp:141:6:141:21 | call to __builtin_expect | -| test.cpp:141:6:141:33 | (bool)... | -| test.cpp:141:23:141:23 | a | -| test.cpp:141:23:141:29 | (long)... | -| test.cpp:141:23:141:29 | ... == ... | -| test.cpp:141:28:141:29 | 42 | -| test.cpp:141:32:141:32 | 0 | -| test.cpp:141:32:141:32 | (long)... | -| test.cpp:141:36:143:3 | { ... } | -| test.cpp:142:7:142:9 | call to use | -| test.cpp:142:7:142:13 | ExprStmt | -| test.cpp:142:11:142:11 | a | -| test.cpp:145:3:147:3 | if (...) ... | -| test.cpp:145:6:145:21 | call to __builtin_expect | -| test.cpp:145:6:145:33 | (bool)... | -| test.cpp:145:23:145:23 | a | -| test.cpp:145:23:145:29 | (long)... | -| test.cpp:145:23:145:29 | ... != ... | -| test.cpp:145:28:145:29 | 42 | -| test.cpp:145:32:145:32 | 0 | -| test.cpp:145:32:145:32 | (long)... | -| test.cpp:145:36:147:3 | { ... } | -| test.cpp:146:7:146:9 | call to use | -| test.cpp:146:7:146:13 | ExprStmt | -| test.cpp:146:11:146:11 | a | -| test.cpp:148:1:148:1 | return ... | -| test.cpp:150:6:150:24 | definition of test_with_reference | -| test.cpp:150:6:150:24 | test_with_reference | -| test.cpp:150:32:150:32 | b | -| test.cpp:150:32:150:32 | definition of b | -| test.cpp:150:39:150:39 | a | -| test.cpp:150:39:150:39 | definition of a | -| test.cpp:150:42:155:1 | { ... } | -| test.cpp:151:4:151:4 | (reference dereference) | -| test.cpp:151:4:151:4 | b | -| test.cpp:151:4:151:13 | ... = ... | -| test.cpp:151:4:151:14 | ExprStmt | -| test.cpp:151:8:151:8 | a | -| test.cpp:151:8:151:13 | ... < ... | -| test.cpp:151:12:151:13 | 10 | -| test.cpp:152:4:154:4 | if (...) ... | -| test.cpp:152:7:152:8 | ! ... | -| test.cpp:152:8:152:8 | (reference dereference) | -| test.cpp:152:8:152:8 | b | -| test.cpp:152:11:154:4 | { ... } | -| test.cpp:153:7:153:9 | call to use | -| test.cpp:153:7:153:13 | ExprStmt | -| test.cpp:153:11:153:11 | a | -| test.cpp:155:1:155:1 | return ... | -| test.cpp:157:6:157:38 | definition of test_with_negated_binary_equality | -| test.cpp:157:6:157:38 | test_with_negated_binary_equality | -| test.cpp:157:44:157:44 | a | -| test.cpp:157:44:157:44 | definition of a | -| test.cpp:157:51:157:51 | b | -| test.cpp:157:51:157:51 | definition of b | -| test.cpp:157:54:163:1 | { ... } | -| test.cpp:158:3:158:18 | declaration | -| test.cpp:158:8:158:8 | c | -| test.cpp:158:8:158:8 | definition of c | -| test.cpp:158:11:158:17 | initializer for c | -| test.cpp:158:12:158:12 | a | -| test.cpp:158:12:158:17 | ... != ... | -| test.cpp:158:17:158:17 | b | -| test.cpp:160:3:162:3 | if (...) ... | -| test.cpp:160:7:160:8 | ! ... | -| test.cpp:160:8:160:8 | c | -| test.cpp:160:11:162:3 | { ... } | -| test.cpp:163:1:163:1 | return ... | -| test.cpp:165:6:165:39 | definition of test_with_negated_unary_relational | -| test.cpp:165:6:165:39 | test_with_negated_unary_relational | -| test.cpp:165:45:165:45 | a | -| test.cpp:165:45:165:45 | definition of a | -| test.cpp:165:48:171:1 | { ... } | -| test.cpp:166:3:166:18 | declaration | -| test.cpp:166:8:166:8 | b | -| test.cpp:166:8:166:8 | definition of b | -| test.cpp:166:11:166:17 | initializer for b | -| test.cpp:166:12:166:12 | a | -| test.cpp:166:12:166:17 | ... > ... | -| test.cpp:166:16:166:17 | 10 | -| test.cpp:168:3:170:3 | if (...) ... | -| test.cpp:168:7:168:8 | ! ... | -| test.cpp:168:8:168:8 | b | -| test.cpp:168:11:170:3 | { ... } | -| test.cpp:171:1:171:1 | return ... | -| test.cpp:173:6:173:40 | definition of test_with_negated_binary_relational | -| test.cpp:173:6:173:40 | test_with_negated_binary_relational | -| test.cpp:173:46:173:46 | a | -| test.cpp:173:46:173:46 | definition of a | -| test.cpp:173:53:173:53 | b | -| test.cpp:173:53:173:53 | definition of b | -| test.cpp:173:56:179:1 | { ... } | -| test.cpp:174:3:174:17 | declaration | -| test.cpp:174:8:174:8 | c | -| test.cpp:174:8:174:8 | definition of c | -| test.cpp:174:11:174:16 | initializer for c | -| test.cpp:174:12:174:12 | a | -| test.cpp:174:12:174:16 | ... > ... | -| test.cpp:174:16:174:16 | b | -| test.cpp:176:3:178:3 | if (...) ... | -| test.cpp:176:7:176:8 | ! ... | -| test.cpp:176:8:176:8 | c | -| test.cpp:176:11:178:3 | { ... } | -| test.cpp:179:1:179:1 | return ... | -| test.cpp:181:6:181:21 | definition of test_logical_and | -| test.cpp:181:6:181:21 | test_logical_and | -| test.cpp:181:28:181:29 | b1 | -| test.cpp:181:28:181:29 | definition of b1 | -| test.cpp:181:37:181:38 | b2 | -| test.cpp:181:37:181:38 | definition of b2 | -| test.cpp:181:41:190:1 | { ... } | -| test.cpp:182:3:189:3 | if (...) ... | -| test.cpp:182:6:182:16 | ! ... | -| test.cpp:182:7:182:16 | (...) | -| test.cpp:182:8:182:9 | b1 | -| test.cpp:182:8:182:15 | ... && ... | -| test.cpp:182:14:182:15 | b2 | -| test.cpp:182:19:185:3 | { ... } | -| test.cpp:183:5:183:7 | call to use | -| test.cpp:183:5:183:12 | ExprStmt | -| test.cpp:183:9:183:10 | (int)... | -| test.cpp:183:9:183:10 | b1 | -| test.cpp:184:5:184:7 | call to use | -| test.cpp:184:5:184:12 | ExprStmt | -| test.cpp:184:9:184:10 | (int)... | -| test.cpp:184:9:184:10 | b2 | -| test.cpp:185:10:189:3 | { ... } | -| test.cpp:186:5:186:30 | // b1 = true and b2 = true | -| test.cpp:187:5:187:7 | call to use | -| test.cpp:187:5:187:12 | ExprStmt | -| test.cpp:187:9:187:10 | (int)... | -| test.cpp:187:9:187:10 | b1 | -| test.cpp:188:5:188:7 | call to use | -| test.cpp:188:5:188:12 | ExprStmt | -| test.cpp:188:9:188:10 | (int)... | -| test.cpp:188:9:188:10 | b2 | -| test.cpp:190:1:190:1 | return ... | -| test.cpp:192:6:192:20 | definition of test_logical_or | -| test.cpp:192:6:192:20 | test_logical_or | -| test.cpp:192:27:192:28 | b1 | -| test.cpp:192:27:192:28 | definition of b1 | -| test.cpp:192:36:192:37 | b2 | -| test.cpp:192:36:192:37 | definition of b2 | -| test.cpp:192:40:201:1 | { ... } | -| test.cpp:193:3:200:3 | if (...) ... | -| test.cpp:193:6:193:16 | ! ... | -| test.cpp:193:7:193:16 | (...) | -| test.cpp:193:8:193:9 | b1 | -| test.cpp:193:8:193:15 | ... \|\| ... | -| test.cpp:193:14:193:15 | b2 | -| test.cpp:193:19:197:3 | { ... } | -| test.cpp:194:5:194:32 | // b1 = false and b2 = false | -| test.cpp:195:5:195:7 | call to use | -| test.cpp:195:5:195:12 | ExprStmt | -| test.cpp:195:9:195:10 | (int)... | -| test.cpp:195:9:195:10 | b1 | -| test.cpp:196:5:196:7 | call to use | -| test.cpp:196:5:196:12 | ExprStmt | -| test.cpp:196:9:196:10 | (int)... | -| test.cpp:196:9:196:10 | b2 | -| test.cpp:197:10:200:3 | { ... } | -| test.cpp:198:5:198:7 | call to use | -| test.cpp:198:5:198:12 | ExprStmt | -| test.cpp:198:9:198:10 | (int)... | -| test.cpp:198:9:198:10 | b1 | -| test.cpp:199:5:199:7 | call to use | -| test.cpp:199:5:199:12 | ExprStmt | -| test.cpp:199:9:199:10 | (int)... | -| test.cpp:199:9:199:10 | b2 | -| test.cpp:201:1:201:1 | return ... | -| test.cpp:203:8:203:8 | declaration of operator= | -| test.cpp:203:8:203:8 | declaration of operator= | -| test.cpp:203:8:203:8 | operator= | -| test.cpp:203:8:203:8 | operator= | -| test.cpp:203:8:203:15 | Mystruct | -| test.cpp:203:8:203:15 | definition of Mystruct | -| test.cpp:204:7:204:7 | definition of i | -| test.cpp:204:7:204:7 | i | -| test.cpp:205:9:205:9 | definition of f | -| test.cpp:205:9:205:9 | f | -| test.cpp:208:5:208:14 | definition of test_types | -| test.cpp:208:5:208:14 | test_types | -| test.cpp:208:28:208:29 | definition of sc | -| test.cpp:208:28:208:29 | sc | -| test.cpp:208:46:208:47 | definition of ul | -| test.cpp:208:46:208:47 | ul | -| test.cpp:208:56:208:56 | definition of f | -| test.cpp:208:56:208:56 | f | -| test.cpp:208:66:208:66 | d | -| test.cpp:208:66:208:66 | definition of d | -| test.cpp:208:74:208:74 | b | -| test.cpp:208:74:208:74 | definition of b | -| test.cpp:208:77:208:84 | type mention | -| test.cpp:208:87:208:88 | definition of ms | -| test.cpp:208:87:208:88 | ms | -| test.cpp:208:91:244:1 | { ... } | -| test.cpp:209:5:209:16 | declaration | -| test.cpp:209:9:209:11 | ctr | -| test.cpp:209:9:209:11 | definition of ctr | -| test.cpp:209:14:209:15 | 0 | -| test.cpp:209:14:209:15 | initializer for ctr | -| test.cpp:211:5:213:5 | if (...) ... | -| test.cpp:211:9:211:10 | (int)... | -| test.cpp:211:9:211:10 | sc | -| test.cpp:211:9:211:15 | ... == ... | -| test.cpp:211:15:211:15 | 0 | -| test.cpp:211:18:213:5 | { ... } | -| test.cpp:212:9:212:11 | ctr | -| test.cpp:212:9:212:13 | ... ++ | -| test.cpp:212:9:212:14 | ExprStmt | -| test.cpp:214:5:216:5 | if (...) ... | -| test.cpp:214:9:214:10 | (int)... | -| test.cpp:214:9:214:10 | sc | -| test.cpp:214:9:214:17 | ... == ... | -| test.cpp:214:15:214:17 | 0 | -| test.cpp:214:20:216:5 | { ... } | -| test.cpp:215:9:215:11 | ctr | -| test.cpp:215:9:215:13 | ... ++ | -| test.cpp:215:9:215:14 | ExprStmt | -| test.cpp:217:5:219:5 | if (...) ... | -| test.cpp:217:9:217:10 | ul | -| test.cpp:217:9:217:15 | ... == ... | -| test.cpp:217:15:217:15 | 0 | -| test.cpp:217:15:217:15 | (unsigned long)... | -| test.cpp:217:18:219:5 | { ... } | -| test.cpp:218:9:218:11 | ctr | -| test.cpp:218:9:218:13 | ... ++ | -| test.cpp:218:9:218:14 | ExprStmt | -| test.cpp:220:5:222:5 | if (...) ... | -| test.cpp:220:9:220:9 | f | -| test.cpp:220:9:220:14 | ... == ... | -| test.cpp:220:14:220:14 | 0 | -| test.cpp:220:14:220:14 | (float)... | -| test.cpp:220:17:222:5 | { ... } | -| test.cpp:221:9:221:11 | ctr | -| test.cpp:221:9:221:13 | ... ++ | -| test.cpp:221:9:221:14 | ExprStmt | -| test.cpp:223:5:225:5 | if (...) ... | -| test.cpp:223:9:223:9 | (double)... | -| test.cpp:223:9:223:9 | f | -| test.cpp:223:9:223:16 | ... == ... | -| test.cpp:223:14:223:16 | 0.0 | -| test.cpp:223:19:225:5 | { ... } | -| test.cpp:224:9:224:11 | ctr | -| test.cpp:224:9:224:13 | ... ++ | -| test.cpp:224:9:224:14 | ExprStmt | -| test.cpp:226:5:228:5 | if (...) ... | -| test.cpp:226:9:226:9 | d | -| test.cpp:226:9:226:14 | ... == ... | -| test.cpp:226:14:226:14 | 0 | -| test.cpp:226:14:226:14 | (double)... | -| test.cpp:226:17:228:5 | { ... } | -| test.cpp:227:9:227:11 | ctr | -| test.cpp:227:9:227:13 | ... ++ | -| test.cpp:227:9:227:14 | ExprStmt | -| test.cpp:229:5:231:5 | if (...) ... | -| test.cpp:229:9:229:9 | (int)... | -| test.cpp:229:9:229:9 | b | -| test.cpp:229:9:229:14 | ... == ... | -| test.cpp:229:14:229:14 | 0 | -| test.cpp:229:17:231:5 | { ... } | -| test.cpp:230:9:230:11 | ctr | -| test.cpp:230:9:230:13 | ... ++ | -| test.cpp:230:9:230:14 | ExprStmt | -| test.cpp:232:5:234:5 | if (...) ... | -| test.cpp:232:9:232:9 | (int)... | -| test.cpp:232:9:232:9 | b | -| test.cpp:232:9:232:18 | ... == ... | -| test.cpp:232:14:232:18 | 0 | -| test.cpp:232:14:232:18 | (int)... | -| test.cpp:232:21:234:5 | { ... } | -| test.cpp:233:9:233:11 | ctr | -| test.cpp:233:9:233:13 | ... ++ | -| test.cpp:233:9:233:14 | ExprStmt | -| test.cpp:235:5:237:5 | if (...) ... | -| test.cpp:235:9:235:10 | (reference dereference) | -| test.cpp:235:9:235:10 | ms | -| test.cpp:235:9:235:17 | ... == ... | -| test.cpp:235:12:235:12 | i | -| test.cpp:235:17:235:17 | 0 | -| test.cpp:235:20:237:5 | { ... } | -| test.cpp:236:9:236:11 | ctr | -| test.cpp:236:9:236:13 | ... ++ | -| test.cpp:236:9:236:14 | ExprStmt | -| test.cpp:238:5:240:5 | if (...) ... | -| test.cpp:238:9:238:10 | (reference dereference) | -| test.cpp:238:9:238:10 | ms | -| test.cpp:238:9:238:17 | ... == ... | -| test.cpp:238:12:238:12 | f | -| test.cpp:238:17:238:17 | 0 | -| test.cpp:238:17:238:17 | (float)... | -| test.cpp:238:20:240:5 | { ... } | -| test.cpp:239:9:239:11 | ctr | -| test.cpp:239:9:239:13 | ... ++ | -| test.cpp:239:9:239:14 | ExprStmt | -| test.cpp:241:5:243:5 | if (...) ... | -| test.cpp:241:9:241:10 | (reference dereference) | -| test.cpp:241:9:241:10 | ms | -| test.cpp:241:9:241:17 | ... == ... | -| test.cpp:241:9:241:30 | ... && ... | -| test.cpp:241:9:241:43 | ... && ... | -| test.cpp:241:12:241:12 | i | -| test.cpp:241:17:241:17 | 0 | -| test.cpp:241:22:241:23 | (reference dereference) | -| test.cpp:241:22:241:23 | ms | -| test.cpp:241:22:241:30 | ... == ... | -| test.cpp:241:25:241:25 | f | -| test.cpp:241:30:241:30 | 0 | -| test.cpp:241:30:241:30 | (float)... | -| test.cpp:241:35:241:36 | (reference dereference) | -| test.cpp:241:35:241:36 | ms | -| test.cpp:241:35:241:43 | ... == ... | -| test.cpp:241:38:241:38 | i | -| test.cpp:241:43:241:43 | 0 | -| test.cpp:241:46:243:5 | { ... } | -| test.cpp:242:9:242:11 | ctr | -| test.cpp:242:9:242:13 | ... ++ | -| test.cpp:242:9:242:14 | ExprStmt | -| test.cpp:244:1:244:1 | return ... | -| test.cpp:246:6:246:21 | definition of test_cmp_implies | -| test.cpp:246:6:246:21 | test_cmp_implies | -| test.cpp:246:27:246:27 | a | -| test.cpp:246:27:246:27 | definition of a | -| test.cpp:246:34:246:34 | b | -| test.cpp:246:34:246:34 | definition of b | -| test.cpp:246:37:284:1 | { ... } | -| test.cpp:247:3:251:3 | if (...) ... | -| test.cpp:247:6:247:13 | (...) | -| test.cpp:247:6:247:13 | (int)... | -| test.cpp:247:6:247:18 | ... == ... | -| test.cpp:247:7:247:7 | a | -| test.cpp:247:7:247:12 | ... == ... | -| test.cpp:247:12:247:12 | b | -| test.cpp:247:18:247:18 | 0 | -| test.cpp:247:21:249:3 | { ... } | -| test.cpp:249:10:251:3 | { ... } | -| test.cpp:253:3:257:3 | if (...) ... | -| test.cpp:253:6:253:13 | (...) | -| test.cpp:253:6:253:13 | (int)... | -| test.cpp:253:6:253:18 | ... != ... | -| test.cpp:253:7:253:7 | a | -| test.cpp:253:7:253:12 | ... == ... | -| test.cpp:253:12:253:12 | b | -| test.cpp:253:18:253:18 | 0 | -| test.cpp:253:21:255:3 | { ... } | -| test.cpp:255:10:257:3 | { ... } | -| test.cpp:260:3:264:3 | if (...) ... | -| test.cpp:260:6:260:13 | (...) | -| test.cpp:260:6:260:13 | (int)... | -| test.cpp:260:6:260:18 | ... == ... | -| test.cpp:260:7:260:7 | a | -| test.cpp:260:7:260:12 | ... != ... | -| test.cpp:260:12:260:12 | b | -| test.cpp:260:18:260:18 | 0 | -| test.cpp:260:21:262:3 | { ... } | -| test.cpp:262:10:264:3 | { ... } | -| test.cpp:266:3:270:3 | if (...) ... | -| test.cpp:266:6:266:13 | (...) | -| test.cpp:266:6:266:13 | (int)... | -| test.cpp:266:6:266:18 | ... != ... | -| test.cpp:266:7:266:7 | a | -| test.cpp:266:7:266:12 | ... != ... | -| test.cpp:266:12:266:12 | b | -| test.cpp:266:18:266:18 | 0 | -| test.cpp:266:21:268:3 | { ... } | -| test.cpp:268:10:270:3 | { ... } | -| test.cpp:273:3:277:3 | if (...) ... | -| test.cpp:273:6:273:12 | (...) | -| test.cpp:273:6:273:12 | (int)... | -| test.cpp:273:6:273:17 | ... == ... | -| test.cpp:273:7:273:7 | a | -| test.cpp:273:7:273:11 | ... < ... | -| test.cpp:273:11:273:11 | b | -| test.cpp:273:17:273:17 | 0 | -| test.cpp:273:20:275:3 | { ... } | -| test.cpp:275:10:277:3 | { ... } | -| test.cpp:279:3:283:3 | if (...) ... | -| test.cpp:279:6:279:12 | (...) | -| test.cpp:279:6:279:12 | (int)... | -| test.cpp:279:6:279:17 | ... != ... | -| test.cpp:279:7:279:7 | a | -| test.cpp:279:7:279:11 | ... < ... | -| test.cpp:279:11:279:11 | b | -| test.cpp:279:17:279:17 | 0 | -| test.cpp:279:20:281:3 | { ... } | -| test.cpp:281:10:283:3 | { ... } | -| test.cpp:284:1:284:1 | return ... | -| test.cpp:286:6:286:27 | definition of test_cmp_implies_unary | -| test.cpp:286:6:286:27 | test_cmp_implies_unary | -| test.cpp:286:33:286:33 | a | -| test.cpp:286:33:286:33 | definition of a | -| test.cpp:286:36:323:1 | { ... } | -| test.cpp:287:3:291:3 | if (...) ... | -| test.cpp:287:6:287:14 | (...) | -| test.cpp:287:6:287:14 | (int)... | -| test.cpp:287:6:287:19 | ... == ... | -| test.cpp:287:7:287:7 | a | -| test.cpp:287:7:287:13 | ... == ... | -| test.cpp:287:12:287:13 | 42 | -| test.cpp:287:19:287:19 | 0 | -| test.cpp:287:22:289:3 | { ... } | -| test.cpp:289:10:291:3 | { ... } | -| test.cpp:293:3:297:3 | if (...) ... | -| test.cpp:293:6:293:14 | (...) | -| test.cpp:293:6:293:14 | (int)... | -| test.cpp:293:6:293:19 | ... != ... | -| test.cpp:293:7:293:7 | a | -| test.cpp:293:7:293:13 | ... == ... | -| test.cpp:293:12:293:13 | 42 | -| test.cpp:293:19:293:19 | 0 | -| test.cpp:293:22:295:3 | { ... } | -| test.cpp:295:10:297:3 | { ... } | -| test.cpp:300:3:304:3 | if (...) ... | -| test.cpp:300:6:300:14 | (...) | -| test.cpp:300:6:300:14 | (int)... | -| test.cpp:300:6:300:19 | ... == ... | -| test.cpp:300:7:300:7 | a | -| test.cpp:300:7:300:13 | ... != ... | -| test.cpp:300:12:300:13 | 42 | -| test.cpp:300:19:300:19 | 0 | -| test.cpp:300:22:302:3 | { ... } | -| test.cpp:302:10:304:3 | { ... } | -| test.cpp:306:3:310:3 | if (...) ... | -| test.cpp:306:6:306:14 | (...) | -| test.cpp:306:6:306:14 | (int)... | -| test.cpp:306:6:306:19 | ... != ... | -| test.cpp:306:7:306:7 | a | -| test.cpp:306:7:306:13 | ... != ... | -| test.cpp:306:12:306:13 | 42 | -| test.cpp:306:19:306:19 | 0 | -| test.cpp:306:22:308:3 | { ... } | -| test.cpp:308:10:310:3 | { ... } | -| test.cpp:312:3:316:3 | if (...) ... | -| test.cpp:312:6:312:13 | (...) | -| test.cpp:312:6:312:13 | (int)... | -| test.cpp:312:6:312:18 | ... == ... | -| test.cpp:312:7:312:7 | a | -| test.cpp:312:7:312:12 | ... < ... | -| test.cpp:312:11:312:12 | 42 | -| test.cpp:312:18:312:18 | 0 | -| test.cpp:312:21:314:3 | { ... } | -| test.cpp:314:10:316:3 | { ... } | -| test.cpp:318:3:322:3 | if (...) ... | -| test.cpp:318:6:318:13 | (...) | -| test.cpp:318:6:318:13 | (int)... | -| test.cpp:318:6:318:18 | ... != ... | -| test.cpp:318:7:318:7 | a | -| test.cpp:318:7:318:12 | ... < ... | -| test.cpp:318:11:318:12 | 42 | -| test.cpp:318:18:318:18 | 0 | -| test.cpp:318:21:320:3 | { ... } | -| test.cpp:320:10:322:3 | { ... } | -| test.cpp:323:1:323:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/Guards.ql b/cpp/ql/test/library-tests/controlflow/guards/Guards.ql deleted file mode 100644 index 6580c2acf589..000000000000 --- a/cpp/ql/test/library-tests/controlflow/guards/Guards.ql +++ /dev/null @@ -1,5 +0,0 @@ -import cpp -import semmle.code.cpp.controlflow.Guards - -from GuardCondition guard -select guard From 5e82eb9b246a58d9a18f5da298e4902f521a7cc5 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 16:45:50 +0100 Subject: [PATCH 034/307] C++: Fixup queries which assumes that a guard is always an expression. --- .../src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll | 2 +- cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql | 2 +- cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql | 4 ++-- .../Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql | 2 +- .../analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll index 40c0f2173d90..f736a793a072 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll +++ b/cpp/ql/src/Likely Bugs/Memory Management/NtohlArrayNoBound.qll @@ -136,7 +136,7 @@ private module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { exists(GuardCondition gc, GVN gvn | - gc.getAChild*() = gvn.getAnExpr() and + gc.(Expr).getAChild*() = gvn.getAnExpr() and globalValueNumber(node.asExpr()) = gvn and gc.controls(node.asExpr().getBasicBlock(), _) ) diff --git a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql index 379c20f51baf..9eccaebfdbd8 100644 --- a/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql +++ b/cpp/ql/src/Security/CWE/CWE-295/SSLResultConflation.ql @@ -29,7 +29,7 @@ module VerifyResultConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof SslGetVerifyResultCall } predicate isSink(DataFlow::Node sink) { - exists(GuardCondition guard | guard.getAChild*() = sink.asExpr()) + exists(GuardCondition guard | guard.(Expr).getAChild*() = sink.asExpr()) } predicate observeDiffInformedIncrementalMode() { any() } diff --git a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql index 4b28a80f662e..5fd1b9819746 100644 --- a/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql +++ b/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql @@ -115,7 +115,7 @@ predicate checksPath(Expr check, Expr checkPath) { pragma[nomagic] predicate checkPathControlsUse(Expr check, Expr checkPath, Expr use) { - exists(GuardCondition guard | referenceTo(check, guard.getAChild*()) | + exists(GuardCondition guard | referenceTo(check, guard.(Expr).getAChild*()) | guard.controls(use.getBasicBlock(), _) ) and checksPath(pragma[only_bind_into](check), checkPath) @@ -123,7 +123,7 @@ predicate checkPathControlsUse(Expr check, Expr checkPath, Expr use) { pragma[nomagic] predicate fileNameOperationControlsUse(Expr check, Expr checkPath, Expr use) { - exists(GuardCondition guard | referenceTo(check, guard.getAChild*()) | + exists(GuardCondition guard | referenceTo(check, guard.(Expr).getAChild*()) | guard.controls(use.getBasicBlock(), _) ) and pragma[only_bind_into](check) = filenameOperation(checkPath) diff --git a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql index 3132b103bbcc..df2fd13d79c9 100644 --- a/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql +++ b/cpp/ql/src/experimental/Security/CWE/CWE-401/MemoryLeakOnFailedCallToRealloc.ql @@ -51,7 +51,7 @@ class ReallocCallLeak extends FunctionCall { predicate mayHandleByTermination() { exists(GuardCondition guard, CallMayNotReturn exit | this.(ControlFlowNode).getASuccessor*() = guard and - guard.getAChild*() = v.getAnAccess() and + guard.(Expr).getAChild*() = v.getAnAccess() and guard.controls(exit.getBasicBlock(), _) ) } diff --git a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql index 15cc379131ab..aaca52799d7a 100644 --- a/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql +++ b/cpp/ql/test/examples/docs-examples/analyzing-data-flow-in-cpp/index-flow-from-ntohl.ql @@ -22,7 +22,7 @@ module NetworkToBufferSizeConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { exists(GuardCondition gc, Variable v | - gc.getAChild*() = v.getAnAccess() and + gc.(Expr).getAChild*() = v.getAnAccess() and node.asExpr() = v.getAnAccess() and gc.controls(node.asExpr().getBasicBlock(), _) and not exists(Loop loop | loop.getControllingExpr() = gc) From d8f34dba17d925a58ef8df5f1679075141e597ac Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 17:30:39 +0100 Subject: [PATCH 035/307] C++: Do not use the deprecated predicate in queries. --- .../semmle/code/cpp/rangeanalysis/RangeAnalysis.qll | 2 +- .../new/internal/semantic/SemanticExprSpecific.qll | 2 +- .../src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll index e026c4dbe4b9..093d03ee0026 100644 --- a/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll +++ b/cpp/ql/lib/experimental/semmle/code/cpp/rangeanalysis/RangeAnalysis.qll @@ -412,7 +412,7 @@ private predicate boundFlowStepPhi( or exists(IRGuardCondition guard, boolean testIsTrue | guard = boundFlowCond(valueNumberOfOperand(op2), op1, delta, upper, testIsTrue) and - guard.controlsEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and + guard.controlsBranchEdge(op2.getPredecessorBlock(), op2.getUse().getBlock(), testIsTrue) and reason = TCondReason(guard) ) } diff --git a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll index 224f968ce693..242c023118f3 100644 --- a/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll +++ b/cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll @@ -259,7 +259,7 @@ module SemanticExprConfig { } predicate guardHasBranchEdge(Guard guard, BasicBlock bb1, BasicBlock bb2, boolean branch) { - guard.controlsEdge(bb1, bb2, branch) + guard.controlsBranchEdge(bb1, bb2, branch) } Guard comparisonGuard(Expr e) { getSemanticExpr(result) = e } diff --git a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql index 17c1b09c3e68..36f4522b56c3 100644 --- a/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql +++ b/cpp/ql/src/Security/CWE/CWE-129/ImproperArrayIndexValidation.ql @@ -26,13 +26,13 @@ predicate isFlowSource(FS::FlowSource source, string sourceType) { predicate guardChecks(IRGuardCondition g, Expr e, boolean branch) { exists(Operand op | op.getDef().getConvertedResultExpression() = e | // `op < k` is true and `k > 0` - g.comparesLt(op, any(int k | k > 0), true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesLt(op, any(int k | k > 0), true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // `op < _ + k` is true and `k > 0`. g.comparesLt(op, _, any(int k | k > 0), true, branch) or // op == k - g.comparesEq(op, _, true, any(BooleanValue bv | bv.getValue() = branch)) + g.comparesEq(op, _, true, any(GuardValue bv | bv.asBooleanValue() = branch)) or // op == _ + k g.comparesEq(op, _, _, true, branch) From e22d6656fe78f0dc5fe906970523918a40fe159d Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 17 Sep 2025 15:59:02 +0100 Subject: [PATCH 036/307] C++: Fix barrier guards. --- .../code/cpp/ir/dataflow/internal/SsaImpl.qll | 34 ++++++++++++------- 1 file changed, 22 insertions(+), 12 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll index 47e36a0a1079..285e0dc8419e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll @@ -1002,7 +1002,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI result instanceof FalseEdge } - class GuardValue = Boolean; + class GuardValue = IRGuards::GuardValue; class Guard instanceof IRGuards::IRGuardCondition { string toString() { result = super.toString() } @@ -1010,7 +1010,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI predicate hasValueBranchEdge(IRCfg::BasicBlock bb1, IRCfg::BasicBlock bb2, GuardValue branch) { exists(EdgeKind kind | super.getBlock() = bb1 and - kind = getConditionalEdge(branch) and + kind = getConditionalEdge(branch.asBooleanValue()) and bb1.getSuccessor(kind) = bb2 ) } @@ -1023,7 +1023,7 @@ private module DataFlowIntegrationInput implements SsaImpl::DataFlowIntegrationI } predicate guardDirectlyControlsBlock(Guard guard, IRCfg::BasicBlock bb, GuardValue branch) { - guard.(IRGuards::IRGuardCondition).controls(bb, branch) + guard.(IRGuards::IRGuardCondition).valueControls(bb, branch) } predicate keepAllPhiInputBackEdges() { any() } @@ -1050,25 +1050,35 @@ module BarrierGuardWithIntParam { ) } - private predicate guardChecks( - DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, - DataFlowIntegrationInput::GuardValue branch, int indirectionIndex + private predicate guardChecksInstr( + IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch, + int indirectionIndex ) { - exists(UseImpl use | - guardChecksNode(g, use.getNode(), branch, indirectionIndex) and - ssaDefReachesCertainUse(def, use) + exists(Node node | + nodeHasInstruction(node, instr, indirectionIndex) and + guardChecksNode(g, node, branch, indirectionIndex) ) } + private predicate guardChecksWithWrappers( + DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val, + int indirectionIndex + ) { + IRGuards::Guards_v1::ValidationWrapperWithState::guardChecksDef(g, def, + val, indirectionIndex) + } + Node getABarrierNode(int indirectionIndex) { // Only get the SynthNodes from the shared implementation, as the ExprNodes cannot // be matched on SourceVariable. result.(SsaSynthNode).getSynthNode() = - DataFlowIntegrationImpl::BarrierGuardDefWithState::getABarrierNode(indirectionIndex) + DataFlowIntegrationImpl::BarrierGuardDefWithState::getABarrierNode(indirectionIndex) or // Calculate the guarded UseImpls corresponding to ExprNodes directly. - exists(DataFlowIntegrationInput::Guard g, boolean branch, Definition def, IRBlock bb | - guardChecks(g, def, branch, indirectionIndex) and + exists( + DataFlowIntegrationInput::Guard g, IRGuards::GuardValue branch, Definition def, IRBlock bb + | + guardChecksWithWrappers(g, def, branch, indirectionIndex) and exists(UseImpl use | ssaDefReachesCertainUse(def, use) and use.getBlock() = bb and From a4dbee3b133c72d69d4cf05e09033ddcf4a49a41 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 10:27:50 +0100 Subject: [PATCH 037/307] C++: Add change note. --- cpp/ql/lib/change-notes/2025-09-18-guards.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2025-09-18-guards.md diff --git a/cpp/ql/lib/change-notes/2025-09-18-guards.md b/cpp/ql/lib/change-notes/2025-09-18-guards.md new file mode 100644 index 000000000000..a739df714713 --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-09-18-guards.md @@ -0,0 +1,4 @@ +--- +category: breaking +--- +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. \ No newline at end of file From c481be8ea7d046ddf1db33d7a53e134d1b9047ea Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 18 Sep 2025 12:15:51 +0100 Subject: [PATCH 038/307] C++: Accept test changes for tests that select all types of an expression. --- .../test/library-tests/files/Files.expected | 8 +- .../functions/routinetype/types.expected | 2 +- .../preprocessor/preproc.expected | 202 ++++++++-------- .../library-tests/typedefs/Typedefs2.expected | 4 +- .../types/__wchar_t/wchar_t.expected | 6 +- .../cstd_types_fastestminimumwidth.expected | 16 +- .../cstd_types/cstd_types_fixedwidth.expected | 16 +- .../cstd_types_fixedwidthenum.expected | 4 +- .../cstd_types_maximumwidth.expected | 4 +- .../cstd_types_minimumwidth.expected | 16 +- .../types/integral_types_ms/vars.expected | 8 +- .../types/wchar_t_typedef/wchar_t.expected | 6 +- .../variables/variables/types.expected | 216 +++++++++--------- 13 files changed, 254 insertions(+), 254 deletions(-) diff --git a/cpp/ql/test/library-tests/files/Files.expected b/cpp/ql/test/library-tests/files/Files.expected index 13f3a6b2da17..f94c07badcfe 100644 --- a/cpp/ql/test/library-tests/files/Files.expected +++ b/cpp/ql/test/library-tests/files/Files.expected @@ -1,4 +1,4 @@ -| c.c | c.c | CFile, MetricFile | C | | | -| files1.cpp | files1.cpp | CppFile, MetricFile | C++ | swap | t | -| files1.h | files1.h | HeaderFile, MetricFile | | swap | | -| files2.cpp | files2.cpp | CppFile, MetricFile | C++ | g | x, y | +| c.c | c.c | CFile, GuardConditionImpl, MetricFile | C | | | +| files1.cpp | files1.cpp | CppFile, GuardConditionImpl, MetricFile | C++ | swap | t | +| files1.h | files1.h | GuardConditionImpl, HeaderFile, MetricFile | | swap | | +| files2.cpp | files2.cpp | CppFile, GuardConditionImpl, MetricFile | C++ | g | x, y | diff --git a/cpp/ql/test/library-tests/functions/routinetype/types.expected b/cpp/ql/test/library-tests/functions/routinetype/types.expected index d620bea517e8..87d51330d764 100644 --- a/cpp/ql/test/library-tests/functions/routinetype/types.expected +++ b/cpp/ql/test/library-tests/functions/routinetype/types.expected @@ -1 +1 @@ -| routinetype.cpp:2:7:2:19 | myRoutineType | file://:0:0:0:0 | ..()(..) | RoutineType | +| routinetype.cpp:2:7:2:19 | myRoutineType | file://:0:0:0:0 | ..()(..) | GuardConditionImpl, RoutineType | diff --git a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected index 7c448ba6550e..e9198ba5ea04 100644 --- a/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected +++ b/cpp/ql/test/library-tests/preprocessor/preprocessor/preproc.expected @@ -1,101 +1,101 @@ -| a.h:0:0:0:0 | a.h | 1 | 1 | 1 | 19 | IncludeNext | "a.h" | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 3 | 1 | 3 | 11 | Macro | BAR | | -| pp23.cpp:0:0:0:0 | pp23.cpp | 5 | 1 | 5 | 10 | PreprocessorIfdef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 7 | 1 | 7 | 12 | PreprocessorElifdef | BAR | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 8 | 1 | 8 | 16 | PreprocessorWarning | C++23 2 | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 9 | 1 | 9 | 6 | PreprocessorEndif | N/A | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 11 | 1 | 11 | 10 | PreprocessorIfdef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 13 | 1 | 13 | 13 | PreprocessorElifndef | FOO | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 14 | 1 | 14 | 16 | PreprocessorWarning | C++23 3 | N/A | -| pp23.cpp:0:0:0:0 | pp23.cpp | 15 | 1 | 15 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 1 | 1 | 1 | 16 | PreprocessorIf | defined(FOO) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 3 | 1 | 3 | 19 | PreprocessorElif | !defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 4 | 1 | 4 | 11 | Macro | BAR | | -| pp.cpp:0:0:0:0 | pp.cpp | 5 | 1 | 5 | 17 | Macro | BAR_val | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 6 | 1 | 6 | 24 | Macro | BAR_fn() | BAR_val | -| pp.cpp:0:0:0:0 | pp.cpp | 7 | 1 | 7 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 9 | 1 | 9 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 11 | 1 | 11 | 10 | PreprocessorUndef | BAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 12 | 1 | 12 | 68 | Macro | SCARY(a,aa,aaah) | (aa ) | -| pp.cpp:0:0:0:0 | pp.cpp | 13 | 1 | 13 | 63 | Macro | LOG(fmt,__VA_ARGS__...) | printf("Warning: %s", fmt, __VA__ARGS__) | -| pp.cpp:0:0:0:0 | pp.cpp | 14 | 1 | 14 | 15 | Include | "pp.h" | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 16 | 1 | 16 | 5 | PreprocessorIf | 0 | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 17 | 1 | 17 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 18 | 1 | 18 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 20 | 1 | 20 | 5 | PreprocessorIf | 1 | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 21 | 1 | 21 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 22 | 1 | 22 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 24 | 1 | 24 | 13 | Import | "a.h" | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 30 | 2 | 30 | 32 | Macro | MACRO_FUNCTIONCONTEXT | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 36 | 2 | 36 | 29 | Macro | MACRO_CLASSCONTEXT | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 42 | 2 | 42 | 40 | Macro | MACRO_TEMPLATEFUNCTIONCONTEXT | 3 | -| pp.cpp:0:0:0:0 | pp.cpp | 49 | 2 | 49 | 37 | Macro | MACRO_TEMPLATECLASSCONTEXT | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 | -| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 | -| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | PreprocessorIfdef | INSTANTIATION | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | PreprocessorElse | | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | Macro | IN_TEMPLATE | | -| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | PreprocessorEndif | | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | Macro | INSTANTIATION | | -| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | Macro | BAR | | -| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | PreprocessorIf | defined(BAR) && defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | PreprocessorWarning | BAR defined | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | PreprocessorIf | defined(FOO) && defined(BAR) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | Macro | FOO | 8 | -| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | Macro | BAR | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | Macro | BAZ | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | Macro | CONDITIONAL_MACRO_4 | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | PreprocessorIf | defined SIMPLE_COMMENT | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | Macro | FOO | 8 | -| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | Macro | BAR | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | Macro | BAZ | 4 | -| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | Macro | X | 1 | -| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | Macro | Y | 2 | -| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | PreprocessorIf | defined(X) && defined(Y) | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | PreprocessorWarning | FOO BAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | PreprocessorWarning | foo | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | PreprocessorIf | A &&B | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | PreprocessorIf | A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | PreprocessorIf | A && B | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | PreprocessorIfdef | FOOBAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | PreprocessorElse | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | PreprocessorWarning | b | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | PreprocessorIf | FOOBAR | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | PreprocessorEndif | N/A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | PreprocessorIf | A | N/A | -| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | PreprocessorEndif | N/A | N/A | -| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A | -| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | PreprocessorWarning | "This should happen" | N/A | -| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | PreprocessorLine | 33 "emerald_city.h" | N/A | -| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | PreprocessorPragma | byte_order(big_endian) | N/A | -| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | PreprocessorWarning | "Not in Kansas any more" | N/A | -| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | Macro | MULTILINE | world a long | -| pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | PreprocessorUndef | MULTILINE | N/A | -| pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | Include | "pp.h" | N/A | -| ppms.cpp:0:0:0:0 | ppms.cpp | 3 | 1 | 3 | 18 | TypeLibraryImport | "test.tlb" | N/A | -| test.tlh:0:0:0:0 | test.tlh | 1 | 1 | 1 | 12 | PreprocessorPragma | once | N/A | -| test.tlh:0:0:0:0 | test.tlh | 3 | 1 | 3 | 21 | PreprocessorWarning | type library | N/A | +| a.h:0:0:0:0 | a.h | 1 | 1 | 1 | 19 | GuardConditionImpl, IncludeNext | "a.h" | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 3 | 1 | 3 | 11 | GuardConditionImpl, Macro | BAR | | +| pp23.cpp:0:0:0:0 | pp23.cpp | 5 | 1 | 5 | 10 | GuardConditionImpl, PreprocessorIfdef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 7 | 1 | 7 | 12 | GuardConditionImpl, PreprocessorElifdef | BAR | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 8 | 1 | 8 | 16 | GuardConditionImpl, PreprocessorWarning | C++23 2 | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 9 | 1 | 9 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 11 | 1 | 11 | 10 | GuardConditionImpl, PreprocessorIfdef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 13 | 1 | 13 | 13 | GuardConditionImpl, PreprocessorElifndef | FOO | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 14 | 1 | 14 | 16 | GuardConditionImpl, PreprocessorWarning | C++23 3 | N/A | +| pp23.cpp:0:0:0:0 | pp23.cpp | 15 | 1 | 15 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 1 | 1 | 1 | 16 | GuardConditionImpl, PreprocessorIf | defined(FOO) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 3 | 1 | 3 | 19 | GuardConditionImpl, PreprocessorElif | !defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 4 | 1 | 4 | 11 | GuardConditionImpl, Macro | BAR | | +| pp.cpp:0:0:0:0 | pp.cpp | 5 | 1 | 5 | 17 | GuardConditionImpl, Macro | BAR_val | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 6 | 1 | 6 | 24 | GuardConditionImpl, Macro | BAR_fn() | BAR_val | +| pp.cpp:0:0:0:0 | pp.cpp | 7 | 1 | 7 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 9 | 1 | 9 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 11 | 1 | 11 | 10 | GuardConditionImpl, PreprocessorUndef | BAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 12 | 1 | 12 | 68 | GuardConditionImpl, Macro | SCARY(a,aa,aaah) | (aa ) | +| pp.cpp:0:0:0:0 | pp.cpp | 13 | 1 | 13 | 63 | GuardConditionImpl, Macro | LOG(fmt,__VA_ARGS__...) | printf("Warning: %s", fmt, __VA__ARGS__) | +| pp.cpp:0:0:0:0 | pp.cpp | 14 | 1 | 14 | 15 | GuardConditionImpl, Include | "pp.h" | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 16 | 1 | 16 | 5 | GuardConditionImpl, PreprocessorIf | 0 | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 17 | 1 | 17 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 18 | 1 | 18 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 20 | 1 | 20 | 5 | GuardConditionImpl, PreprocessorIf | 1 | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 21 | 1 | 21 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 22 | 1 | 22 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 24 | 1 | 24 | 13 | GuardConditionImpl, Import | "a.h" | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 30 | 2 | 30 | 32 | GuardConditionImpl, Macro | MACRO_FUNCTIONCONTEXT | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 36 | 2 | 36 | 29 | GuardConditionImpl, Macro | MACRO_CLASSCONTEXT | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 42 | 2 | 42 | 40 | GuardConditionImpl, Macro | MACRO_TEMPLATEFUNCTIONCONTEXT | 3 | +| pp.cpp:0:0:0:0 | pp.cpp | 49 | 2 | 49 | 37 | GuardConditionImpl, Macro | MACRO_TEMPLATECLASSCONTEXT | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 50 | 2 | 50 | 48 | GuardConditionImpl, Macro | MACRO_TEMPLATECLASSCONTEXT_REFERENCED | 5 | +| pp.cpp:0:0:0:0 | pp.cpp | 54 | 3 | 54 | 39 | GuardConditionImpl, Macro | MACRO_TEMPLATEMETHODCONTEXT | 6 | +| pp.cpp:0:0:0:0 | pp.cpp | 57 | 1 | 57 | 21 | GuardConditionImpl, PreprocessorIfdef | INSTANTIATION | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 59 | 1 | 59 | 6 | GuardConditionImpl, PreprocessorElse | | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 60 | 3 | 60 | 21 | GuardConditionImpl, Macro | IN_TEMPLATE | | +| pp.cpp:0:0:0:0 | pp.cpp | 61 | 1 | 61 | 7 | GuardConditionImpl, PreprocessorEndif | | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 69 | 1 | 69 | 21 | GuardConditionImpl, Macro | INSTANTIATION | | +| pp.cpp:0:0:0:0 | pp.cpp | 72 | 1 | 72 | 11 | GuardConditionImpl, Macro | BAR | | +| pp.cpp:0:0:0:0 | pp.cpp | 74 | 1 | 75 | 14 | GuardConditionImpl, PreprocessorIf | defined(BAR) && defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 76 | 1 | 76 | 20 | GuardConditionImpl, PreprocessorWarning | BAR defined | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 77 | 1 | 77 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 79 | 1 | 80 | 26 | GuardConditionImpl, PreprocessorIf | defined MACROTHREE && (defined(MACROONE)) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 81 | 1 | 81 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 83 | 1 | 83 | 26 | GuardConditionImpl, PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 85 | 1 | 85 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 87 | 1 | 88 | 16 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 90 | 1 | 90 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 92 | 1 | 94 | 17 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) && !defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 96 | 1 | 96 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 98 | 1 | 98 | 13 | GuardConditionImpl, Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 99 | 1 | 99 | 13 | GuardConditionImpl, Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 100 | 1 | 100 | 13 | GuardConditionImpl, Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 101 | 1 | 104 | 8 | GuardConditionImpl, PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 106 | 1 | 106 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 109 | 1 | 111 | 13 | GuardConditionImpl, PreprocessorIf | defined(FOO) && defined(BAR) && defined(BAZ) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 112 | 1 | 112 | 29 | GuardConditionImpl, Macro | CONDITIONAL_MACRO_4 | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 113 | 1 | 113 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 116 | 1 | 116 | 39 | GuardConditionImpl, PreprocessorIf | defined SIMPLE_COMMENT | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 118 | 1 | 118 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 120 | 1 | 120 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 122 | 1 | 122 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 126 | 1 | 126 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 129 | 1 | 129 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 134 | 1 | 134 | 13 | GuardConditionImpl, Macro | FOO | 8 | +| pp.cpp:0:0:0:0 | pp.cpp | 135 | 1 | 135 | 13 | GuardConditionImpl, Macro | BAR | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 136 | 1 | 136 | 13 | GuardConditionImpl, Macro | BAZ | 4 | +| pp.cpp:0:0:0:0 | pp.cpp | 137 | 1 | 142 | 8 | GuardConditionImpl, PreprocessorIf | ((FOO / BAR) == 4) && ((BAZ * QUX) > 10) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 144 | 1 | 144 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 146 | 1 | 146 | 11 | GuardConditionImpl, Macro | X | 1 | +| pp.cpp:0:0:0:0 | pp.cpp | 147 | 1 | 147 | 11 | GuardConditionImpl, Macro | Y | 2 | +| pp.cpp:0:0:0:0 | pp.cpp | 148 | 1 | 149 | 36 | GuardConditionImpl, PreprocessorIf | defined(X) && defined(Y) | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 151 | 1 | 151 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 153 | 1 | 157 | 3 | GuardConditionImpl, PreprocessorWarning | FOO BAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 160 | 1 | 160 | 12 | GuardConditionImpl, PreprocessorWarning | foo | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 166 | 1 | 166 | 22 | GuardConditionImpl, PreprocessorIf | A &&B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 167 | 1 | 167 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 170 | 1 | 170 | 20 | GuardConditionImpl, PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 171 | 1 | 171 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 173 | 1 | 175 | 6 | GuardConditionImpl, PreprocessorIf | A && B | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 176 | 1 | 176 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 179 | 1 | 183 | 9 | GuardConditionImpl, PreprocessorIfdef | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 185 | 1 | 185 | 5 | GuardConditionImpl, PreprocessorElse | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 186 | 1 | 186 | 10 | GuardConditionImpl, PreprocessorWarning | b | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 187 | 1 | 187 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 190 | 1 | 194 | 9 | GuardConditionImpl, PreprocessorIf | FOOBAR | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 195 | 1 | 195 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 197 | 1 | 197 | 18 | GuardConditionImpl, PreprocessorIf | A | N/A | +| pp.cpp:0:0:0:0 | pp.cpp | 198 | 1 | 198 | 6 | GuardConditionImpl, PreprocessorEndif | N/A | N/A | +| pp.h:0:0:0:0 | pp.h | 1 | 1 | 1 | 12 | GuardConditionImpl, PreprocessorPragma | once | N/A | +| pp.h:0:0:0:0 | pp.h | 2 | 1 | 2 | 29 | GuardConditionImpl, PreprocessorWarning | "This should happen" | N/A | +| pp.h:0:0:0:0 | pp.h | 3 | 1 | 3 | 27 | GuardConditionImpl, PreprocessorLine | 33 "emerald_city.h" | N/A | +| pp.h:0:0:0:0 | pp.h | 4 | 1 | 4 | 30 | GuardConditionImpl, PreprocessorPragma | byte_order(big_endian) | N/A | +| pp.h:0:0:0:0 | pp.h | 5 | 1 | 5 | 33 | GuardConditionImpl, PreprocessorWarning | "Not in Kansas any more" | N/A | +| pp.h:0:0:0:0 | pp.h | 7 | 1 | 11 | 8 | GuardConditionImpl, Macro | MULTILINE | world a long | +| pp.h:0:0:0:0 | pp.h | 13 | 1 | 14 | 11 | GuardConditionImpl, PreprocessorUndef | MULTILINE | N/A | +| pp.h:0:0:0:0 | pp.h | 16 | 1 | 17 | 8 | GuardConditionImpl, Include | "pp.h" | N/A | +| ppms.cpp:0:0:0:0 | ppms.cpp | 3 | 1 | 3 | 18 | GuardConditionImpl, TypeLibraryImport | "test.tlb" | N/A | +| test.tlh:0:0:0:0 | test.tlh | 1 | 1 | 1 | 12 | GuardConditionImpl, PreprocessorPragma | once | N/A | +| test.tlh:0:0:0:0 | test.tlh | 3 | 1 | 3 | 21 | GuardConditionImpl, PreprocessorWarning | type library | N/A | diff --git a/cpp/ql/test/library-tests/typedefs/Typedefs2.expected b/cpp/ql/test/library-tests/typedefs/Typedefs2.expected index 8645ce97fcd8..d83c74bb55e6 100644 --- a/cpp/ql/test/library-tests/typedefs/Typedefs2.expected +++ b/cpp/ql/test/library-tests/typedefs/Typedefs2.expected @@ -1,2 +1,2 @@ -| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | CTypedefType, LocalTypedefType | -| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:9:9:9:9 | D | DirectAccessHolder, LocalClass, MetricClass, StructLikeClass | +| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:8:15:8:18 | TYPE | CTypedefType, GuardConditionImpl, LocalTypedefType | +| typedefs.cpp:6:6:6:7 | f1 | typedefs.cpp:9:9:9:9 | D | DirectAccessHolder, GuardConditionImpl, LocalClass, MetricClass, StructLikeClass | diff --git a/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected b/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected index d4c429faf170..d7faa82d924d 100644 --- a/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected +++ b/cpp/ql/test/library-tests/types/__wchar_t/wchar_t.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | __wchar_t * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | Wchar_t, WideCharType | -| file://:0:0:0:0 | const __wchar_t | SpecifiedType | Wchar_t, WideCharType | -| file://:0:0:0:0 | wchar_t | Wchar_t, WideCharType | | +| file://:0:0:0:0 | __wchar_t * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | GuardConditionImpl, Wchar_t, WideCharType | +| file://:0:0:0:0 | const __wchar_t | GuardConditionImpl, SpecifiedType | GuardConditionImpl, Wchar_t, WideCharType | +| file://:0:0:0:0 | wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected index 13fe25a48191..5eb5868fd8b5 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fastestminimumwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:47:13:47:15 | if8 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast8_t | -| cstd_types.cpp:48:14:48:17 | if16 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast16_t | -| cstd_types.cpp:49:14:49:17 | if32 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast32_t | -| cstd_types.cpp:50:14:50:17 | if64 | CTypedefType, FastestMinimumWidthIntegralType, Int_fast64_t | -| cstd_types.cpp:51:14:51:16 | uf8 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast8_t | -| cstd_types.cpp:52:15:52:18 | uf16 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast16_t | -| cstd_types.cpp:53:15:53:18 | uf32 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast32_t | -| cstd_types.cpp:54:15:54:18 | uf64 | CTypedefType, FastestMinimumWidthIntegralType, UInt_fast64_t | \ No newline at end of file +| cstd_types.cpp:47:13:47:15 | if8 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast8_t | +| cstd_types.cpp:48:14:48:17 | if16 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast16_t | +| cstd_types.cpp:49:14:49:17 | if32 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast32_t | +| cstd_types.cpp:50:14:50:17 | if64 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, Int_fast64_t | +| cstd_types.cpp:51:14:51:16 | uf8 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast8_t | +| cstd_types.cpp:52:15:52:18 | uf16 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast16_t | +| cstd_types.cpp:53:15:53:18 | uf32 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast32_t | +| cstd_types.cpp:54:15:54:18 | uf64 | CTypedefType, FastestMinimumWidthIntegralType, GuardConditionImpl, UInt_fast64_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected index d1c643436369..efa8890d8200 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:31:8:31:9 | i8 | CTypedefType, FixedWidthIntegralType, Int8_t | -| cstd_types.cpp:32:9:32:11 | i16 | CTypedefType, FixedWidthIntegralType, Int16_t | -| cstd_types.cpp:33:9:33:11 | i32 | CTypedefType, FixedWidthIntegralType, Int32_t | -| cstd_types.cpp:34:9:34:11 | i64 | CTypedefType, FixedWidthIntegralType, Int64_t | -| cstd_types.cpp:35:9:35:11 | ui8 | CTypedefType, FixedWidthIntegralType, UInt8_t | -| cstd_types.cpp:36:10:36:13 | ui16 | CTypedefType, FixedWidthIntegralType, UInt16_t | -| cstd_types.cpp:37:10:37:13 | ui32 | CTypedefType, FixedWidthIntegralType, UInt32_t | -| cstd_types.cpp:38:10:38:13 | ui64 | CTypedefType, FixedWidthIntegralType, UInt64_t | +| cstd_types.cpp:31:8:31:9 | i8 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int8_t | +| cstd_types.cpp:32:9:32:11 | i16 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int16_t | +| cstd_types.cpp:33:9:33:11 | i32 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int32_t | +| cstd_types.cpp:34:9:34:11 | i64 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, Int64_t | +| cstd_types.cpp:35:9:35:11 | ui8 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt8_t | +| cstd_types.cpp:36:10:36:13 | ui16 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt16_t | +| cstd_types.cpp:37:10:37:13 | ui32 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt32_t | +| cstd_types.cpp:38:10:38:13 | ui64 | CTypedefType, FixedWidthIntegralType, GuardConditionImpl, UInt64_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected index d9884b22b00b..89428e7a6ec5 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_fixedwidthenum.expected @@ -1,2 +1,2 @@ -| cstd_types.cpp:74:4:74:6 | _e0 | Enum, FixedWidthEnumType | -| cstd_types.cpp:75:4:75:6 | _e1 | FixedWidthEnumType, ScopedEnum | +| cstd_types.cpp:74:4:74:6 | _e0 | Enum, FixedWidthEnumType, GuardConditionImpl | +| cstd_types.cpp:75:4:75:6 | _e1 | FixedWidthEnumType, GuardConditionImpl, ScopedEnum | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected index 0bf7779fcafd..b57ca4fb9362 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_maximumwidth.expected @@ -1,2 +1,2 @@ -| cstd_types.cpp:55:10:55:11 | im | CTypedefType, Intmax_t, MaximumWidthIntegralType | -| cstd_types.cpp:56:11:56:13 | uim | CTypedefType, MaximumWidthIntegralType, Uintmax_t | +| cstd_types.cpp:55:10:55:11 | im | CTypedefType, GuardConditionImpl, Intmax_t, MaximumWidthIntegralType | +| cstd_types.cpp:56:11:56:13 | uim | CTypedefType, GuardConditionImpl, MaximumWidthIntegralType, Uintmax_t | diff --git a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected index 2984f07be8c8..6aea59474733 100644 --- a/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected +++ b/cpp/ql/test/library-tests/types/cstd_types/cstd_types_minimumwidth.expected @@ -1,8 +1,8 @@ -| cstd_types.cpp:39:15:39:16 | l8 | CTypedefType, Int_least8_t, MinimumWidthIntegralType | -| cstd_types.cpp:40:15:40:17 | l16 | CTypedefType, Int_least16_t, MinimumWidthIntegralType | -| cstd_types.cpp:41:15:41:17 | l32 | CTypedefType, Int_least32_t, MinimumWidthIntegralType | -| cstd_types.cpp:42:15:42:17 | l64 | CTypedefType, Int_least64_t, MinimumWidthIntegralType | -| cstd_types.cpp:43:15:43:17 | ul8 | CTypedefType, MinimumWidthIntegralType, UInt_least8_t | -| cstd_types.cpp:44:16:44:19 | ul16 | CTypedefType, MinimumWidthIntegralType, UInt_least16_t | -| cstd_types.cpp:45:16:45:19 | ul32 | CTypedefType, MinimumWidthIntegralType, UInt_least32_t | -| cstd_types.cpp:46:16:46:19 | ul64 | CTypedefType, MinimumWidthIntegralType, UInt_least64_t | +| cstd_types.cpp:39:15:39:16 | l8 | CTypedefType, GuardConditionImpl, Int_least8_t, MinimumWidthIntegralType | +| cstd_types.cpp:40:15:40:17 | l16 | CTypedefType, GuardConditionImpl, Int_least16_t, MinimumWidthIntegralType | +| cstd_types.cpp:41:15:41:17 | l32 | CTypedefType, GuardConditionImpl, Int_least32_t, MinimumWidthIntegralType | +| cstd_types.cpp:42:15:42:17 | l64 | CTypedefType, GuardConditionImpl, Int_least64_t, MinimumWidthIntegralType | +| cstd_types.cpp:43:15:43:17 | ul8 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least8_t | +| cstd_types.cpp:44:16:44:19 | ul16 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least16_t | +| cstd_types.cpp:45:16:45:19 | ul32 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least32_t | +| cstd_types.cpp:46:16:46:19 | ul64 | CTypedefType, GuardConditionImpl, MinimumWidthIntegralType, UInt_least64_t | diff --git a/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected b/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected index d2aac7454fdb..1f168f7f9426 100644 --- a/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected +++ b/cpp/ql/test/library-tests/types/integral_types_ms/vars.expected @@ -1,4 +1,4 @@ -| integral_types.cpp:2:8:2:9 | i8 | file://:0:0:0:0 | char | MicrosoftInt8Type, PlainCharType | -| integral_types.cpp:3:9:3:11 | i16 | file://:0:0:0:0 | short | MicrosoftInt16Type, ShortType | -| integral_types.cpp:4:9:4:11 | i32 | file://:0:0:0:0 | int | IntType, MicrosoftInt32Type | -| integral_types.cpp:5:9:5:11 | i64 | file://:0:0:0:0 | long long | LongLongType, MicrosoftInt64Type | +| integral_types.cpp:2:8:2:9 | i8 | file://:0:0:0:0 | char | GuardConditionImpl, MicrosoftInt8Type, PlainCharType | +| integral_types.cpp:3:9:3:11 | i16 | file://:0:0:0:0 | short | GuardConditionImpl, MicrosoftInt16Type, ShortType | +| integral_types.cpp:4:9:4:11 | i32 | file://:0:0:0:0 | int | GuardConditionImpl, IntType, MicrosoftInt32Type | +| integral_types.cpp:5:9:5:11 | i64 | file://:0:0:0:0 | long long | GuardConditionImpl, LongLongType, MicrosoftInt64Type | diff --git a/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected b/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected index cebaff30994d..c823ed839d3d 100644 --- a/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected +++ b/cpp/ql/test/library-tests/types/wchar_t_typedef/wchar_t.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | wchar_t | Wchar_t, WideCharType | | -| file://:0:0:0:0 | wchar_t * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | CTypedefType, Wchar_t | -| ms.c:2:24:2:30 | wchar_t | CTypedefType, Wchar_t | | +| file://:0:0:0:0 | wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | +| file://:0:0:0:0 | wchar_t * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | CTypedefType, GuardConditionImpl, Wchar_t | +| ms.c:2:24:2:30 | wchar_t | CTypedefType, GuardConditionImpl, Wchar_t | | diff --git a/cpp/ql/test/library-tests/variables/variables/types.expected b/cpp/ql/test/library-tests/variables/variables/types.expected index c2ea5f7cfe3c..5d8cec1cff89 100644 --- a/cpp/ql/test/library-tests/variables/variables/types.expected +++ b/cpp/ql/test/library-tests/variables/variables/types.expected @@ -1,108 +1,108 @@ -| ..()(..) | RoutineType | | | | | -| ..(*)(..) | FunctionPointerType | | ..()(..) | | | -| _Complex _Float16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float32 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float32x | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float64 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float64x | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex _Float128 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __bf16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __float128 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex __fp16 | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex double | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex float | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex long double | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Complex std::float16_t | BinaryFloatingPointType, ComplexNumberType | | | | | -| _Decimal32 | Decimal32Type | | | | | -| _Decimal64 | Decimal64Type | | | | | -| _Decimal128 | Decimal128Type | | | | | -| _Float16 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float32 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float32x | BinaryFloatingPointType, RealNumberType | | | | | -| _Float64 | BinaryFloatingPointType, RealNumberType | | | | | -| _Float64x | BinaryFloatingPointType, RealNumberType | | | | | -| _Float128 | BinaryFloatingPointType, RealNumberType | | | | | -| _Imaginary double | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| _Imaginary float | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| _Imaginary long double | BinaryFloatingPointType, ImaginaryNumberType | | | | | -| __SVCount_t | ScalableVectorCount | | | | | -| __bf16 | BinaryFloatingPointType, RealNumberType | | | | | -| __float128 | Float128Type | | | | | -| __fp16 | BinaryFloatingPointType, RealNumberType | | | | | -| __int128 | Int128Type | | | | | -| __mfp8 | BinaryFloatingPointType, RealNumberType | | | | | -| __va_list_tag | DirectAccessHolder, MetricClass, Struct, StructLikeClass | | | | | -| __va_list_tag & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | __va_list_tag | | | -| __va_list_tag && | PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | __va_list_tag | | | -| address | DirectAccessHolder, MetricClass, Struct, StructLikeClass | | | | | -| address & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | address | | | -| address && | PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | address | | | -| auto | AutoType | | | | | -| bool | BoolType | | | | | -| char | MicrosoftInt8Type, PlainCharType | | | | | -| char8_t | Char8Type | | | | | -| char16_t | Char16Type | | | | | -| char32_t | Char32Type | | | | | -| char * | CharPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | char | | | -| char *[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char *[32] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char *[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | -| char[2] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[5] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[6] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[9] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[53] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| char[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | -| const __va_list_tag | SpecifiedType | | __va_list_tag | | | -| const __va_list_tag & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const __va_list_tag | | | -| const address | SpecifiedType | | address | | | -| const address & | LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const address | | | -| const char | SpecifiedType | | char | | | -| const char * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | | const char | | | -| const char *[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | -| const char *[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | -| const char[5] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[6] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[9] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const char[53] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | -| const double | SpecifiedType | | double | | | -| const int | SpecifiedType | | int | | | -| decltype(nullptr) | NullPointerType | | | | | -| double | DoubleType | | | | | -| error | ErroneousType | | | | | -| float | FloatType | | | | | -| float[3] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | float | float | | | -| int | IntType, MicrosoftInt32Type | | | | | -| int * | IntPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | int | | | -| int[4] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[8] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[10] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[10][20] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int[20] | int[20] | | | -| int[20] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| int[] | ArrayType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | -| long | LongType | | | | | -| long double | LongDoubleType | | | | | -| long long | LongLongType, MicrosoftInt64Type | | | | | -| short | MicrosoftInt16Type, ShortType | | | | | -| signed __int128 | Int128Type | | | | | -| signed char | SignedCharType | | | | | -| signed int | IntType | | | | | -| signed long | LongType | | | | | -| signed long long | LongLongType | | | | | -| signed short | ShortType | | | | | -| std::float16_t | BinaryFloatingPointType, RealNumberType | | | | | -| unknown | UnknownType | | | | | -| unsigned __int128 | Int128Type | | | | unsigned integral | -| unsigned char | UnsignedCharType | | | | unsigned integral | -| unsigned int | IntType | | | unsigned int | unsigned integral | -| unsigned long | LongType | | | | unsigned integral | -| unsigned long long | LongLongType | | | | unsigned integral | -| unsigned short | ShortType | | | | unsigned integral | -| void | VoidType | | | | | -| void * | IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, VoidPointerType | | void | | | -| wchar_t | Wchar_t, WideCharType | | | | | +| ..()(..) | GuardConditionImpl, RoutineType | | | | | +| ..(*)(..) | FunctionPointerType, GuardConditionImpl | | ..()(..) | | | +| _Complex _Float16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float32 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float32x | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float64 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float64x | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex _Float128 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __bf16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __float128 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex __fp16 | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex double | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex float | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex long double | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Complex std::float16_t | BinaryFloatingPointType, ComplexNumberType, GuardConditionImpl | | | | | +| _Decimal32 | Decimal32Type, GuardConditionImpl | | | | | +| _Decimal64 | Decimal64Type, GuardConditionImpl | | | | | +| _Decimal128 | Decimal128Type, GuardConditionImpl | | | | | +| _Float16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float32 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float32x | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float64 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float64x | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Float128 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| _Imaginary double | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| _Imaginary float | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| _Imaginary long double | BinaryFloatingPointType, GuardConditionImpl, ImaginaryNumberType | | | | | +| __SVCount_t | GuardConditionImpl, ScalableVectorCount | | | | | +| __bf16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __float128 | Float128Type, GuardConditionImpl | | | | | +| __fp16 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __int128 | GuardConditionImpl, Int128Type | | | | | +| __mfp8 | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| __va_list_tag | DirectAccessHolder, GuardConditionImpl, MetricClass, Struct, StructLikeClass | | | | | +| __va_list_tag & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | __va_list_tag | | | +| __va_list_tag && | GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | __va_list_tag | | | +| address | DirectAccessHolder, GuardConditionImpl, MetricClass, Struct, StructLikeClass | | | | | +| address & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | address | | | +| address && | GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, RValueReferenceType | | address | | | +| auto | AutoType, GuardConditionImpl | | | | | +| bool | BoolType, GuardConditionImpl | | | | | +| char | GuardConditionImpl, MicrosoftInt8Type, PlainCharType | | | | | +| char8_t | Char8Type, GuardConditionImpl | | | | | +| char16_t | Char16Type, GuardConditionImpl | | | | | +| char32_t | Char32Type, GuardConditionImpl | | | | | +| char * | CharPointerType, GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | char | | | +| char *[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char *[32] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char *[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char * | char * | | | +| char[2] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[5] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[6] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[9] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[53] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| char[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | char | char | | | +| const __va_list_tag | GuardConditionImpl, SpecifiedType | | __va_list_tag | | | +| const __va_list_tag & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const __va_list_tag | | | +| const address | GuardConditionImpl, SpecifiedType | | address | | | +| const address & | GuardConditionImpl, LValueReferenceType, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | const address | | | +| const char | GuardConditionImpl, SpecifiedType | | char | | | +| const char * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, PointerType | | const char | | | +| const char *[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | +| const char *[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char * | const char * | | | +| const char[5] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[6] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[9] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const char[53] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | const char | const char | | | +| const double | GuardConditionImpl, SpecifiedType | | double | | | +| const int | GuardConditionImpl, SpecifiedType | | int | | | +| decltype(nullptr) | GuardConditionImpl, NullPointerType | | | | | +| double | DoubleType, GuardConditionImpl | | | | | +| error | ErroneousType, GuardConditionImpl | | | | | +| float | FloatType, GuardConditionImpl | | | | | +| float[3] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | float | float | | | +| int | GuardConditionImpl, IntType, MicrosoftInt32Type | | | | | +| int * | GuardConditionImpl, IntPointerType, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | | int | | | +| int[4] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[8] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[10] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[10][20] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int[20] | int[20] | | | +| int[20] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| int[] | ArrayType, GuardConditionImpl, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection | int | int | | | +| long | GuardConditionImpl, LongType | | | | | +| long double | GuardConditionImpl, LongDoubleType | | | | | +| long long | GuardConditionImpl, LongLongType, MicrosoftInt64Type | | | | | +| short | GuardConditionImpl, MicrosoftInt16Type, ShortType | | | | | +| signed __int128 | GuardConditionImpl, Int128Type | | | | | +| signed char | GuardConditionImpl, SignedCharType | | | | | +| signed int | GuardConditionImpl, IntType | | | | | +| signed long | GuardConditionImpl, LongType | | | | | +| signed long long | GuardConditionImpl, LongLongType | | | | | +| signed short | GuardConditionImpl, ShortType | | | | | +| std::float16_t | BinaryFloatingPointType, GuardConditionImpl, RealNumberType | | | | | +| unknown | GuardConditionImpl, UnknownType | | | | | +| unsigned __int128 | GuardConditionImpl, Int128Type | | | | unsigned integral | +| unsigned char | GuardConditionImpl, UnsignedCharType | | | | unsigned integral | +| unsigned int | GuardConditionImpl, IntType | | | unsigned int | unsigned integral | +| unsigned long | GuardConditionImpl, LongType | | | | unsigned integral | +| unsigned long long | GuardConditionImpl, LongLongType | | | | unsigned integral | +| unsigned short | GuardConditionImpl, ShortType | | | | unsigned integral | +| void | GuardConditionImpl, VoidType | | | | | +| void * | GuardConditionImpl, IteratorByPointer, PointerOrArrayOrReferenceType, PointerOrArrayOrReferenceTypeIndirection, VoidPointerType | | void | | | +| wchar_t | GuardConditionImpl, Wchar_t, WideCharType | | | | | From 513ae2ab54ec75a62d73d9912b156a4ed8282919 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 9 Sep 2025 18:05:27 +0100 Subject: [PATCH 039/307] Rust: Add tests for insecure cookies. --- .../query-tests/security/CWE-614/Cargo.lock | 684 ++++++++++++++++++ .../test/query-tests/security/CWE-614/main.rs | 174 +++++ .../query-tests/security/CWE-614/options.yml | 4 + 3 files changed, 862 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-614/Cargo.lock create mode 100644 rust/ql/test/query-tests/security/CWE-614/main.rs create mode 100644 rust/ql/test/query-tests/security/CWE-614/options.yml diff --git a/rust/ql/test/query-tests/security/CWE-614/Cargo.lock b/rust/ql/test/query-tests/security/CWE-614/Cargo.lock new file mode 100644 index 000000000000..1d2124de710d --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/Cargo.lock @@ -0,0 +1,684 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "aead" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d122413f284cf2d62fb1b7db97e02edb8cda96d769b16e443a4f6195e35662b0" +dependencies = [ + "crypto-common", + "generic-array", +] + +[[package]] +name = "aes" +version = "0.8.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b169f7a6d4742236a0a00c541b845991d0ac43e546831af1249753ab4c3aa3a0" +dependencies = [ + "cfg-if", + "cipher", + "cpufeatures", +] + +[[package]] +name = "aes-gcm" +version = "0.10.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "831010a0f742e1209b3bcea8fab6a8e149051ba6099432c8cb2cc117dec3ead1" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "ghash", + "subtle", +] + +[[package]] +name = "aes-gcm-siv" +version = "0.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ae0784134ba9375416d469ec31e7c5f9fa94405049cf08c5ce5b4698be673e0d" +dependencies = [ + "aead", + "aes", + "cipher", + "ctr", + "polyval", + "subtle", + "zeroize", +] + +[[package]] +name = "anyhow" +version = "1.0.99" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" + +[[package]] +name = "base64" +version = "0.22.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" + +[[package]] +name = "biscotti" +version = "0.4.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddb6f28a3d15d18cace7a8010282a4d9cee1452dcd33f5861c173b4a31095b79" +dependencies = [ + "aes-gcm-siv", + "anyhow", + "base64", + "hkdf", + "hmac", + "jiff", + "percent-encoding", + "rand 0.9.2", + "serde", + "sha2", + "subtle", +] + +[[package]] +name = "block-buffer" +version = "0.10.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71" +dependencies = [ + "generic-array", +] + +[[package]] +name = "cfg-if" +version = "1.0.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" + +[[package]] +name = "cipher" +version = "0.4.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "773f3b9af64447d2ce9850330c473515014aa235e6a783b02db81ff39e4a3dad" +dependencies = [ + "crypto-common", + "inout", +] + +[[package]] +name = "cookie" +version = "0.18.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4ddef33a339a91ea89fb53151bd0a4689cfce27055c291dfa69945475d22c747" +dependencies = [ + "aes-gcm", + "base64", + "hmac", + "percent-encoding", + "rand 0.8.5", + "sha2", + "subtle", + "time", + "version_check", +] + +[[package]] +name = "cpufeatures" +version = "0.2.17" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280" +dependencies = [ + "libc", +] + +[[package]] +name = "crypto-common" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3" +dependencies = [ + "generic-array", + "rand_core 0.6.4", + "typenum", +] + +[[package]] +name = "ctr" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0369ee1ad671834580515889b80f2ea915f23b8be8d0daa4bbaf2ac5c7590835" +dependencies = [ + "cipher", +] + +[[package]] +name = "deranged" +version = "0.5.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d630bccd429a5bb5a64b5e94f693bfc48c9f8566418fda4c494cc94f911f87cc" +dependencies = [ + "powerfmt", +] + +[[package]] +name = "digest" +version = "0.10.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" +dependencies = [ + "block-buffer", + "crypto-common", + "subtle", +] + +[[package]] +name = "generic-array" +version = "0.14.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a" +dependencies = [ + "typenum", + "version_check", +] + +[[package]] +name = "getrandom" +version = "0.2.16" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "335ff9f135e4384c8150d6f27c6daed433577f86b4750418338c01a1a2528592" +dependencies = [ + "cfg-if", + "libc", + "wasi 0.11.1+wasi-snapshot-preview1", +] + +[[package]] +name = "getrandom" +version = "0.3.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasi 0.14.5+wasi-0.2.4", +] + +[[package]] +name = "ghash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f0d8a4362ccb29cb0b265253fb0a2728f592895ee6854fd9bc13f2ffda266ff1" +dependencies = [ + "opaque-debug", + "polyval", +] + +[[package]] +name = "hkdf" +version = "0.12.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7b5f8eb2ad728638ea2c7d47a21db23b7b58a72ed6a38256b8a1849f15fbbdf7" +dependencies = [ + "hmac", +] + +[[package]] +name = "hmac" +version = "0.12.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" +dependencies = [ + "digest", +] + +[[package]] +name = "inout" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "879f10e63c20629ecabbb64a8010319738c66a5cd0c29b02d63d272b03751d01" +dependencies = [ + "generic-array", +] + +[[package]] +name = "jiff" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be1f93b8b1eb69c77f24bbb0afdf66f54b632ee39af40ca21c4365a1d7347e49" +dependencies = [ + "jiff-static", + "jiff-tzdb-platform", + "log", + "portable-atomic", + "portable-atomic-util", + "serde", + "windows-sys", +] + +[[package]] +name = "jiff-static" +version = "0.2.15" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03343451ff899767262ec32146f6d559dd759fdadf42ff0e227c7c48f72594b4" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "jiff-tzdb" +version = "0.1.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c1283705eb0a21404d2bfd6eef2a7593d240bc42a0bdb39db0ad6fa2ec026524" + +[[package]] +name = "jiff-tzdb-platform" +version = "0.1.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "875a5a69ac2bab1a891711cf5eccbec1ce0341ea805560dcd90b7a2e925132e8" +dependencies = [ + "jiff-tzdb", +] + +[[package]] +name = "libc" +version = "0.2.175" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" + +[[package]] +name = "log" +version = "0.4.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34080505efa8e45a4b816c349525ebe327ceaa8559756f0356cba97ef3bf7432" + +[[package]] +name = "num-conv" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "51d515d32fb182ee37cda2ccdcb92950d6a3c2893aa280e540671c2cd0f3b1d9" + +[[package]] +name = "opaque-debug" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08d65885ee38876c4f86fa503fb49d7b507c2b62552df7c70b2fce627e06381" + +[[package]] +name = "percent-encoding" +version = "2.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e3148f5046208a5d56bcfc03053e3ca6334e51da8dfb19b6cdc8b306fae3283e" + +[[package]] +name = "polyval" +version = "0.6.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d1fe60d06143b2430aa532c94cfe9e29783047f06c0d7fd359a9a51b729fa25" +dependencies = [ + "cfg-if", + "cpufeatures", + "opaque-debug", + "universal-hash", +] + +[[package]] +name = "portable-atomic" +version = "1.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f84267b20a16ea918e43c6a88433c2d54fa145c92a811b5b047ccbe153674483" + +[[package]] +name = "portable-atomic-util" +version = "0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d8a2f0d8d040d7848a709caf78912debcc3f33ee4b3cac47d73d1e1069e83507" +dependencies = [ + "portable-atomic", +] + +[[package]] +name = "powerfmt" +version = "0.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391" + +[[package]] +name = "ppv-lite86" +version = "0.2.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9" +dependencies = [ + "zerocopy", +] + +[[package]] +name = "proc-macro2" +version = "1.0.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "02b3e5e68a3a1a02aad3ec490a98007cbc13c37cbe84a3cd7b8e406d76e7f778" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.40" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "5.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" + +[[package]] +name = "rand" +version = "0.8.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404" +dependencies = [ + "libc", + "rand_chacha 0.3.1", + "rand_core 0.6.4", +] + +[[package]] +name = "rand" +version = "0.9.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6db2770f06117d490610c7488547d543617b21bfa07796d7a12f6f1bd53850d1" +dependencies = [ + "rand_chacha 0.9.0", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_chacha" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88" +dependencies = [ + "ppv-lite86", + "rand_core 0.6.4", +] + +[[package]] +name = "rand_chacha" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb" +dependencies = [ + "ppv-lite86", + "rand_core 0.9.3", +] + +[[package]] +name = "rand_core" +version = "0.6.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" +dependencies = [ + "getrandom 0.2.16", +] + +[[package]] +name = "rand_core" +version = "0.9.3" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "99d9a13982dcf210057a8a78572b2217b667c3beacbf3a0d8b454f6f82837d38" +dependencies = [ + "getrandom 0.3.3", +] + +[[package]] +name = "serde" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.219" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "sha2" +version = "0.10.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7507d819769d01a365ab707794a4084392c824f54a7a6a7862f8c3d0892b283" +dependencies = [ + "cfg-if", + "cpufeatures", + "digest", +] + +[[package]] +name = "subtle" +version = "2.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" + +[[package]] +name = "syn" +version = "2.0.103" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e4307e30089d6fd6aff212f2da3a1f9e32f3223b1f010fb09b7c95f90f3ca1e8" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "test" +version = "0.0.1" +dependencies = [ + "biscotti", + "cookie", +] + +[[package]] +name = "time" +version = "0.3.43" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83bde6f1ec10e72d583d91623c939f623002284ef622b87de38cfd546cbf2031" +dependencies = [ + "deranged", + "num-conv", + "powerfmt", + "serde", + "time-core", + "time-macros", +] + +[[package]] +name = "time-core" +version = "0.1.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "40868e7c1d2f0b8d73e4a8c7f0ff63af4f6d19be117e90bd73eb1d62cf831c6b" + +[[package]] +name = "time-macros" +version = "0.2.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "30cfb0125f12d9c277f35663a0a33f8c30190f4e4574868a330595412d34ebf3" +dependencies = [ + "num-conv", + "time-core", +] + +[[package]] +name = "typenum" +version = "1.18.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1dccffe3ce07af9386bfd29e80c0ab1a8205a2fc34e4bcd40364df902cfa8f3f" + +[[package]] +name = "unicode-ident" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" + +[[package]] +name = "universal-hash" +version = "0.5.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "fc1de2c688dc15305988b563c3854064043356019f97a4b46276fe734c4f07ea" +dependencies = [ + "crypto-common", + "subtle", +] + +[[package]] +name = "version_check" +version = "0.9.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a" + +[[package]] +name = "wasi" +version = "0.11.1+wasi-snapshot-preview1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b" + +[[package]] +name = "wasi" +version = "0.14.5+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4494f6290a82f5fe584817a676a34b9d6763e8d9d18204009fb31dceca98fd4" +dependencies = [ + "wasip2", +] + +[[package]] +name = "wasip2" +version = "1.0.0+wasi-0.2.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "03fa2761397e5bd52002cd7e73110c71af2109aca4e521a9f40473fe685b0a24" +dependencies = [ + "wit-bindgen", +] + +[[package]] +name = "windows-sys" +version = "0.59.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e38bc4d79ed67fd075bcc251a1c39b32a1776bbe92e5bef1f0bf1f8c531853b" +dependencies = [ + "windows-targets", +] + +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm", + "windows_aarch64_msvc", + "windows_i686_gnu", + "windows_i686_gnullvm", + "windows_i686_msvc", + "windows_x86_64_gnu", + "windows_x86_64_gnullvm", + "windows_x86_64_msvc", +] + +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + +[[package]] +name = "wit-bindgen" +version = "0.45.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5c573471f125075647d03df72e026074b7203790d41351cd6edc96f46bcccd36" + +[[package]] +name = "zerocopy" +version = "0.8.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1039dd0d3c310cf05de012d8a39ff557cb0d23087fd44cad61df08fc31907a2f" +dependencies = [ + "zerocopy-derive", +] + +[[package]] +name = "zerocopy-derive" +version = "0.8.26" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9ecf5b4cc5364572d7f4c329661bcc82724222973f2cab6f050a4e5c22f75181" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "zeroize" +version = "1.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ced3678a2879b30306d323f4542626697a464a97c0a07c9aebf7ebca65cd4dde" diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs new file mode 100644 index 000000000000..da11fa5e5bc7 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -0,0 +1,174 @@ +use cookie::{Cookie, CookieBuilder, CookieJar, Key}; + +fn test_cookie(sometimes: bool) { + let always = true; + let never = false; + + // secure set to false + let cookie1 = Cookie::build(("name", "value")).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + println!("cookie1 = '{}'", cookie1.to_string()); + + // secure set to true + let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // good + println!("cookie2 = '{}'", cookie2.to_string()); + + // secure left as default (which is `None`, equivalent here to `false`) + let cookie3 = Cookie::build(("name", "value")).build(); // $ MISSING: Alert[rust/insecure-cookie] + println!("cookie3 = '{}'", cookie3.to_string()); + + // secure setting varies (may be false) + Cookie::build(("name", "value")).secure(sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] + + // with data flow on the "secure" value + Cookie::build(("name", "value")).secure(always).build(); // good + Cookie::build(("name", "value")).secure(!always).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(never).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!never).build(); // good + Cookie::build(("name", "value")).secure(always && never).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always || never).build(); // good + + // with guards + if sometimes { + Cookie::build(("name", "value")).secure(sometimes).build(); // good + } else { + Cookie::build(("name", "value")).secure(sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] + } + + // variant uses (all insecure) + CookieBuilder::new("name", "value").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).expires(None).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).max_age(cookie::time::Duration::hours(12)).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).domain("example.com").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).path("/").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).http_only(true).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).same_site(cookie::SameSite::Strict).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).permanent().secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).removal().secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).finish(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build("name").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(Cookie::build("name")).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + + // edge cases + Cookie::build(("name", "value")).secure(true).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).secure(true).build(); // good + + // mutable cookie + let mut jar = CookieJar::new(); + let mut a = Cookie::new("name", "value"); + jar.add(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + a.set_secure(true); + jar.add(a.clone()); // good + a.set_secure(false); + jar.add(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + + let key = Key::generate(); + let mut signed_jar = jar.signed_mut(&key); + let mut b = Cookie::named("name"); + signed_jar.add(b.clone()); // $ MISSING: Alert[rust/insecure-cookie] + signed_jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + b.set_secure(sometimes); + signed_jar.add(b.clone()); // $ MISSING: Alert[rust/insecure-cookie] + b.set_secure(true); + signed_jar.add(b.clone()); // good + + let mut private_jar = jar.private_mut(&key); + let mut c = Cookie::from("name"); + private_jar.add(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] + private_jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + if sometimes { + c.set_secure(true); + } + private_jar.add(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] + c.set_secure(true); + private_jar.add(c.clone()); // good + + let mut d = Cookie::from("name"); + jar.add(d.clone()); // $ MISSING: Alert[rust/insecure-cookie] + if sometimes { + c.set_secure(true); + } else { + c.set_partitioned(true); + } + jar.add(d.clone()); // good + + // parse + jar.add(Cookie::parse("name=value; HttpOnly").unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(Cookie::parse("name=value; Secure; HttpOnly").unwrap()); // good + jar.add(Cookie::parse_encoded("name=value; HttpOnly").unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(Cookie::parse_encoded("name=value; Secure; HttpOnly").unwrap()); // good + + for cookie in Cookie::split_parse("name1=value1; name2=value2") { + jar.add(cookie.unwrap()); // $ MISSING: Alert[rust/insecure-cookie] + } + + for cookie in Cookie::split_parse_encoded("name1=value1; name2=value2") { + let mut e = cookie.unwrap(); + jar.add(e.clone()); // $ MISSING: Alert[rust/insecure-cookie] + e.set_secure(true); + jar.add(e.clone()); // good + } + + // partitioned (implies secure) + Cookie::build(("name", "value")).partitioned(true).build(); // good +} + +fn test_biscotti() { + let mut cookies = biscotti::ResponseCookies::new(); + + // test set_secure, set_partitioned + + let a = biscotti::ResponseCookie::new("name", "value"); + cookies.insert(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + println!("biscotti1 = {}", a.to_string()); + + let b = a.set_secure(true); + cookies.insert(b.clone()); // good (secure) + println!("biscotti2 = {}", b.to_string()); + + let c = b.set_secure(false); + cookies.insert(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] + println!("biscotti3 = {}", c.to_string()); + + let d = c.set_partitioned(true); // (implies secure) + cookies.insert(d.clone()); // good (partitioned) + println!("biscotti4 = {}", d.to_string()); + + let e = d.set_secure(true); + cookies.insert(e.clone()); // good (partitioned + secure) + println!("biscotti5 = {}", e.to_string()); + + let f = e.set_partitioned(false); + cookies.insert(f.clone()); // good (secure) + println!("biscotti6 = {}", f.to_string()); + + let g = f.set_secure(false); + cookies.insert(g.clone()); // $ MISSING: Alert[rust/insecure-cookie] + println!("biscotti7 = {}", g.to_string()); + + // variant creation (insecure) + let h = biscotti::ResponseCookie::from(("name", "value")); + cookies.insert(h); // $ MISSING: Alert[rust/insecure-cookie] + + // variant uses (all insecure) + let i = biscotti::ResponseCookie::new("name", "value"); + cookies.insert(i.clone().set_name("name2")); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_value("value2")); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_http_only(true)); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_same_site(biscotti::SameSite::Strict)); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_max_age(None)); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_path("/")); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_path()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_domain("example.com")); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_domain()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_expires(None)); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_expires()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().make_permanent()); // $ MISSING: Alert[rust/insecure-cookie] +} + +fn main() { + test_cookie(true); + test_cookie(false); + test_biscotti(); +} diff --git a/rust/ql/test/query-tests/security/CWE-614/options.yml b/rust/ql/test/query-tests/security/CWE-614/options.yml new file mode 100644 index 000000000000..99b8e37e8439 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/options.yml @@ -0,0 +1,4 @@ +qltest_cargo_check: true +qltest_dependencies: + - cookie = { version = "0.18.1", features = ["percent-encode", "signed", "private"] } + - biscotti = { version = "0.4.3" } From 7e75c1d24257c340e2ff8030c516c4820f5b254d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 Sep 2025 11:17:05 +0100 Subject: [PATCH 040/307] Rust: Add very basic query prototype. --- .../security/CWE-614/InsecureCookie.ql | 48 +++++++++++++++++++ .../security/CWE-614/InsecureCookie.expected | 6 +++ .../security/CWE-614/InsecureCookie.qlref | 4 ++ .../test/query-tests/security/CWE-614/main.rs | 2 +- 4 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 rust/ql/src/queries/security/CWE-614/InsecureCookie.ql create mode 100644 rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected create mode 100644 rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql new file mode 100644 index 000000000000..4d659d95a954 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -0,0 +1,48 @@ +/** + * @name 'Secure' attribute is not set to true + * @description Omitting the 'Secure' attribute allows data to be transmitted insecurely + * using HTTP. Always set 'Secure' to 'true' to ensure that HTTPS + * is used at all times. + * @kind problem + * @problem.severity error + * @precision high + * @id rust/insecure-cookie + * @tags security + * external/cwe/cwe-319 + * external/cwe/cwe-614 + */ + +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking +import InsecureCookieFlow::PathGraph + +/** + * A data flow configuration for tracking values representing cookies without the + * 'secure' flag set. + */ +module InsecureCookieConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + // creation of a cookie with default settings (insecure) + exists(CallExprBase ce | + ce.getStaticTarget().getCanonicalPath() = "::build" and + node.asExpr().getExpr() = ce + ) + } + + predicate isSink(DataFlow::Node node) { + // qualifier of a call to `.build`. + exists(MethodCallExpr ce | + ce.getStaticTarget().getCanonicalPath() = "::build" and + node.asExpr().getExpr() = ce.getReceiver() + ) + } + + predicate observeDiffInformedIncrementalMode() { any() } +} + +module InsecureCookieFlow = TaintTracking::Global; + +from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode +where InsecureCookieFlow::flowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true." diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected new file mode 100644 index 000000000000..2f900fc34dc8 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -0,0 +1,6 @@ +#select +| main.rs:16:19:16:50 | ...::build(...) | main.rs:16:19:16:50 | ...::build(...) | main.rs:16:19:16:50 | ...::build(...) | Cookie attribute 'Secure' is not set to true. | +edges +nodes +| main.rs:16:19:16:50 | ...::build(...) | semmle.label | ...::build(...) | +subpaths diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref new file mode 100644 index 000000000000..36a9751434ce --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-614/InsecureCookie.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index da11fa5e5bc7..6ef4cc3c83b7 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -13,7 +13,7 @@ fn test_cookie(sometimes: bool) { println!("cookie2 = '{}'", cookie2.to_string()); // secure left as default (which is `None`, equivalent here to `false`) - let cookie3 = Cookie::build(("name", "value")).build(); // $ MISSING: Alert[rust/insecure-cookie] + let cookie3 = Cookie::build(("name", "value")).build(); // $ Alert[rust/insecure-cookie] println!("cookie3 = '{}'", cookie3.to_string()); // secure setting varies (may be false) From d52b6681497071cb89cd27378a884f6ecc33cb87 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 11 Sep 2025 11:22:46 +0100 Subject: [PATCH 041/307] Rust: Add security-severity tag. --- rust/ql/src/queries/security/CWE-614/InsecureCookie.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index 4d659d95a954..f14af7752fd9 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -5,6 +5,7 @@ * is used at all times. * @kind problem * @problem.severity error + * @security-severity 7.5 * @precision high * @id rust/insecure-cookie * @tags security From eadf922280a7ddf7004fccf9802b1d07d66f8bae Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 15 Sep 2025 09:24:16 +0100 Subject: [PATCH 042/307] Rust: Use models-as-data, add source/sink/flow models. --- .../codeql/rust/frameworks/biscotti.model.yml | 25 + .../codeql/rust/frameworks/cookie.model.yml | 33 + .../security/CWE-614/InsecureCookie.ql | 19 +- .../security/CWE-614/InsecureCookie.expected | 636 +++++++++++++++++- .../test/query-tests/security/CWE-614/main.rs | 122 ++-- 5 files changed, 762 insertions(+), 73 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml index c99a2433348a..b70a27f74d16 100644 --- a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml @@ -1,7 +1,32 @@ # Models for the `biscotti` crate. extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::from", "ReturnValue", "cookie-create", "manual"] - addsTo: pack: codeql/rust-all extensible: sinkModel data: + - ["::insert", "Argument[0]", "cookie-use", "manual"] - ["::from", "Argument[0]", "credentials-key", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["::set_secure", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_name", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_value", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_http_only", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_same_site", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_max_age", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::unset_expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::make_permanent", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml index abbadd379e6e..f9c8cd647c56 100644 --- a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml @@ -1,7 +1,40 @@ # Models for the `cookie` crate. extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + - ["::build", "ReturnValue", "cookie-create", "manual"] + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::new", "ReturnValue", "cookie-create", "manual"] + - ["::named", "ReturnValue", "cookie-create", "manual"] + - ["::from", "ReturnValue", "cookie-create", "manual"] - addsTo: pack: codeql/rust-all extensible: sinkModel data: + - ["::build", "Argument[self]", "cookie-use", "manual"] + - ["::finish", "Argument[self]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] + - ["::add", "Argument[0]", "cookie-use", "manual"] + - ["::add_original", "Argument[0]", "cookie-use", "manual"] - ["::from", "Argument[0].Reference", "credentials-key", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["::secure", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::expires", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::max_age", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::domain", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::path", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::http_only", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::same_site", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::permanent", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::removal", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_secure", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index f14af7752fd9..69d11b85bef3 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -16,7 +16,8 @@ import rust import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking -import InsecureCookieFlow::PathGraph +import codeql.rust.dataflow.FlowSource +import codeql.rust.dataflow.FlowSink /** * A data flow configuration for tracking values representing cookies without the @@ -24,19 +25,13 @@ import InsecureCookieFlow::PathGraph */ module InsecureCookieConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { - // creation of a cookie with default settings (insecure) - exists(CallExprBase ce | - ce.getStaticTarget().getCanonicalPath() = "::build" and - node.asExpr().getExpr() = ce - ) + // creation of a cookie or cookie configuration with default, insecure settings + sourceNode(node, "cookie-create") } predicate isSink(DataFlow::Node node) { - // qualifier of a call to `.build`. - exists(MethodCallExpr ce | - ce.getStaticTarget().getCanonicalPath() = "::build" and - node.asExpr().getExpr() = ce.getReceiver() - ) + // use of a cookie or cookie configuration + sinkNode(node, "cookie-use") } predicate observeDiffInformedIncrementalMode() { any() } @@ -44,6 +39,8 @@ module InsecureCookieConfig implements DataFlow::ConfigSig { module InsecureCookieFlow = TaintTracking::Global; +import InsecureCookieFlow::PathGraph + from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode where InsecureCookieFlow::flowPath(sourceNode, sinkNode) select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true." diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected index 2f900fc34dc8..b4bd897ca6ff 100644 --- a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -1,6 +1,640 @@ #select -| main.rs:16:19:16:50 | ...::build(...) | main.rs:16:19:16:50 | ...::build(...) | main.rs:16:19:16:50 | ...::build(...) | Cookie attribute 'Secure' is not set to true. | +| main.rs:8:66:8:70 | build | main.rs:8:19:8:31 | ...::build | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:12:65:12:69 | build | main.rs:12:19:12:31 | ...::build | main.rs:12:65:12:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:16:52:16:56 | build | main.rs:16:19:16:31 | ...::build | main.rs:16:52:16:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:20:56:20:60 | build | main.rs:20:5:20:17 | ...::build | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:21:57:21:61 | build | main.rs:21:5:21:17 | ...::build | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:24:53:24:57 | build | main.rs:24:5:24:17 | ...::build | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:25:54:25:58 | build | main.rs:25:5:25:17 | ...::build | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:26:52:26:56 | build | main.rs:26:5:26:17 | ...::build | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:27:53:27:57 | build | main.rs:27:5:27:17 | ...::build | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:28:62:28:66 | build | main.rs:28:5:28:17 | ...::build | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:29:62:29:66 | build | main.rs:29:5:29:17 | ...::build | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:33:60:33:64 | build | main.rs:33:9:33:21 | ...::build | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:35:60:35:64 | build | main.rs:35:9:35:21 | ...::build | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:39:55:39:59 | build | main.rs:39:5:39:22 | ...::new | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:40:66:40:70 | build | main.rs:40:5:40:17 | ...::build | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:41:95:41:99 | build | main.rs:41:5:41:17 | ...::build | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:42:74:42:78 | build | main.rs:42:5:42:17 | ...::build | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:43:62:43:66 | build | main.rs:43:5:43:17 | ...::build | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:44:68:44:72 | build | main.rs:44:5:44:17 | ...::build | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:45:88:45:92 | build | main.rs:45:5:45:17 | ...::build | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:46:64:46:68 | build | main.rs:46:5:46:17 | ...::build | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:47:62:47:66 | build | main.rs:47:5:47:17 | ...::build | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:48:52:48:57 | finish | main.rs:48:5:48:17 | ...::build | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | +| main.rs:49:41:49:45 | build | main.rs:49:5:49:17 | ...::build | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:50:56:50:60 | build | main.rs:50:5:50:17 | ...::build | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:53:65:53:69 | build | main.rs:53:5:53:17 | ...::build | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:54:65:54:69 | build | main.rs:54:5:54:17 | ...::build | main.rs:54:65:54:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:59:9:59:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:59:9:59:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:60:9:60:20 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:60:9:60:20 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:62:9:62:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:62:9:62:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:64:9:64:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:69:16:69:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:69:16:69:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:70:16:70:27 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:74:16:74:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:74:16:74:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:78:17:78:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:78:17:78:19 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:79:17:79:28 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:83:17:83:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:83:17:83:19 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:85:17:85:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:85:17:85:19 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:88:9:88:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:88:9:88:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:94:9:94:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:94:9:94:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:114:56:114:60 | build | main.rs:114:5:114:17 | ...::build | main.rs:114:56:114:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:123:13:123:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:123:13:123:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:127:13:127:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:127:13:127:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:131:13:131:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:135:13:135:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:135:13:135:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:139:13:139:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:139:13:139:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:143:13:143:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:143:13:143:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:147:13:147:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:152:13:152:18 | insert | main.rs:151:13:151:42 | ...::from | main.rs:152:13:152:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:156:13:156:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:156:13:156:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:157:13:157:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:157:13:157:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:158:13:158:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:158:13:158:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:159:13:159:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:159:13:159:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:160:13:160:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:160:13:160:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:161:13:161:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:161:13:161:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:162:13:162:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:162:13:162:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:163:13:163:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:163:13:163:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:164:13:164:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:164:13:164:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:165:13:165:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:165:13:165:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:166:13:166:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:166:13:166:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:167:13:167:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:167:13:167:18 | insert | Cookie attribute 'Secure' is not set to true. | edges +| main.rs:8:19:8:31 | ...::build | main.rs:8:19:8:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:12:19:12:31 | ...::build | main.rs:12:19:12:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:12:19:12:50 | ...::build(...) | main.rs:12:19:12:63 | ... .secure(...) | provenance | MaD:41 | +| main.rs:12:19:12:63 | ... .secure(...) | main.rs:12:65:12:69 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:16:19:16:31 | ...::build | main.rs:16:19:16:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:16:19:16:50 | ...::build(...) | main.rs:16:52:16:56 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:20:5:20:17 | ...::build | main.rs:20:5:20:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:21:5:21:17 | ...::build | main.rs:21:5:21:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:41 | +| main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:24:5:24:17 | ...::build | main.rs:24:5:24:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:41 | +| main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:25:5:25:17 | ...::build | main.rs:25:5:25:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:41 | +| main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:26:5:26:17 | ...::build | main.rs:26:5:26:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:27:5:27:17 | ...::build | main.rs:27:5:27:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:41 | +| main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:28:5:28:17 | ...::build | main.rs:28:5:28:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:29:5:29:17 | ...::build | main.rs:29:5:29:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:33:9:33:21 | ...::build | main.rs:33:9:33:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:35:9:35:21 | ...::build | main.rs:35:9:35:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:39:5:39:22 | ...::new | main.rs:39:5:39:39 | ...::new(...) | provenance | Src:MaD:16 MaD:16 | +| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:41 | +| main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:40:5:40:17 | ...::build | main.rs:40:5:40:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:33 | +| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:41:5:41:17 | ...::build | main.rs:41:5:41:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:35 | +| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:41 | +| main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:42:5:42:17 | ...::build | main.rs:42:5:42:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:32 | +| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:41 | +| main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:43:5:43:17 | ...::build | main.rs:43:5:43:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:37 | +| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:44:5:44:17 | ...::build | main.rs:44:5:44:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:34 | +| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:41 | +| main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:45:5:45:17 | ...::build | main.rs:45:5:45:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:40 | +| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:41 | +| main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:46:5:46:17 | ...::build | main.rs:46:5:46:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:38 | +| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:41 | +| main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:47:5:47:17 | ...::build | main.rs:47:5:47:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:39 | +| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:48:5:48:17 | ...::build | main.rs:48:5:48:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | provenance | MaD:3 Sink:MaD:3 | +| main.rs:49:5:49:17 | ...::build | main.rs:49:5:49:25 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:41 | +| main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:50:5:50:17 | ...::build | main.rs:50:5:50:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:53:5:53:17 | ...::build | main.rs:53:5:53:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:53:5:53:36 | ...::build(...) | main.rs:53:5:53:49 | ... .secure(...) | provenance | MaD:41 | +| main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:5:53:63 | ... .secure(...) | provenance | MaD:41 | +| main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:54:5:54:17 | ...::build | main.rs:54:5:54:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:54:5:54:36 | ...::build(...) | main.rs:54:5:54:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:54:5:54:50 | ... .secure(...) | main.rs:54:5:54:63 | ... .secure(...) | provenance | MaD:41 | +| main.rs:54:5:54:63 | ... .secure(...) | main.rs:54:65:54:69 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:58:9:58:13 | mut a | main.rs:59:13:59:13 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:60:22:60:22 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:62:13:62:13 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:62:13:62:21 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:64:13:64:13 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:70:29:70:29 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:58:9:58:13 | mut a | main.rs:79:30:79:30 | a | provenance | | +| main.rs:58:9:58:13 | mut a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:58:17:58:27 | ...::new | main.rs:58:17:58:44 | ...::new(...) | provenance | Src:MaD:15 MaD:15 | +| main.rs:58:17:58:44 | ...::new(...) | main.rs:58:9:58:13 | mut a | provenance | | +| main.rs:59:13:59:13 | a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | +| main.rs:59:13:59:21 | a.clone() | main.rs:59:9:59:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:60:22:60:22 | a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | +| main.rs:60:22:60:30 | a.clone() | main.rs:60:9:60:20 | add_original | provenance | MaD:5 Sink:MaD:5 | +| main.rs:62:13:62:13 | a | main.rs:62:13:62:21 | a.clone() | provenance | MaD:17 | +| main.rs:62:13:62:21 | a.clone() | main.rs:62:9:62:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:64:13:64:13 | a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:64:13:64:21 | a.clone() | main.rs:64:9:64:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:68:9:68:13 | mut b | main.rs:69:20:69:20 | b | provenance | | +| main.rs:68:9:68:13 | mut b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | +| main.rs:68:9:68:13 | mut b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:68:9:68:13 | mut b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:68:9:68:13 | mut b | main.rs:74:20:74:20 | b | provenance | | +| main.rs:68:9:68:13 | mut b | main.rs:74:20:74:28 | b.clone() | provenance | MaD:17 | +| main.rs:68:17:68:29 | ...::named | main.rs:68:17:68:37 | ...::named(...) | provenance | Src:MaD:14 MaD:14 | +| main.rs:68:17:68:37 | ...::named(...) | main.rs:68:9:68:13 | mut b | provenance | | +| main.rs:69:20:69:20 | b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | +| main.rs:69:20:69:28 | b.clone() | main.rs:69:16:69:18 | add | provenance | MaD:8 Sink:MaD:8 | +| main.rs:70:29:70:29 | a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:70:29:70:37 | a.clone() | main.rs:70:16:70:27 | add_original | provenance | MaD:9 Sink:MaD:9 | +| main.rs:72:20:72:20 | b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:72:20:72:28 | b.clone() | main.rs:72:16:72:18 | add | provenance | MaD:8 Sink:MaD:8 | +| main.rs:74:20:74:20 | b | main.rs:74:20:74:28 | b.clone() | provenance | MaD:17 | +| main.rs:74:20:74:28 | b.clone() | main.rs:74:16:74:18 | add | provenance | MaD:8 Sink:MaD:8 | +| main.rs:77:9:77:13 | mut c | main.rs:78:21:78:21 | c | provenance | | +| main.rs:77:9:77:13 | mut c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | +| main.rs:77:9:77:13 | mut c | main.rs:83:21:83:21 | c | provenance | | +| main.rs:77:9:77:13 | mut c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | +| main.rs:77:9:77:13 | mut c | main.rs:85:21:85:21 | c | provenance | | +| main.rs:77:9:77:13 | mut c | main.rs:85:21:85:29 | c.clone() | provenance | MaD:17 | +| main.rs:77:17:77:28 | ...::from | main.rs:77:17:77:36 | ...::from(...) | provenance | Src:MaD:12 MaD:12 | +| main.rs:77:17:77:36 | ...::from(...) | main.rs:77:9:77:13 | mut c | provenance | | +| main.rs:78:21:78:21 | c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | +| main.rs:78:21:78:29 | c.clone() | main.rs:78:17:78:19 | add | provenance | MaD:6 Sink:MaD:6 | +| main.rs:79:30:79:30 | a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:79:30:79:38 | a.clone() | main.rs:79:17:79:28 | add_original | provenance | MaD:7 Sink:MaD:7 | +| main.rs:83:21:83:21 | c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | +| main.rs:83:21:83:29 | c.clone() | main.rs:83:17:83:19 | add | provenance | MaD:6 Sink:MaD:6 | +| main.rs:85:21:85:21 | c | main.rs:85:21:85:29 | c.clone() | provenance | MaD:17 | +| main.rs:85:21:85:29 | c.clone() | main.rs:85:17:85:19 | add | provenance | MaD:6 Sink:MaD:6 | +| main.rs:87:9:87:13 | mut d | main.rs:88:13:88:13 | d | provenance | | +| main.rs:87:9:87:13 | mut d | main.rs:88:13:88:21 | d.clone() | provenance | MaD:17 | +| main.rs:87:9:87:13 | mut d | main.rs:94:13:94:13 | d | provenance | | +| main.rs:87:9:87:13 | mut d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | +| main.rs:87:17:87:28 | ...::from | main.rs:87:17:87:36 | ...::from(...) | provenance | Src:MaD:12 MaD:12 | +| main.rs:87:17:87:36 | ...::from(...) | main.rs:87:9:87:13 | mut d | provenance | | +| main.rs:88:13:88:13 | d | main.rs:88:13:88:21 | d.clone() | provenance | MaD:17 | +| main.rs:88:13:88:21 | d.clone() | main.rs:88:9:88:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:94:13:94:13 | d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | +| main.rs:94:13:94:21 | d.clone() | main.rs:94:9:94:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:114:5:114:17 | ...::build | main.rs:114:5:114:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:36 | +| main.rs:114:5:114:54 | ... .partitioned(...) | main.rs:114:56:114:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:122:9:122:9 | a | main.rs:123:20:123:20 | a | provenance | | +| main.rs:122:9:122:9 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | +| main.rs:122:9:122:9 | a | main.rs:126:13:126:30 | a.set_secure(...) | provenance | MaD:27 | +| main.rs:122:13:122:41 | ...::new | main.rs:122:13:122:58 | ...::new(...) | provenance | Src:MaD:11 MaD:11 | +| main.rs:122:13:122:58 | ...::new(...) | main.rs:122:9:122:9 | a | provenance | | +| main.rs:123:20:123:20 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | +| main.rs:123:20:123:28 | a.clone() | main.rs:123:13:123:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:126:9:126:9 | b | main.rs:127:20:127:20 | b | provenance | | +| main.rs:126:9:126:9 | b | main.rs:127:20:127:28 | b.clone() | provenance | MaD:17 | +| main.rs:126:9:126:9 | b | main.rs:130:13:130:31 | b.set_secure(...) | provenance | MaD:27 | +| main.rs:126:13:126:30 | a.set_secure(...) | main.rs:126:9:126:9 | b | provenance | | +| main.rs:127:20:127:20 | b | main.rs:127:20:127:28 | b.clone() | provenance | MaD:17 | +| main.rs:127:20:127:28 | b.clone() | main.rs:127:13:127:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:130:9:130:9 | c | main.rs:131:20:131:20 | c | provenance | | +| main.rs:130:9:130:9 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | +| main.rs:130:9:130:9 | c | main.rs:134:13:134:35 | c.set_partitioned(...) | provenance | MaD:24 | +| main.rs:130:13:130:31 | b.set_secure(...) | main.rs:130:9:130:9 | c | provenance | | +| main.rs:131:20:131:20 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | +| main.rs:131:20:131:28 | c.clone() | main.rs:131:13:131:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:134:9:134:9 | d | main.rs:135:20:135:20 | d | provenance | | +| main.rs:134:9:134:9 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | +| main.rs:134:9:134:9 | d | main.rs:138:13:138:30 | d.set_secure(...) | provenance | MaD:27 | +| main.rs:134:13:134:35 | c.set_partitioned(...) | main.rs:134:9:134:9 | d | provenance | | +| main.rs:135:20:135:20 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | +| main.rs:135:20:135:28 | d.clone() | main.rs:135:13:135:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:138:9:138:9 | e | main.rs:139:20:139:20 | e | provenance | | +| main.rs:138:9:138:9 | e | main.rs:139:20:139:28 | e.clone() | provenance | MaD:17 | +| main.rs:138:9:138:9 | e | main.rs:142:13:142:36 | e.set_partitioned(...) | provenance | MaD:24 | +| main.rs:138:13:138:30 | d.set_secure(...) | main.rs:138:9:138:9 | e | provenance | | +| main.rs:139:20:139:20 | e | main.rs:139:20:139:28 | e.clone() | provenance | MaD:17 | +| main.rs:139:20:139:28 | e.clone() | main.rs:139:13:139:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:142:9:142:9 | f | main.rs:143:20:143:20 | f | provenance | | +| main.rs:142:9:142:9 | f | main.rs:143:20:143:28 | f.clone() | provenance | MaD:17 | +| main.rs:142:9:142:9 | f | main.rs:146:13:146:31 | f.set_secure(...) | provenance | MaD:27 | +| main.rs:142:13:142:36 | e.set_partitioned(...) | main.rs:142:9:142:9 | f | provenance | | +| main.rs:143:20:143:20 | f | main.rs:143:20:143:28 | f.clone() | provenance | MaD:17 | +| main.rs:143:20:143:28 | f.clone() | main.rs:143:13:143:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:146:9:146:9 | g | main.rs:147:20:147:20 | g | provenance | | +| main.rs:146:9:146:9 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | +| main.rs:146:13:146:31 | f.set_secure(...) | main.rs:146:9:146:9 | g | provenance | | +| main.rs:147:20:147:20 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | +| main.rs:147:20:147:28 | g.clone() | main.rs:147:13:147:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:151:9:151:9 | h | main.rs:152:20:152:20 | h | provenance | | +| main.rs:151:13:151:42 | ...::from | main.rs:151:13:151:61 | ...::from(...) | provenance | Src:MaD:10 MaD:10 | +| main.rs:151:13:151:61 | ...::from(...) | main.rs:151:9:151:9 | h | provenance | | +| main.rs:152:20:152:20 | h | main.rs:152:13:152:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:155:9:155:9 | i | main.rs:156:20:156:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:156:20:156:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:157:20:157:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:158:20:158:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:159:20:159:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:159:20:159:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:160:20:160:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:160:20:160:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:161:20:161:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:161:20:161:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:162:20:162:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:163:20:163:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:164:20:164:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:165:20:165:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:166:20:166:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:9:155:9 | i | main.rs:167:20:167:20 | i | provenance | | +| main.rs:155:9:155:9 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | +| main.rs:155:13:155:41 | ...::new | main.rs:155:13:155:58 | ...::new(...) | provenance | Src:MaD:11 MaD:11 | +| main.rs:155:13:155:58 | ...::new(...) | main.rs:155:9:155:9 | i | provenance | | +| main.rs:156:20:156:20 | i | main.rs:156:20:156:28 | i.clone() | provenance | MaD:17 | +| main.rs:156:20:156:28 | i.clone() | main.rs:156:20:156:46 | ... .set_name(...) | provenance | MaD:23 | +| main.rs:156:20:156:46 | ... .set_name(...) | main.rs:156:13:156:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:157:20:157:20 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | +| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:28 | +| main.rs:157:20:157:48 | ... .set_value(...) | main.rs:157:13:157:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:158:20:158:20 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | +| main.rs:158:20:158:28 | i.clone() | main.rs:158:20:158:48 | ... .set_http_only(...) | provenance | MaD:21 | +| main.rs:158:20:158:48 | ... .set_http_only(...) | main.rs:158:13:158:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:159:20:159:20 | i | main.rs:159:20:159:28 | i.clone() | provenance | MaD:17 | +| main.rs:159:20:159:28 | i.clone() | main.rs:159:20:159:70 | ... .set_same_site(...) | provenance | MaD:26 | +| main.rs:159:20:159:70 | ... .set_same_site(...) | main.rs:159:13:159:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:160:20:160:20 | i | main.rs:160:20:160:28 | i.clone() | provenance | MaD:17 | +| main.rs:160:20:160:28 | i.clone() | main.rs:160:20:160:46 | ... .set_max_age(...) | provenance | MaD:22 | +| main.rs:160:20:160:46 | ... .set_max_age(...) | main.rs:160:13:160:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:161:20:161:20 | i | main.rs:161:20:161:28 | i.clone() | provenance | MaD:17 | +| main.rs:161:20:161:28 | i.clone() | main.rs:161:20:161:42 | ... .set_path(...) | provenance | MaD:25 | +| main.rs:161:20:161:42 | ... .set_path(...) | main.rs:161:13:161:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:162:20:162:20 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | +| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:31 | +| main.rs:162:20:162:41 | ... .unset_path() | main.rs:162:13:162:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:163:20:163:20 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | +| main.rs:163:20:163:28 | i.clone() | main.rs:163:20:163:54 | ... .set_domain(...) | provenance | MaD:19 | +| main.rs:163:20:163:54 | ... .set_domain(...) | main.rs:163:13:163:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:164:20:164:20 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | +| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:29 | +| main.rs:164:20:164:43 | ... .unset_domain() | main.rs:164:13:164:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:165:20:165:20 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | +| main.rs:165:20:165:28 | i.clone() | main.rs:165:20:165:46 | ... .set_expires(...) | provenance | MaD:20 | +| main.rs:165:20:165:46 | ... .set_expires(...) | main.rs:165:13:165:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:166:20:166:20 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | +| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:30 | +| main.rs:166:20:166:44 | ... .unset_expires() | main.rs:166:13:166:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:167:20:167:20 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | +| main.rs:167:20:167:28 | i.clone() | main.rs:167:20:167:45 | ... .make_permanent() | provenance | MaD:18 | +| main.rs:167:20:167:45 | ... .make_permanent() | main.rs:167:13:167:18 | insert | provenance | MaD:1 Sink:MaD:1 | +models +| 1 | Sink: ::insert; Argument[0]; cookie-use | +| 2 | Sink: ::build; Argument[self]; cookie-use | +| 3 | Sink: ::finish; Argument[self]; cookie-use | +| 4 | Sink: ::add; Argument[0]; cookie-use | +| 5 | Sink: ::add_original; Argument[0]; cookie-use | +| 6 | Sink: ::add; Argument[0]; cookie-use | +| 7 | Sink: ::add_original; Argument[0]; cookie-use | +| 8 | Sink: ::add; Argument[0]; cookie-use | +| 9 | Sink: ::add_original; Argument[0]; cookie-use | +| 10 | Source: ::from; ReturnValue; cookie-create | +| 11 | Source: ::new; ReturnValue; cookie-create | +| 12 | Source: ::from; ReturnValue; cookie-create | +| 13 | Source: ::build; ReturnValue; cookie-create | +| 14 | Source: ::named; ReturnValue; cookie-create | +| 15 | Source: ::new; ReturnValue; cookie-create | +| 16 | Source: ::new; ReturnValue; cookie-create | +| 17 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value | +| 18 | Summary: ::make_permanent; Argument[self]; ReturnValue; taint | +| 19 | Summary: ::set_domain; Argument[self]; ReturnValue; taint | +| 20 | Summary: ::set_expires; Argument[self]; ReturnValue; taint | +| 21 | Summary: ::set_http_only; Argument[self]; ReturnValue; taint | +| 22 | Summary: ::set_max_age; Argument[self]; ReturnValue; taint | +| 23 | Summary: ::set_name; Argument[self]; ReturnValue; taint | +| 24 | Summary: ::set_partitioned; Argument[self]; ReturnValue; taint | +| 25 | Summary: ::set_path; Argument[self]; ReturnValue; taint | +| 26 | Summary: ::set_same_site; Argument[self]; ReturnValue; taint | +| 27 | Summary: ::set_secure; Argument[self]; ReturnValue; taint | +| 28 | Summary: ::set_value; Argument[self]; ReturnValue; taint | +| 29 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | +| 30 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | +| 31 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | +| 32 | Summary: ::domain; Argument[self]; ReturnValue; taint | +| 33 | Summary: ::expires; Argument[self]; ReturnValue; taint | +| 34 | Summary: ::http_only; Argument[self]; ReturnValue; taint | +| 35 | Summary: ::max_age; Argument[self]; ReturnValue; taint | +| 36 | Summary: ::partitioned; Argument[self]; ReturnValue; taint | +| 37 | Summary: ::path; Argument[self]; ReturnValue; taint | +| 38 | Summary: ::permanent; Argument[self]; ReturnValue; taint | +| 39 | Summary: ::removal; Argument[self]; ReturnValue; taint | +| 40 | Summary: ::same_site; Argument[self]; ReturnValue; taint | +| 41 | Summary: ::secure; Argument[self]; ReturnValue; taint | nodes +| main.rs:8:19:8:31 | ...::build | semmle.label | ...::build | +| main.rs:8:19:8:50 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:8:19:8:64 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:8:66:8:70 | build | semmle.label | build | +| main.rs:12:19:12:31 | ...::build | semmle.label | ...::build | +| main.rs:12:19:12:50 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:12:19:12:63 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:12:65:12:69 | build | semmle.label | build | +| main.rs:16:19:16:31 | ...::build | semmle.label | ...::build | | main.rs:16:19:16:50 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:16:52:16:56 | build | semmle.label | build | +| main.rs:20:5:20:17 | ...::build | semmle.label | ...::build | +| main.rs:20:5:20:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:20:5:20:54 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:20:56:20:60 | build | semmle.label | build | +| main.rs:21:5:21:17 | ...::build | semmle.label | ...::build | +| main.rs:21:5:21:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:21:5:21:55 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:21:57:21:61 | build | semmle.label | build | +| main.rs:24:5:24:17 | ...::build | semmle.label | ...::build | +| main.rs:24:5:24:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:24:5:24:51 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:24:53:24:57 | build | semmle.label | build | +| main.rs:25:5:25:17 | ...::build | semmle.label | ...::build | +| main.rs:25:5:25:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:25:5:25:52 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:25:54:25:58 | build | semmle.label | build | +| main.rs:26:5:26:17 | ...::build | semmle.label | ...::build | +| main.rs:26:5:26:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:26:5:26:50 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:26:52:26:56 | build | semmle.label | build | +| main.rs:27:5:27:17 | ...::build | semmle.label | ...::build | +| main.rs:27:5:27:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:27:5:27:51 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:27:53:27:57 | build | semmle.label | build | +| main.rs:28:5:28:17 | ...::build | semmle.label | ...::build | +| main.rs:28:5:28:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:28:5:28:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:28:62:28:66 | build | semmle.label | build | +| main.rs:29:5:29:17 | ...::build | semmle.label | ...::build | +| main.rs:29:5:29:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:29:5:29:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:29:62:29:66 | build | semmle.label | build | +| main.rs:33:9:33:21 | ...::build | semmle.label | ...::build | +| main.rs:33:9:33:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:33:9:33:58 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:33:60:33:64 | build | semmle.label | build | +| main.rs:35:9:35:21 | ...::build | semmle.label | ...::build | +| main.rs:35:9:35:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:35:9:35:58 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:35:60:35:64 | build | semmle.label | build | +| main.rs:39:5:39:22 | ...::new | semmle.label | ...::new | +| main.rs:39:5:39:39 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:39:5:39:53 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:39:55:39:59 | build | semmle.label | build | +| main.rs:40:5:40:17 | ...::build | semmle.label | ...::build | +| main.rs:40:5:40:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:40:5:40:50 | ... .expires(...) | semmle.label | ... .expires(...) | +| main.rs:40:5:40:64 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:40:66:40:70 | build | semmle.label | build | +| main.rs:41:5:41:17 | ...::build | semmle.label | ...::build | +| main.rs:41:5:41:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:41:5:41:79 | ... .max_age(...) | semmle.label | ... .max_age(...) | +| main.rs:41:5:41:93 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:41:95:41:99 | build | semmle.label | build | +| main.rs:42:5:42:17 | ...::build | semmle.label | ...::build | +| main.rs:42:5:42:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:42:5:42:58 | ... .domain(...) | semmle.label | ... .domain(...) | +| main.rs:42:5:42:72 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:42:74:42:78 | build | semmle.label | build | +| main.rs:43:5:43:17 | ...::build | semmle.label | ...::build | +| main.rs:43:5:43:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:43:5:43:46 | ... .path(...) | semmle.label | ... .path(...) | +| main.rs:43:5:43:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:43:62:43:66 | build | semmle.label | build | +| main.rs:44:5:44:17 | ...::build | semmle.label | ...::build | +| main.rs:44:5:44:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:44:5:44:52 | ... .http_only(...) | semmle.label | ... .http_only(...) | +| main.rs:44:5:44:66 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:44:68:44:72 | build | semmle.label | build | +| main.rs:45:5:45:17 | ...::build | semmle.label | ...::build | +| main.rs:45:5:45:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:45:5:45:72 | ... .same_site(...) | semmle.label | ... .same_site(...) | +| main.rs:45:5:45:86 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:45:88:45:92 | build | semmle.label | build | +| main.rs:46:5:46:17 | ...::build | semmle.label | ...::build | +| main.rs:46:5:46:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:46:5:46:48 | ... .permanent() | semmle.label | ... .permanent() | +| main.rs:46:5:46:62 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:46:64:46:68 | build | semmle.label | build | +| main.rs:47:5:47:17 | ...::build | semmle.label | ...::build | +| main.rs:47:5:47:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:47:5:47:46 | ... .removal() | semmle.label | ... .removal() | +| main.rs:47:5:47:60 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:47:62:47:66 | build | semmle.label | build | +| main.rs:48:5:48:17 | ...::build | semmle.label | ...::build | +| main.rs:48:5:48:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:48:5:48:50 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:48:52:48:57 | finish | semmle.label | finish | +| main.rs:49:5:49:17 | ...::build | semmle.label | ...::build | +| main.rs:49:5:49:25 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:49:5:49:39 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:49:41:49:45 | build | semmle.label | build | +| main.rs:50:5:50:17 | ...::build | semmle.label | ...::build | +| main.rs:50:5:50:40 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:50:5:50:54 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:50:56:50:60 | build | semmle.label | build | +| main.rs:53:5:53:17 | ...::build | semmle.label | ...::build | +| main.rs:53:5:53:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:53:5:53:49 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:53:5:53:63 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:53:65:53:69 | build | semmle.label | build | +| main.rs:54:5:54:17 | ...::build | semmle.label | ...::build | +| main.rs:54:5:54:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:54:5:54:50 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:54:5:54:63 | ... .secure(...) | semmle.label | ... .secure(...) | +| main.rs:54:65:54:69 | build | semmle.label | build | +| main.rs:58:9:58:13 | mut a | semmle.label | mut a | +| main.rs:58:17:58:27 | ...::new | semmle.label | ...::new | +| main.rs:58:17:58:44 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:59:9:59:11 | add | semmle.label | add | +| main.rs:59:13:59:13 | a | semmle.label | a | +| main.rs:59:13:59:21 | a.clone() | semmle.label | a.clone() | +| main.rs:60:9:60:20 | add_original | semmle.label | add_original | +| main.rs:60:22:60:22 | a | semmle.label | a | +| main.rs:60:22:60:30 | a.clone() | semmle.label | a.clone() | +| main.rs:62:9:62:11 | add | semmle.label | add | +| main.rs:62:13:62:13 | a | semmle.label | a | +| main.rs:62:13:62:21 | a.clone() | semmle.label | a.clone() | +| main.rs:64:9:64:11 | add | semmle.label | add | +| main.rs:64:13:64:13 | a | semmle.label | a | +| main.rs:64:13:64:21 | a.clone() | semmle.label | a.clone() | +| main.rs:68:9:68:13 | mut b | semmle.label | mut b | +| main.rs:68:17:68:29 | ...::named | semmle.label | ...::named | +| main.rs:68:17:68:37 | ...::named(...) | semmle.label | ...::named(...) | +| main.rs:69:16:69:18 | add | semmle.label | add | +| main.rs:69:20:69:20 | b | semmle.label | b | +| main.rs:69:20:69:28 | b.clone() | semmle.label | b.clone() | +| main.rs:70:16:70:27 | add_original | semmle.label | add_original | +| main.rs:70:29:70:29 | a | semmle.label | a | +| main.rs:70:29:70:37 | a.clone() | semmle.label | a.clone() | +| main.rs:72:16:72:18 | add | semmle.label | add | +| main.rs:72:20:72:20 | b | semmle.label | b | +| main.rs:72:20:72:28 | b.clone() | semmle.label | b.clone() | +| main.rs:74:16:74:18 | add | semmle.label | add | +| main.rs:74:20:74:20 | b | semmle.label | b | +| main.rs:74:20:74:28 | b.clone() | semmle.label | b.clone() | +| main.rs:77:9:77:13 | mut c | semmle.label | mut c | +| main.rs:77:17:77:28 | ...::from | semmle.label | ...::from | +| main.rs:77:17:77:36 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:78:17:78:19 | add | semmle.label | add | +| main.rs:78:21:78:21 | c | semmle.label | c | +| main.rs:78:21:78:29 | c.clone() | semmle.label | c.clone() | +| main.rs:79:17:79:28 | add_original | semmle.label | add_original | +| main.rs:79:30:79:30 | a | semmle.label | a | +| main.rs:79:30:79:38 | a.clone() | semmle.label | a.clone() | +| main.rs:83:17:83:19 | add | semmle.label | add | +| main.rs:83:21:83:21 | c | semmle.label | c | +| main.rs:83:21:83:29 | c.clone() | semmle.label | c.clone() | +| main.rs:85:17:85:19 | add | semmle.label | add | +| main.rs:85:21:85:21 | c | semmle.label | c | +| main.rs:85:21:85:29 | c.clone() | semmle.label | c.clone() | +| main.rs:87:9:87:13 | mut d | semmle.label | mut d | +| main.rs:87:17:87:28 | ...::from | semmle.label | ...::from | +| main.rs:87:17:87:36 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:88:9:88:11 | add | semmle.label | add | +| main.rs:88:13:88:13 | d | semmle.label | d | +| main.rs:88:13:88:21 | d.clone() | semmle.label | d.clone() | +| main.rs:94:9:94:11 | add | semmle.label | add | +| main.rs:94:13:94:13 | d | semmle.label | d | +| main.rs:94:13:94:21 | d.clone() | semmle.label | d.clone() | +| main.rs:114:5:114:17 | ...::build | semmle.label | ...::build | +| main.rs:114:5:114:36 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:114:5:114:54 | ... .partitioned(...) | semmle.label | ... .partitioned(...) | +| main.rs:114:56:114:60 | build | semmle.label | build | +| main.rs:122:9:122:9 | a | semmle.label | a | +| main.rs:122:13:122:41 | ...::new | semmle.label | ...::new | +| main.rs:122:13:122:58 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:123:13:123:18 | insert | semmle.label | insert | +| main.rs:123:20:123:20 | a | semmle.label | a | +| main.rs:123:20:123:28 | a.clone() | semmle.label | a.clone() | +| main.rs:126:9:126:9 | b | semmle.label | b | +| main.rs:126:13:126:30 | a.set_secure(...) | semmle.label | a.set_secure(...) | +| main.rs:127:13:127:18 | insert | semmle.label | insert | +| main.rs:127:20:127:20 | b | semmle.label | b | +| main.rs:127:20:127:28 | b.clone() | semmle.label | b.clone() | +| main.rs:130:9:130:9 | c | semmle.label | c | +| main.rs:130:13:130:31 | b.set_secure(...) | semmle.label | b.set_secure(...) | +| main.rs:131:13:131:18 | insert | semmle.label | insert | +| main.rs:131:20:131:20 | c | semmle.label | c | +| main.rs:131:20:131:28 | c.clone() | semmle.label | c.clone() | +| main.rs:134:9:134:9 | d | semmle.label | d | +| main.rs:134:13:134:35 | c.set_partitioned(...) | semmle.label | c.set_partitioned(...) | +| main.rs:135:13:135:18 | insert | semmle.label | insert | +| main.rs:135:20:135:20 | d | semmle.label | d | +| main.rs:135:20:135:28 | d.clone() | semmle.label | d.clone() | +| main.rs:138:9:138:9 | e | semmle.label | e | +| main.rs:138:13:138:30 | d.set_secure(...) | semmle.label | d.set_secure(...) | +| main.rs:139:13:139:18 | insert | semmle.label | insert | +| main.rs:139:20:139:20 | e | semmle.label | e | +| main.rs:139:20:139:28 | e.clone() | semmle.label | e.clone() | +| main.rs:142:9:142:9 | f | semmle.label | f | +| main.rs:142:13:142:36 | e.set_partitioned(...) | semmle.label | e.set_partitioned(...) | +| main.rs:143:13:143:18 | insert | semmle.label | insert | +| main.rs:143:20:143:20 | f | semmle.label | f | +| main.rs:143:20:143:28 | f.clone() | semmle.label | f.clone() | +| main.rs:146:9:146:9 | g | semmle.label | g | +| main.rs:146:13:146:31 | f.set_secure(...) | semmle.label | f.set_secure(...) | +| main.rs:147:13:147:18 | insert | semmle.label | insert | +| main.rs:147:20:147:20 | g | semmle.label | g | +| main.rs:147:20:147:28 | g.clone() | semmle.label | g.clone() | +| main.rs:151:9:151:9 | h | semmle.label | h | +| main.rs:151:13:151:42 | ...::from | semmle.label | ...::from | +| main.rs:151:13:151:61 | ...::from(...) | semmle.label | ...::from(...) | +| main.rs:152:13:152:18 | insert | semmle.label | insert | +| main.rs:152:20:152:20 | h | semmle.label | h | +| main.rs:155:9:155:9 | i | semmle.label | i | +| main.rs:155:13:155:41 | ...::new | semmle.label | ...::new | +| main.rs:155:13:155:58 | ...::new(...) | semmle.label | ...::new(...) | +| main.rs:156:13:156:18 | insert | semmle.label | insert | +| main.rs:156:20:156:20 | i | semmle.label | i | +| main.rs:156:20:156:28 | i.clone() | semmle.label | i.clone() | +| main.rs:156:20:156:46 | ... .set_name(...) | semmle.label | ... .set_name(...) | +| main.rs:157:13:157:18 | insert | semmle.label | insert | +| main.rs:157:20:157:20 | i | semmle.label | i | +| main.rs:157:20:157:28 | i.clone() | semmle.label | i.clone() | +| main.rs:157:20:157:48 | ... .set_value(...) | semmle.label | ... .set_value(...) | +| main.rs:158:13:158:18 | insert | semmle.label | insert | +| main.rs:158:20:158:20 | i | semmle.label | i | +| main.rs:158:20:158:28 | i.clone() | semmle.label | i.clone() | +| main.rs:158:20:158:48 | ... .set_http_only(...) | semmle.label | ... .set_http_only(...) | +| main.rs:159:13:159:18 | insert | semmle.label | insert | +| main.rs:159:20:159:20 | i | semmle.label | i | +| main.rs:159:20:159:28 | i.clone() | semmle.label | i.clone() | +| main.rs:159:20:159:70 | ... .set_same_site(...) | semmle.label | ... .set_same_site(...) | +| main.rs:160:13:160:18 | insert | semmle.label | insert | +| main.rs:160:20:160:20 | i | semmle.label | i | +| main.rs:160:20:160:28 | i.clone() | semmle.label | i.clone() | +| main.rs:160:20:160:46 | ... .set_max_age(...) | semmle.label | ... .set_max_age(...) | +| main.rs:161:13:161:18 | insert | semmle.label | insert | +| main.rs:161:20:161:20 | i | semmle.label | i | +| main.rs:161:20:161:28 | i.clone() | semmle.label | i.clone() | +| main.rs:161:20:161:42 | ... .set_path(...) | semmle.label | ... .set_path(...) | +| main.rs:162:13:162:18 | insert | semmle.label | insert | +| main.rs:162:20:162:20 | i | semmle.label | i | +| main.rs:162:20:162:28 | i.clone() | semmle.label | i.clone() | +| main.rs:162:20:162:41 | ... .unset_path() | semmle.label | ... .unset_path() | +| main.rs:163:13:163:18 | insert | semmle.label | insert | +| main.rs:163:20:163:20 | i | semmle.label | i | +| main.rs:163:20:163:28 | i.clone() | semmle.label | i.clone() | +| main.rs:163:20:163:54 | ... .set_domain(...) | semmle.label | ... .set_domain(...) | +| main.rs:164:13:164:18 | insert | semmle.label | insert | +| main.rs:164:20:164:20 | i | semmle.label | i | +| main.rs:164:20:164:28 | i.clone() | semmle.label | i.clone() | +| main.rs:164:20:164:43 | ... .unset_domain() | semmle.label | ... .unset_domain() | +| main.rs:165:13:165:18 | insert | semmle.label | insert | +| main.rs:165:20:165:20 | i | semmle.label | i | +| main.rs:165:20:165:28 | i.clone() | semmle.label | i.clone() | +| main.rs:165:20:165:46 | ... .set_expires(...) | semmle.label | ... .set_expires(...) | +| main.rs:166:13:166:18 | insert | semmle.label | insert | +| main.rs:166:20:166:20 | i | semmle.label | i | +| main.rs:166:20:166:28 | i.clone() | semmle.label | i.clone() | +| main.rs:166:20:166:44 | ... .unset_expires() | semmle.label | ... .unset_expires() | +| main.rs:167:13:167:18 | insert | semmle.label | insert | +| main.rs:167:20:167:20 | i | semmle.label | i | +| main.rs:167:20:167:28 | i.clone() | semmle.label | i.clone() | +| main.rs:167:20:167:45 | ... .make_permanent() | semmle.label | ... .make_permanent() | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 6ef4cc3c83b7..0f0f929fd147 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -5,11 +5,11 @@ fn test_cookie(sometimes: bool) { let never = false; // secure set to false - let cookie1 = Cookie::build(("name", "value")).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + let cookie1 = Cookie::build(("name", "value")).secure(false).build(); // $ Alert[rust/insecure-cookie] println!("cookie1 = '{}'", cookie1.to_string()); // secure set to true - let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // good + let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] println!("cookie2 = '{}'", cookie2.to_string()); // secure left as default (which is `None`, equivalent here to `false`) @@ -17,81 +17,81 @@ fn test_cookie(sometimes: bool) { println!("cookie3 = '{}'", cookie3.to_string()); // secure setting varies (may be false) - Cookie::build(("name", "value")).secure(sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(!sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(sometimes).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!sometimes).build(); // $ Alert[rust/insecure-cookie] // with data flow on the "secure" value - Cookie::build(("name", "value")).secure(always).build(); // good - Cookie::build(("name", "value")).secure(!always).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(never).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(!never).build(); // good - Cookie::build(("name", "value")).secure(always && never).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(always || never).build(); // good + Cookie::build(("name", "value")).secure(always).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!always).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(never).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(!never).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always && never).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always || never).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] // with guards if sometimes { - Cookie::build(("name", "value")).secure(sometimes).build(); // good + Cookie::build(("name", "value")).secure(sometimes).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] } else { - Cookie::build(("name", "value")).secure(sometimes).build(); // $ MISSING: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(sometimes).build(); // $ Alert[rust/insecure-cookie] } // variant uses (all insecure) - CookieBuilder::new("name", "value").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).expires(None).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).max_age(cookie::time::Duration::hours(12)).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).domain("example.com").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).path("/").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).http_only(true).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).same_site(cookie::SameSite::Strict).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).permanent().secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).removal().secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(false).finish(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build("name").secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(Cookie::build("name")).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] + CookieBuilder::new("name", "value").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).expires(None).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).max_age(cookie::time::Duration::hours(12)).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).domain("example.com").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).path("/").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).http_only(true).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).same_site(cookie::SameSite::Strict).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).permanent().secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).removal().secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).finish(); // $ Alert[rust/insecure-cookie] + Cookie::build("name").secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(Cookie::build("name")).secure(false).build(); // $ Alert[rust/insecure-cookie] // edge cases - Cookie::build(("name", "value")).secure(true).secure(false).build(); // $ MISSING: Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(false).secure(true).build(); // good + Cookie::build(("name", "value")).secure(true).secure(false).build(); // $ Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).secure(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] // mutable cookie let mut jar = CookieJar::new(); let mut a = Cookie::new("name", "value"); - jar.add(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] - jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(a.clone()); // $ Alert[rust/insecure-cookie] + jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] a.set_secure(true); - jar.add(a.clone()); // good + jar.add(a.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] a.set_secure(false); - jar.add(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(a.clone()); // $ Alert[rust/insecure-cookie] let key = Key::generate(); let mut signed_jar = jar.signed_mut(&key); let mut b = Cookie::named("name"); - signed_jar.add(b.clone()); // $ MISSING: Alert[rust/insecure-cookie] - signed_jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] + signed_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] b.set_secure(sometimes); - signed_jar.add(b.clone()); // $ MISSING: Alert[rust/insecure-cookie] + signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] b.set_secure(true); - signed_jar.add(b.clone()); // good + signed_jar.add(b.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] let mut private_jar = jar.private_mut(&key); let mut c = Cookie::from("name"); - private_jar.add(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] - private_jar.add_original(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] + private_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] if sometimes { c.set_secure(true); } - private_jar.add(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] + private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] c.set_secure(true); - private_jar.add(c.clone()); // good + private_jar.add(c.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] let mut d = Cookie::from("name"); - jar.add(d.clone()); // $ MISSING: Alert[rust/insecure-cookie] + jar.add(d.clone()); // $ Alert[rust/insecure-cookie] if sometimes { c.set_secure(true); } else { c.set_partitioned(true); } - jar.add(d.clone()); // good + jar.add(d.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] // parse jar.add(Cookie::parse("name=value; HttpOnly").unwrap()); // $ MISSING: Alert[rust/insecure-cookie] @@ -111,7 +111,7 @@ fn test_cookie(sometimes: bool) { } // partitioned (implies secure) - Cookie::build(("name", "value")).partitioned(true).build(); // good + Cookie::build(("name", "value")).partitioned(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] } fn test_biscotti() { @@ -120,51 +120,51 @@ fn test_biscotti() { // test set_secure, set_partitioned let a = biscotti::ResponseCookie::new("name", "value"); - cookies.insert(a.clone()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(a.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti1 = {}", a.to_string()); let b = a.set_secure(true); - cookies.insert(b.clone()); // good (secure) + cookies.insert(b.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] println!("biscotti2 = {}", b.to_string()); let c = b.set_secure(false); - cookies.insert(c.clone()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(c.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti3 = {}", c.to_string()); let d = c.set_partitioned(true); // (implies secure) - cookies.insert(d.clone()); // good (partitioned) + cookies.insert(d.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] println!("biscotti4 = {}", d.to_string()); let e = d.set_secure(true); - cookies.insert(e.clone()); // good (partitioned + secure) + cookies.insert(e.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] println!("biscotti5 = {}", e.to_string()); let f = e.set_partitioned(false); - cookies.insert(f.clone()); // good (secure) + cookies.insert(f.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] println!("biscotti6 = {}", f.to_string()); let g = f.set_secure(false); - cookies.insert(g.clone()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(g.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti7 = {}", g.to_string()); // variant creation (insecure) let h = biscotti::ResponseCookie::from(("name", "value")); - cookies.insert(h); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(h); // $ Alert[rust/insecure-cookie] // variant uses (all insecure) let i = biscotti::ResponseCookie::new("name", "value"); - cookies.insert(i.clone().set_name("name2")); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_value("value2")); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_http_only(true)); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_same_site(biscotti::SameSite::Strict)); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_max_age(None)); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_path("/")); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().unset_path()); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_domain("example.com")); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().unset_domain()); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().set_expires(None)); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().unset_expires()); // $ MISSING: Alert[rust/insecure-cookie] - cookies.insert(i.clone().make_permanent()); // $ MISSING: Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_name("name2")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_value("value2")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_http_only(true)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_same_site(biscotti::SameSite::Strict)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_max_age(None)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_path("/")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_path()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_domain("example.com")); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_domain()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().set_expires(None)); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().unset_expires()); // $ Alert[rust/insecure-cookie] + cookies.insert(i.clone().make_permanent()); // $ Alert[rust/insecure-cookie] } fn main() { From 257a1b0179255d987a7cc5d4a9584ff9fcdd3376 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 17 Sep 2025 13:55:45 +0100 Subject: [PATCH 043/307] Rust: Refactor sources, sinks into an extensions source file. --- .../security/InsecureCookieExtensions.qll | 49 +++++++++++++++++++ .../security/CWE-614/InsecureCookie.ql | 18 ++++--- rust/ql/src/queries/summary/Stats.qll | 5 +- 3 files changed, 64 insertions(+), 8 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll new file mode 100644 index 000000000000..47baa46440c7 --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -0,0 +1,49 @@ +/** + * Provides classes and predicates for reasoning about insecure cookie + * vulnerabilities. + */ + +import rust +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSource +private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts +private import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl +private import codeql.rust.dataflow.internal.Node + +/** + * Provides default sources, sinks and barriers for detecting insecure + * cookie vulnerabilities, as well as extension points for adding your own. + */ +module InsecureCookie { + /** + * A data flow source for insecure cookie vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for insecure cookie vulnerabilities. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "InsecureCookie" } + } + + /** + * A barrier for insecure cookie vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A source for insecure cookie vulnerabilities from model data. + */ + private class ModelsAsDataSource extends Source { + ModelsAsDataSource() { sourceNode(this, "cookie-create") } + } + + /** + * A sink for insecure cookie vulnerabilities from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "cookie-use") } + } +} diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index 69d11b85bef3..66ef6db7b0ba 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -16,22 +16,27 @@ import rust import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking -import codeql.rust.dataflow.FlowSource -import codeql.rust.dataflow.FlowSink +import codeql.rust.security.InsecureCookieExtensions /** * A data flow configuration for tracking values representing cookies without the - * 'secure' flag set. + * 'secure' attribute set. */ module InsecureCookieConfig implements DataFlow::ConfigSig { + import InsecureCookie + predicate isSource(DataFlow::Node node) { // creation of a cookie or cookie configuration with default, insecure settings - sourceNode(node, "cookie-create") + node instanceof Source } predicate isSink(DataFlow::Node node) { // use of a cookie or cookie configuration - sinkNode(node, "cookie-use") + node instanceof Sink + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Barrier } predicate observeDiffInformedIncrementalMode() { any() } @@ -42,5 +47,6 @@ module InsecureCookieFlow = TaintTracking::Global; import InsecureCookieFlow::PathGraph from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode -where InsecureCookieFlow::flowPath(sourceNode, sinkNode) +where + InsecureCookieFlow::flowPath(sourceNode, sinkNode) select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true." diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index 7a1de4f13144..662bcc267743 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -22,13 +22,14 @@ private import codeql.rust.security.AccessInvalidPointerExtensions private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.CleartextStorageDatabaseExtensions private import codeql.rust.security.CleartextTransmissionExtensions -private import codeql.rust.security.RequestForgeryExtensions +private import codeql.rust.security.HardcodedCryptographicValueExtensions +private import codeql.rust.security.InsecureCookieExtensions private import codeql.rust.security.LogInjectionExtensions +private import codeql.rust.security.RequestForgeryExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.TaintedPathExtensions private import codeql.rust.security.UncontrolledAllocationSizeExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions -private import codeql.rust.security.HardcodedCryptographicValueExtensions /** * Gets a count of the total number of lines of code in the database. From 2654affeee2a5ade67a28eac8efdee108e4328df Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 Sep 2025 12:39:50 +0100 Subject: [PATCH 044/307] Rust: Account for the 'secure' and 'partitioned' attributes. --- .../codeql/rust/frameworks/biscotti.model.yml | 4 +- .../codeql/rust/frameworks/cookie.model.yml | 8 +- .../security/InsecureCookieExtensions.qll | 32 +++ .../security/CWE-614/InsecureCookie.ql | 42 +++- .../security/CWE-614/CookieSet.expected | 44 ++++ .../query-tests/security/CWE-614/CookieSet.ql | 7 + .../security/CWE-614/InsecureCookie.expected | 196 +++++++----------- .../test/query-tests/security/CWE-614/main.rs | 14 +- 8 files changed, 213 insertions(+), 134 deletions(-) create mode 100644 rust/ql/test/query-tests/security/CWE-614/CookieSet.expected create mode 100644 rust/ql/test/query-tests/security/CWE-614/CookieSet.ql diff --git a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml index b70a27f74d16..2e9b1213ed76 100644 --- a/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/biscotti.model.yml @@ -16,8 +16,8 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: - - ["::set_secure", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::set_partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] - ["::set_name", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::set_value", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::set_http_only", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml index f9c8cd647c56..e40fd8ecf71d 100644 --- a/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/cookie.model.yml @@ -26,8 +26,8 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: - - ["::secure", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] - ["::expires", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::max_age", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::domain", "Argument[self]", "ReturnValue", "taint", "manual"] @@ -36,5 +36,5 @@ extensions: - ["::same_site", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::permanent", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::removal", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::set_secure", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["::set_partitioned", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::set_secure", "Argument[self].OptionalBarrier[cookie-secure-arg0]", "ReturnValue", "taint", "manual"] + - ["::set_partitioned", "Argument[self].OptionalBarrier[cookie-partitioned-arg0]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 47baa46440c7..aa534a9c1ea6 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -46,4 +46,36 @@ module InsecureCookie { private class ModelsAsDataSink extends Sink { ModelsAsDataSink() { sinkNode(this, "cookie-use") } } + + /** + * Holds if cookie attribute `attrib` (`secure` or `partitioned`) is set to `value` (`true` or `false`) at `node`. + * A value that cannot be determined is treated as `false`. + * + * This references models-as-data optional barrier nodes, for example `OptionalBarrier[cookie-secure-arg0]`. + */ + predicate cookieSetNode(DataFlow::Node node, string attrib, boolean value) { + exists( + FlowSummaryNode summaryNode, string barrierName, CallExprBase ce, int arg, + DataFlow::Node argNode + | + // decode a `cookie-`... optional barrier + DataflowImpl::optionalBarrier(summaryNode, barrierName) and + attrib = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 1) and + arg = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 2).toInt() and + // find a call and arg referenced by this optional barrier + ce.getStaticTarget() = summaryNode.getSummarizedCallable() and + ce.getArg(arg) = argNode.asExpr().getExpr() and + // check if the argument is always `true` + ( + if + forex(DataFlow::Node argSourceNode | DataFlow::localFlow(argSourceNode, argNode) | + argSourceNode.asExpr().getExpr().(BooleanLiteralExpr).getTextValue() = "true" + ) + then value = true // `true` flow to here + else value = false // `false` or unknown + ) and + // and the node `node` where this happens + node.asExpr().getExpr() = ce + ) + } } diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index 66ef6db7b0ba..987940a2f0ae 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -20,7 +20,8 @@ import codeql.rust.security.InsecureCookieExtensions /** * A data flow configuration for tracking values representing cookies without the - * 'secure' attribute set. + * 'secure' attribute set. This is the primary data flow configurationn for this + * query. */ module InsecureCookieConfig implements DataFlow::ConfigSig { import InsecureCookie @@ -28,6 +29,9 @@ module InsecureCookieConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { // creation of a cookie or cookie configuration with default, insecure settings node instanceof Source + or + // setting the 'secure' attribute to false (or an unknown value) + cookieSetNode(node, "secure", false) } predicate isSink(DataFlow::Node node) { @@ -36,6 +40,37 @@ module InsecureCookieConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { + // setting the 'secure' attribute to true + cookieSetNode(node, "secure", true) + or + node instanceof Barrier + } + + predicate observeDiffInformedIncrementalMode() { any() } +} + +/** + * A data flow configuration for tracking values representing cookies with the + * 'partitioned' attribute set. This is a secondary data flow configuration used + * to filter out unwanted results. + */ +module PartitionedCookieConfig implements DataFlow::ConfigSig { + import InsecureCookie + + predicate isSource(DataFlow::Node node) { + // setting the 'partitioned' attribute to true + cookieSetNode(node, "partitioned", true) + } + + predicate isSink(DataFlow::Node node) { + // use of a cookie or cookie configuration + node instanceof Sink + } + + predicate isBarrier(DataFlow::Node node) { + // setting the 'partitioned' attribute to false (or an unknown value) + cookieSetNode(node, "partitioned", false) + or node instanceof Barrier } @@ -44,9 +79,12 @@ module InsecureCookieConfig implements DataFlow::ConfigSig { module InsecureCookieFlow = TaintTracking::Global; +module PartitionedCookieFlow = TaintTracking::Global; + import InsecureCookieFlow::PathGraph from InsecureCookieFlow::PathNode sourceNode, InsecureCookieFlow::PathNode sinkNode where - InsecureCookieFlow::flowPath(sourceNode, sinkNode) + InsecureCookieFlow::flowPath(sourceNode, sinkNode) and + not PartitionedCookieFlow::flow(_, sinkNode.getNode()) select sinkNode.getNode(), sourceNode, sinkNode, "Cookie attribute 'Secure' is not set to true." diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected new file mode 100644 index 000000000000..eccdbaec90a0 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected @@ -0,0 +1,44 @@ +| main.rs:8:19:8:64 | ... .secure(...) | secure | false | +| main.rs:12:19:12:63 | ... .secure(...) | secure | true | +| main.rs:20:5:20:54 | ... .secure(...) | secure | false | +| main.rs:21:5:21:55 | ... .secure(...) | secure | false | +| main.rs:24:5:24:51 | ... .secure(...) | secure | false | +| main.rs:25:5:25:52 | ... .secure(...) | secure | false | +| main.rs:26:5:26:50 | ... .secure(...) | secure | false | +| main.rs:27:5:27:51 | ... .secure(...) | secure | false | +| main.rs:28:5:28:60 | ... .secure(...) | secure | false | +| main.rs:29:5:29:60 | ... .secure(...) | secure | false | +| main.rs:33:9:33:58 | ... .secure(...) | secure | false | +| main.rs:35:9:35:58 | ... .secure(...) | secure | false | +| main.rs:39:5:39:53 | ... .secure(...) | secure | false | +| main.rs:40:5:40:64 | ... .secure(...) | secure | false | +| main.rs:41:5:41:93 | ... .secure(...) | secure | false | +| main.rs:42:5:42:72 | ... .secure(...) | secure | false | +| main.rs:43:5:43:60 | ... .secure(...) | secure | false | +| main.rs:44:5:44:66 | ... .secure(...) | secure | false | +| main.rs:45:5:45:86 | ... .secure(...) | secure | false | +| main.rs:46:5:46:62 | ... .secure(...) | secure | false | +| main.rs:47:5:47:60 | ... .secure(...) | secure | false | +| main.rs:48:5:48:50 | ... .secure(...) | secure | false | +| main.rs:49:5:49:39 | ... .secure(...) | secure | false | +| main.rs:50:5:50:54 | ... .secure(...) | secure | false | +| main.rs:53:5:53:49 | ... .secure(...) | secure | true | +| main.rs:53:5:53:63 | ... .secure(...) | secure | false | +| main.rs:54:5:54:50 | ... .secure(...) | secure | false | +| main.rs:54:5:54:63 | ... .secure(...) | secure | true | +| main.rs:61:5:61:22 | a.set_secure(...) | secure | true | +| main.rs:63:5:63:23 | a.set_secure(...) | secure | false | +| main.rs:71:5:71:27 | b.set_secure(...) | secure | false | +| main.rs:73:5:73:22 | b.set_secure(...) | secure | true | +| main.rs:81:9:81:26 | c.set_secure(...) | secure | true | +| main.rs:84:5:84:22 | c.set_secure(...) | secure | true | +| main.rs:90:9:90:26 | c.set_secure(...) | secure | true | +| main.rs:92:9:92:31 | c.set_partitioned(...) | partitioned | true | +| main.rs:109:9:109:26 | e.set_secure(...) | secure | true | +| main.rs:114:5:114:54 | ... .partitioned(...) | partitioned | true | +| main.rs:126:13:126:30 | a.set_secure(...) | secure | true | +| main.rs:130:13:130:31 | b.set_secure(...) | secure | false | +| main.rs:134:13:134:35 | c.set_partitioned(...) | partitioned | true | +| main.rs:138:13:138:30 | d.set_secure(...) | secure | true | +| main.rs:142:13:142:36 | e.set_partitioned(...) | partitioned | false | +| main.rs:146:13:146:31 | f.set_secure(...) | secure | false | diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql b/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql new file mode 100644 index 000000000000..c038e6de44b6 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.ql @@ -0,0 +1,7 @@ +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.security.InsecureCookieExtensions + +from DataFlow::Node node, string state, boolean value +where InsecureCookie::cookieSetNode(node, state, value) +select node, state, value diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected index b4bd897ca6ff..9d9975a1a369 100644 --- a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -1,31 +1,52 @@ #select | main.rs:8:66:8:70 | build | main.rs:8:19:8:31 | ...::build | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:12:65:12:69 | build | main.rs:12:19:12:31 | ...::build | main.rs:12:65:12:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:8:66:8:70 | build | main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:16:52:16:56 | build | main.rs:16:19:16:31 | ...::build | main.rs:16:52:16:56 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:20:56:20:60 | build | main.rs:20:5:20:17 | ...::build | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:20:56:20:60 | build | main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:21:57:21:61 | build | main.rs:21:5:21:17 | ...::build | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:21:57:21:61 | build | main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:24:53:24:57 | build | main.rs:24:5:24:17 | ...::build | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:24:53:24:57 | build | main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:25:54:25:58 | build | main.rs:25:5:25:17 | ...::build | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:25:54:25:58 | build | main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:26:52:26:56 | build | main.rs:26:5:26:17 | ...::build | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:26:52:26:56 | build | main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:27:53:27:57 | build | main.rs:27:5:27:17 | ...::build | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:27:53:27:57 | build | main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:28:62:28:66 | build | main.rs:28:5:28:17 | ...::build | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:28:62:28:66 | build | main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:29:62:29:66 | build | main.rs:29:5:29:17 | ...::build | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:29:62:29:66 | build | main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:33:60:33:64 | build | main.rs:33:9:33:21 | ...::build | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:33:60:33:64 | build | main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:35:60:35:64 | build | main.rs:35:9:35:21 | ...::build | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:35:60:35:64 | build | main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:39:55:39:59 | build | main.rs:39:5:39:22 | ...::new | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:39:55:39:59 | build | main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:40:66:40:70 | build | main.rs:40:5:40:17 | ...::build | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:40:66:40:70 | build | main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:41:95:41:99 | build | main.rs:41:5:41:17 | ...::build | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:41:95:41:99 | build | main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:42:74:42:78 | build | main.rs:42:5:42:17 | ...::build | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:42:74:42:78 | build | main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:43:62:43:66 | build | main.rs:43:5:43:17 | ...::build | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:43:62:43:66 | build | main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:44:68:44:72 | build | main.rs:44:5:44:17 | ...::build | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:44:68:44:72 | build | main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:45:88:45:92 | build | main.rs:45:5:45:17 | ...::build | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:45:88:45:92 | build | main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:46:64:46:68 | build | main.rs:46:5:46:17 | ...::build | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:46:64:46:68 | build | main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:47:62:47:66 | build | main.rs:47:5:47:17 | ...::build | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:47:62:47:66 | build | main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:48:52:48:57 | finish | main.rs:48:5:48:17 | ...::build | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | +| main.rs:48:52:48:57 | finish | main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | | main.rs:49:41:49:45 | build | main.rs:49:5:49:17 | ...::build | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:49:41:49:45 | build | main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:50:56:50:60 | build | main.rs:50:5:50:17 | ...::build | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:53:65:53:69 | build | main.rs:53:5:53:17 | ...::build | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:54:65:54:69 | build | main.rs:54:5:54:17 | ...::build | main.rs:54:65:54:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:50:56:50:60 | build | main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:53:65:53:69 | build | main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:59:9:59:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:59:9:59:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:60:9:60:20 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:60:9:60:20 | add_original | Cookie attribute 'Secure' is not set to true. | | main.rs:62:9:62:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:62:9:62:11 | add | Cookie attribute 'Secure' is not set to true. | @@ -40,14 +61,9 @@ | main.rs:85:17:85:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:85:17:85:19 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:88:9:88:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:88:9:88:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:94:9:94:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:94:9:94:11 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:114:56:114:60 | build | main.rs:114:5:114:17 | ...::build | main.rs:114:56:114:60 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:123:13:123:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:123:13:123:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:127:13:127:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:127:13:127:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:131:13:131:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:135:13:135:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:135:13:135:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:139:13:139:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:139:13:139:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:143:13:143:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:143:13:143:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:147:13:147:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:131:13:131:18 | insert | main.rs:130:13:130:31 | b.set_secure(...) | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:147:13:147:18 | insert | main.rs:146:13:146:31 | f.set_secure(...) | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:152:13:152:18 | insert | main.rs:151:13:151:42 | ...::from | main.rs:152:13:152:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:156:13:156:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:156:13:156:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:157:13:157:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:157:13:157:18 | insert | Cookie attribute 'Secure' is not set to true. | @@ -63,95 +79,85 @@ | main.rs:167:13:167:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:167:13:167:18 | insert | Cookie attribute 'Secure' is not set to true. | edges | main.rs:8:19:8:31 | ...::build | main.rs:8:19:8:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:40 | | main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | provenance | MaD:2 Sink:MaD:2 | -| main.rs:12:19:12:31 | ...::build | main.rs:12:19:12:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:12:19:12:50 | ...::build(...) | main.rs:12:19:12:63 | ... .secure(...) | provenance | MaD:41 | -| main.rs:12:19:12:63 | ... .secure(...) | main.rs:12:65:12:69 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:16:19:16:31 | ...::build | main.rs:16:19:16:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | | main.rs:16:19:16:50 | ...::build(...) | main.rs:16:52:16:56 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:20:5:20:17 | ...::build | main.rs:20:5:20:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:40 | | main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:21:5:21:17 | ...::build | main.rs:21:5:21:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:41 | +| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:40 | | main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:24:5:24:17 | ...::build | main.rs:24:5:24:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:41 | +| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:40 | | main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:25:5:25:17 | ...::build | main.rs:25:5:25:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:41 | +| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:40 | | main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:26:5:26:17 | ...::build | main.rs:26:5:26:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:40 | | main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:27:5:27:17 | ...::build | main.rs:27:5:27:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:41 | +| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:40 | | main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:28:5:28:17 | ...::build | main.rs:28:5:28:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:40 | | main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:29:5:29:17 | ...::build | main.rs:29:5:29:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:40 | | main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:33:9:33:21 | ...::build | main.rs:33:9:33:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:40 | | main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:35:9:35:21 | ...::build | main.rs:35:9:35:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:41 | +| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:40 | | main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:39:5:39:22 | ...::new | main.rs:39:5:39:39 | ...::new(...) | provenance | Src:MaD:16 MaD:16 | -| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:41 | +| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:40 | | main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:40:5:40:17 | ...::build | main.rs:40:5:40:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:33 | -| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:41 | +| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:32 | +| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:40 | | main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:41:5:41:17 | ...::build | main.rs:41:5:41:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:35 | -| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:41 | +| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:34 | +| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:40 | | main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:42:5:42:17 | ...::build | main.rs:42:5:42:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:32 | -| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:41 | +| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:31 | +| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:40 | | main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:43:5:43:17 | ...::build | main.rs:43:5:43:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:37 | -| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:36 | +| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:40 | | main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:44:5:44:17 | ...::build | main.rs:44:5:44:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:34 | -| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:41 | +| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:33 | +| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:40 | | main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:45:5:45:17 | ...::build | main.rs:45:5:45:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:40 | -| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:41 | +| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:39 | +| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:40 | | main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:46:5:46:17 | ...::build | main.rs:46:5:46:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:38 | -| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:41 | +| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:37 | +| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:40 | | main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:47:5:47:17 | ...::build | main.rs:47:5:47:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:39 | -| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:41 | +| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:38 | +| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:40 | | main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:48:5:48:17 | ...::build | main.rs:48:5:48:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:41 | +| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:40 | | main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | provenance | MaD:3 Sink:MaD:3 | | main.rs:49:5:49:17 | ...::build | main.rs:49:5:49:25 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:41 | +| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:40 | | main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:50:5:50:17 | ...::build | main.rs:50:5:50:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:41 | +| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:40 | | main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | provenance | MaD:2 Sink:MaD:2 | -| main.rs:53:5:53:17 | ...::build | main.rs:53:5:53:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:53:5:53:36 | ...::build(...) | main.rs:53:5:53:49 | ... .secure(...) | provenance | MaD:41 | -| main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:5:53:63 | ... .secure(...) | provenance | MaD:41 | | main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | provenance | MaD:2 Sink:MaD:2 | -| main.rs:54:5:54:17 | ...::build | main.rs:54:5:54:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:54:5:54:36 | ...::build(...) | main.rs:54:5:54:50 | ... .secure(...) | provenance | MaD:41 | -| main.rs:54:5:54:50 | ... .secure(...) | main.rs:54:5:54:63 | ... .secure(...) | provenance | MaD:41 | -| main.rs:54:5:54:63 | ... .secure(...) | main.rs:54:65:54:69 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:58:9:58:13 | mut a | main.rs:59:13:59:13 | a | provenance | | | main.rs:58:9:58:13 | mut a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | | main.rs:58:9:58:13 | mut a | main.rs:60:22:60:22 | a | provenance | | @@ -217,21 +223,14 @@ edges | main.rs:94:13:94:13 | d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | | main.rs:94:13:94:21 | d.clone() | main.rs:94:9:94:11 | add | provenance | MaD:4 Sink:MaD:4 | | main.rs:114:5:114:17 | ...::build | main.rs:114:5:114:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:36 | +| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:35 | | main.rs:114:5:114:54 | ... .partitioned(...) | main.rs:114:56:114:60 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:122:9:122:9 | a | main.rs:123:20:123:20 | a | provenance | | | main.rs:122:9:122:9 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | -| main.rs:122:9:122:9 | a | main.rs:126:13:126:30 | a.set_secure(...) | provenance | MaD:27 | | main.rs:122:13:122:41 | ...::new | main.rs:122:13:122:58 | ...::new(...) | provenance | Src:MaD:11 MaD:11 | | main.rs:122:13:122:58 | ...::new(...) | main.rs:122:9:122:9 | a | provenance | | | main.rs:123:20:123:20 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | | main.rs:123:20:123:28 | a.clone() | main.rs:123:13:123:18 | insert | provenance | MaD:1 Sink:MaD:1 | -| main.rs:126:9:126:9 | b | main.rs:127:20:127:20 | b | provenance | | -| main.rs:126:9:126:9 | b | main.rs:127:20:127:28 | b.clone() | provenance | MaD:17 | -| main.rs:126:9:126:9 | b | main.rs:130:13:130:31 | b.set_secure(...) | provenance | MaD:27 | -| main.rs:126:13:126:30 | a.set_secure(...) | main.rs:126:9:126:9 | b | provenance | | -| main.rs:127:20:127:20 | b | main.rs:127:20:127:28 | b.clone() | provenance | MaD:17 | -| main.rs:127:20:127:28 | b.clone() | main.rs:127:13:127:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:130:9:130:9 | c | main.rs:131:20:131:20 | c | provenance | | | main.rs:130:9:130:9 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | | main.rs:130:9:130:9 | c | main.rs:134:13:134:35 | c.set_partitioned(...) | provenance | MaD:24 | @@ -240,22 +239,9 @@ edges | main.rs:131:20:131:28 | c.clone() | main.rs:131:13:131:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:134:9:134:9 | d | main.rs:135:20:135:20 | d | provenance | | | main.rs:134:9:134:9 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | -| main.rs:134:9:134:9 | d | main.rs:138:13:138:30 | d.set_secure(...) | provenance | MaD:27 | | main.rs:134:13:134:35 | c.set_partitioned(...) | main.rs:134:9:134:9 | d | provenance | | | main.rs:135:20:135:20 | d | main.rs:135:20:135:28 | d.clone() | provenance | MaD:17 | | main.rs:135:20:135:28 | d.clone() | main.rs:135:13:135:18 | insert | provenance | MaD:1 Sink:MaD:1 | -| main.rs:138:9:138:9 | e | main.rs:139:20:139:20 | e | provenance | | -| main.rs:138:9:138:9 | e | main.rs:139:20:139:28 | e.clone() | provenance | MaD:17 | -| main.rs:138:9:138:9 | e | main.rs:142:13:142:36 | e.set_partitioned(...) | provenance | MaD:24 | -| main.rs:138:13:138:30 | d.set_secure(...) | main.rs:138:9:138:9 | e | provenance | | -| main.rs:139:20:139:20 | e | main.rs:139:20:139:28 | e.clone() | provenance | MaD:17 | -| main.rs:139:20:139:28 | e.clone() | main.rs:139:13:139:18 | insert | provenance | MaD:1 Sink:MaD:1 | -| main.rs:142:9:142:9 | f | main.rs:143:20:143:20 | f | provenance | | -| main.rs:142:9:142:9 | f | main.rs:143:20:143:28 | f.clone() | provenance | MaD:17 | -| main.rs:142:9:142:9 | f | main.rs:146:13:146:31 | f.set_secure(...) | provenance | MaD:27 | -| main.rs:142:13:142:36 | e.set_partitioned(...) | main.rs:142:9:142:9 | f | provenance | | -| main.rs:143:20:143:20 | f | main.rs:143:20:143:28 | f.clone() | provenance | MaD:17 | -| main.rs:143:20:143:28 | f.clone() | main.rs:143:13:143:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:146:9:146:9 | g | main.rs:147:20:147:20 | g | provenance | | | main.rs:146:9:146:9 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | | main.rs:146:13:146:31 | f.set_secure(...) | main.rs:146:9:146:9 | g | provenance | | @@ -295,7 +281,7 @@ edges | main.rs:156:20:156:28 | i.clone() | main.rs:156:20:156:46 | ... .set_name(...) | provenance | MaD:23 | | main.rs:156:20:156:46 | ... .set_name(...) | main.rs:156:13:156:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:157:20:157:20 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | -| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:28 | +| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:27 | | main.rs:157:20:157:48 | ... .set_value(...) | main.rs:157:13:157:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:158:20:158:20 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | | main.rs:158:20:158:28 | i.clone() | main.rs:158:20:158:48 | ... .set_http_only(...) | provenance | MaD:21 | @@ -310,19 +296,19 @@ edges | main.rs:161:20:161:28 | i.clone() | main.rs:161:20:161:42 | ... .set_path(...) | provenance | MaD:25 | | main.rs:161:20:161:42 | ... .set_path(...) | main.rs:161:13:161:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:162:20:162:20 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | -| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:31 | +| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:30 | | main.rs:162:20:162:41 | ... .unset_path() | main.rs:162:13:162:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:163:20:163:20 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | | main.rs:163:20:163:28 | i.clone() | main.rs:163:20:163:54 | ... .set_domain(...) | provenance | MaD:19 | | main.rs:163:20:163:54 | ... .set_domain(...) | main.rs:163:13:163:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:164:20:164:20 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | -| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:29 | +| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:28 | | main.rs:164:20:164:43 | ... .unset_domain() | main.rs:164:13:164:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:165:20:165:20 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | | main.rs:165:20:165:28 | i.clone() | main.rs:165:20:165:46 | ... .set_expires(...) | provenance | MaD:20 | | main.rs:165:20:165:46 | ... .set_expires(...) | main.rs:165:13:165:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:166:20:166:20 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | -| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:30 | +| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:29 | | main.rs:166:20:166:44 | ... .unset_expires() | main.rs:166:13:166:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:167:20:167:20 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | | main.rs:167:20:167:28 | i.clone() | main.rs:167:20:167:45 | ... .make_permanent() | provenance | MaD:18 | @@ -351,33 +337,28 @@ models | 21 | Summary: ::set_http_only; Argument[self]; ReturnValue; taint | | 22 | Summary: ::set_max_age; Argument[self]; ReturnValue; taint | | 23 | Summary: ::set_name; Argument[self]; ReturnValue; taint | -| 24 | Summary: ::set_partitioned; Argument[self]; ReturnValue; taint | +| 24 | Summary: ::set_partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | | 25 | Summary: ::set_path; Argument[self]; ReturnValue; taint | | 26 | Summary: ::set_same_site; Argument[self]; ReturnValue; taint | -| 27 | Summary: ::set_secure; Argument[self]; ReturnValue; taint | -| 28 | Summary: ::set_value; Argument[self]; ReturnValue; taint | -| 29 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | -| 30 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | -| 31 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | -| 32 | Summary: ::domain; Argument[self]; ReturnValue; taint | -| 33 | Summary: ::expires; Argument[self]; ReturnValue; taint | -| 34 | Summary: ::http_only; Argument[self]; ReturnValue; taint | -| 35 | Summary: ::max_age; Argument[self]; ReturnValue; taint | -| 36 | Summary: ::partitioned; Argument[self]; ReturnValue; taint | -| 37 | Summary: ::path; Argument[self]; ReturnValue; taint | -| 38 | Summary: ::permanent; Argument[self]; ReturnValue; taint | -| 39 | Summary: ::removal; Argument[self]; ReturnValue; taint | -| 40 | Summary: ::same_site; Argument[self]; ReturnValue; taint | -| 41 | Summary: ::secure; Argument[self]; ReturnValue; taint | +| 27 | Summary: ::set_value; Argument[self]; ReturnValue; taint | +| 28 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | +| 29 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | +| 30 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | +| 31 | Summary: ::domain; Argument[self]; ReturnValue; taint | +| 32 | Summary: ::expires; Argument[self]; ReturnValue; taint | +| 33 | Summary: ::http_only; Argument[self]; ReturnValue; taint | +| 34 | Summary: ::max_age; Argument[self]; ReturnValue; taint | +| 35 | Summary: ::partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | +| 36 | Summary: ::path; Argument[self]; ReturnValue; taint | +| 37 | Summary: ::permanent; Argument[self]; ReturnValue; taint | +| 38 | Summary: ::removal; Argument[self]; ReturnValue; taint | +| 39 | Summary: ::same_site; Argument[self]; ReturnValue; taint | +| 40 | Summary: ::secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | nodes | main.rs:8:19:8:31 | ...::build | semmle.label | ...::build | | main.rs:8:19:8:50 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:8:19:8:64 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:8:66:8:70 | build | semmle.label | build | -| main.rs:12:19:12:31 | ...::build | semmle.label | ...::build | -| main.rs:12:19:12:50 | ...::build(...) | semmle.label | ...::build(...) | -| main.rs:12:19:12:63 | ... .secure(...) | semmle.label | ... .secure(...) | -| main.rs:12:65:12:69 | build | semmle.label | build | | main.rs:16:19:16:31 | ...::build | semmle.label | ...::build | | main.rs:16:19:16:50 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:16:52:16:56 | build | semmle.label | build | @@ -477,16 +458,8 @@ nodes | main.rs:50:5:50:40 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:50:5:50:54 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:50:56:50:60 | build | semmle.label | build | -| main.rs:53:5:53:17 | ...::build | semmle.label | ...::build | -| main.rs:53:5:53:36 | ...::build(...) | semmle.label | ...::build(...) | -| main.rs:53:5:53:49 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:53:5:53:63 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:53:65:53:69 | build | semmle.label | build | -| main.rs:54:5:54:17 | ...::build | semmle.label | ...::build | -| main.rs:54:5:54:36 | ...::build(...) | semmle.label | ...::build(...) | -| main.rs:54:5:54:50 | ... .secure(...) | semmle.label | ... .secure(...) | -| main.rs:54:5:54:63 | ... .secure(...) | semmle.label | ... .secure(...) | -| main.rs:54:65:54:69 | build | semmle.label | build | | main.rs:58:9:58:13 | mut a | semmle.label | mut a | | main.rs:58:17:58:27 | ...::new | semmle.label | ...::new | | main.rs:58:17:58:44 | ...::new(...) | semmle.label | ...::new(...) | @@ -551,11 +524,6 @@ nodes | main.rs:123:13:123:18 | insert | semmle.label | insert | | main.rs:123:20:123:20 | a | semmle.label | a | | main.rs:123:20:123:28 | a.clone() | semmle.label | a.clone() | -| main.rs:126:9:126:9 | b | semmle.label | b | -| main.rs:126:13:126:30 | a.set_secure(...) | semmle.label | a.set_secure(...) | -| main.rs:127:13:127:18 | insert | semmle.label | insert | -| main.rs:127:20:127:20 | b | semmle.label | b | -| main.rs:127:20:127:28 | b.clone() | semmle.label | b.clone() | | main.rs:130:9:130:9 | c | semmle.label | c | | main.rs:130:13:130:31 | b.set_secure(...) | semmle.label | b.set_secure(...) | | main.rs:131:13:131:18 | insert | semmle.label | insert | @@ -566,16 +534,6 @@ nodes | main.rs:135:13:135:18 | insert | semmle.label | insert | | main.rs:135:20:135:20 | d | semmle.label | d | | main.rs:135:20:135:28 | d.clone() | semmle.label | d.clone() | -| main.rs:138:9:138:9 | e | semmle.label | e | -| main.rs:138:13:138:30 | d.set_secure(...) | semmle.label | d.set_secure(...) | -| main.rs:139:13:139:18 | insert | semmle.label | insert | -| main.rs:139:20:139:20 | e | semmle.label | e | -| main.rs:139:20:139:28 | e.clone() | semmle.label | e.clone() | -| main.rs:142:9:142:9 | f | semmle.label | f | -| main.rs:142:13:142:36 | e.set_partitioned(...) | semmle.label | e.set_partitioned(...) | -| main.rs:143:13:143:18 | insert | semmle.label | insert | -| main.rs:143:20:143:20 | f | semmle.label | f | -| main.rs:143:20:143:28 | f.clone() | semmle.label | f.clone() | | main.rs:146:9:146:9 | g | semmle.label | g | | main.rs:146:13:146:31 | f.set_secure(...) | semmle.label | f.set_secure(...) | | main.rs:147:13:147:18 | insert | semmle.label | insert | diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 0f0f929fd147..6cbb786cea5a 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -9,7 +9,7 @@ fn test_cookie(sometimes: bool) { println!("cookie1 = '{}'", cookie1.to_string()); // secure set to true - let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + let cookie2 = Cookie::build(("name", "value")).secure(true).build(); // good println!("cookie2 = '{}'", cookie2.to_string()); // secure left as default (which is `None`, equivalent here to `false`) @@ -51,7 +51,7 @@ fn test_cookie(sometimes: bool) { // edge cases Cookie::build(("name", "value")).secure(true).secure(false).build(); // $ Alert[rust/insecure-cookie] - Cookie::build(("name", "value")).secure(false).secure(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(false).secure(true).build(); // good // mutable cookie let mut jar = CookieJar::new(); @@ -111,7 +111,7 @@ fn test_cookie(sometimes: bool) { } // partitioned (implies secure) - Cookie::build(("name", "value")).partitioned(true).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).partitioned(true).build(); // good } fn test_biscotti() { @@ -124,7 +124,7 @@ fn test_biscotti() { println!("biscotti1 = {}", a.to_string()); let b = a.set_secure(true); - cookies.insert(b.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + cookies.insert(b.clone()); // good println!("biscotti2 = {}", b.to_string()); let c = b.set_secure(false); @@ -132,15 +132,15 @@ fn test_biscotti() { println!("biscotti3 = {}", c.to_string()); let d = c.set_partitioned(true); // (implies secure) - cookies.insert(d.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + cookies.insert(d.clone()); // good println!("biscotti4 = {}", d.to_string()); let e = d.set_secure(true); - cookies.insert(e.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + cookies.insert(e.clone()); // good println!("biscotti5 = {}", e.to_string()); let f = e.set_partitioned(false); - cookies.insert(f.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + cookies.insert(f.clone()); // good println!("biscotti6 = {}", f.to_string()); let g = f.set_secure(false); From a3ed83bfff14a295405609ba6058f41bf10fd984 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 Sep 2025 19:47:18 +0100 Subject: [PATCH 045/307] Rust: Make state transition / barrier nodes more reliable. --- .../security/InsecureCookieExtensions.qll | 13 +- .../security/CWE-614/CookieSet.expected | 95 ++++---- .../security/CWE-614/InsecureCookie.expected | 220 +++++++++--------- .../test/query-tests/security/CWE-614/main.rs | 6 +- 4 files changed, 176 insertions(+), 158 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index aa534a9c1ea6..93406f914525 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -10,6 +10,7 @@ private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts private import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl private import codeql.rust.dataflow.internal.Node +private import codeql.rust.controlflow.BasicBlocks /** * Provides default sources, sinks and barriers for detecting insecure @@ -74,8 +75,16 @@ module InsecureCookie { then value = true // `true` flow to here else value = false // `false` or unknown ) and - // and the node `node` where this happens - node.asExpr().getExpr() = ce + // and find the node where this happens + ( + node.asExpr().getExpr() = ce.(MethodCallExpr).getReceiver() // e.g. `a` in `a.set_secure(true)` + or + exists(BasicBlock bb, int i | + // associated SSA node + node.(SsaNode).asDefinition().definesAt(_, bb, i) and + ce.(MethodCallExpr).getReceiver() = bb.getNode(i).getAstNode() + ) + ) ) } } diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected index eccdbaec90a0..eacadaa722d9 100644 --- a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected @@ -1,44 +1,51 @@ -| main.rs:8:19:8:64 | ... .secure(...) | secure | false | -| main.rs:12:19:12:63 | ... .secure(...) | secure | true | -| main.rs:20:5:20:54 | ... .secure(...) | secure | false | -| main.rs:21:5:21:55 | ... .secure(...) | secure | false | -| main.rs:24:5:24:51 | ... .secure(...) | secure | false | -| main.rs:25:5:25:52 | ... .secure(...) | secure | false | -| main.rs:26:5:26:50 | ... .secure(...) | secure | false | -| main.rs:27:5:27:51 | ... .secure(...) | secure | false | -| main.rs:28:5:28:60 | ... .secure(...) | secure | false | -| main.rs:29:5:29:60 | ... .secure(...) | secure | false | -| main.rs:33:9:33:58 | ... .secure(...) | secure | false | -| main.rs:35:9:35:58 | ... .secure(...) | secure | false | -| main.rs:39:5:39:53 | ... .secure(...) | secure | false | -| main.rs:40:5:40:64 | ... .secure(...) | secure | false | -| main.rs:41:5:41:93 | ... .secure(...) | secure | false | -| main.rs:42:5:42:72 | ... .secure(...) | secure | false | -| main.rs:43:5:43:60 | ... .secure(...) | secure | false | -| main.rs:44:5:44:66 | ... .secure(...) | secure | false | -| main.rs:45:5:45:86 | ... .secure(...) | secure | false | -| main.rs:46:5:46:62 | ... .secure(...) | secure | false | -| main.rs:47:5:47:60 | ... .secure(...) | secure | false | -| main.rs:48:5:48:50 | ... .secure(...) | secure | false | -| main.rs:49:5:49:39 | ... .secure(...) | secure | false | -| main.rs:50:5:50:54 | ... .secure(...) | secure | false | -| main.rs:53:5:53:49 | ... .secure(...) | secure | true | -| main.rs:53:5:53:63 | ... .secure(...) | secure | false | -| main.rs:54:5:54:50 | ... .secure(...) | secure | false | -| main.rs:54:5:54:63 | ... .secure(...) | secure | true | -| main.rs:61:5:61:22 | a.set_secure(...) | secure | true | -| main.rs:63:5:63:23 | a.set_secure(...) | secure | false | -| main.rs:71:5:71:27 | b.set_secure(...) | secure | false | -| main.rs:73:5:73:22 | b.set_secure(...) | secure | true | -| main.rs:81:9:81:26 | c.set_secure(...) | secure | true | -| main.rs:84:5:84:22 | c.set_secure(...) | secure | true | -| main.rs:90:9:90:26 | c.set_secure(...) | secure | true | -| main.rs:92:9:92:31 | c.set_partitioned(...) | partitioned | true | -| main.rs:109:9:109:26 | e.set_secure(...) | secure | true | -| main.rs:114:5:114:54 | ... .partitioned(...) | partitioned | true | -| main.rs:126:13:126:30 | a.set_secure(...) | secure | true | -| main.rs:130:13:130:31 | b.set_secure(...) | secure | false | -| main.rs:134:13:134:35 | c.set_partitioned(...) | partitioned | true | -| main.rs:138:13:138:30 | d.set_secure(...) | secure | true | -| main.rs:142:13:142:36 | e.set_partitioned(...) | partitioned | false | -| main.rs:146:13:146:31 | f.set_secure(...) | secure | false | +| main.rs:8:19:8:50 | ...::build(...) | secure | false | +| main.rs:12:19:12:50 | ...::build(...) | secure | true | +| main.rs:20:5:20:36 | ...::build(...) | secure | false | +| main.rs:21:5:21:36 | ...::build(...) | secure | false | +| main.rs:24:5:24:36 | ...::build(...) | secure | false | +| main.rs:25:5:25:36 | ...::build(...) | secure | false | +| main.rs:26:5:26:36 | ...::build(...) | secure | false | +| main.rs:27:5:27:36 | ...::build(...) | secure | false | +| main.rs:28:5:28:36 | ...::build(...) | secure | false | +| main.rs:29:5:29:36 | ...::build(...) | secure | false | +| main.rs:33:9:33:40 | ...::build(...) | secure | false | +| main.rs:35:9:35:40 | ...::build(...) | secure | false | +| main.rs:39:5:39:39 | ...::new(...) | secure | false | +| main.rs:40:5:40:50 | ... .expires(...) | secure | false | +| main.rs:41:5:41:79 | ... .max_age(...) | secure | false | +| main.rs:42:5:42:58 | ... .domain(...) | secure | false | +| main.rs:43:5:43:46 | ... .path(...) | secure | false | +| main.rs:44:5:44:52 | ... .http_only(...) | secure | false | +| main.rs:45:5:45:72 | ... .same_site(...) | secure | false | +| main.rs:46:5:46:48 | ... .permanent() | secure | false | +| main.rs:47:5:47:46 | ... .removal() | secure | false | +| main.rs:48:5:48:36 | ...::build(...) | secure | false | +| main.rs:49:5:49:25 | ...::build(...) | secure | false | +| main.rs:50:5:50:40 | ...::build(...) | secure | false | +| main.rs:53:5:53:36 | ...::build(...) | secure | true | +| main.rs:53:5:53:49 | ... .secure(...) | secure | false | +| main.rs:54:5:54:36 | ...::build(...) | secure | false | +| main.rs:54:5:54:50 | ... .secure(...) | secure | true | +| main.rs:61:5:61:5 | [SSA] a | secure | true | +| main.rs:61:5:61:5 | a | secure | true | +| main.rs:63:5:63:5 | [SSA] a | secure | false | +| main.rs:63:5:63:5 | a | secure | false | +| main.rs:71:5:71:5 | [SSA] b | secure | false | +| main.rs:71:5:71:5 | b | secure | false | +| main.rs:73:5:73:5 | [SSA] b | secure | true | +| main.rs:73:5:73:5 | b | secure | true | +| main.rs:81:9:81:9 | [SSA] c | secure | true | +| main.rs:81:9:81:9 | c | secure | true | +| main.rs:84:5:84:5 | [SSA] c | secure | true | +| main.rs:84:5:84:5 | c | secure | true | +| main.rs:90:9:90:9 | c | secure | true | +| main.rs:92:9:92:9 | c | partitioned | true | +| main.rs:109:9:109:9 | [SSA] e | secure | true | +| main.rs:109:9:109:9 | e | secure | true | +| main.rs:114:5:114:36 | ...::build(...) | partitioned | true | +| main.rs:126:13:126:13 | a | secure | true | +| main.rs:130:13:130:13 | b | secure | false | +| main.rs:134:13:134:13 | c | partitioned | true | +| main.rs:138:13:138:13 | d | secure | true | +| main.rs:142:13:142:13 | e | partitioned | false | +| main.rs:146:13:146:13 | f | secure | false | diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected index 9d9975a1a369..880262e9bd4e 100644 --- a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -1,69 +1,71 @@ #select | main.rs:8:66:8:70 | build | main.rs:8:19:8:31 | ...::build | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:8:66:8:70 | build | main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:8:66:8:70 | build | main.rs:8:19:8:50 | ...::build(...) | main.rs:8:66:8:70 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:16:52:16:56 | build | main.rs:16:19:16:31 | ...::build | main.rs:16:52:16:56 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:20:56:20:60 | build | main.rs:20:5:20:17 | ...::build | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:20:56:20:60 | build | main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:20:56:20:60 | build | main.rs:20:5:20:36 | ...::build(...) | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:21:57:21:61 | build | main.rs:21:5:21:17 | ...::build | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:21:57:21:61 | build | main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:21:57:21:61 | build | main.rs:21:5:21:36 | ...::build(...) | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:24:53:24:57 | build | main.rs:24:5:24:17 | ...::build | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:24:53:24:57 | build | main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:24:53:24:57 | build | main.rs:24:5:24:36 | ...::build(...) | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:25:54:25:58 | build | main.rs:25:5:25:17 | ...::build | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:25:54:25:58 | build | main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:25:54:25:58 | build | main.rs:25:5:25:36 | ...::build(...) | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:26:52:26:56 | build | main.rs:26:5:26:17 | ...::build | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:26:52:26:56 | build | main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:26:52:26:56 | build | main.rs:26:5:26:36 | ...::build(...) | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:27:53:27:57 | build | main.rs:27:5:27:17 | ...::build | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:27:53:27:57 | build | main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:27:53:27:57 | build | main.rs:27:5:27:36 | ...::build(...) | main.rs:27:53:27:57 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:28:62:28:66 | build | main.rs:28:5:28:17 | ...::build | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:28:62:28:66 | build | main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:28:62:28:66 | build | main.rs:28:5:28:36 | ...::build(...) | main.rs:28:62:28:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:29:62:29:66 | build | main.rs:29:5:29:17 | ...::build | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:29:62:29:66 | build | main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:29:62:29:66 | build | main.rs:29:5:29:36 | ...::build(...) | main.rs:29:62:29:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:33:60:33:64 | build | main.rs:33:9:33:21 | ...::build | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:33:60:33:64 | build | main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:33:60:33:64 | build | main.rs:33:9:33:40 | ...::build(...) | main.rs:33:60:33:64 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:35:60:35:64 | build | main.rs:35:9:35:21 | ...::build | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:35:60:35:64 | build | main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:35:60:35:64 | build | main.rs:35:9:35:40 | ...::build(...) | main.rs:35:60:35:64 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:39:55:39:59 | build | main.rs:39:5:39:22 | ...::new | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:39:55:39:59 | build | main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:39:55:39:59 | build | main.rs:39:5:39:39 | ...::new(...) | main.rs:39:55:39:59 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:40:66:40:70 | build | main.rs:40:5:40:17 | ...::build | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:40:66:40:70 | build | main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:40:66:40:70 | build | main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:66:40:70 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:41:95:41:99 | build | main.rs:41:5:41:17 | ...::build | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:41:95:41:99 | build | main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:41:95:41:99 | build | main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:95:41:99 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:42:74:42:78 | build | main.rs:42:5:42:17 | ...::build | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:42:74:42:78 | build | main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:42:74:42:78 | build | main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:74:42:78 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:43:62:43:66 | build | main.rs:43:5:43:17 | ...::build | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:43:62:43:66 | build | main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:43:62:43:66 | build | main.rs:43:5:43:46 | ... .path(...) | main.rs:43:62:43:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:44:68:44:72 | build | main.rs:44:5:44:17 | ...::build | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:44:68:44:72 | build | main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:44:68:44:72 | build | main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:68:44:72 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:45:88:45:92 | build | main.rs:45:5:45:17 | ...::build | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:45:88:45:92 | build | main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:45:88:45:92 | build | main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:88:45:92 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:46:64:46:68 | build | main.rs:46:5:46:17 | ...::build | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:46:64:46:68 | build | main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:46:64:46:68 | build | main.rs:46:5:46:48 | ... .permanent() | main.rs:46:64:46:68 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:47:62:47:66 | build | main.rs:47:5:47:17 | ...::build | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:47:62:47:66 | build | main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:47:62:47:66 | build | main.rs:47:5:47:46 | ... .removal() | main.rs:47:62:47:66 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:48:52:48:57 | finish | main.rs:48:5:48:17 | ...::build | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | -| main.rs:48:52:48:57 | finish | main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | +| main.rs:48:52:48:57 | finish | main.rs:48:5:48:36 | ...::build(...) | main.rs:48:52:48:57 | finish | Cookie attribute 'Secure' is not set to true. | | main.rs:49:41:49:45 | build | main.rs:49:5:49:17 | ...::build | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:49:41:49:45 | build | main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:49:41:49:45 | build | main.rs:49:5:49:25 | ...::build(...) | main.rs:49:41:49:45 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:50:56:50:60 | build | main.rs:50:5:50:17 | ...::build | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:50:56:50:60 | build | main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:53:65:53:69 | build | main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:50:56:50:60 | build | main.rs:50:5:50:40 | ...::build(...) | main.rs:50:56:50:60 | build | Cookie attribute 'Secure' is not set to true. | +| main.rs:53:65:53:69 | build | main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:65:53:69 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:59:9:59:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:59:9:59:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:60:9:60:20 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:60:9:60:20 | add_original | Cookie attribute 'Secure' is not set to true. | -| main.rs:62:9:62:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:62:9:62:11 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:64:9:64:11 | add | main.rs:58:17:58:27 | ...::new | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:64:9:64:11 | add | main.rs:63:5:63:5 | [SSA] a | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:64:9:64:11 | add | main.rs:63:5:63:5 | a | main.rs:64:9:64:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:69:16:69:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:69:16:69:18 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:70:16:70:27 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:70:16:70:27 | add_original | main.rs:63:5:63:5 | [SSA] a | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:70:16:70:27 | add_original | main.rs:63:5:63:5 | a | main.rs:70:16:70:27 | add_original | Cookie attribute 'Secure' is not set to true. | | main.rs:72:16:72:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:74:16:74:18 | add | main.rs:68:17:68:29 | ...::named | main.rs:74:16:74:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:71:5:71:5 | [SSA] b | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | +| main.rs:72:16:72:18 | add | main.rs:71:5:71:5 | b | main.rs:72:16:72:18 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:78:17:78:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:78:17:78:19 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:79:17:79:28 | add_original | main.rs:58:17:58:27 | ...::new | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:79:17:79:28 | add_original | main.rs:63:5:63:5 | [SSA] a | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | +| main.rs:79:17:79:28 | add_original | main.rs:63:5:63:5 | a | main.rs:79:17:79:28 | add_original | Cookie attribute 'Secure' is not set to true. | | main.rs:83:17:83:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:83:17:83:19 | add | Cookie attribute 'Secure' is not set to true. | -| main.rs:85:17:85:19 | add | main.rs:77:17:77:28 | ...::from | main.rs:85:17:85:19 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:88:9:88:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:88:9:88:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:94:9:94:11 | add | main.rs:87:17:87:28 | ...::from | main.rs:94:9:94:11 | add | Cookie attribute 'Secure' is not set to true. | | main.rs:123:13:123:18 | insert | main.rs:122:13:122:41 | ...::new | main.rs:123:13:123:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:131:13:131:18 | insert | main.rs:130:13:130:31 | b.set_secure(...) | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | -| main.rs:147:13:147:18 | insert | main.rs:146:13:146:31 | f.set_secure(...) | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:131:13:131:18 | insert | main.rs:130:13:130:13 | b | main.rs:131:13:131:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:147:13:147:18 | insert | main.rs:146:13:146:13 | f | main.rs:147:13:147:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:152:13:152:18 | insert | main.rs:151:13:151:42 | ...::from | main.rs:152:13:152:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:156:13:156:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:156:13:156:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:157:13:157:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:157:13:157:18 | insert | Cookie attribute 'Secure' is not set to true. | @@ -79,129 +81,130 @@ | main.rs:167:13:167:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:167:13:167:18 | insert | Cookie attribute 'Secure' is not set to true. | edges | main.rs:8:19:8:31 | ...::build | main.rs:8:19:8:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:40 | +| main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:41 | | main.rs:8:19:8:64 | ... .secure(...) | main.rs:8:66:8:70 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:16:19:16:31 | ...::build | main.rs:16:19:16:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | | main.rs:16:19:16:50 | ...::build(...) | main.rs:16:52:16:56 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:20:5:20:17 | ...::build | main.rs:20:5:20:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:40 | +| main.rs:20:5:20:36 | ...::build(...) | main.rs:20:5:20:54 | ... .secure(...) | provenance | MaD:41 | | main.rs:20:5:20:54 | ... .secure(...) | main.rs:20:56:20:60 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:21:5:21:17 | ...::build | main.rs:21:5:21:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:40 | +| main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:41 | | main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:24:5:24:17 | ...::build | main.rs:24:5:24:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:40 | +| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:41 | | main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:25:5:25:17 | ...::build | main.rs:25:5:25:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:40 | +| main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:41 | | main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:26:5:26:17 | ...::build | main.rs:26:5:26:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:40 | +| main.rs:26:5:26:36 | ...::build(...) | main.rs:26:5:26:50 | ... .secure(...) | provenance | MaD:41 | | main.rs:26:5:26:50 | ... .secure(...) | main.rs:26:52:26:56 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:27:5:27:17 | ...::build | main.rs:27:5:27:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:40 | +| main.rs:27:5:27:36 | ...::build(...) | main.rs:27:5:27:51 | ... .secure(...) | provenance | MaD:41 | | main.rs:27:5:27:51 | ... .secure(...) | main.rs:27:53:27:57 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:28:5:28:17 | ...::build | main.rs:28:5:28:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:40 | +| main.rs:28:5:28:36 | ...::build(...) | main.rs:28:5:28:60 | ... .secure(...) | provenance | MaD:41 | | main.rs:28:5:28:60 | ... .secure(...) | main.rs:28:62:28:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:29:5:29:17 | ...::build | main.rs:29:5:29:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:40 | +| main.rs:29:5:29:36 | ...::build(...) | main.rs:29:5:29:60 | ... .secure(...) | provenance | MaD:41 | | main.rs:29:5:29:60 | ... .secure(...) | main.rs:29:62:29:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:33:9:33:21 | ...::build | main.rs:33:9:33:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:40 | +| main.rs:33:9:33:40 | ...::build(...) | main.rs:33:9:33:58 | ... .secure(...) | provenance | MaD:41 | | main.rs:33:9:33:58 | ... .secure(...) | main.rs:33:60:33:64 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:35:9:35:21 | ...::build | main.rs:35:9:35:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:40 | +| main.rs:35:9:35:40 | ...::build(...) | main.rs:35:9:35:58 | ... .secure(...) | provenance | MaD:41 | | main.rs:35:9:35:58 | ... .secure(...) | main.rs:35:60:35:64 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:39:5:39:22 | ...::new | main.rs:39:5:39:39 | ...::new(...) | provenance | Src:MaD:16 MaD:16 | -| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:40 | +| main.rs:39:5:39:39 | ...::new(...) | main.rs:39:5:39:53 | ... .secure(...) | provenance | MaD:41 | | main.rs:39:5:39:53 | ... .secure(...) | main.rs:39:55:39:59 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:40:5:40:17 | ...::build | main.rs:40:5:40:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:32 | -| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:40 | +| main.rs:40:5:40:36 | ...::build(...) | main.rs:40:5:40:50 | ... .expires(...) | provenance | MaD:33 | +| main.rs:40:5:40:50 | ... .expires(...) | main.rs:40:5:40:64 | ... .secure(...) | provenance | MaD:41 | | main.rs:40:5:40:64 | ... .secure(...) | main.rs:40:66:40:70 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:41:5:41:17 | ...::build | main.rs:41:5:41:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:34 | -| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:40 | +| main.rs:41:5:41:36 | ...::build(...) | main.rs:41:5:41:79 | ... .max_age(...) | provenance | MaD:35 | +| main.rs:41:5:41:79 | ... .max_age(...) | main.rs:41:5:41:93 | ... .secure(...) | provenance | MaD:41 | | main.rs:41:5:41:93 | ... .secure(...) | main.rs:41:95:41:99 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:42:5:42:17 | ...::build | main.rs:42:5:42:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:31 | -| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:40 | +| main.rs:42:5:42:36 | ...::build(...) | main.rs:42:5:42:58 | ... .domain(...) | provenance | MaD:32 | +| main.rs:42:5:42:58 | ... .domain(...) | main.rs:42:5:42:72 | ... .secure(...) | provenance | MaD:41 | | main.rs:42:5:42:72 | ... .secure(...) | main.rs:42:74:42:78 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:43:5:43:17 | ...::build | main.rs:43:5:43:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:36 | -| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:40 | +| main.rs:43:5:43:36 | ...::build(...) | main.rs:43:5:43:46 | ... .path(...) | provenance | MaD:37 | +| main.rs:43:5:43:46 | ... .path(...) | main.rs:43:5:43:60 | ... .secure(...) | provenance | MaD:41 | | main.rs:43:5:43:60 | ... .secure(...) | main.rs:43:62:43:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:44:5:44:17 | ...::build | main.rs:44:5:44:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:33 | -| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:40 | +| main.rs:44:5:44:36 | ...::build(...) | main.rs:44:5:44:52 | ... .http_only(...) | provenance | MaD:34 | +| main.rs:44:5:44:52 | ... .http_only(...) | main.rs:44:5:44:66 | ... .secure(...) | provenance | MaD:41 | | main.rs:44:5:44:66 | ... .secure(...) | main.rs:44:68:44:72 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:45:5:45:17 | ...::build | main.rs:45:5:45:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:39 | -| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:40 | +| main.rs:45:5:45:36 | ...::build(...) | main.rs:45:5:45:72 | ... .same_site(...) | provenance | MaD:40 | +| main.rs:45:5:45:72 | ... .same_site(...) | main.rs:45:5:45:86 | ... .secure(...) | provenance | MaD:41 | | main.rs:45:5:45:86 | ... .secure(...) | main.rs:45:88:45:92 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:46:5:46:17 | ...::build | main.rs:46:5:46:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:37 | -| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:40 | +| main.rs:46:5:46:36 | ...::build(...) | main.rs:46:5:46:48 | ... .permanent() | provenance | MaD:38 | +| main.rs:46:5:46:48 | ... .permanent() | main.rs:46:5:46:62 | ... .secure(...) | provenance | MaD:41 | | main.rs:46:5:46:62 | ... .secure(...) | main.rs:46:64:46:68 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:47:5:47:17 | ...::build | main.rs:47:5:47:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:38 | -| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:40 | +| main.rs:47:5:47:36 | ...::build(...) | main.rs:47:5:47:46 | ... .removal() | provenance | MaD:39 | +| main.rs:47:5:47:46 | ... .removal() | main.rs:47:5:47:60 | ... .secure(...) | provenance | MaD:41 | | main.rs:47:5:47:60 | ... .secure(...) | main.rs:47:62:47:66 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:48:5:48:17 | ...::build | main.rs:48:5:48:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:40 | +| main.rs:48:5:48:36 | ...::build(...) | main.rs:48:5:48:50 | ... .secure(...) | provenance | MaD:41 | | main.rs:48:5:48:50 | ... .secure(...) | main.rs:48:52:48:57 | finish | provenance | MaD:3 Sink:MaD:3 | | main.rs:49:5:49:17 | ...::build | main.rs:49:5:49:25 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:40 | +| main.rs:49:5:49:25 | ...::build(...) | main.rs:49:5:49:39 | ... .secure(...) | provenance | MaD:41 | | main.rs:49:5:49:39 | ... .secure(...) | main.rs:49:41:49:45 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:50:5:50:17 | ...::build | main.rs:50:5:50:40 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:40 | +| main.rs:50:5:50:40 | ...::build(...) | main.rs:50:5:50:54 | ... .secure(...) | provenance | MaD:41 | | main.rs:50:5:50:54 | ... .secure(...) | main.rs:50:56:50:60 | build | provenance | MaD:2 Sink:MaD:2 | +| main.rs:53:5:53:49 | ... .secure(...) | main.rs:53:5:53:63 | ... .secure(...) | provenance | MaD:41 | | main.rs:53:5:53:63 | ... .secure(...) | main.rs:53:65:53:69 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:58:9:58:13 | mut a | main.rs:59:13:59:13 | a | provenance | | | main.rs:58:9:58:13 | mut a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | | main.rs:58:9:58:13 | mut a | main.rs:60:22:60:22 | a | provenance | | | main.rs:58:9:58:13 | mut a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | -| main.rs:58:9:58:13 | mut a | main.rs:62:13:62:13 | a | provenance | | -| main.rs:58:9:58:13 | mut a | main.rs:62:13:62:21 | a.clone() | provenance | MaD:17 | -| main.rs:58:9:58:13 | mut a | main.rs:64:13:64:13 | a | provenance | | -| main.rs:58:9:58:13 | mut a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | -| main.rs:58:9:58:13 | mut a | main.rs:70:29:70:29 | a | provenance | | -| main.rs:58:9:58:13 | mut a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | -| main.rs:58:9:58:13 | mut a | main.rs:79:30:79:30 | a | provenance | | -| main.rs:58:9:58:13 | mut a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | | main.rs:58:17:58:27 | ...::new | main.rs:58:17:58:44 | ...::new(...) | provenance | Src:MaD:15 MaD:15 | | main.rs:58:17:58:44 | ...::new(...) | main.rs:58:9:58:13 | mut a | provenance | | | main.rs:59:13:59:13 | a | main.rs:59:13:59:21 | a.clone() | provenance | MaD:17 | | main.rs:59:13:59:21 | a.clone() | main.rs:59:9:59:11 | add | provenance | MaD:4 Sink:MaD:4 | | main.rs:60:22:60:22 | a | main.rs:60:22:60:30 | a.clone() | provenance | MaD:17 | | main.rs:60:22:60:30 | a.clone() | main.rs:60:9:60:20 | add_original | provenance | MaD:5 Sink:MaD:5 | -| main.rs:62:13:62:13 | a | main.rs:62:13:62:21 | a.clone() | provenance | MaD:17 | -| main.rs:62:13:62:21 | a.clone() | main.rs:62:9:62:11 | add | provenance | MaD:4 Sink:MaD:4 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:64:13:64:13 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:70:29:70:29 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | [SSA] a | main.rs:79:30:79:30 | a | provenance | | +| main.rs:63:5:63:5 | [SSA] a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:64:13:64:13 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:70:29:70:29 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | +| main.rs:63:5:63:5 | a | main.rs:79:30:79:30 | a | provenance | | +| main.rs:63:5:63:5 | a | main.rs:79:30:79:38 | a.clone() | provenance | MaD:17 | | main.rs:64:13:64:13 | a | main.rs:64:13:64:21 | a.clone() | provenance | MaD:17 | | main.rs:64:13:64:21 | a.clone() | main.rs:64:9:64:11 | add | provenance | MaD:4 Sink:MaD:4 | | main.rs:68:9:68:13 | mut b | main.rs:69:20:69:20 | b | provenance | | | main.rs:68:9:68:13 | mut b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | | main.rs:68:9:68:13 | mut b | main.rs:72:20:72:20 | b | provenance | | | main.rs:68:9:68:13 | mut b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | -| main.rs:68:9:68:13 | mut b | main.rs:74:20:74:20 | b | provenance | | -| main.rs:68:9:68:13 | mut b | main.rs:74:20:74:28 | b.clone() | provenance | MaD:17 | | main.rs:68:17:68:29 | ...::named | main.rs:68:17:68:37 | ...::named(...) | provenance | Src:MaD:14 MaD:14 | | main.rs:68:17:68:37 | ...::named(...) | main.rs:68:9:68:13 | mut b | provenance | | | main.rs:69:20:69:20 | b | main.rs:69:20:69:28 | b.clone() | provenance | MaD:17 | | main.rs:69:20:69:28 | b.clone() | main.rs:69:16:69:18 | add | provenance | MaD:8 Sink:MaD:8 | | main.rs:70:29:70:29 | a | main.rs:70:29:70:37 | a.clone() | provenance | MaD:17 | | main.rs:70:29:70:37 | a.clone() | main.rs:70:16:70:27 | add_original | provenance | MaD:9 Sink:MaD:9 | +| main.rs:71:5:71:5 | [SSA] b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:71:5:71:5 | [SSA] b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | +| main.rs:71:5:71:5 | b | main.rs:72:20:72:20 | b | provenance | | +| main.rs:71:5:71:5 | b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | | main.rs:72:20:72:20 | b | main.rs:72:20:72:28 | b.clone() | provenance | MaD:17 | | main.rs:72:20:72:28 | b.clone() | main.rs:72:16:72:18 | add | provenance | MaD:8 Sink:MaD:8 | -| main.rs:74:20:74:20 | b | main.rs:74:20:74:28 | b.clone() | provenance | MaD:17 | -| main.rs:74:20:74:28 | b.clone() | main.rs:74:16:74:18 | add | provenance | MaD:8 Sink:MaD:8 | | main.rs:77:9:77:13 | mut c | main.rs:78:21:78:21 | c | provenance | | | main.rs:77:9:77:13 | mut c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | | main.rs:77:9:77:13 | mut c | main.rs:83:21:83:21 | c | provenance | | | main.rs:77:9:77:13 | mut c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | -| main.rs:77:9:77:13 | mut c | main.rs:85:21:85:21 | c | provenance | | -| main.rs:77:9:77:13 | mut c | main.rs:85:21:85:29 | c.clone() | provenance | MaD:17 | | main.rs:77:17:77:28 | ...::from | main.rs:77:17:77:36 | ...::from(...) | provenance | Src:MaD:12 MaD:12 | | main.rs:77:17:77:36 | ...::from(...) | main.rs:77:9:77:13 | mut c | provenance | | | main.rs:78:21:78:21 | c | main.rs:78:21:78:29 | c.clone() | provenance | MaD:17 | @@ -210,8 +213,6 @@ edges | main.rs:79:30:79:38 | a.clone() | main.rs:79:17:79:28 | add_original | provenance | MaD:7 Sink:MaD:7 | | main.rs:83:21:83:21 | c | main.rs:83:21:83:29 | c.clone() | provenance | MaD:17 | | main.rs:83:21:83:29 | c.clone() | main.rs:83:17:83:19 | add | provenance | MaD:6 Sink:MaD:6 | -| main.rs:85:21:85:21 | c | main.rs:85:21:85:29 | c.clone() | provenance | MaD:17 | -| main.rs:85:21:85:29 | c.clone() | main.rs:85:17:85:19 | add | provenance | MaD:6 Sink:MaD:6 | | main.rs:87:9:87:13 | mut d | main.rs:88:13:88:13 | d | provenance | | | main.rs:87:9:87:13 | mut d | main.rs:88:13:88:21 | d.clone() | provenance | MaD:17 | | main.rs:87:9:87:13 | mut d | main.rs:94:13:94:13 | d | provenance | | @@ -223,7 +224,7 @@ edges | main.rs:94:13:94:13 | d | main.rs:94:13:94:21 | d.clone() | provenance | MaD:17 | | main.rs:94:13:94:21 | d.clone() | main.rs:94:9:94:11 | add | provenance | MaD:4 Sink:MaD:4 | | main.rs:114:5:114:17 | ...::build | main.rs:114:5:114:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:35 | +| main.rs:114:5:114:36 | ...::build(...) | main.rs:114:5:114:54 | ... .partitioned(...) | provenance | MaD:36 | | main.rs:114:5:114:54 | ... .partitioned(...) | main.rs:114:56:114:60 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:122:9:122:9 | a | main.rs:123:20:123:20 | a | provenance | | | main.rs:122:9:122:9 | a | main.rs:123:20:123:28 | a.clone() | provenance | MaD:17 | @@ -234,6 +235,7 @@ edges | main.rs:130:9:130:9 | c | main.rs:131:20:131:20 | c | provenance | | | main.rs:130:9:130:9 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | | main.rs:130:9:130:9 | c | main.rs:134:13:134:35 | c.set_partitioned(...) | provenance | MaD:24 | +| main.rs:130:13:130:13 | b | main.rs:130:13:130:31 | b.set_secure(...) | provenance | MaD:27 | | main.rs:130:13:130:31 | b.set_secure(...) | main.rs:130:9:130:9 | c | provenance | | | main.rs:131:20:131:20 | c | main.rs:131:20:131:28 | c.clone() | provenance | MaD:17 | | main.rs:131:20:131:28 | c.clone() | main.rs:131:13:131:18 | insert | provenance | MaD:1 Sink:MaD:1 | @@ -244,6 +246,7 @@ edges | main.rs:135:20:135:28 | d.clone() | main.rs:135:13:135:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:146:9:146:9 | g | main.rs:147:20:147:20 | g | provenance | | | main.rs:146:9:146:9 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | +| main.rs:146:13:146:13 | f | main.rs:146:13:146:31 | f.set_secure(...) | provenance | MaD:27 | | main.rs:146:13:146:31 | f.set_secure(...) | main.rs:146:9:146:9 | g | provenance | | | main.rs:147:20:147:20 | g | main.rs:147:20:147:28 | g.clone() | provenance | MaD:17 | | main.rs:147:20:147:28 | g.clone() | main.rs:147:13:147:18 | insert | provenance | MaD:1 Sink:MaD:1 | @@ -281,7 +284,7 @@ edges | main.rs:156:20:156:28 | i.clone() | main.rs:156:20:156:46 | ... .set_name(...) | provenance | MaD:23 | | main.rs:156:20:156:46 | ... .set_name(...) | main.rs:156:13:156:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:157:20:157:20 | i | main.rs:157:20:157:28 | i.clone() | provenance | MaD:17 | -| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:27 | +| main.rs:157:20:157:28 | i.clone() | main.rs:157:20:157:48 | ... .set_value(...) | provenance | MaD:28 | | main.rs:157:20:157:48 | ... .set_value(...) | main.rs:157:13:157:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:158:20:158:20 | i | main.rs:158:20:158:28 | i.clone() | provenance | MaD:17 | | main.rs:158:20:158:28 | i.clone() | main.rs:158:20:158:48 | ... .set_http_only(...) | provenance | MaD:21 | @@ -296,19 +299,19 @@ edges | main.rs:161:20:161:28 | i.clone() | main.rs:161:20:161:42 | ... .set_path(...) | provenance | MaD:25 | | main.rs:161:20:161:42 | ... .set_path(...) | main.rs:161:13:161:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:162:20:162:20 | i | main.rs:162:20:162:28 | i.clone() | provenance | MaD:17 | -| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:30 | +| main.rs:162:20:162:28 | i.clone() | main.rs:162:20:162:41 | ... .unset_path() | provenance | MaD:31 | | main.rs:162:20:162:41 | ... .unset_path() | main.rs:162:13:162:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:163:20:163:20 | i | main.rs:163:20:163:28 | i.clone() | provenance | MaD:17 | | main.rs:163:20:163:28 | i.clone() | main.rs:163:20:163:54 | ... .set_domain(...) | provenance | MaD:19 | | main.rs:163:20:163:54 | ... .set_domain(...) | main.rs:163:13:163:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:164:20:164:20 | i | main.rs:164:20:164:28 | i.clone() | provenance | MaD:17 | -| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:28 | +| main.rs:164:20:164:28 | i.clone() | main.rs:164:20:164:43 | ... .unset_domain() | provenance | MaD:29 | | main.rs:164:20:164:43 | ... .unset_domain() | main.rs:164:13:164:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:165:20:165:20 | i | main.rs:165:20:165:28 | i.clone() | provenance | MaD:17 | | main.rs:165:20:165:28 | i.clone() | main.rs:165:20:165:46 | ... .set_expires(...) | provenance | MaD:20 | | main.rs:165:20:165:46 | ... .set_expires(...) | main.rs:165:13:165:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:166:20:166:20 | i | main.rs:166:20:166:28 | i.clone() | provenance | MaD:17 | -| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:29 | +| main.rs:166:20:166:28 | i.clone() | main.rs:166:20:166:44 | ... .unset_expires() | provenance | MaD:30 | | main.rs:166:20:166:44 | ... .unset_expires() | main.rs:166:13:166:18 | insert | provenance | MaD:1 Sink:MaD:1 | | main.rs:167:20:167:20 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | | main.rs:167:20:167:28 | i.clone() | main.rs:167:20:167:45 | ... .make_permanent() | provenance | MaD:18 | @@ -340,20 +343,21 @@ models | 24 | Summary: ::set_partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | | 25 | Summary: ::set_path; Argument[self]; ReturnValue; taint | | 26 | Summary: ::set_same_site; Argument[self]; ReturnValue; taint | -| 27 | Summary: ::set_value; Argument[self]; ReturnValue; taint | -| 28 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | -| 29 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | -| 30 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | -| 31 | Summary: ::domain; Argument[self]; ReturnValue; taint | -| 32 | Summary: ::expires; Argument[self]; ReturnValue; taint | -| 33 | Summary: ::http_only; Argument[self]; ReturnValue; taint | -| 34 | Summary: ::max_age; Argument[self]; ReturnValue; taint | -| 35 | Summary: ::partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | -| 36 | Summary: ::path; Argument[self]; ReturnValue; taint | -| 37 | Summary: ::permanent; Argument[self]; ReturnValue; taint | -| 38 | Summary: ::removal; Argument[self]; ReturnValue; taint | -| 39 | Summary: ::same_site; Argument[self]; ReturnValue; taint | -| 40 | Summary: ::secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | +| 27 | Summary: ::set_secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | +| 28 | Summary: ::set_value; Argument[self]; ReturnValue; taint | +| 29 | Summary: ::unset_domain; Argument[self]; ReturnValue; taint | +| 30 | Summary: ::unset_expires; Argument[self]; ReturnValue; taint | +| 31 | Summary: ::unset_path; Argument[self]; ReturnValue; taint | +| 32 | Summary: ::domain; Argument[self]; ReturnValue; taint | +| 33 | Summary: ::expires; Argument[self]; ReturnValue; taint | +| 34 | Summary: ::http_only; Argument[self]; ReturnValue; taint | +| 35 | Summary: ::max_age; Argument[self]; ReturnValue; taint | +| 36 | Summary: ::partitioned; Argument[self].OptionalBarrier[cookie-partitioned-arg0]; ReturnValue; taint | +| 37 | Summary: ::path; Argument[self]; ReturnValue; taint | +| 38 | Summary: ::permanent; Argument[self]; ReturnValue; taint | +| 39 | Summary: ::removal; Argument[self]; ReturnValue; taint | +| 40 | Summary: ::same_site; Argument[self]; ReturnValue; taint | +| 41 | Summary: ::secure; Argument[self].OptionalBarrier[cookie-secure-arg0]; ReturnValue; taint | nodes | main.rs:8:19:8:31 | ...::build | semmle.label | ...::build | | main.rs:8:19:8:50 | ...::build(...) | semmle.label | ...::build(...) | @@ -458,6 +462,7 @@ nodes | main.rs:50:5:50:40 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:50:5:50:54 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:50:56:50:60 | build | semmle.label | build | +| main.rs:53:5:53:49 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:53:5:53:63 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:53:65:53:69 | build | semmle.label | build | | main.rs:58:9:58:13 | mut a | semmle.label | mut a | @@ -469,9 +474,8 @@ nodes | main.rs:60:9:60:20 | add_original | semmle.label | add_original | | main.rs:60:22:60:22 | a | semmle.label | a | | main.rs:60:22:60:30 | a.clone() | semmle.label | a.clone() | -| main.rs:62:9:62:11 | add | semmle.label | add | -| main.rs:62:13:62:13 | a | semmle.label | a | -| main.rs:62:13:62:21 | a.clone() | semmle.label | a.clone() | +| main.rs:63:5:63:5 | [SSA] a | semmle.label | [SSA] a | +| main.rs:63:5:63:5 | a | semmle.label | a | | main.rs:64:9:64:11 | add | semmle.label | add | | main.rs:64:13:64:13 | a | semmle.label | a | | main.rs:64:13:64:21 | a.clone() | semmle.label | a.clone() | @@ -484,12 +488,11 @@ nodes | main.rs:70:16:70:27 | add_original | semmle.label | add_original | | main.rs:70:29:70:29 | a | semmle.label | a | | main.rs:70:29:70:37 | a.clone() | semmle.label | a.clone() | +| main.rs:71:5:71:5 | [SSA] b | semmle.label | [SSA] b | +| main.rs:71:5:71:5 | b | semmle.label | b | | main.rs:72:16:72:18 | add | semmle.label | add | | main.rs:72:20:72:20 | b | semmle.label | b | | main.rs:72:20:72:28 | b.clone() | semmle.label | b.clone() | -| main.rs:74:16:74:18 | add | semmle.label | add | -| main.rs:74:20:74:20 | b | semmle.label | b | -| main.rs:74:20:74:28 | b.clone() | semmle.label | b.clone() | | main.rs:77:9:77:13 | mut c | semmle.label | mut c | | main.rs:77:17:77:28 | ...::from | semmle.label | ...::from | | main.rs:77:17:77:36 | ...::from(...) | semmle.label | ...::from(...) | @@ -502,9 +505,6 @@ nodes | main.rs:83:17:83:19 | add | semmle.label | add | | main.rs:83:21:83:21 | c | semmle.label | c | | main.rs:83:21:83:29 | c.clone() | semmle.label | c.clone() | -| main.rs:85:17:85:19 | add | semmle.label | add | -| main.rs:85:21:85:21 | c | semmle.label | c | -| main.rs:85:21:85:29 | c.clone() | semmle.label | c.clone() | | main.rs:87:9:87:13 | mut d | semmle.label | mut d | | main.rs:87:17:87:28 | ...::from | semmle.label | ...::from | | main.rs:87:17:87:36 | ...::from(...) | semmle.label | ...::from(...) | @@ -525,6 +525,7 @@ nodes | main.rs:123:20:123:20 | a | semmle.label | a | | main.rs:123:20:123:28 | a.clone() | semmle.label | a.clone() | | main.rs:130:9:130:9 | c | semmle.label | c | +| main.rs:130:13:130:13 | b | semmle.label | b | | main.rs:130:13:130:31 | b.set_secure(...) | semmle.label | b.set_secure(...) | | main.rs:131:13:131:18 | insert | semmle.label | insert | | main.rs:131:20:131:20 | c | semmle.label | c | @@ -535,6 +536,7 @@ nodes | main.rs:135:20:135:20 | d | semmle.label | d | | main.rs:135:20:135:28 | d.clone() | semmle.label | d.clone() | | main.rs:146:9:146:9 | g | semmle.label | g | +| main.rs:146:13:146:13 | f | semmle.label | f | | main.rs:146:13:146:31 | f.set_secure(...) | semmle.label | f.set_secure(...) | | main.rs:147:13:147:18 | insert | semmle.label | insert | | main.rs:147:20:147:20 | g | semmle.label | g | diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 6cbb786cea5a..4cd35ac93142 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -59,7 +59,7 @@ fn test_cookie(sometimes: bool) { jar.add(a.clone()); // $ Alert[rust/insecure-cookie] jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] a.set_secure(true); - jar.add(a.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + jar.add(a.clone()); // good a.set_secure(false); jar.add(a.clone()); // $ Alert[rust/insecure-cookie] @@ -71,7 +71,7 @@ fn test_cookie(sometimes: bool) { b.set_secure(sometimes); signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] b.set_secure(true); - signed_jar.add(b.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + signed_jar.add(b.clone()); // good let mut private_jar = jar.private_mut(&key); let mut c = Cookie::from("name"); @@ -82,7 +82,7 @@ fn test_cookie(sometimes: bool) { } private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] c.set_secure(true); - private_jar.add(c.clone()); // $ SPURIOUS: Alert[rust/insecure-cookie] + private_jar.add(c.clone()); // $ good let mut d = Cookie::from("name"); jar.add(d.clone()); // $ Alert[rust/insecure-cookie] From 94afc82304b202e74c9114ab56810216a24e545a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 14:50:46 +0100 Subject: [PATCH 046/307] Rust: Fix an issue with the local flow. --- .../codeql/rust/security/InsecureCookieExtensions.qll | 10 ++++++---- .../query-tests/security/CWE-614/CookieSet.expected | 2 +- .../security/CWE-614/InsecureCookie.expected | 9 --------- rust/ql/test/query-tests/security/CWE-614/main.rs | 2 +- 4 files changed, 8 insertions(+), 15 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 93406f914525..30a033ba155a 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -69,11 +69,13 @@ module InsecureCookie { // check if the argument is always `true` ( if - forex(DataFlow::Node argSourceNode | DataFlow::localFlow(argSourceNode, argNode) | - argSourceNode.asExpr().getExpr().(BooleanLiteralExpr).getTextValue() = "true" + forex(DataFlow::Node argSourceNode, BooleanLiteralExpr argSourceValue | + DataFlow::localFlow(argSourceNode, argNode) and + argSourceValue = argSourceNode.asExpr().getExpr() | + argSourceValue.getTextValue() = "true" ) - then value = true // `true` flow to here - else value = false // `false` or unknown + then value = true // `true` flows to here + else value = false // `false`, unknown, or multiple values ) and // and find the node where this happens ( diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected index eacadaa722d9..44f5ff01fbd3 100644 --- a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected @@ -2,7 +2,7 @@ | main.rs:12:19:12:50 | ...::build(...) | secure | true | | main.rs:20:5:20:36 | ...::build(...) | secure | false | | main.rs:21:5:21:36 | ...::build(...) | secure | false | -| main.rs:24:5:24:36 | ...::build(...) | secure | false | +| main.rs:24:5:24:36 | ...::build(...) | secure | true | | main.rs:25:5:25:36 | ...::build(...) | secure | false | | main.rs:26:5:26:36 | ...::build(...) | secure | false | | main.rs:27:5:27:36 | ...::build(...) | secure | false | diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected index 880262e9bd4e..701f90c0f34d 100644 --- a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -6,8 +6,6 @@ | main.rs:20:56:20:60 | build | main.rs:20:5:20:36 | ...::build(...) | main.rs:20:56:20:60 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:21:57:21:61 | build | main.rs:21:5:21:17 | ...::build | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:21:57:21:61 | build | main.rs:21:5:21:36 | ...::build(...) | main.rs:21:57:21:61 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:24:53:24:57 | build | main.rs:24:5:24:17 | ...::build | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | -| main.rs:24:53:24:57 | build | main.rs:24:5:24:36 | ...::build(...) | main.rs:24:53:24:57 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:25:54:25:58 | build | main.rs:25:5:25:17 | ...::build | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:25:54:25:58 | build | main.rs:25:5:25:36 | ...::build(...) | main.rs:25:54:25:58 | build | Cookie attribute 'Secure' is not set to true. | | main.rs:26:52:26:56 | build | main.rs:26:5:26:17 | ...::build | main.rs:26:52:26:56 | build | Cookie attribute 'Secure' is not set to true. | @@ -91,9 +89,6 @@ edges | main.rs:21:5:21:17 | ...::build | main.rs:21:5:21:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | | main.rs:21:5:21:36 | ...::build(...) | main.rs:21:5:21:55 | ... .secure(...) | provenance | MaD:41 | | main.rs:21:5:21:55 | ... .secure(...) | main.rs:21:57:21:61 | build | provenance | MaD:2 Sink:MaD:2 | -| main.rs:24:5:24:17 | ...::build | main.rs:24:5:24:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | -| main.rs:24:5:24:36 | ...::build(...) | main.rs:24:5:24:51 | ... .secure(...) | provenance | MaD:41 | -| main.rs:24:5:24:51 | ... .secure(...) | main.rs:24:53:24:57 | build | provenance | MaD:2 Sink:MaD:2 | | main.rs:25:5:25:17 | ...::build | main.rs:25:5:25:36 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | | main.rs:25:5:25:36 | ...::build(...) | main.rs:25:5:25:52 | ... .secure(...) | provenance | MaD:41 | | main.rs:25:5:25:52 | ... .secure(...) | main.rs:25:54:25:58 | build | provenance | MaD:2 Sink:MaD:2 | @@ -374,10 +369,6 @@ nodes | main.rs:21:5:21:36 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:21:5:21:55 | ... .secure(...) | semmle.label | ... .secure(...) | | main.rs:21:57:21:61 | build | semmle.label | build | -| main.rs:24:5:24:17 | ...::build | semmle.label | ...::build | -| main.rs:24:5:24:36 | ...::build(...) | semmle.label | ...::build(...) | -| main.rs:24:5:24:51 | ... .secure(...) | semmle.label | ... .secure(...) | -| main.rs:24:53:24:57 | build | semmle.label | build | | main.rs:25:5:25:17 | ...::build | semmle.label | ...::build | | main.rs:25:5:25:36 | ...::build(...) | semmle.label | ...::build(...) | | main.rs:25:5:25:52 | ... .secure(...) | semmle.label | ... .secure(...) | diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 4cd35ac93142..48671b737a6d 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -21,7 +21,7 @@ fn test_cookie(sometimes: bool) { Cookie::build(("name", "value")).secure(!sometimes).build(); // $ Alert[rust/insecure-cookie] // with data flow on the "secure" value - Cookie::build(("name", "value")).secure(always).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] + Cookie::build(("name", "value")).secure(always).build(); // good Cookie::build(("name", "value")).secure(!always).build(); // $ Alert[rust/insecure-cookie] Cookie::build(("name", "value")).secure(never).build(); // $ Alert[rust/insecure-cookie] Cookie::build(("name", "value")).secure(!never).build(); // $ SPURIOUS: Alert[rust/insecure-cookie] From bd07350bc3999ca549a31a9e0a3ca01ffa94adb5 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 Sep 2025 10:05:11 +0100 Subject: [PATCH 047/307] Rust: Add qhelp and examples. --- .../security/CWE-614/InsecureCookie.qhelp | 33 +++++++++++++++++++ .../security/CWE-614/InsecureCookieBad.rs | 6 ++++ .../security/CWE-614/InsecureCookieGood.rs | 11 +++++++ 3 files changed, 50 insertions(+) create mode 100644 rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp create mode 100644 rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs create mode 100644 rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp new file mode 100644 index 000000000000..ef08ff27b9c3 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp @@ -0,0 +1,33 @@ + + + + +

Failing to set the 'Secure' attribute on a cookie allows it to be transmitted over an unencrypted (HTTP) connection. If an attacker can observe a user's network traffic (for example over an insecure Wi‑Fi network), they can access sensitive information in the cookie and potentially use it to impersonate the user.

+ + + + +

Always set the cookie 'Secure' attribute so that the browser only sends the cookie over HTTPS.

+ + + + +

The following example creates a cookie using the cookie crate without the 'Secure' attribute:

+ + + +

In the fixed example, we either call secure(true) on the CookieBuilder or set_secure(true) on the Cookie itself:

+ + + + + + +
  • MDN Web Docs: Using HTTP cookies.
    • +
  • OWASP Cheat Sheet Series: Session Management Cheat Sheet - Transport Layer Security.
    • +
  • MDN Web Docs: Set-Cookie header - Secure.
    • + +     +     diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs new file mode 100644 index 000000000000..239776e99de4 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs @@ -0,0 +1,6 @@ +use cookie::Cookie; + +// BAD: creating a cookie without specifying the `secure` attribute +let cookie = Cookie::build("session", "abcd1234").build(); +let mut jar = cookie::CookieJar::new(); +jar.add(cookie.clone()); diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs new file mode 100644 index 000000000000..81971552d0f8 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs @@ -0,0 +1,11 @@ +use cookie::Cookie; + +// GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS +let secure_cookie = Cookie::build("session", "abcd1234").secure(true).build(); +let mut jar = cookie::CookieJar::new(); +jar.add(secure_cookie.clone()); + +// GOOD: alternatively, set the 'Secure' attribute on an existing `Cookie` +let mut secure_cookie2 = Cookie::new("session", "abcd1234"); +secure_cookie2.set_secure(true); +jar.add(secure_cookie2); From 4662e42584d13987d8d5a09c7edaef137db8c325 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 15:00:14 +0100 Subject: [PATCH 048/307] Rust: Add examples as tests (and fix them). --- .../security/CWE-614/InsecureCookieBad.rs | 2 +- .../security/CWE-614/InsecureCookieGood.rs | 2 +- .../security/CWE-614/CookieSet.expected | 3 +++ .../security/CWE-614/InsecureCookie.expected | 6 +++++ .../test/query-tests/security/CWE-614/main.rs | 22 +++++++++++++++++++ 5 files changed, 33 insertions(+), 2 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs index 239776e99de4..e4939f6d5c85 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieBad.rs @@ -1,6 +1,6 @@ use cookie::Cookie; // BAD: creating a cookie without specifying the `secure` attribute -let cookie = Cookie::build("session", "abcd1234").build(); +let cookie = Cookie::build(("session", "abcd1234")).build(); let mut jar = cookie::CookieJar::new(); jar.add(cookie.clone()); diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs index 81971552d0f8..886d969604cd 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookieGood.rs @@ -1,7 +1,7 @@ use cookie::Cookie; // GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS -let secure_cookie = Cookie::build("session", "abcd1234").secure(true).build(); +let secure_cookie = Cookie::build(("session", "abcd1234")).secure(true).build(); let mut jar = cookie::CookieJar::new(); jar.add(secure_cookie.clone()); diff --git a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected index 44f5ff01fbd3..959648d37ed1 100644 --- a/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected +++ b/rust/ql/test/query-tests/security/CWE-614/CookieSet.expected @@ -49,3 +49,6 @@ | main.rs:138:13:138:13 | d | secure | true | | main.rs:142:13:142:13 | e | partitioned | false | | main.rs:146:13:146:13 | f | secure | false | +| main.rs:180:29:180:66 | ...::build(...) | secure | true | +| main.rs:186:9:186:22 | [SSA] secure_cookie2 | secure | true | +| main.rs:186:9:186:22 | secure_cookie2 | secure | true | diff --git a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected index 701f90c0f34d..e514828c3a0c 100644 --- a/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected +++ b/rust/ql/test/query-tests/security/CWE-614/InsecureCookie.expected @@ -77,6 +77,7 @@ | main.rs:165:13:165:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:165:13:165:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:166:13:166:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:166:13:166:18 | insert | Cookie attribute 'Secure' is not set to true. | | main.rs:167:13:167:18 | insert | main.rs:155:13:155:41 | ...::new | main.rs:167:13:167:18 | insert | Cookie attribute 'Secure' is not set to true. | +| main.rs:173:61:173:65 | build | main.rs:173:22:173:34 | ...::build | main.rs:173:61:173:65 | build | Cookie attribute 'Secure' is not set to true. | edges | main.rs:8:19:8:31 | ...::build | main.rs:8:19:8:50 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | | main.rs:8:19:8:50 | ...::build(...) | main.rs:8:19:8:64 | ... .secure(...) | provenance | MaD:41 | @@ -311,6 +312,8 @@ edges | main.rs:167:20:167:20 | i | main.rs:167:20:167:28 | i.clone() | provenance | MaD:17 | | main.rs:167:20:167:28 | i.clone() | main.rs:167:20:167:45 | ... .make_permanent() | provenance | MaD:18 | | main.rs:167:20:167:45 | ... .make_permanent() | main.rs:167:13:167:18 | insert | provenance | MaD:1 Sink:MaD:1 | +| main.rs:173:22:173:34 | ...::build | main.rs:173:22:173:59 | ...::build(...) | provenance | Src:MaD:13 MaD:13 | +| main.rs:173:22:173:59 | ...::build(...) | main.rs:173:61:173:65 | build | provenance | MaD:2 Sink:MaD:2 | models | 1 | Sink: ::insert; Argument[0]; cookie-use | | 2 | Sink: ::build; Argument[self]; cookie-use | @@ -588,4 +591,7 @@ nodes | main.rs:167:20:167:20 | i | semmle.label | i | | main.rs:167:20:167:28 | i.clone() | semmle.label | i.clone() | | main.rs:167:20:167:45 | ... .make_permanent() | semmle.label | ... .make_permanent() | +| main.rs:173:22:173:34 | ...::build | semmle.label | ...::build | +| main.rs:173:22:173:59 | ...::build(...) | semmle.label | ...::build(...) | +| main.rs:173:61:173:65 | build | semmle.label | build | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 48671b737a6d..e14ac6719d69 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -167,8 +167,30 @@ fn test_biscotti() { cookies.insert(i.clone().make_permanent()); // $ Alert[rust/insecure-cookie] } +fn test_qhelp_examples() {use cookie::Cookie; + { + // BAD: creating a cookie without specifying the `secure` attribute + let cookie = Cookie::build(("session", "abcd1234")).build(); // $ Alert[rust/insecure-cookie] + let mut jar = cookie::CookieJar::new(); + jar.add(cookie.clone()); + } + + { + // GOOD: set the `CookieBuilder` 'Secure' attribute so that the cookie is only sent over HTTPS + let secure_cookie = Cookie::build(("session", "abcd1234")).secure(true).build(); + let mut jar = cookie::CookieJar::new(); + jar.add(secure_cookie.clone()); + + // GOOD: alternatively, set the 'Secure' attribute on an existing `Cookie` + let mut secure_cookie2 = Cookie::new("session", "abcd1234"); + secure_cookie2.set_secure(true); + jar.add(secure_cookie2); + } +} + fn main() { test_cookie(true); test_cookie(false); test_biscotti(); + test_qhelp_examples(); } From ae9025334e747e6170d89b3be583bed11627afce Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:31:34 +0100 Subject: [PATCH 049/307] Rust: Add the new query to suite lists. --- .../query-suite/rust-code-scanning.qls.expected | 1 + .../query-suite/rust-security-and-quality.qls.expected | 1 + .../query-suite/rust-security-extended.qls.expected | 1 + 3 files changed, 3 insertions(+) diff --git a/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected index b601905e6a30..2035af152182 100644 --- a/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-code-scanning.qls.expected @@ -16,6 +16,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql ql/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql diff --git a/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected index 074cb2ec8888..960ba9079cc0 100644 --- a/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-security-and-quality.qls.expected @@ -17,6 +17,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-696/BadCtorInitialization.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql diff --git a/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected index 38846e281eb8..d758b7ac8d52 100644 --- a/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected +++ b/rust/ql/integration-tests/query-suite/rust-security-extended.qls.expected @@ -17,6 +17,7 @@ ql/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql ql/rust/ql/src/queries/security/CWE-312/CleartextStorageDatabase.ql ql/rust/ql/src/queries/security/CWE-327/BrokenCryptoAlgorithm.ql ql/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +ql/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql ql/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql ql/rust/ql/src/queries/security/CWE-798/HardcodedCryptographicValue.ql ql/rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql From 3de191177cdb21b20495f11e54503d4a83d173d8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 19 Sep 2025 16:35:54 +0100 Subject: [PATCH 050/307] Rust: Change note. --- rust/ql/src/change-notes/2025-09-19-insecure-cookie.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 rust/ql/src/change-notes/2025-09-19-insecure-cookie.md diff --git a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md b/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md new file mode 100644 index 000000000000..d84da707c43c --- /dev/null +++ b/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md @@ -0,0 +1,4 @@ +--- +category: newQuery +--- +* Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. From cc9c4149d7ae4ce30fc6fe0d3717076ab70ad801 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 16:54:08 +0100 Subject: [PATCH 051/307] Apply suggestions from code review --- rust/ql/test/query-tests/security/CWE-614/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index e14ac6719d69..674ad95a7ba4 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -167,7 +167,7 @@ fn test_biscotti() { cookies.insert(i.clone().make_permanent()); // $ Alert[rust/insecure-cookie] } -fn test_qhelp_examples() {use cookie::Cookie; +fn test_qhelp_examples() { { // BAD: creating a cookie without specifying the `secure` attribute let cookie = Cookie::build(("session", "abcd1234")).build(); // $ Alert[rust/insecure-cookie] From 5b4632b4326765014dfb8d4532ce1807c206ee37 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 16:55:43 +0100 Subject: [PATCH 052/307] Apply suggestions from code review Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- rust/ql/src/queries/security/CWE-614/InsecureCookie.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index 987940a2f0ae..e215bd65f034 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -20,7 +20,7 @@ import codeql.rust.security.InsecureCookieExtensions /** * A data flow configuration for tracking values representing cookies without the - * 'secure' attribute set. This is the primary data flow configurationn for this + * 'secure' attribute set. This is the primary data flow configuration for this * query. */ module InsecureCookieConfig implements DataFlow::ConfigSig { From 43ac75ed625e3e5d0fe6d2a06b6e4d1566b53fbb Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 16:58:07 +0100 Subject: [PATCH 053/307] Rust: Address another tiny suggestion from review. --- rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 30a033ba155a..0dea9844d0b9 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -8,7 +8,7 @@ private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSource private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts -private import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl +private import codeql.rust.dataflow.internal.DataFlowImpl as DataFlowImpl private import codeql.rust.dataflow.internal.Node private import codeql.rust.controlflow.BasicBlocks @@ -60,7 +60,7 @@ module InsecureCookie { DataFlow::Node argNode | // decode a `cookie-`... optional barrier - DataflowImpl::optionalBarrier(summaryNode, barrierName) and + DataFlowImpl::optionalBarrier(summaryNode, barrierName) and attrib = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 1) and arg = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 2).toInt() and // find a call and arg referenced by this optional barrier From 6362884d1683e8674775bc514537f90768ebbbba Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 16:59:11 +0100 Subject: [PATCH 054/307] Rust: Autoformat. --- rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 0dea9844d0b9..3525614c0dc6 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -71,7 +71,8 @@ module InsecureCookie { if forex(DataFlow::Node argSourceNode, BooleanLiteralExpr argSourceValue | DataFlow::localFlow(argSourceNode, argNode) and - argSourceValue = argSourceNode.asExpr().getExpr() | + argSourceValue = argSourceNode.asExpr().getExpr() + | argSourceValue.getTextValue() = "true" ) then value = true // `true` flows to here From 86c8c3c8c09e98ca7a8f04ae692d431b90699bb0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 17:01:12 +0100 Subject: [PATCH 055/307] Rust: Fix warning by making the query a path-problem. --- rust/ql/src/queries/security/CWE-614/InsecureCookie.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql index e215bd65f034..e2d7288db45b 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.ql @@ -3,7 +3,7 @@ * @description Omitting the 'Secure' attribute allows data to be transmitted insecurely * using HTTP. Always set 'Secure' to 'true' to ensure that HTTPS * is used at all times. - * @kind problem + * @kind path-problem * @problem.severity error * @security-severity 7.5 * @precision high From 266624dd0f653a237c6a863d2e49370f68388669 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 22 Sep 2025 17:12:52 +0100 Subject: [PATCH 056/307] Rust: The test needs to have Source tags now. --- .../test/query-tests/security/CWE-614/main.rs | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-614/main.rs b/rust/ql/test/query-tests/security/CWE-614/main.rs index 674ad95a7ba4..afcbb28931f1 100644 --- a/rust/ql/test/query-tests/security/CWE-614/main.rs +++ b/rust/ql/test/query-tests/security/CWE-614/main.rs @@ -55,26 +55,26 @@ fn test_cookie(sometimes: bool) { // mutable cookie let mut jar = CookieJar::new(); - let mut a = Cookie::new("name", "value"); + let mut a = Cookie::new("name", "value"); // $ Source jar.add(a.clone()); // $ Alert[rust/insecure-cookie] jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] a.set_secure(true); jar.add(a.clone()); // good - a.set_secure(false); + a.set_secure(false); // $ Source jar.add(a.clone()); // $ Alert[rust/insecure-cookie] let key = Key::generate(); let mut signed_jar = jar.signed_mut(&key); - let mut b = Cookie::named("name"); + let mut b = Cookie::named("name"); // $ Source signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] signed_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] - b.set_secure(sometimes); + b.set_secure(sometimes); // $ Source signed_jar.add(b.clone()); // $ Alert[rust/insecure-cookie] b.set_secure(true); signed_jar.add(b.clone()); // good let mut private_jar = jar.private_mut(&key); - let mut c = Cookie::from("name"); + let mut c = Cookie::from("name"); // $ Source private_jar.add(c.clone()); // $ Alert[rust/insecure-cookie] private_jar.add_original(a.clone()); // $ Alert[rust/insecure-cookie] if sometimes { @@ -84,7 +84,7 @@ fn test_cookie(sometimes: bool) { c.set_secure(true); private_jar.add(c.clone()); // $ good - let mut d = Cookie::from("name"); + let mut d = Cookie::from("name"); // $ Source jar.add(d.clone()); // $ Alert[rust/insecure-cookie] if sometimes { c.set_secure(true); @@ -119,7 +119,7 @@ fn test_biscotti() { // test set_secure, set_partitioned - let a = biscotti::ResponseCookie::new("name", "value"); + let a = biscotti::ResponseCookie::new("name", "value"); // $ Source cookies.insert(a.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti1 = {}", a.to_string()); @@ -127,7 +127,7 @@ fn test_biscotti() { cookies.insert(b.clone()); // good println!("biscotti2 = {}", b.to_string()); - let c = b.set_secure(false); + let c = b.set_secure(false); // $ Source cookies.insert(c.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti3 = {}", c.to_string()); @@ -143,16 +143,16 @@ fn test_biscotti() { cookies.insert(f.clone()); // good println!("biscotti6 = {}", f.to_string()); - let g = f.set_secure(false); + let g = f.set_secure(false); // $ Source cookies.insert(g.clone()); // $ Alert[rust/insecure-cookie] println!("biscotti7 = {}", g.to_string()); // variant creation (insecure) - let h = biscotti::ResponseCookie::from(("name", "value")); + let h = biscotti::ResponseCookie::from(("name", "value")); // $ Source cookies.insert(h); // $ Alert[rust/insecure-cookie] // variant uses (all insecure) - let i = biscotti::ResponseCookie::new("name", "value"); + let i = biscotti::ResponseCookie::new("name", "value"); // $ Source cookies.insert(i.clone().set_name("name2")); // $ Alert[rust/insecure-cookie] cookies.insert(i.clone().set_value("value2")); // $ Alert[rust/insecure-cookie] cookies.insert(i.clone().set_http_only(true)); // $ Alert[rust/insecure-cookie] From 718c0abdb6fe073349de892ddbbc383b404de607 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 23 Sep 2025 10:31:28 +0200 Subject: [PATCH 057/307] Overlay: Discard base config entities in overlay extracted files --- java/ql/lib/semmle/code/java/Overlay.qll | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index 0f6033d87b3d..31a1518fc592 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -88,7 +88,17 @@ private string baseConfigLocatable(@configLocatable el) { not isOverlay() and result = getRawFileForConfig(el) } +overlay[local] +private predicate overlayConfigExtracted(string file) { + isOverlay() and + exists(@configLocatable el | file = getRawFileForConfig(el)) +} + overlay[discard_entity] private predicate discardBaseConfigLocatable(@configLocatable el) { overlayChangedFiles(baseConfigLocatable(el)) + or + // The config extractor is currently not incremental and may extract more + // property files than those included in overlayChangedFiles. + overlayConfigExtracted(baseConfigLocatable(el)) } From f02da68c55b450687aab8235b725f58139169fe5 Mon Sep 17 00:00:00 2001 From: Kasper Svendsen Date: Tue, 23 Sep 2025 10:34:49 +0200 Subject: [PATCH 058/307] Overlay: Discard base XML entities in overlay extracted files --- java/ql/lib/semmle/code/java/Overlay.qll | 28 ++++++++++++++++++++++++ java/ql/lib/semmle/code/xml/XML.qll | 10 ++++----- 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/java/ql/lib/semmle/code/java/Overlay.qll b/java/ql/lib/semmle/code/java/Overlay.qll index 31a1518fc592..b5f7264eb3df 100644 --- a/java/ql/lib/semmle/code/java/Overlay.qll +++ b/java/ql/lib/semmle/code/java/Overlay.qll @@ -102,3 +102,31 @@ private predicate discardBaseConfigLocatable(@configLocatable el) { // property files than those included in overlayChangedFiles. overlayConfigExtracted(baseConfigLocatable(el)) } + +/** + * An `@xmllocatable` that should be discarded in the base variant if its file is + * extracted in the overlay variant. + */ +overlay[local] +abstract class DiscardableXmlLocatable extends @xmllocatable { + /** Gets the raw file for an xmllocatable in base. */ + string getRawFileInBase() { not isOverlay() and result = getRawFile(this) } + + /** Gets a textual representation of this discardable xmllocatable. */ + string toString() { none() } +} + +overlay[local] +private predicate overlayXmlExtracted(string file) { + isOverlay() and + exists(@xmllocatable el | not files(el, _) and not xmlNs(el, _, _, _) and file = getRawFile(el)) +} + +overlay[discard_entity] +private predicate discardXmlLocatable(@xmllocatable el) { + overlayChangedFiles(el.(DiscardableXmlLocatable).getRawFileInBase()) + or + // The XML extractor is currently not incremental and may extract more + // XML files than those included in overlayChangedFiles. + overlayXmlExtracted(el.(DiscardableXmlLocatable).getRawFileInBase()) +} diff --git a/java/ql/lib/semmle/code/xml/XML.qll b/java/ql/lib/semmle/code/xml/XML.qll index cd00991eb65c..d13a83e77981 100644 --- a/java/ql/lib/semmle/code/xml/XML.qll +++ b/java/ql/lib/semmle/code/xml/XML.qll @@ -71,12 +71,12 @@ private module Input implements InputSig { import Make -private class DiscardableXmlAttribute extends DiscardableLocatable, @xmlattribute { } +private class DiscardableXmlAttribute extends DiscardableXmlLocatable, @xmlattribute { } -private class DiscardableXmlElement extends DiscardableLocatable, @xmlelement { } +private class DiscardableXmlElement extends DiscardableXmlLocatable, @xmlelement { } -private class DiscardableXmlComment extends DiscardableLocatable, @xmlcomment { } +private class DiscardableXmlComment extends DiscardableXmlLocatable, @xmlcomment { } -private class DiscardableXmlCharacters extends DiscardableLocatable, @xmlcharacters { } +private class DiscardableXmlCharacters extends DiscardableXmlLocatable, @xmlcharacters { } -private class DiscardableXmlDtd extends DiscardableLocatable, @xmldtd { } +private class DiscardableXmlDtd extends DiscardableXmlLocatable, @xmldtd { } From b3cbdb5c1a5a1e75547d473ca59cfbdb182f2b50 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 10:39:27 +0100 Subject: [PATCH 059/307] C++: Add QLDoc to TRange. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index d0f3de4fb3c5..5765816e0171 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -31,6 +31,12 @@ module GuardsInput implements SharedGuards::InputSig Date: Wed, 24 Sep 2025 10:51:45 +0100 Subject: [PATCH 060/307] C++: Remove superfluous inference logic. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 19 ------------------- 1 file changed, 19 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 5765816e0171..42de61adf061 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -436,25 +436,6 @@ private module LogicInput_v1 implements GuardsImpl::LogicInputSig { ) { g1.(ConditionalBranchInstruction).getCondition() = g2 and v1.asBooleanValue() = v2.asBooleanValue() - or - exists(SwitchInstruction switch, SwitchEdge edge | - g1 = switch.getSuccessor(edge) and - g2 = switch.getExpression() - | - v1.asBooleanValue() = true and - ( - v2.asIntValue() = edge.getValue().toInt() - or - v2.asConstantValue().isRange(edge.getMinValue(), edge.getMaxValue()) - ) - or - v1.asBooleanValue() = false and - ( - v2.getDualValue().asIntValue() = edge.getValue().toInt() - or - v2.getDualValue().asConstantValue().isRange(edge.getMinValue(), edge.getMaxValue()) - ) - ) } } From 99e1a07b8e6a0a471a2bcfd55124588957da20d3 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 10:58:47 +0100 Subject: [PATCH 061/307] C++: Add a comment to the 'ConditionalBranchInstruction' case in 'additionalImpliesStep. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 42de61adf061..c1cb52432687 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -434,6 +434,15 @@ private module LogicInput_v1 implements GuardsImpl::LogicInputSig { predicate additionalImpliesStep( GuardsImpl::PreGuard g1, GuardValue v1, GuardsImpl::PreGuard g2, GuardValue v2 ) { + // The `ConditionalBranch` instruction is the instruction for which there are + // conditional successors out of. However, the condition that controls + // which conditional successor is taken is given by the condition of the + // `ConditionalBranch` instruction. So this step either needs to be here, + // or we need `ConditionalBranch` instructions to be `IdExpr`s. Modeling + // them as `IdExpr`s would be a bit weird since the result type is + // `IRVoidType`. Including them here is fine as long as `ConditionalBranch` + // instructions cannot be assigned to SSA variables (which they cannot + // since they produce no value). g1.(ConditionalBranchInstruction).getCondition() = g2 and v1.asBooleanValue() = v2.asBooleanValue() } From ed2a14a3ec3c2e52c30cdab75e2e71b62afa86f3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:17:07 +0100 Subject: [PATCH 062/307] Rust: Update doc comments for StmtList. --- rust/schema/annotations.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/rust/schema/annotations.py b/rust/schema/annotations.py index 371493926756..d609e1d03b79 100644 --- a/rust/schema/annotations.py +++ b/rust/schema/annotations.py @@ -1828,13 +1828,15 @@ class _: @annotate(StmtList) class _: """ - A list of statements in a block. + A list of statements in a block, with an optional tail expression at the + end that determines the block's value. For example: ```rust { let x = 1; let y = 2; + x + y } // ^^^^^^^^^ ``` From ed3a6fd799eff8b48ea6c19af559779c61c92e03 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:24:57 +0100 Subject: [PATCH 063/307] Rust: Codegen. --- rust/ql/.generated.list | 8 ++++---- rust/ql/lib/codeql/rust/elements/StmtList.qll | 4 +++- .../ql/lib/codeql/rust/elements/internal/StmtListImpl.qll | 4 +++- .../lib/codeql/rust/elements/internal/generated/Raw.qll | 4 +++- .../codeql/rust/elements/internal/generated/StmtList.qll | 4 +++- .../test/extractor-tests/generated/.generated_tests.list | 2 +- .../extractor-tests/generated/StmtList/gen_stmt_list.rs | 4 +++- 7 files changed, 20 insertions(+), 10 deletions(-) diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 92d0a7a4cd84..7c12fda08a99 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -144,7 +144,7 @@ lib/codeql/rust/elements/SliceTypeRepr.qll 730e4d0eeefb9b2284e15b41cd0afc3cbe255 lib/codeql/rust/elements/SourceFile.qll 0b6a3e58767c07602b19975009a2ad53ecf1fd721302af543badb643c1fbb6c4 511d5564aab70b1fcd625e07f3d7e3ceb0c4811a5740de64a55a9a728ba8d32c lib/codeql/rust/elements/Static.qll 9dca6d4fb80fb4ead49a3de89bec2b02bae6f96fbc2601dde35a2aa69a9bfdb0 70f67bc75d7799dab04ea7a7fd13286bb76bbe514be16d23149c59dfb31fd0c9 lib/codeql/rust/elements/Stmt.qll 532b12973037301246daf7d8c0177f734202f43d9261c7a4ca6f5080eea8ca64 b838643c4f2b4623d2c816cddad0e68ca3e11f2879ab7beaece46f489ec4b1f3 -lib/codeql/rust/elements/StmtList.qll e874859ce03672d0085e47e0ca5e571b92b539b31bf0d5a8802f9727bef0c6b0 e5fe83237f713cdb57c446a6e1c20f645c2f49d9f5ef2c984032df83acb3c0de +lib/codeql/rust/elements/StmtList.qll 8bad277dfd88735195b8fd43bb1395cb2393c488d89304d6a6e6d8ec3eb24b73 cd1d483aecb8bb1876b8153a872f680febc2ef6c315d661c85ec1b2fa07e4fc0 lib/codeql/rust/elements/Struct.qll 297d3ea732fc7fbb8b8fb5479c1873ce84705146853ff752c84a6f70af12b923 3df0e5fd50a910a0b5611c3a860a1d7c318f6925c3a0727006d91840caf04812 lib/codeql/rust/elements/StructExpr.qll 84f384ef74c723796e514186037a91dd9666556f62c717f133ce22e9dda4425f 176497835252cfdfe110e58ebde9fbde553d03e44e07d3e4d8041e835dbf31b9 lib/codeql/rust/elements/StructExprField.qll 3eb9f17ecd1ad38679689eb4ecc169d3a0b5b7a3fc597ae5a957a7aea2f74e4f 8fcd26f266f203004899a60447ba16e7eae4e3a654fbec7f54e26857730ede93 @@ -385,7 +385,7 @@ lib/codeql/rust/elements/internal/StaticConstructor.qll 6dd7ee3fd16466c407de35b4 lib/codeql/rust/elements/internal/StaticImpl.qll 48071e29c72032b59ad82771d54be92ac0f4c1a68fb1129c5c7991385804d7b1 85c0be8e37a91d6e775b191f0cb52dd8bf70418e6e9947b82c58c40a6d73b406 lib/codeql/rust/elements/internal/StmtImpl.qll ea99d261f32592ff368cc3a1960864989897c92944f1675549e0753964cb562f 9117b4cdfad56f8fa3bc5d921c2146b4ff0658e8914ac51bf48eb3e68599dd6b lib/codeql/rust/elements/internal/StmtListConstructor.qll 435d59019e17a6279110a23d3d5dfbc1d1e16fc358a93a1d688484d22a754866 23fcb60a5cbb66174e459bc10bd7c28ed532fd1ab46f10b9f0c8a6291d3e343f -lib/codeql/rust/elements/internal/StmtListImpl.qll b39f93534013fe38fee68fbc0232146c92b5f90ee0f6e36da31fb1a3797b3175 2b26bc14c2afb94de2d27ba511eca21313b6fc021c827637cd5904154abb9f3f +lib/codeql/rust/elements/internal/StmtListImpl.qll eecb90e4a64445047804d66af8e00772d25da197540eb93c1e6e53ddeca26a4b 3974e3bd1bb8df15f1086e2b662f970b615db447eb7d88939ce017bfba120c39 lib/codeql/rust/elements/internal/StructConstructor.qll 52921ea6e70421fd08884dc061d0c2dfbbb8dd83d98f1f3c70572cfe57b2a173 dcb3ea8e45ee875525c645fe5d08e6db9013b86bd351c77df4590d0c1439ab9f lib/codeql/rust/elements/internal/StructExprConstructor.qll 69761fa65a4bedf2893fdfc49753fd1289d9eb64cf405227458161b95fa550cb 72ed5f32dcf6a462d9d3cadfc57395a40ee6f4e294a88dbda78761b4a0759ece lib/codeql/rust/elements/internal/StructExprFieldConstructor.qll 6766d7941963904b3a704e64381a478d410c2ef88e8facbc82efca4e781dac96 a14ce465f0f4e43dea5c21c269d803b0ad452d2eb03f4342ea7a9f5d0b357d60 @@ -585,7 +585,7 @@ lib/codeql/rust/elements/internal/generated/PtrTypeRepr.qll 8d0ea4f6c7f8203340bf lib/codeql/rust/elements/internal/generated/PureSynthConstructors.qll e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f lib/codeql/rust/elements/internal/generated/RangeExpr.qll 23cca03bf43535f33b22a38894f70d669787be4e4f5b8fe5c8f7b964d30e9027 18624cef6c6b679eeace2a98737e472432e0ead354cca02192b4d45330f047c9 lib/codeql/rust/elements/internal/generated/RangePat.qll 80826a6a6868a803aa2372e31c52a03e1811a3f1f2abdb469f91ca0bfdd9ecb6 34ee1e208c1690cba505dff2c588837c0cd91e185e2a87d1fe673191962276a9 -lib/codeql/rust/elements/internal/generated/Raw.qll ae8ebdaa26dc2dfbcc8d64c9c7b296de2e0e78086ce7545cbedfa1f560ef2ffa 6a78058f346e34a2da4dd984f76bf848d7d6708d4c0a35151303748cb0ea92fa +lib/codeql/rust/elements/internal/generated/Raw.qll 74fdb238b66345f937d37a8bf354b13263c1d4fd3fcb5a98c607225bade2df25 31dce64c83ea6f06df0a5df01d18398c65bb767da3d1ea63ebe6226a7b7f848f lib/codeql/rust/elements/internal/generated/RefExpr.qll 7d995884e3dc1c25fc719f5d7253179344d63650e217e9ff6530285fe7a57f64 f2c3c12551deea4964b66553fb9b6423ee16fec53bd63db4796191aa60dc6c66 lib/codeql/rust/elements/internal/generated/RefPat.qll 456ede39837463ee22a630ec7ab6c8630d3664a8ea206fcc6e4f199e92fa564c 5622062765f32930465ba6b170e986706f159f6070f48adee3c20e24e8df4e05 lib/codeql/rust/elements/internal/generated/RefTypeRepr.qll 5b0663a6d234572fb3e467e276d019415caa95ef006438cc59b7af4e1783161e 0e27c8a8f0e323c0e4d6db01fca821bf07c0864d293cdf96fa891b10820c1e4b @@ -600,7 +600,7 @@ lib/codeql/rust/elements/internal/generated/SliceTypeRepr.qll 6f4f9d7e29784ce95d lib/codeql/rust/elements/internal/generated/SourceFile.qll 4bc95c88b49868d1da1a887b35e43ae81e51a69407e79463f5e8824801859380 5641581d70241c0d0d0426976968576ebbef10c183f0371583b243e4e5bbf576 lib/codeql/rust/elements/internal/generated/Static.qll 1a6c87d3c5602e3d02268ebe2463a4ac64614ad25e8966a9bdb9c0ef58991365 cc1fe16d70cdce41a12e41a8f80cc38bdd7efa49c1544e35342fcf3cd26b8219 lib/codeql/rust/elements/internal/generated/Stmt.qll 8473ff532dd5cc9d7decaddcd174b94d610f6ca0aec8e473cc051dad9f3db917 6ef7d2b5237c2dbdcacbf7d8b39109d4dc100229f2b28b5c9e3e4fbf673ba72b -lib/codeql/rust/elements/internal/generated/StmtList.qll 816aebf8f56e179f5f0ba03e80d257ee85459ea757392356a0af6dbd0cd9ef5e 6aa51cdcdc8d93427555fa93f0e84afdfbbd4ffc8b8d378ae4a22b5b6f94f48b +lib/codeql/rust/elements/internal/generated/StmtList.qll 0d0ca02f5a1a0e00ecb1f907e0967c225d77df636921158e516179891a07dc55 e823d6224b75bf06c6633477daf3c822bc38ad721c49e1d3200dfb749c915e48 lib/codeql/rust/elements/internal/generated/Struct.qll 999da1b46e40d6e03fd2338fea02429462877c329c5d1338618cbd886a81567e daa7ff7bd32c554462e0a1502d8319cb5e734e056d0564e06596e416e2b88e9d lib/codeql/rust/elements/internal/generated/StructExpr.qll e77702890561102af38f52d836729e82569c964f8d4c7e680b27992c1ff0f141 23dc51f68107ab0e5c9dd88a6bcc85bb66e8e0f4064cb4d416f50f2ba5db698c lib/codeql/rust/elements/internal/generated/StructExprField.qll 6bdc52ed325fd014495410c619536079b8c404e2247bd2435aa7685dd56c3833 501a30650cf813176ff325a1553da6030f78d14be3f84fea6d38032f4262c6b0 diff --git a/rust/ql/lib/codeql/rust/elements/StmtList.qll b/rust/ql/lib/codeql/rust/elements/StmtList.qll index 76a4b5d2c34a..9401cb99084c 100644 --- a/rust/ql/lib/codeql/rust/elements/StmtList.qll +++ b/rust/ql/lib/codeql/rust/elements/StmtList.qll @@ -10,13 +10,15 @@ import codeql.rust.elements.Expr import codeql.rust.elements.Stmt /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 85940ef7d21c..72fcd6a5c70f 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -13,13 +13,15 @@ private import codeql.rust.elements.internal.generated.StmtList */ module Impl { /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll index abf844b77f5a..685c3c65ed3e 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll @@ -943,13 +943,15 @@ module Raw { /** * INTERNAL: Do not use. - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll index 3460c239a9f3..d19134383927 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll @@ -17,13 +17,15 @@ import codeql.rust.elements.Stmt */ module Generated { /** - * A list of statements in a block. + * A list of statements in a block, with an optional tail expression at the + * end that determines the block's value. * * For example: * ```rust * { * let x = 1; * let y = 2; + * x + y * } * // ^^^^^^^^^ * ``` diff --git a/rust/ql/test/extractor-tests/generated/.generated_tests.list b/rust/ql/test/extractor-tests/generated/.generated_tests.list index c0e2d095be66..2fcb0b79be47 100644 --- a/rust/ql/test/extractor-tests/generated/.generated_tests.list +++ b/rust/ql/test/extractor-tests/generated/.generated_tests.list @@ -114,7 +114,7 @@ SlicePat/gen_slice_pat.rs df4a6692f5100aa11dd777561400ce71e37b85f2363b0638c21975 SliceTypeRepr/gen_slice_type_repr.rs 4a85402d40028c5a40ef35018453a89700b2171bc62fd86587378484831b969f 4a85402d40028c5a40ef35018453a89700b2171bc62fd86587378484831b969f SourceFile/gen_source_file.rs c0469cc8f0ecce3dd2e77963216d7e8808046014533359a44c1698e48783b420 c0469cc8f0ecce3dd2e77963216d7e8808046014533359a44c1698e48783b420 Static/gen_static.rs 21314018ea184c1ddcb594d67bab97ae18ceaf663d9f120f39ff755d389dde7a 21314018ea184c1ddcb594d67bab97ae18ceaf663d9f120f39ff755d389dde7a -StmtList/gen_stmt_list.rs adbd82045a50e2051434ce3cdd524c9f2c6ad9f3dd02b4766fb107e2e99212db adbd82045a50e2051434ce3cdd524c9f2c6ad9f3dd02b4766fb107e2e99212db +StmtList/gen_stmt_list.rs 1051a20a90b59142e3fddfbbabd0eff586586b1812c6ab788c5391153bab8851 1051a20a90b59142e3fddfbbabd0eff586586b1812c6ab788c5391153bab8851 Struct/gen_struct.rs 5e181e90075f716c04c75e4ef0334abe3d5f419cd9ccfadfe595c09fab33566b 5e181e90075f716c04c75e4ef0334abe3d5f419cd9ccfadfe595c09fab33566b StructExpr/gen_struct_expr.rs e7824008b0b73d02f6243fd8a18e0ef93c63bfe775a878fc2679c3870fc342fd e7824008b0b73d02f6243fd8a18e0ef93c63bfe775a878fc2679c3870fc342fd StructExprField/gen_struct_expr_field.rs 4ccca8e8ad462b4873f5604f0afdd1836027b8d39e36fbe7d6624ef3e744a084 4ccca8e8ad462b4873f5604f0afdd1836027b8d39e36fbe7d6624ef3e744a084 diff --git a/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs b/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs index 8cc83732b62f..9802e4bc9950 100644 --- a/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs +++ b/rust/ql/test/extractor-tests/generated/StmtList/gen_stmt_list.rs @@ -1,12 +1,14 @@ // generated by codegen, do not edit fn test_stmt_list() -> () { - // A list of statements in a block. + // A list of statements in a block, with an optional tail expression at the + // end that determines the block's value. // // For example: { let x = 1; let y = 2; + x + y } // ^^^^^^^^^ } From d10d5fd05e604f7040b80ff22114b38937b55e7f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 15:17:02 +0100 Subject: [PATCH 064/307] C++: Rename in the name of consistency. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index c1cb52432687..a020c0c91e32 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -1128,7 +1128,7 @@ final class IRGuardCondition extends Guards_v1::Guard { */ pragma[inline] predicate comparesLt(Operand op, int k, boolean isLessThan, GuardValue value) { - compares_lt(valueNumber(this), op, k, isLessThan, value) + unary_compares_lt(valueNumber(this), op, k, isLessThan, value) } /** @@ -1150,7 +1150,7 @@ final class IRGuardCondition extends Guards_v1::Guard { pragma[inline] predicate ensuresLt(Operand op, int k, IRBlock block, boolean isLessThan) { exists(GuardValue value | - compares_lt(valueNumber(this), op, k, isLessThan, value) and + unary_compares_lt(valueNumber(this), op, k, isLessThan, value) and this.valueControls(block, value) ) } @@ -1176,7 +1176,7 @@ final class IRGuardCondition extends Guards_v1::Guard { pragma[inline] predicate ensuresLtEdge(Operand left, int k, IRBlock pred, IRBlock succ, boolean isLessThan) { exists(GuardValue value | - compares_lt(valueNumber(this), left, k, isLessThan, value) and + unary_compares_lt(valueNumber(this), left, k, isLessThan, value) and this.valueControlsBranchEdge(pred, succ, value) ) } @@ -1648,14 +1648,14 @@ private module Cached { /** Holds if `op < k` evaluates to `isLt` given that `test` evaluates to `value`. */ cached - predicate compares_lt(ValueNumber test, Operand op, int k, boolean isLt, GuardValue value) { + predicate unary_compares_lt(ValueNumber test, Operand op, int k, boolean isLt, GuardValue value) { unary_simple_comparison_lt(test, op, k, isLt, value) or complex_lt(test, op, k, isLt, value) or /* (x is true => (op < k)) => (!x is false => (op < k)) */ exists(GuardValue dual | value = dual.getDualValue() | - compares_lt(test.(LogicalNotValueNumber).getUnary(), op, k, isLt, dual) + unary_compares_lt(test.(LogicalNotValueNumber).getUnary(), op, k, isLt, dual) ) or exists(int k1, int k2, Instruction const | @@ -1664,13 +1664,13 @@ private module Cached { k = k1 + k2 ) or - compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value) + unary_compares_lt(test.(BuiltinExpectCallValueNumber).getCondition(), op, k, isLt, value) or // See argument for why this is correct in compares_eq exists(Operand l, GuardValue bv | unary_compares_eq(test, l, 0, bv.asBooleanValue().booleanNot(), value) and - compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), op, k, - isLt, bv) + unary_compares_lt(valueNumber(BooleanInstruction::get(l.getDef())), + op, k, isLt, bv) ) } @@ -1769,14 +1769,14 @@ private module Cached { private predicate sub_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(SubInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) and k = c + x ) or exists(PointerSubInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) and k = c + x @@ -1831,7 +1831,7 @@ private module Cached { private predicate add_lt(ValueNumber test, Operand left, int k, boolean isLt, GuardValue value) { exists(AddInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and ( left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) or @@ -1841,7 +1841,7 @@ private module Cached { ) or exists(PointerAddInstruction lhs, int c, int x | - compares_lt(test, lhs.getAUse(), c, isLt, value) and + unary_compares_lt(test, lhs.getAUse(), c, isLt, value) and ( left = lhs.getLeftOperand() and x = int_value(lhs.getRight()) or From 13cde4d7004089fa5c1e78104405981013413859 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 15:34:35 +0100 Subject: [PATCH 065/307] C++: Add testcase demonstrating that a ConstantValue IPA branch representing a gcc case range is a bad idea. --- .../controlflow/guards/GuardsCompare.expected | 12 ++++++++++++ .../controlflow/guards/GuardsControl.expected | 6 ++++++ .../controlflow/guards/GuardsEnsure.expected | 10 ++++++++++ .../library-tests/controlflow/guards/test.cpp | 17 +++++++++++++++++ 4 files changed, 45 insertions(+) diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index d1a3f22d7660..cb18638c71ef 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -1296,3 +1296,15 @@ | test.cpp:318:7:318:12 | ... < ... | a < 42+0 when ... < ... is true | | test.cpp:318:7:318:12 | ... < ... | a >= 42 when ... < ... is false | | test.cpp:318:7:318:12 | ... < ... | a >= 42+0 when ... < ... is false | +| test.cpp:327:46:327:46 | b | b != 0 when b is true | +| test.cpp:327:46:327:46 | b | b != 1 when b is false | +| test.cpp:327:46:327:46 | b | b == 0 when b is false | +| test.cpp:327:46:327:46 | b | b == 1 when b is true | +| test.cpp:330:7:330:7 | b | b != 0 when b is true | +| test.cpp:330:7:330:7 | b | b != 1 when b is false | +| test.cpp:330:7:330:7 | b | b == 0 when b is false | +| test.cpp:330:7:330:7 | b | b == 1 when b is true | +| test.cpp:334:11:334:11 | x | x < 51 when x is 40..50 | +| test.cpp:334:11:334:11 | x | x >= 40 when x is 40..50 | +| test.cpp:338:9:338:9 | x | x < 51 when x is 40..50 | +| test.cpp:338:9:338:9 | x | x >= 40 when x is 40..50 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index 078d8aeea086..b35ec3232667 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -328,3 +328,9 @@ | test.cpp:318:6:318:18 | ... != ... | true | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:7:318:12 | ... < ... | not 0 | test.cpp:318:21:320:3 | { ... } | +| test.cpp:327:46:327:46 | b | false | test.cpp:336:3:338:7 | case ...: | +| test.cpp:327:46:327:46 | b | true | test.cpp:331:3:332:10 | { ... } | +| test.cpp:329:11:329:13 | call to foo | 40..50 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:330:7:330:7 | b | false | test.cpp:336:3:338:7 | case ...: | +| test.cpp:330:7:330:7 | b | true | test.cpp:331:3:332:10 | { ... } | +| test.cpp:334:11:334:11 | x | 40..50 | test.cpp:336:3:338:7 | case ...: | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index da36308f8786..fdbdca431845 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -1294,3 +1294,13 @@ unary | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:7 | a | >= | 42 | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | != | 0 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | == | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | != | 1 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | == | 0 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | != | 1 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 0 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | +| test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | < | 51 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | >= | 40 | test.cpp:336:3:338:7 | case ...: | diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp index 2ef61734e69a..bb0fe83c7c72 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/test.cpp +++ b/cpp/ql/test/library-tests/controlflow/guards/test.cpp @@ -320,4 +320,21 @@ void test_cmp_implies_unary(int a) { } else { } +} + +int foo(); + +void test_constant_value_and_case_range(bool b) +{ + int x = foo(); + if (b) + { + x = 42; + } + switch (x) + { + case 40 ... 50: + // should not be guarded by `foo() = 40..50` + use(x); + } } \ No newline at end of file From d15e388f5c64d05d63f673ecbad1105d5ea153fd Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 15:52:10 +0100 Subject: [PATCH 066/307] C++: Get rid of the case range constant value with and instead implement 'rangeGuard'. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 64 +++++++++---------- .../controlflow/guards/GuardsCompare.expected | 40 ++++++------ .../controlflow/guards/GuardsControl.expected | 20 +++--- .../controlflow/guards/GuardsEnsure.expected | 4 -- 4 files changed, 63 insertions(+), 65 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index a020c0c91e32..76cccb4a6251 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -125,41 +125,16 @@ module GuardsInput implements SharedGuards::InputSig op < k - 1 isLt = true and - maxValue.toInt() = k - 1 + maxValue.toInt() = k - 1 and + value.isIntRange(k - 1, true) or isLt = false and - minValue.toInt() = k + minValue.toInt() = k and + value.isIntRange(k, false) ) } diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index cb18638c71ef..0216df7b31f7 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -490,22 +490,22 @@ | test.cpp:69:12:69:12 | i | i == 0 when i is 0 | | test.cpp:69:12:69:12 | i | i == 1 when i is 1 | | test.cpp:69:12:69:12 | i | i == 2 when i is 2 | -| test.cpp:73:30:73:30 | i | i < 11 when i is 0..10 | -| test.cpp:73:30:73:30 | i | i < 21 when i is 11..20 | -| test.cpp:73:30:73:30 | i | i >= 0 when i is 0..10 | -| test.cpp:73:30:73:30 | i | i >= 11 when i is 11..20 | -| test.cpp:74:10:74:10 | i | i < 11 when i is 0..10 | -| test.cpp:74:10:74:10 | i | i < 21 when i is 11..20 | -| test.cpp:74:10:74:10 | i | i >= 0 when i is 0..10 | -| test.cpp:74:10:74:10 | i | i >= 11 when i is 11..20 | -| test.cpp:76:12:76:12 | i | i < 11 when i is 0..10 | -| test.cpp:76:12:76:12 | i | i < 21 when i is 11..20 | -| test.cpp:76:12:76:12 | i | i >= 0 when i is 0..10 | -| test.cpp:76:12:76:12 | i | i >= 11 when i is 11..20 | -| test.cpp:79:12:79:12 | i | i < 11 when i is 0..10 | -| test.cpp:79:12:79:12 | i | i < 21 when i is 11..20 | -| test.cpp:79:12:79:12 | i | i >= 0 when i is 0..10 | -| test.cpp:79:12:79:12 | i | i >= 11 when i is 11..20 | +| test.cpp:73:30:73:30 | i | i < 11 when i is Upper bound 10 | +| test.cpp:73:30:73:30 | i | i < 21 when i is Upper bound 20 | +| test.cpp:73:30:73:30 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:73:30:73:30 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:74:10:74:10 | i | i < 11 when i is Upper bound 10 | +| test.cpp:74:10:74:10 | i | i < 21 when i is Upper bound 20 | +| test.cpp:74:10:74:10 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:74:10:74:10 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:76:12:76:12 | i | i < 11 when i is Upper bound 10 | +| test.cpp:76:12:76:12 | i | i < 21 when i is Upper bound 20 | +| test.cpp:76:12:76:12 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:76:12:76:12 | i | i >= 11 when i is Lower bound 11 | +| test.cpp:79:12:79:12 | i | i < 11 when i is Upper bound 10 | +| test.cpp:79:12:79:12 | i | i < 21 when i is Upper bound 20 | +| test.cpp:79:12:79:12 | i | i >= 0 when i is Lower bound 0 | +| test.cpp:79:12:79:12 | i | i >= 11 when i is Lower bound 11 | | test.cpp:93:6:93:6 | c | c != 0 when c is true | | test.cpp:93:6:93:6 | c | c != 1 when c is false | | test.cpp:93:6:93:6 | c | c == 0 when c is false | @@ -1304,7 +1304,7 @@ | test.cpp:330:7:330:7 | b | b != 1 when b is false | | test.cpp:330:7:330:7 | b | b == 0 when b is false | | test.cpp:330:7:330:7 | b | b == 1 when b is true | -| test.cpp:334:11:334:11 | x | x < 51 when x is 40..50 | -| test.cpp:334:11:334:11 | x | x >= 40 when x is 40..50 | -| test.cpp:338:9:338:9 | x | x < 51 when x is 40..50 | -| test.cpp:338:9:338:9 | x | x >= 40 when x is 40..50 | +| test.cpp:334:11:334:11 | x | x < 51 when x is Upper bound 50 | +| test.cpp:334:11:334:11 | x | x >= 40 when x is Lower bound 40 | +| test.cpp:338:9:338:9 | x | x < 51 when x is Upper bound 50 | +| test.cpp:338:9:338:9 | x | x >= 40 when x is Lower bound 40 | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index b35ec3232667..e9ef52f709d3 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -178,12 +178,18 @@ | test.cpp:42:13:42:20 | call to getABool | true | test.cpp:43:9:45:23 | { ... } | | test.cpp:60:31:60:31 | i | 0 | test.cpp:62:5:64:12 | case ...: | | test.cpp:60:31:60:31 | i | 1 | test.cpp:65:5:66:10 | case ...: | +| test.cpp:60:31:60:31 | i | 10 | test.cpp:62:5:64:12 | case ...: | | test.cpp:61:10:61:10 | i | 0 | test.cpp:62:5:64:12 | case ...: | | test.cpp:61:10:61:10 | i | 1 | test.cpp:65:5:66:10 | case ...: | -| test.cpp:73:30:73:30 | i | 0..10 | test.cpp:75:5:77:12 | case ...: | -| test.cpp:73:30:73:30 | i | 11..20 | test.cpp:78:5:79:10 | case ...: | -| test.cpp:74:10:74:10 | i | 0..10 | test.cpp:75:5:77:12 | case ...: | -| test.cpp:74:10:74:10 | i | 11..20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:61:10:61:10 | i | 10 | test.cpp:62:5:64:12 | case ...: | +| test.cpp:73:30:73:30 | i | Lower bound 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | Lower bound 11 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:73:30:73:30 | i | Upper bound 10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:73:30:73:30 | i | Upper bound 20 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:74:10:74:10 | i | Lower bound 0 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:74:10:74:10 | i | Lower bound 11 | test.cpp:78:5:79:10 | case ...: | +| test.cpp:74:10:74:10 | i | Upper bound 10 | test.cpp:75:5:77:12 | case ...: | +| test.cpp:74:10:74:10 | i | Upper bound 20 | test.cpp:78:5:79:10 | case ...: | | test.cpp:92:31:92:31 | c | not null | test.cpp:93:9:94:7 | { ... } | | test.cpp:93:6:93:6 | c | not null | test.cpp:93:9:94:7 | { ... } | | test.cpp:93:6:93:6 | c | true | test.cpp:93:9:94:7 | { ... } | @@ -328,9 +334,7 @@ | test.cpp:318:6:318:18 | ... != ... | true | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | | test.cpp:318:7:318:12 | ... < ... | not 0 | test.cpp:318:21:320:3 | { ... } | -| test.cpp:327:46:327:46 | b | false | test.cpp:336:3:338:7 | case ...: | | test.cpp:327:46:327:46 | b | true | test.cpp:331:3:332:10 | { ... } | -| test.cpp:329:11:329:13 | call to foo | 40..50 | test.cpp:336:3:338:7 | case ...: | -| test.cpp:330:7:330:7 | b | false | test.cpp:336:3:338:7 | case ...: | | test.cpp:330:7:330:7 | b | true | test.cpp:331:3:332:10 | { ... } | -| test.cpp:334:11:334:11 | x | 40..50 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:334:11:334:11 | x | Lower bound 40 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:334:11:334:11 | x | Upper bound 50 | test.cpp:336:3:338:7 | case ...: | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index fdbdca431845..1f0b11972301 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -1295,12 +1295,8 @@ unary | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | != | 0 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:7:318:12 | ... < ... | == | 0 | test.cpp:320:10:322:3 | { ... } | | test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | -| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | != | 1 | test.cpp:336:3:338:7 | case ...: | -| test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | == | 0 | test.cpp:336:3:338:7 | case ...: | | test.cpp:327:46:327:46 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | | test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | != | 0 | test.cpp:331:3:332:10 | { ... } | -| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | != | 1 | test.cpp:336:3:338:7 | case ...: | -| test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 0 | test.cpp:336:3:338:7 | case ...: | | test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | | test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | < | 51 | test.cpp:336:3:338:7 | case ...: | | test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | >= | 40 | test.cpp:336:3:338:7 | case ...: | From ab30c786a5fdea75a5b7a2a5875adf0fb9021ca2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:07:52 +0100 Subject: [PATCH 067/307] Rust: Accept test changes. --- .../generated/StmtList/StmtList.expected | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected b/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected index 02f322734ca6..5c5d77a34ed4 100644 --- a/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected +++ b/rust/ql/test/extractor-tests/generated/StmtList/StmtList.expected @@ -1,9 +1,10 @@ instances -| gen_stmt_list.rs:3:27:12:1 | StmtList | -| gen_stmt_list.rs:7:5:10:5 | StmtList | +| gen_stmt_list.rs:3:27:14:1 | StmtList | +| gen_stmt_list.rs:8:5:12:5 | StmtList | getAttr getStatement -| gen_stmt_list.rs:7:5:10:5 | StmtList | 0 | gen_stmt_list.rs:8:9:8:18 | let ... = 1 | -| gen_stmt_list.rs:7:5:10:5 | StmtList | 1 | gen_stmt_list.rs:9:9:9:18 | let ... = 2 | +| gen_stmt_list.rs:8:5:12:5 | StmtList | 0 | gen_stmt_list.rs:9:9:9:18 | let ... = 1 | +| gen_stmt_list.rs:8:5:12:5 | StmtList | 1 | gen_stmt_list.rs:10:9:10:18 | let ... = 2 | getTailExpr -| gen_stmt_list.rs:3:27:12:1 | StmtList | gen_stmt_list.rs:7:5:10:5 | { ... } | +| gen_stmt_list.rs:3:27:14:1 | StmtList | gen_stmt_list.rs:8:5:12:5 | { ... } | +| gen_stmt_list.rs:8:5:12:5 | StmtList | gen_stmt_list.rs:11:9:11:13 | ... + ... | From 7459eed4355feddd5e254e59dd6652870312ffe9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:40:44 +0100 Subject: [PATCH 068/307] Rust: Update doc comments for StmtList predicates. --- rust/schema/annotations.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/rust/schema/annotations.py b/rust/schema/annotations.py index d609e1d03b79..ce1b97570ee6 100644 --- a/rust/schema/annotations.py +++ b/rust/schema/annotations.py @@ -1841,7 +1841,14 @@ class _: // ^^^^^^^^^ ``` """ - + statements: _ | doc("statements of this statement list") | desc(""" + The statements of a `StmtList` do not include any tail expression, which + can be accessed with predicates such as `getTailExpr`. + """) + tail_expr: _ | doc("tail expression of this statement list") | desc(""" + The tail expression is the expression at the end of a block, that + determines the block's value. + """) @annotate(Struct, replace_bases={Item: None}) # still an Item via Adt class _: From 85945dba293716ab99ced966f3f913bb29b983c9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 15:46:50 +0100 Subject: [PATCH 069/307] Rust: Codegen. --- rust/ql/.generated.list | 4 ++-- rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll | 6 ++++++ .../codeql/rust/elements/internal/generated/StmtList.qll | 6 ++++++ 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 7c12fda08a99..aebbdc50f1ef 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -585,7 +585,7 @@ lib/codeql/rust/elements/internal/generated/PtrTypeRepr.qll 8d0ea4f6c7f8203340bf lib/codeql/rust/elements/internal/generated/PureSynthConstructors.qll e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f e5b8e69519012bbaae29dcb82d53f7f7ecce368c0358ec27ef6180b228a0057f lib/codeql/rust/elements/internal/generated/RangeExpr.qll 23cca03bf43535f33b22a38894f70d669787be4e4f5b8fe5c8f7b964d30e9027 18624cef6c6b679eeace2a98737e472432e0ead354cca02192b4d45330f047c9 lib/codeql/rust/elements/internal/generated/RangePat.qll 80826a6a6868a803aa2372e31c52a03e1811a3f1f2abdb469f91ca0bfdd9ecb6 34ee1e208c1690cba505dff2c588837c0cd91e185e2a87d1fe673191962276a9 -lib/codeql/rust/elements/internal/generated/Raw.qll 74fdb238b66345f937d37a8bf354b13263c1d4fd3fcb5a98c607225bade2df25 31dce64c83ea6f06df0a5df01d18398c65bb767da3d1ea63ebe6226a7b7f848f +lib/codeql/rust/elements/internal/generated/Raw.qll 11d48da73543efe2d6c4c5a30ac8ecdd3c24dc64bbd10bf6976b53445e248ef1 72fddbec1e8e5029442c962599877459406010d81dece075147aa1cc37cf7a42 lib/codeql/rust/elements/internal/generated/RefExpr.qll 7d995884e3dc1c25fc719f5d7253179344d63650e217e9ff6530285fe7a57f64 f2c3c12551deea4964b66553fb9b6423ee16fec53bd63db4796191aa60dc6c66 lib/codeql/rust/elements/internal/generated/RefPat.qll 456ede39837463ee22a630ec7ab6c8630d3664a8ea206fcc6e4f199e92fa564c 5622062765f32930465ba6b170e986706f159f6070f48adee3c20e24e8df4e05 lib/codeql/rust/elements/internal/generated/RefTypeRepr.qll 5b0663a6d234572fb3e467e276d019415caa95ef006438cc59b7af4e1783161e 0e27c8a8f0e323c0e4d6db01fca821bf07c0864d293cdf96fa891b10820c1e4b @@ -600,7 +600,7 @@ lib/codeql/rust/elements/internal/generated/SliceTypeRepr.qll 6f4f9d7e29784ce95d lib/codeql/rust/elements/internal/generated/SourceFile.qll 4bc95c88b49868d1da1a887b35e43ae81e51a69407e79463f5e8824801859380 5641581d70241c0d0d0426976968576ebbef10c183f0371583b243e4e5bbf576 lib/codeql/rust/elements/internal/generated/Static.qll 1a6c87d3c5602e3d02268ebe2463a4ac64614ad25e8966a9bdb9c0ef58991365 cc1fe16d70cdce41a12e41a8f80cc38bdd7efa49c1544e35342fcf3cd26b8219 lib/codeql/rust/elements/internal/generated/Stmt.qll 8473ff532dd5cc9d7decaddcd174b94d610f6ca0aec8e473cc051dad9f3db917 6ef7d2b5237c2dbdcacbf7d8b39109d4dc100229f2b28b5c9e3e4fbf673ba72b -lib/codeql/rust/elements/internal/generated/StmtList.qll 0d0ca02f5a1a0e00ecb1f907e0967c225d77df636921158e516179891a07dc55 e823d6224b75bf06c6633477daf3c822bc38ad721c49e1d3200dfb749c915e48 +lib/codeql/rust/elements/internal/generated/StmtList.qll 834b87cd93f0c5b41736fb52a6c25fd0e3bdce41d5a64cb3d0810c54e90507f4 ec42f2dfa322044ceaaf90d278f0e7e751d63710facbaf3f5ee69ca3c64ecd06 lib/codeql/rust/elements/internal/generated/Struct.qll 999da1b46e40d6e03fd2338fea02429462877c329c5d1338618cbd886a81567e daa7ff7bd32c554462e0a1502d8319cb5e734e056d0564e06596e416e2b88e9d lib/codeql/rust/elements/internal/generated/StructExpr.qll e77702890561102af38f52d836729e82569c964f8d4c7e680b27992c1ff0f141 23dc51f68107ab0e5c9dd88a6bcc85bb66e8e0f4064cb4d416f50f2ba5db698c lib/codeql/rust/elements/internal/generated/StructExprField.qll 6bdc52ed325fd014495410c619536079b8c404e2247bd2435aa7685dd56c3833 501a30650cf813176ff325a1553da6030f78d14be3f84fea6d38032f4262c6b0 diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll index 685c3c65ed3e..de56bdffb6c1 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Raw.qll @@ -966,11 +966,17 @@ module Raw { /** * Gets the `index`th statement of this statement list (0-based). + * + * The statements of a `StmtList` do not include any tail expression, which + * can be accessed with predicates such as `getTailExpr`. */ Stmt getStatement(int index) { stmt_list_statements(this, index, result) } /** * Gets the tail expression of this statement list, if it exists. + * + * The tail expression is the expression at the end of a block, that + * determines the block's value. */ Expr getTailExpr() { stmt_list_tail_exprs(this, result) } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll index d19134383927..26a7f1f363a4 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/StmtList.qll @@ -55,6 +55,9 @@ module Generated { /** * Gets the `index`th statement of this statement list (0-based). + * + * The statements of a `StmtList` do not include any tail expression, which + * can be accessed with predicates such as `getTailExpr`. */ Stmt getStatement(int index) { result = @@ -75,6 +78,9 @@ module Generated { /** * Gets the tail expression of this statement list, if it exists. + * + * The tail expression is the expression at the end of a block, that + * determines the block's value. */ Expr getTailExpr() { result = From 8debce034973775666f1827350694a178cd9a305 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:13:05 +0100 Subject: [PATCH 070/307] Rust: Add helper predicates for accessing statements and expressions together. --- .../rust/elements/internal/StmtListImpl.qll | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 72fcd6a5c70f..a44448f0f0c4 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -1,4 +1,3 @@ -// generated by codegen, remove this comment if you wish to edit this file /** * This module provides a hand-modifiable wrapper around the generated class `StmtList`. * @@ -26,5 +25,25 @@ module Impl { * // ^^^^^^^^^ * ``` */ - class StmtList extends Generated::StmtList { } + class StmtList extends Generated::StmtList { + /** + * Gets the `index`th statement or expression of this statement list (0-based). + */ + AstNode getStmtOrExpr(int index) { + result = this.getStatement(index) + or + index = max(int i | exists(this.getStatement(i))) + 1 and + result = this.getTailExpr() + } + + /** + * Gets any of the statements or expressions of this statement list. + */ + final AstNode getAStmtOrExpr() { result = this.getStmtOrExpr(_) } + + /** + * Gets the number of statements or expressions of this statement list. + */ + final int getNumberOfStmtOrExpr() { result = count(int i | exists(this.getStmtOrExpr(i))) } + } } From b12b36f3028de88e727c8bafe37b9e2759e46468 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:59:59 +0100 Subject: [PATCH 071/307] Rust: Codegen. --- rust/ql/.generated.list | 1 - rust/ql/.gitattributes | 1 - rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll | 1 + 3 files changed, 1 insertion(+), 2 deletions(-) diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index aebbdc50f1ef..e3ec533203df 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -385,7 +385,6 @@ lib/codeql/rust/elements/internal/StaticConstructor.qll 6dd7ee3fd16466c407de35b4 lib/codeql/rust/elements/internal/StaticImpl.qll 48071e29c72032b59ad82771d54be92ac0f4c1a68fb1129c5c7991385804d7b1 85c0be8e37a91d6e775b191f0cb52dd8bf70418e6e9947b82c58c40a6d73b406 lib/codeql/rust/elements/internal/StmtImpl.qll ea99d261f32592ff368cc3a1960864989897c92944f1675549e0753964cb562f 9117b4cdfad56f8fa3bc5d921c2146b4ff0658e8914ac51bf48eb3e68599dd6b lib/codeql/rust/elements/internal/StmtListConstructor.qll 435d59019e17a6279110a23d3d5dfbc1d1e16fc358a93a1d688484d22a754866 23fcb60a5cbb66174e459bc10bd7c28ed532fd1ab46f10b9f0c8a6291d3e343f -lib/codeql/rust/elements/internal/StmtListImpl.qll eecb90e4a64445047804d66af8e00772d25da197540eb93c1e6e53ddeca26a4b 3974e3bd1bb8df15f1086e2b662f970b615db447eb7d88939ce017bfba120c39 lib/codeql/rust/elements/internal/StructConstructor.qll 52921ea6e70421fd08884dc061d0c2dfbbb8dd83d98f1f3c70572cfe57b2a173 dcb3ea8e45ee875525c645fe5d08e6db9013b86bd351c77df4590d0c1439ab9f lib/codeql/rust/elements/internal/StructExprConstructor.qll 69761fa65a4bedf2893fdfc49753fd1289d9eb64cf405227458161b95fa550cb 72ed5f32dcf6a462d9d3cadfc57395a40ee6f4e294a88dbda78761b4a0759ece lib/codeql/rust/elements/internal/StructExprFieldConstructor.qll 6766d7941963904b3a704e64381a478d410c2ef88e8facbc82efca4e781dac96 a14ce465f0f4e43dea5c21c269d803b0ad452d2eb03f4342ea7a9f5d0b357d60 diff --git a/rust/ql/.gitattributes b/rust/ql/.gitattributes index 19f5c2842403..df4a65e7d957 100644 --- a/rust/ql/.gitattributes +++ b/rust/ql/.gitattributes @@ -387,7 +387,6 @@ /lib/codeql/rust/elements/internal/StaticImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StmtImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StmtListConstructor.qll linguist-generated -/lib/codeql/rust/elements/internal/StmtListImpl.qll linguist-generated /lib/codeql/rust/elements/internal/StructConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/StructExprConstructor.qll linguist-generated /lib/codeql/rust/elements/internal/StructExprFieldConstructor.qll linguist-generated diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index a44448f0f0c4..824ee0f31083 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -11,6 +11,7 @@ private import codeql.rust.elements.internal.generated.StmtList * be referenced directly. */ module Impl { + // the following QLdoc is generated: if you need to edit it, do it in the schema file /** * A list of statements in a block, with an optional tail expression at the * end that determines the block's value. From 9bdac9d1cf8502574ad3aafb5aa03ca2a5a385d3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:16:15 +0100 Subject: [PATCH 072/307] Rust: Move 'operations' test into elements subdir. --- rust/ql/test/library-tests/{ => elements}/operations/Cargo.lock | 0 .../library-tests/{ => elements}/operations/Operations.expected | 0 .../ql/test/library-tests/{ => elements}/operations/Operations.ql | 0 rust/ql/test/library-tests/{ => elements}/operations/test.rs | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename rust/ql/test/library-tests/{ => elements}/operations/Cargo.lock (100%) rename rust/ql/test/library-tests/{ => elements}/operations/Operations.expected (100%) rename rust/ql/test/library-tests/{ => elements}/operations/Operations.ql (100%) rename rust/ql/test/library-tests/{ => elements}/operations/test.rs (100%) diff --git a/rust/ql/test/library-tests/operations/Cargo.lock b/rust/ql/test/library-tests/elements/operations/Cargo.lock similarity index 100% rename from rust/ql/test/library-tests/operations/Cargo.lock rename to rust/ql/test/library-tests/elements/operations/Cargo.lock diff --git a/rust/ql/test/library-tests/operations/Operations.expected b/rust/ql/test/library-tests/elements/operations/Operations.expected similarity index 100% rename from rust/ql/test/library-tests/operations/Operations.expected rename to rust/ql/test/library-tests/elements/operations/Operations.expected diff --git a/rust/ql/test/library-tests/operations/Operations.ql b/rust/ql/test/library-tests/elements/operations/Operations.ql similarity index 100% rename from rust/ql/test/library-tests/operations/Operations.ql rename to rust/ql/test/library-tests/elements/operations/Operations.ql diff --git a/rust/ql/test/library-tests/operations/test.rs b/rust/ql/test/library-tests/elements/operations/test.rs similarity index 100% rename from rust/ql/test/library-tests/operations/test.rs rename to rust/ql/test/library-tests/elements/operations/test.rs From 93a01983267cde43be78cf97f22702d87540776a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:32:03 +0100 Subject: [PATCH 073/307] Rust: Add a test for StmtList. --- .../elements/stmtlist/Cargo.lock | 7 +++ .../elements/stmtlist/StmtList.expected | 9 ++++ .../elements/stmtlist/StmtList.ql | 13 ++++++ .../elements/stmtlist/StmtList.rs | 43 +++++++++++++++++++ 4 files changed, 72 insertions(+) create mode 100644 rust/ql/test/library-tests/elements/stmtlist/Cargo.lock create mode 100644 rust/ql/test/library-tests/elements/stmtlist/StmtList.expected create mode 100644 rust/ql/test/library-tests/elements/stmtlist/StmtList.ql create mode 100644 rust/ql/test/library-tests/elements/stmtlist/StmtList.rs diff --git a/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock b/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock new file mode 100644 index 000000000000..b9856cfaf77d --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/Cargo.lock @@ -0,0 +1,7 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "test" +version = "0.0.1" diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected new file mode 100644 index 000000000000..37956c366e32 --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected @@ -0,0 +1,9 @@ +| StmtList.rs:4:19:9:1 | StmtList | 2 | hasTailExpr | 0:let ... = 1, 1:let ... = 2, 2:... + ... | +| StmtList.rs:11:18:15:1 | StmtList | 2 | | 0:let ... = 1, 1:let ... = 2 | +| StmtList.rs:17:19:20:1 | StmtList | 0 | hasTailExpr | | +| StmtList.rs:22:18:25:1 | StmtList | 1 | | 0:ExprStmt | +| StmtList.rs:27:18:29:1 | StmtList | 0 | | | +| StmtList.rs:31:18:34:1 | StmtList | 0 | | | +| StmtList.rs:36:29:43:1 | StmtList | 0 | hasTailExpr | | +| StmtList.rs:38:10:40:2 | StmtList | 0 | hasTailExpr | | +| StmtList.rs:40:9:42:2 | StmtList | 0 | hasTailExpr | | diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql b/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql new file mode 100644 index 000000000000..048dcd06d6ea --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.ql @@ -0,0 +1,13 @@ +import rust +import TestUtils + +from StmtList sl, string tail +where + toBeTested(sl) and + if sl.hasTailExpr() then tail = "hasTailExpr" else tail = "" +select sl, sl.getNumberOfStatements(), tail, + concat(int i, AstNode n | + n = sl.getStmtOrExpr(i) + | + i.toString() + ":" + n.toString(), ", " order by i + ) diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs b/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs new file mode 100644 index 000000000000..1437f2afb263 --- /dev/null +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.rs @@ -0,0 +1,43 @@ + +// --- tests --- + +fn test1() -> i32 { + // two statements + tail expression + let a = 1; + let b = 2; + a + b +} + +fn test2() -> () { + // two statements only + let a = 1; + let b = 2; +} + +fn test3() -> i32 { + // tail expression only + 1 + 2 +} + +fn test4() -> () { + // one statement only + 1 + 2; +} + +fn test5() -> () { + // neither +} + +fn test6() -> () { + // neither + ; +} + +fn test7(cond: bool) -> i32 { + // nested blocks + if cond { + 1 + } else { + 2 + } +} From 7e8e855f2821f20e8b019158ccfb2a14dfee779d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 24 Sep 2025 16:50:18 +0100 Subject: [PATCH 074/307] Rust: Fix bug when there are no statements. --- .../ql/lib/codeql/rust/elements/internal/StmtListImpl.qll | 2 +- .../library-tests/elements/stmtlist/StmtList.expected | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 824ee0f31083..648a4eab9b88 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -33,7 +33,7 @@ module Impl { AstNode getStmtOrExpr(int index) { result = this.getStatement(index) or - index = max(int i | exists(this.getStatement(i))) + 1 and + index = max(int i | i = -1 or exists(this.getStatement(i))) + 1 and result = this.getTailExpr() } diff --git a/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected index 37956c366e32..820b1a76dc93 100644 --- a/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected +++ b/rust/ql/test/library-tests/elements/stmtlist/StmtList.expected @@ -1,9 +1,9 @@ | StmtList.rs:4:19:9:1 | StmtList | 2 | hasTailExpr | 0:let ... = 1, 1:let ... = 2, 2:... + ... | | StmtList.rs:11:18:15:1 | StmtList | 2 | | 0:let ... = 1, 1:let ... = 2 | -| StmtList.rs:17:19:20:1 | StmtList | 0 | hasTailExpr | | +| StmtList.rs:17:19:20:1 | StmtList | 0 | hasTailExpr | 0:... + ... | | StmtList.rs:22:18:25:1 | StmtList | 1 | | 0:ExprStmt | | StmtList.rs:27:18:29:1 | StmtList | 0 | | | | StmtList.rs:31:18:34:1 | StmtList | 0 | | | -| StmtList.rs:36:29:43:1 | StmtList | 0 | hasTailExpr | | -| StmtList.rs:38:10:40:2 | StmtList | 0 | hasTailExpr | | -| StmtList.rs:40:9:42:2 | StmtList | 0 | hasTailExpr | | +| StmtList.rs:36:29:43:1 | StmtList | 0 | hasTailExpr | 0:if cond {...} else {...} | +| StmtList.rs:38:10:40:2 | StmtList | 0 | hasTailExpr | 0:1 | +| StmtList.rs:40:9:42:2 | StmtList | 0 | hasTailExpr | 0:2 | From b2269fb5f590c5a40f3e1aea1d9cfc9155e99626 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 19:00:38 +0100 Subject: [PATCH 075/307] C++: Add more tests. --- .../controlflow/guards/GuardsCompare.expected | 134 ++++++++++++++++++ .../controlflow/guards/GuardsControl.expected | 82 +++++++++++ .../controlflow/guards/GuardsEnsure.expected | 133 +++++++++++++++++ .../controlflow/guards/GuardsInline.expected | 27 ++++ .../controlflow/guards/GuardsInline.ql | 44 ++++++ .../controlflow/guards/GuardsInline.qlref | 2 + .../library-tests/controlflow/guards/test.cpp | 80 ++++++++++- 7 files changed, 501 insertions(+), 1 deletion(-) create mode 100644 cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected create mode 100644 cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql create mode 100644 cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected index 0216df7b31f7..4d78c4016dab 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected @@ -1308,3 +1308,137 @@ | test.cpp:334:11:334:11 | x | x >= 40 when x is Lower bound 40 | | test.cpp:338:9:338:9 | x | x < 51 when x is Upper bound 50 | | test.cpp:338:9:338:9 | x | x >= 40 when x is Lower bound 40 | +| test.cpp:345:10:345:25 | ... != ... | 0 != input+0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | 0 == input+0 when ... != ... is false | +| test.cpp:345:10:345:25 | ... != ... | input != 0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | input != 0+0 when ... != ... is true | +| test.cpp:345:10:345:25 | ... != ... | input == 0 when ... != ... is false | +| test.cpp:345:10:345:25 | ... != ... | input == 0+0 when ... != ... is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 != 0 when call to testNotNull1 is true | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 != 1 when call to testNotNull1 is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 == 0 when call to testNotNull1 is false | +| test.cpp:349:11:349:22 | call to testNotNull1 | call to testNotNull1 == 1 when call to testNotNull1 is true | +| test.cpp:350:7:350:12 | ... != ... | 0 != x+0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | 0 == x+0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... != 0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | ... != ... != 1 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... == 0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | ... != ... == 1 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x != 0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x != 0+0 when ... != ... is true | +| test.cpp:350:7:350:12 | ... != ... | x == 0 when ... != ... is false | +| test.cpp:350:7:350:12 | ... != ... | x == 0+0 when ... != ... is false | +| test.cpp:356:7:356:22 | ... == ... | 0 != input+0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | 0 == input+0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | input != 0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | input != 0+0 when ... == ... is false | +| test.cpp:356:7:356:22 | ... == ... | input == 0 when ... == ... is true | +| test.cpp:356:7:356:22 | ... == ... | input == 0+0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | 0 != number+0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | 0 == number+0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | number != 0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | number != 0+0 when ... == ... is false | +| test.cpp:361:10:361:26 | ... == ... | number == 0 when ... == ... is true | +| test.cpp:361:10:361:26 | ... == ... | number == 0+0 when ... == ... is true | +| test.cpp:365:7:365:9 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 != 0 when ! ... is false | +| test.cpp:365:7:365:9 | ! ... | s1 != 1 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 == 0 when ! ... is true | +| test.cpp:365:7:365:9 | ! ... | s1 == 1 when ! ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | ! ... != 1 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | ! ... == 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s1 != 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s1 == 1 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s2 != 0 when ... \|\| ... is false | +| test.cpp:365:7:365:16 | ... \|\| ... | s2 == 1 when ... \|\| ... is false | +| test.cpp:365:8:365:9 | s1 | ! ... != 0 when s1 is false | +| test.cpp:365:8:365:9 | s1 | ! ... != 1 when s1 is true | +| test.cpp:365:8:365:9 | s1 | ! ... == 0 when s1 is true | +| test.cpp:365:8:365:9 | s1 | ! ... == 1 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 != 0 when s1 is true | +| test.cpp:365:8:365:9 | s1 | s1 != 1 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 == 0 when s1 is false | +| test.cpp:365:8:365:9 | s1 | s1 == 1 when s1 is true | +| test.cpp:365:14:365:16 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 != 0 when ! ... is false | +| test.cpp:365:14:365:16 | ! ... | s2 != 1 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 == 0 when ! ... is true | +| test.cpp:365:14:365:16 | ! ... | s2 == 1 when ! ... is false | +| test.cpp:365:15:365:16 | s2 | ! ... != 0 when s2 is false | +| test.cpp:365:15:365:16 | s2 | ! ... != 1 when s2 is true | +| test.cpp:365:15:365:16 | s2 | ! ... == 0 when s2 is true | +| test.cpp:365:15:365:16 | s2 | ! ... == 1 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 != 0 when s2 is true | +| test.cpp:365:15:365:16 | s2 | s2 != 1 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 == 0 when s2 is false | +| test.cpp:365:15:365:16 | s2 | s2 == 1 when s2 is true | +| test.cpp:371:29:371:32 | flag | flag != 0 when flag is true | +| test.cpp:371:29:371:32 | flag | flag != 1 when flag is false | +| test.cpp:371:29:371:32 | flag | flag == 0 when flag is false | +| test.cpp:371:29:371:32 | flag | flag == 1 when flag is true | +| test.cpp:372:10:372:13 | flag | flag != 0 when flag is true | +| test.cpp:372:10:372:13 | flag | flag != 1 when flag is false | +| test.cpp:372:10:372:13 | flag | flag == 0 when flag is false | +| test.cpp:372:10:372:13 | flag | flag == 1 when flag is true | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 != 0 when call to testNotNull1 is true | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 != 1 when call to testNotNull1 is false | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 == 0 when call to testNotNull1 is false | +| test.cpp:376:7:376:18 | call to testNotNull1 | call to testNotNull1 == 1 when call to testNotNull1 is true | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 != 0 when call to testNotNull2 is true | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 != 1 when call to testNotNull2 is false | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 == 0 when call to testNotNull2 is false | +| test.cpp:382:7:382:18 | call to testNotNull2 | call to testNotNull2 == 1 when call to testNotNull2 is true | +| test.cpp:388:7:388:29 | ... == ... | 0 != call to getNumOrDefault+0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | 0 == call to getNumOrDefault+0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault != 0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault != 0+0 when ... == ... is false | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault == 0 when ... == ... is true | +| test.cpp:388:7:388:29 | ... == ... | call to getNumOrDefault == 0+0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | 0 != call to returnAIfNoneAreNull+0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | 0 == call to returnAIfNoneAreNull+0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | ... == ... != 0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | ... == ... != 1 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | ... == ... == 0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | ... == ... == 1 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull != 0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull != 0+0 when ... == ... is false | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull == 0 when ... == ... is true | +| test.cpp:394:7:394:47 | ... == ... | call to returnAIfNoneAreNull == 0+0 when ... == ... is true | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper != 1 when call to testEnumWrapper is not 1 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper != 2 when call to testEnumWrapper is not 2 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper == 1 when call to testEnumWrapper is 1 | +| test.cpp:400:11:400:25 | call to testEnumWrapper | call to testEnumWrapper == 2 when call to testEnumWrapper is 2 | +| test.cpp:411:7:411:8 | ! ... | ! ... != 0 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | ! ... != 1 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | ! ... == 0 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | ! ... == 1 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o != 0 when ! ... is false | +| test.cpp:411:7:411:8 | ! ... | o != 1 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o == 0 when ! ... is true | +| test.cpp:411:7:411:8 | ! ... | o == 1 when ! ... is false | +| test.cpp:411:8:411:8 | o | ! ... != 0 when o is false | +| test.cpp:411:8:411:8 | o | ! ... != 1 when o is true | +| test.cpp:411:8:411:8 | o | ! ... == 0 when o is true | +| test.cpp:411:8:411:8 | o | ! ... == 1 when o is false | +| test.cpp:411:8:411:8 | o | o != 0 when o is true | +| test.cpp:411:8:411:8 | o | o != 1 when o is false | +| test.cpp:411:8:411:8 | o | o == 0 when o is false | +| test.cpp:411:8:411:8 | o | o == 1 when o is true | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected index e9ef52f709d3..d00a6012ef45 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsControl.expected @@ -338,3 +338,85 @@ | test.cpp:330:7:330:7 | b | true | test.cpp:331:3:332:10 | { ... } | | test.cpp:334:11:334:11 | x | Lower bound 40 | test.cpp:336:3:338:7 | case ...: | | test.cpp:334:11:334:11 | x | Upper bound 50 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:348:25:348:25 | y | not null | test.cpp:349:29:349:30 | 42 | +| test.cpp:348:25:348:25 | y | not null | test.cpp:350:15:351:7 | { ... } | +| test.cpp:348:25:348:25 | y | null | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | false | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | true | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | true | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:11:349:34 | ... ? ... : ... | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:24:349:24 | y | not null | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:24:349:24 | y | not null | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:24:349:24 | y | null | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:29:349:30 | 42 | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:7 | x | not 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | true | test.cpp:350:15:351:7 | { ... } | +| test.cpp:355:25:355:29 | input | not null | test.cpp:357:3:357:13 | return ... | +| test.cpp:355:25:355:29 | input | null | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:11 | input | not null | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:11 | input | null | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | false | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | true | test.cpp:356:25:356:36 | return ... | +| test.cpp:360:26:360:31 | number | not null | test.cpp:361:35:361:40 | number | +| test.cpp:360:26:360:31 | number | null | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:15 | number | not null | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:15 | number | null | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | false | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | true | test.cpp:361:30:361:30 | 0 | +| test.cpp:364:33:364:34 | s1 | not null | test.cpp:365:15:365:16 | s2 | +| test.cpp:364:33:364:34 | s1 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:364:43:364:44 | s2 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | false | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | not null | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | true | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | true | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | false | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | not null | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | true | test.cpp:366:3:366:12 | return ... | +| test.cpp:371:29:371:32 | flag | false | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | true | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | false | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | true | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:375:25:375:25 | p | not null | test.cpp:376:24:377:7 | { ... } | +| test.cpp:375:25:375:25 | p | null | test.cpp:378:10:379:7 | { ... } | +| test.cpp:375:33:375:33 | i | not null | test.cpp:390:10:391:7 | { ... } | +| test.cpp:375:50:375:50 | b | false | test.cpp:404:5:406:12 | case ...: | +| test.cpp:375:50:375:50 | b | true | test.cpp:401:5:403:12 | case ...: | +| test.cpp:376:7:376:18 | call to testNotNull1 | false | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | true | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:20:376:20 | p | not null | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:20:376:20 | p | null | test.cpp:378:10:379:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | false | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | true | test.cpp:382:24:383:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | false | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | true | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:12:388:26 | call to getNumOrDefault | not 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:28:388:28 | i | not null | test.cpp:390:10:391:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | false | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | true | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | not 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:400:11:400:25 | call to testEnumWrapper | 1 | test.cpp:401:5:403:12 | case ...: | +| test.cpp:400:11:400:25 | call to testEnumWrapper | 2 | test.cpp:404:5:406:12 | case ...: | +| test.cpp:400:27:400:27 | b | false | test.cpp:404:5:406:12 | case ...: | +| test.cpp:400:27:400:27 | b | true | test.cpp:401:5:403:12 | case ...: | +| test.cpp:410:26:410:26 | o | not null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:410:26:410:26 | o | not null | test.cpp:412:1:412:1 | return ... | +| test.cpp:410:26:410:26 | o | null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:410:26:410:26 | o | null | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | false | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | false | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | true | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | true | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | false | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | false | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | not null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | not null | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | null | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | null | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | true | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | true | test.cpp:412:1:412:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected index 1f0b11972301..0de63fa505b4 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected @@ -483,6 +483,24 @@ binary | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:11:318:12 | 42 | >= | test.cpp:318:7:318:7 | a | 1 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:18:318:18 | 0 | != | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:318:21:320:3 | { ... } | | test.cpp:318:6:318:18 | ... != ... | test.cpp:318:18:318:18 | 0 | == | test.cpp:318:7:318:12 | ... < ... | 0 | test.cpp:320:10:322:3 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:7 | x | != | test.cpp:350:12:350:12 | 0 | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:12:350:12 | 0 | != | test.cpp:350:7:350:7 | x | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | != | test.cpp:356:16:356:22 | 0 | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | == | test.cpp:356:16:356:22 | 0 | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:16:356:22 | 0 | != | test.cpp:356:7:356:11 | input | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:16:356:22 | 0 | == | test.cpp:356:7:356:11 | input | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | != | test.cpp:361:20:361:26 | 0 | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | == | test.cpp:361:20:361:26 | 0 | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:20:361:26 | 0 | != | test.cpp:361:10:361:15 | number | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:20:361:26 | 0 | == | test.cpp:361:10:361:15 | number | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:7 | 0 | != | test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:7 | 0 | == | test.cpp:388:12:388:26 | call to getNumOrDefault | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | != | test.cpp:388:7:388:7 | 0 | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | == | test.cpp:388:7:388:7 | 0 | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:10 | 0 | != | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:10 | 0 | == | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | != | test.cpp:394:7:394:10 | 0 | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | == | test.cpp:394:7:394:10 | 0 | 0 | test.cpp:394:50:395:7 | { ... } | unary | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | < | 1 | test.c:10:12:11:14 | { ... } | | test.c:7:9:7:13 | ... > ... | test.c:7:9:7:9 | x | >= | 1 | test.c:7:16:9:14 | { ... } | @@ -1300,3 +1318,118 @@ unary | test.cpp:330:7:330:7 | b | test.cpp:330:7:330:7 | b | == | 1 | test.cpp:331:3:332:10 | { ... } | | test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | < | 51 | test.cpp:336:3:338:7 | case ...: | | test.cpp:334:11:334:11 | x | test.cpp:334:11:334:11 | x | >= | 40 | test.cpp:336:3:338:7 | case ...: | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 0 | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | != | 1 | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 0 | test.cpp:349:34:349:34 | 0 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 1 | test.cpp:349:29:349:30 | 42 | +| test.cpp:349:11:349:22 | call to testNotNull1 | test.cpp:349:11:349:22 | call to testNotNull1 | == | 1 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:7 | x | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:12 | ... != ... | != | 0 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:350:7:350:12 | ... != ... | test.cpp:350:7:350:12 | ... != ... | == | 1 | test.cpp:350:15:351:7 | { ... } | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | != | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:11 | input | == | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | != | 0 | test.cpp:356:25:356:36 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | != | 1 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | == | 0 | test.cpp:357:3:357:13 | return ... | +| test.cpp:356:7:356:22 | ... == ... | test.cpp:356:7:356:22 | ... == ... | == | 1 | test.cpp:356:25:356:36 | return ... | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | != | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:15 | number | == | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | != | 0 | test.cpp:361:30:361:30 | 0 | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | != | 1 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | == | 0 | test.cpp:361:35:361:40 | number | +| test.cpp:361:10:361:26 | ... == ... | test.cpp:361:10:361:26 | ... == ... | == | 1 | test.cpp:361:30:361:30 | 0 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:7:365:9 | ! ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:7:365:16 | ... \|\| ... | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:7:365:9 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:365:15:365:16 | s2 | +| test.cpp:365:8:365:9 | s1 | test.cpp:365:8:365:9 | s1 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:14:365:16 | ! ... | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:14:365:16 | ! ... | != | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:14:365:16 | ! ... | == | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:15:365:16 | s2 | != | 0 | test.cpp:366:3:366:12 | return ... | +| test.cpp:365:15:365:16 | s2 | test.cpp:365:15:365:16 | s2 | == | 1 | test.cpp:366:3:366:12 | return ... | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | != | 0 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | != | 1 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | == | 0 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:371:29:371:32 | flag | test.cpp:372:10:372:13 | flag | == | 1 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | != | 0 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | != | 1 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | == | 0 | test.cpp:372:35:372:49 | FAILURE | +| test.cpp:372:10:372:13 | flag | test.cpp:372:10:372:13 | flag | == | 1 | test.cpp:372:17:372:31 | SUCCESS | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | != | 0 | test.cpp:376:24:377:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | != | 1 | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | == | 0 | test.cpp:378:10:379:7 | { ... } | +| test.cpp:376:7:376:18 | call to testNotNull1 | test.cpp:376:7:376:18 | call to testNotNull1 | == | 1 | test.cpp:376:24:377:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | != | 0 | test.cpp:382:24:383:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | != | 1 | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | == | 0 | test.cpp:384:10:385:7 | { ... } | +| test.cpp:382:7:382:18 | call to testNotNull2 | test.cpp:382:7:382:18 | call to testNotNull2 | == | 1 | test.cpp:382:24:383:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | != | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | != | 1 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | == | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:7:388:29 | ... == ... | == | 1 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | != | 0 | test.cpp:390:10:391:7 | { ... } | +| test.cpp:388:7:388:29 | ... == ... | test.cpp:388:12:388:26 | call to getNumOrDefault | == | 0 | test.cpp:388:32:389:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | != | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | != | 1 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | == | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:7:394:47 | ... == ... | == | 1 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | != | 0 | test.cpp:396:10:397:7 | { ... } | +| test.cpp:394:7:394:47 | ... == ... | test.cpp:394:15:394:34 | call to returnAIfNoneAreNull | == | 0 | test.cpp:394:50:395:7 | { ... } | +| test.cpp:400:11:400:25 | call to testEnumWrapper | test.cpp:400:11:400:25 | call to testEnumWrapper | == | 1 | test.cpp:401:5:403:12 | case ...: | +| test.cpp:400:11:400:25 | call to testEnumWrapper | test.cpp:400:11:400:25 | call to testEnumWrapper | == | 2 | test.cpp:404:5:406:12 | case ...: | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:7:411:8 | ! ... | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | != | 1 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:7:411:8 | ! ... | == | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 0 | test.cpp:412:1:412:1 | return ... | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | != | 1 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 0 | test.cpp:411:11:411:18 | ExprStmt | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:410:6:410:18 | ensureNotNull | +| test.cpp:411:8:411:8 | o | test.cpp:411:8:411:8 | o | == | 1 | test.cpp:412:1:412:1 | return ... | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected new file mode 100644 index 000000000000..8beb8bb2b151 --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.expected @@ -0,0 +1,27 @@ +| test.cpp:351:5:351:7 | Call: call to chk | '42:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | '... ? ... : ...:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | 'call to testNotNull1:true' | +| test.cpp:351:5:351:7 | Call: call to chk | 'x != 0:true' | +| test.cpp:351:5:351:7 | Call: call to chk | 'x:not 0' | +| test.cpp:351:5:351:7 | Call: call to chk | 'y:not null' | +| test.cpp:377:5:377:7 | Call: call to chk | 'call to testNotNull1:true' | +| test.cpp:377:5:377:7 | Call: call to chk | 'p:not null' | +| test.cpp:379:5:379:7 | Call: call to chk | 'call to testNotNull1:false' | +| test.cpp:379:5:379:7 | Call: call to chk | p:null | +| test.cpp:383:5:383:7 | Call: call to chk | 'call to testNotNull2:true' | +| test.cpp:385:5:385:7 | Call: call to chk | 'call to testNotNull2:false' | +| test.cpp:389:5:389:7 | Call: call to chk | '0 == call to getNumOrDefault:true' | +| test.cpp:389:5:389:7 | Call: call to chk | 'call to getNumOrDefault:0' | +| test.cpp:391:5:391:7 | Call: call to chk | '0 == call to getNumOrDefault:false' | +| test.cpp:391:5:391:7 | Call: call to chk | 'call to getNumOrDefault:not 0' | +| test.cpp:391:5:391:7 | Call: call to chk | 'i:not null' | +| test.cpp:395:5:395:7 | Call: call to chk | '0 == call to returnAIfNoneAreNull:true' | +| test.cpp:395:5:395:7 | Call: call to chk | 'call to returnAIfNoneAreNull:0' | +| test.cpp:397:5:397:7 | Call: call to chk | '0 == call to returnAIfNoneAreNull:false' | +| test.cpp:397:5:397:7 | Call: call to chk | 'call to returnAIfNoneAreNull:not 0' | +| test.cpp:402:7:402:9 | Call: call to chk | 'call to testEnumWrapper:1' | +| test.cpp:402:7:402:9 | Call: call to chk | 'call to testEnumWrapper=SUCCESS:true' | +| test.cpp:402:7:402:9 | Call: call to chk | b:true | +| test.cpp:405:7:405:9 | Call: call to chk | 'call to testEnumWrapper:2' | +| test.cpp:405:7:405:9 | Call: call to chk | 'call to testEnumWrapper=FAILURE:true' | +| test.cpp:405:7:405:9 | Call: call to chk | b:false | diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql new file mode 100644 index 000000000000..a6875080d370 --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.ql @@ -0,0 +1,44 @@ +import cpp +import semmle.code.cpp.controlflow.Guards +import codeql.util.Boolean + +bindingset[s] +string escape(string s) { if s.matches("% %") then result = "'" + s + "'" else result = s } + +Expr getUnconverted(Element e) { + not e instanceof Expr and + result = e + or + result = e.(Expr).getUnconverted() +} + +string ppGuard(IRGuardCondition g, GuardValue val) { + exists(BinaryOperation bin | + bin = getUnconverted(g.getAst()) and + result = + bin.getLeftOperand() + " " + bin.getOperator() + " " + bin.getRightOperand() + ":" + val + ) + or + exists(SwitchCase cc, Expr s, string value | + cc = g.getAst() and + cc.getExpr() = s and + result = cc.getSwitchStmt().getExpr() + "=" + value + ":" + val + | + value = cc.getExpr().toString() + or + cc.isDefault() and value = "default" + ) +} + +query predicate guarded(CallInstruction c, string guard) { + c.getStaticCallTarget().hasName("chk") and + exists(IRGuardCondition g, IRBlock bb, GuardValue val | + g.valueControls(bb, val) and + c.getBlock() = bb + | + guard = escape(ppGuard(g, val)) + or + not exists(ppGuard(g, val)) and + guard = escape(getUnconverted(g.getAst()).toString() + ":" + val) + ) +} diff --git a/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref new file mode 100644 index 000000000000..5a66d6da1a0a --- /dev/null +++ b/cpp/ql/test/library-tests/controlflow/guards/GuardsInline.qlref @@ -0,0 +1,2 @@ +query: GuardsInline.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/cpp/ql/test/library-tests/controlflow/guards/test.cpp b/cpp/ql/test/library-tests/controlflow/guards/test.cpp index bb0fe83c7c72..49772506351d 100644 --- a/cpp/ql/test/library-tests/controlflow/guards/test.cpp +++ b/cpp/ql/test/library-tests/controlflow/guards/test.cpp @@ -337,4 +337,82 @@ void test_constant_value_and_case_range(bool b) // should not be guarded by `foo() = 40..50` use(x); } -} \ No newline at end of file +} + +void chk(); + +bool testNotNull1(void* input) { + return input != nullptr; +} + +void test_ternary(void* y) { + int x = testNotNull1(y) ? 42 : 0; + if (x != 0) { + chk(); // $ guarded='... ? ... : ...:not 0' guarded='42:not 0' guarded='call to testNotNull1:true' guarded='x != 0:true' guarded='x:not 0' guarded='y:not null' + } +} + +bool testNotNull2(void* input) { + if (input == nullptr) return false; + return true; +} + +int getNumOrDefault(int* number) { + return number == nullptr ? 0 : *number; +} + +char returnAIfNoneAreNull(char* s1, char* s2) { + if (!s1 || !s2) return '\0'; + return 'a'; +} + +enum class Status { SUCCESS = 1, FAILURE = 2 }; + +Status testEnumWrapper(bool flag) { + return flag ? Status::SUCCESS : Status::FAILURE; +} + +void testWrappers(void* p, int* i, char* s, bool b) { + if (testNotNull1(p)) { + chk(); // $ guarded='p:not null' guarded='call to testNotNull1:true' + } else { + chk(); // $ guarded=p:null guarded='call to testNotNull1:false' + } + + if (testNotNull2(p)) { + chk(); // $ guarded='call to testNotNull2:true' MISSING: guarded='p:not null' + } else { + chk(); // $ guarded='call to testNotNull2:false' + } + + if (0 == getNumOrDefault(i)) { + chk(); // $ guarded='0 == call to getNumOrDefault:true' guarded='call to getNumOrDefault:0' + } else { + chk(); // $ guarded='0 == call to getNumOrDefault:false' guarded='call to getNumOrDefault:not 0' guarded='i:not null' + } + + if ('\0' == returnAIfNoneAreNull(s, "suffix")) { + chk(); // $ guarded='0 == call to returnAIfNoneAreNull:true' guarded='call to returnAIfNoneAreNull:0' + } else { + chk(); // $ guarded='0 == call to returnAIfNoneAreNull:false' guarded='call to returnAIfNoneAreNull:not 0' MISSING: guarded='s:not null' + } + + switch (testEnumWrapper(b)) { + case Status::SUCCESS: + chk(); // $ guarded='call to testEnumWrapper=SUCCESS:true' guarded='call to testEnumWrapper:1' guarded=b:true + break; + case Status::FAILURE: + chk(); // $ guarded='call to testEnumWrapper=FAILURE:true' guarded='call to testEnumWrapper:2' guarded=b:false + break; + } +} + +void ensureNotNull(void* o) { + if (!o) throw 42; +} + +void testExceptionWrapper(void* s) { + chk(); // nothing guards here + ensureNotNull(s); + chk(); // $ MISSING: guarded='call to ensureNotNull:no exception' guarded='s:not null' +} From 26a8a4b3d26422f315d7df90405c1e6f90376d48 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 19:54:05 +0100 Subject: [PATCH 076/307] C++: Add failing test demonstrating broken wrapper barrier guards. --- .../dataflow/dataflow-tests/BarrierGuard.cpp | 18 ++++++++++++++++++ .../dataflow-tests/test-source-sink.expected | 4 ++++ 2 files changed, 22 insertions(+) diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp b/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp index 71d22ad4eddc..b08c2a7e8d42 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/BarrierGuard.cpp @@ -125,4 +125,22 @@ void test_phi_read_guard_2(bool b) { } sink(x); // $ SPURIOUS: ast +} + +bool guarded_wrapper(int x) { + if(guarded(x)) { + return true; + } else { + return false; + } +} + +void test_guarded_wrapper() { + int x = source(); + + if(guarded_wrapper(x)) { + sink(x); // $ SPURIOUS: ast,ir + } else { + sink(x); // $ ast,ir + } } \ No newline at end of file diff --git a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected index 8c009241734a..92d792a67aca 100644 --- a/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected +++ b/cpp/ql/test/library-tests/dataflow/dataflow-tests/test-source-sink.expected @@ -16,6 +16,8 @@ astFlow | BarrierGuard.cpp:90:11:90:16 | call to source | BarrierGuard.cpp:101:8:101:8 | x | | BarrierGuard.cpp:107:11:107:16 | call to source | BarrierGuard.cpp:112:8:112:8 | x | | BarrierGuard.cpp:116:11:116:16 | call to source | BarrierGuard.cpp:127:8:127:8 | x | +| BarrierGuard.cpp:139:11:139:16 | call to source | BarrierGuard.cpp:142:10:142:10 | x | +| BarrierGuard.cpp:139:11:139:16 | call to source | BarrierGuard.cpp:144:10:144:10 | x | | acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:22:8:22:20 | & ... | @@ -156,6 +158,8 @@ irFlow | BarrierGuard.cpp:49:10:49:15 | call to source | BarrierGuard.cpp:55:13:55:13 | x | | BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:64:14:64:14 | x | | BarrierGuard.cpp:60:11:60:16 | call to source | BarrierGuard.cpp:66:14:66:14 | x | +| BarrierGuard.cpp:139:11:139:16 | call to source | BarrierGuard.cpp:142:10:142:10 | x | +| BarrierGuard.cpp:139:11:139:16 | call to source | BarrierGuard.cpp:144:10:144:10 | x | | acrossLinkTargets.cpp:19:27:19:32 | call to source | acrossLinkTargets.cpp:12:8:12:8 | x | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:18:8:18:19 | sourceArray1 | | clang.cpp:12:9:12:20 | sourceArray1 | clang.cpp:23:17:23:29 | *& ... | From a07d03f49b74e65d3143bc5a3c4dd561ad5ed634 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 24 Sep 2025 20:02:40 +0100 Subject: [PATCH 077/307] C++: Use the 'StoreInstruction' instead of the 'ReturnValueInstruction' when detecting return expressions. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 27 ++++++++++++++++--- .../controlflow/guards/GuardsControl.expected | 7 +++++ .../controlflow/guards/GuardsInline.expected | 4 +++ .../library-tests/controlflow/guards/test.cpp | 6 ++--- .../dataflow/dataflow-tests/BarrierGuard.cpp | 2 +- .../dataflow-tests/test-source-sink.expected | 1 - 6 files changed, 39 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 76cccb4a6251..eed38315f5c5 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -361,9 +361,30 @@ module GuardsInput implements SharedGuards::InputSig Date: Wed, 24 Sep 2025 18:24:36 -0700 Subject: [PATCH 078/307] Add additional SystemWeb HttpRequset properties to C# test stubs --- csharp/ql/test/resources/stubs/System.Web.cs | 31 ++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs index f0572742f883..f1d15e1212c2 100644 --- a/csharp/ql/test/resources/stubs/System.Web.cs +++ b/csharp/ql/test/resources/stubs/System.Web.cs @@ -178,6 +178,37 @@ public class HttpRequest public string RawUrl { get; set; } public HttpCookieCollection Cookies => null; public bool IsAuthenticated { get; set; } + public NameValueCollection Form => null; + public NameValueCollection Headers => null; + public NameValueCollection Params => null; + public string UserAgent(string s) => null; + public string UrlReferrer(string s) => null; + public NameValueCollection ServerVariables => null; + // Default property that goes through the collections + // QueryString, Form, Cookies, ClientCertificate and ServerVariables + public String this[String key] + { + get + { + String s; + + s = QueryString[key]; + if (s != null) + return s; + + s = Form[key]; + if (s != null) + return s; + + HttpCookie c = Cookies[key]; + if (c != null) + return c.Value; + + s = ServerVariables[key]; + if (s != null) + return s; + } + } } public class HttpRequestWrapper : System.Web.HttpRequestBase From b169ccf29ab5386bf7362cd50f93eaab870b11e7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 25 Sep 2025 08:30:42 +0100 Subject: [PATCH 079/307] C++: Fully delete TRange. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 45 ++----------------- 1 file changed, 4 insertions(+), 41 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index eed38315f5c5..b49942f4006a 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -30,35 +30,10 @@ module GuardsInput implements SharedGuards::InputSig Date: Thu, 25 Sep 2025 10:28:10 +0100 Subject: [PATCH 080/307] Rust: Update supported frameworks. --- docs/codeql/reusables/supported-frameworks.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 3d89a6630041..4cba42604ade 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -324,10 +324,14 @@ All support is experimental. Name, Category `actix-web `__, Web framework alloc, Standard library + `async-std `__, Asynchronous programming library + `biscotti `__, Cookie management `clap `__, Utility library + `cookie `__, Cookie management core, Standard library `digest `__, Cryptography library - `futures-executor `__, Utility library + `futures `__, Asynchronous programming library + `futures-rustls `__, Network communicator `hyper `__, HTTP library `hyper-util `__, HTTP library `libc `__, Utility library @@ -345,12 +349,14 @@ All support is experimental. `rusqlite `__, Database std, Standard library `rust-crypto `__, Cryptography library + `rustls `__, Network communicator `serde `__, Serialization `smallvec `__, Utility library `sqlx `__, Database `tokio `__, Asynchronous IO `tokio-postgres `__, Database `url `__, Utility library + `warp `__, Web framework Swift built-in support ================================ From a72eb87c93e3d0b52f1d5f80e20792d713852bb0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:35:47 +0100 Subject: [PATCH 081/307] Rust: Remove one that is essentially a duplicate. --- docs/codeql/reusables/supported-frameworks.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 4cba42604ade..8e00d32a7297 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -333,7 +333,6 @@ All support is experimental. `futures `__, Asynchronous programming library `futures-rustls `__, Network communicator `hyper `__, HTTP library - `hyper-util `__, HTTP library `libc `__, Utility library `log `__, Logging library `md5 `__, Utility library From 5b5c1de05b462ed4501097cc093d942e4cb10ca1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 25 Sep 2025 12:33:44 +0100 Subject: [PATCH 082/307] C++: Fix fan-out. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 2 +- .../library-tests/controlflow/guards/GuardsControl.expected | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index b49942f4006a..b7ad7e56d2a1 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -188,7 +188,7 @@ module GuardsInput implements SharedGuards::InputSig Date: Thu, 25 Sep 2025 12:43:57 +0100 Subject: [PATCH 083/307] C++: Add more comments to describe the constant expression hack. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index b7ad7e56d2a1..91b6334922d4 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -97,9 +97,14 @@ module GuardsInput implements SharedGuards::InputSig Date: Thu, 25 Sep 2025 12:56:46 +0100 Subject: [PATCH 084/307] C++: Delete incorrect comment and add a bunch of barrier guard tests. --- .../semmle/code/cpp/controlflow/IRGuards.qll | 20 +------- .../dataflow/dataflow-tests/BarrierGuard.cpp | 47 ++++++++++++++++++- .../dataflow-tests/test-source-sink.expected | 15 ++++-- 3 files changed, 59 insertions(+), 23 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 91b6334922d4..042f815ac80c 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -342,25 +342,7 @@ module GuardsInput implements SharedGuards::InputSig Date: Tue, 23 Sep 2025 11:30:52 +0100 Subject: [PATCH 085/307] Rust: Add a basic-query-for-rust-code.rst (copied from Swift). --- .../basic-query-for-rust-code.rst | 130 ++++++++++++++++++ .../codeql-for-rust.rst | 3 + 2 files changed, 133 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst diff --git a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst new file mode 100644 index 000000000000..9e146513a20c --- /dev/null +++ b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst @@ -0,0 +1,130 @@ +.. _basic-query-for-swift-code: + +Basic query for Swift code +========================== + +Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. + +.. include:: ../reusables/vs-code-basic-instructions/setup-to-run-queries.rst + +About the query +--------------- + +The query we're going to run performs a basic search of the code for ``if`` expressions that are redundant, in the sense that they have an empty ``then`` branch. For example, code such as: + +.. code-block:: swift + + if error { + // we should handle the error + } + +.. include:: ../reusables/vs-code-basic-instructions/find-database.rst + +Running a quick query +--------------------- + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-1.rst + +#. In the quick query tab, delete the content and paste in the following query. + + .. code-block:: ql + + import swift + + from IfStmt ifStmt + where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 + select ifStmt, "This 'if' statement is redundant." + +.. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst + +.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-1.png + :align: center + +If any matching code is found, click a link in the ``ifStmt`` column to open the file and highlight the matching ``if`` statement. + +.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-2.png + :align: center + +.. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst + +About the query structure +~~~~~~~~~~~~~~~~~~~~~~~~~ + +After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query. + ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| Query part | Purpose | Details | ++==================================================================+===================================================================================================================+=================================================================================================+ +| ``import swift`` | Imports the standard CodeQL AST libraries for Swift. | Every query begins with one or more ``import`` statements. | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``from IfStmt ifStmt`` | Defines the variables for the query. | We use: an ``IfStmt`` variable for ``if`` statements. | +| | Declarations are of the form: | | +| | `` `` | | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0`` | Defines a condition on the variables. | ``ifStmt.getThen()``: gets the ``then`` branch of the ``if`` expression. | +| | | ``.(BraceStmt)``: requires that the ``then`` branch is a brace statement (``{ }``). | +| | | ``.getNumberOfElements() = 0``: requires that the brace statement contains no child statements. | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ +| ``select ifStmt, "This 'if' statement is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` statement with a string that explains the problem. | +| | | | +| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | | +| | ``select , ""`` | | ++------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ + +Extend the query +---------------- + +Query writing is an inherently iterative process. You write a simple query and then, when you run it, you discover examples that you had not previously considered, or opportunities for improvement. + +Remove false positive results +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: + +.. code-block:: swift + + if (option == "-verbose") { + // nothing to do - handled earlier + } else { + handleError("unrecognized option") + } + +In this case, identifying the ``if`` statement with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to select ``if`` statements where both the ``then`` and ``else`` branches are missing. + +To exclude ``if`` statements that have an ``else`` branch: + +#. Add the following to the where clause: + + .. code-block:: ql + + and not exists(ifStmt.getElse()) + + The ``where`` clause is now: + + .. code-block:: ql + + where + ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 and + not exists(ifStmt.getElse()) + +#. Re-run the query. + + There are now fewer results because ``if`` expressions with an ``else`` branch are no longer included. + +Further reading +--------------- + +.. include:: ../reusables/swift-further-reading.rst +.. include:: ../reusables/codeql-ref-tools-further-reading.rst + +.. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions + +.. |language-text| replace:: Swift + +.. |language-code| replace:: ``swift`` + +.. |example-url| replace:: https://github.com/alamofire/alamofire + +.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-swift.png + +.. |result-col-1| replace:: The first column corresponds to the expression ``ifStmt`` and is linked to the location in the source code of the project where ``ifStmt`` occurs. diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst index 24292909467e..4d68f080b875 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -12,5 +12,8 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-library-for-rust analyzing-data-flow-in-rust +- :doc:`Basic query for Rust code `: Learn to write and run a simple CodeQL query. + - :doc:`CodeQL library for Rust `: When analyzing Rust code, you can make use of the large collection of classes in the CodeQL library for Rust. + - :doc:`Analyzing data flow in Rust `: You can use CodeQL to track the flow of data through a Rust program to places where the data is used. From 1211dc8f3c9b4b0d0ff8f4a41d6aa6d9a7d7fbfa Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 23 Sep 2025 11:45:28 +0100 Subject: [PATCH 086/307] Rust: Replace 'swift' with 'rust'. --- .../basic-query-for-rust-code.rst | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst index 9e146513a20c..bf3b759685fc 100644 --- a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst +++ b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst @@ -1,6 +1,6 @@ -.. _basic-query-for-swift-code: +.. _basic-query-for-rust-code: -Basic query for Swift code +Basic query for Rust code ========================== Learn to write and run a simple CodeQL query using Visual Studio Code with the CodeQL extension. @@ -12,7 +12,7 @@ About the query The query we're going to run performs a basic search of the code for ``if`` expressions that are redundant, in the sense that they have an empty ``then`` branch. For example, code such as: -.. code-block:: swift +.. code-block:: rust if error { // we should handle the error @@ -29,7 +29,7 @@ Running a quick query .. code-block:: ql - import swift + import rust from IfStmt ifStmt where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 @@ -37,12 +37,12 @@ Running a quick query .. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst -.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-1.png +.. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-1.png :align: center If any matching code is found, click a link in the ``ifStmt`` column to open the file and highlight the matching ``if`` statement. -.. image:: ../images/codeql-for-visual-studio-code/basic-swift-query-results-2.png +.. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-2.png :align: center .. include:: ../reusables/vs-code-basic-instructions/note-store-quick-query.rst @@ -55,7 +55,7 @@ After the initial ``import`` statement, this simple query comprises three parts +------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ | Query part | Purpose | Details | +==================================================================+===================================================================================================================+=================================================================================================+ -| ``import swift`` | Imports the standard CodeQL AST libraries for Swift. | Every query begins with one or more ``import`` statements. | +| ``import rust`` | Imports the standard CodeQL AST libraries for Rust. | Every query begins with one or more ``import`` statements. | +------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ | ``from IfStmt ifStmt`` | Defines the variables for the query. | We use: an ``IfStmt`` variable for ``if`` statements. | | | Declarations are of the form: | | @@ -81,7 +81,7 @@ Remove false positive results Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: -.. code-block:: swift +.. code-block:: rust if (option == "-verbose") { // nothing to do - handled earlier @@ -114,17 +114,17 @@ To exclude ``if`` statements that have an ``else`` branch: Further reading --------------- -.. include:: ../reusables/swift-further-reading.rst +.. include:: ../reusables/rust-further-reading.rst .. include:: ../reusables/codeql-ref-tools-further-reading.rst .. Article-specific substitutions for the reusables used in docs/codeql/reusables/vs-code-basic-instructions -.. |language-text| replace:: Swift +.. |language-text| replace:: Rust -.. |language-code| replace:: ``swift`` +.. |language-code| replace:: ``rust`` .. |example-url| replace:: https://github.com/alamofire/alamofire -.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-swift.png +.. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-rust.png .. |result-col-1| replace:: The first column corresponds to the expression ``ifStmt`` and is linked to the location in the source code of the project where ``ifStmt`` occurs. From db3d1773002c97131b7406120c09abc2bdc319c0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 23 Sep 2025 11:55:33 +0100 Subject: [PATCH 087/307] Rust: Port the code examples to Rust / CodeQL for Rust. --- .../basic-query-for-rust-code.rst | 61 ++++++++++--------- 1 file changed, 31 insertions(+), 30 deletions(-) diff --git a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst index bf3b759685fc..18fb0b1e6c69 100644 --- a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst +++ b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst @@ -31,16 +31,16 @@ Running a quick query import rust - from IfStmt ifStmt - where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 - select ifStmt, "This 'if' statement is redundant." + from IfExpr ifExpr + where ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0 + select ifExpr, "This 'if' statement is redundant." .. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst .. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-1.png :align: center -If any matching code is found, click a link in the ``ifStmt`` column to open the file and highlight the matching ``if`` statement. +If any matching code is found, click a link in the ``ifExpr`` column to open the file and highlight the matching ``if`` expression. .. image:: ../images/codeql-for-visual-studio-code/basic-rust-query-results-2.png :align: center @@ -52,24 +52,25 @@ About the query structure After the initial ``import`` statement, this simple query comprises three parts that serve similar purposes to the FROM, WHERE, and SELECT parts of an SQL query. -+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ -| Query part | Purpose | Details | -+==================================================================+===================================================================================================================+=================================================================================================+ -| ``import rust`` | Imports the standard CodeQL AST libraries for Rust. | Every query begins with one or more ``import`` statements. | -+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ -| ``from IfStmt ifStmt`` | Defines the variables for the query. | We use: an ``IfStmt`` variable for ``if`` statements. | -| | Declarations are of the form: | | -| | `` `` | | -+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ -| ``where ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0`` | Defines a condition on the variables. | ``ifStmt.getThen()``: gets the ``then`` branch of the ``if`` expression. | -| | | ``.(BraceStmt)``: requires that the ``then`` branch is a brace statement (``{ }``). | -| | | ``.getNumberOfElements() = 0``: requires that the brace statement contains no child statements. | -+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ -| ``select ifStmt, "This 'if' statement is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` statement with a string that explains the problem. | -| | | | -| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | | -| | ``select , ""`` | | -+------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------+ ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| Query part | Purpose | Details | ++==================================================================================+===================================================================================================================+======================================================================================================+ +| ``import rust`` | Imports the standard CodeQL AST libraries for Rust. | Every query begins with one or more ``import`` statements. | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``from IfExpr ifExpr`` | Defines the variables for the query. | We use: an ``IfExpr`` variable for ``if`` expressions. | +| | Declarations are of the form: | | +| | `` `` | | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``where ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0`` | Defines a condition on the variables. | ``ifExpr.getThen()``: gets the ``then`` branch of the ``if`` expression. | +| | | ``.(BlockExpr)``: requires that the ``then`` branch is a block expression (``{ }``). | +| | | ``.getStmtList()``: gets the list of things in the block. | +| | | ``.getNumberOfStmtOrExpr() = 0``: requires that there are no statements or expressions in the block. | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ +| ``select ifExpr, "This 'if' expression is redundant."`` | Defines what to report for each match. | Reports the resulting ``if`` expression with a string that explains the problem. | +| | | | +| | ``select`` statements for queries that are used to find instances of poor coding practice are always in the form: | | +| | ``select , ""`` | | ++----------------------------------------------------------------------------------+-------------------------------------------------------------------------------------------------------------------+------------------------------------------------------------------------------------------------------+ Extend the query ---------------- @@ -79,7 +80,7 @@ Query writing is an inherently iterative process. You write a simple query and t Remove false positive results ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` statements with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: +Browsing the results of our basic query shows that it could be improved. Among the results you are likely to find examples of ``if`` expressions with an ``else`` branch, where an empty ``then`` branch does serve a purpose. For example: .. code-block:: rust @@ -89,23 +90,23 @@ Browsing the results of our basic query shows that it could be improved. Among t handleError("unrecognized option") } -In this case, identifying the ``if`` statement with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to select ``if`` statements where both the ``then`` and ``else`` branches are missing. +In this case, identifying the ``if`` expression with the empty ``then`` branch as redundant is a false positive. One solution to this is to modify the query to select ``if`` expressions where both the ``then`` and ``else`` branches are missing. -To exclude ``if`` statements that have an ``else`` branch: +To exclude ``if`` expressions that have an ``else`` branch: #. Add the following to the where clause: .. code-block:: ql - and not exists(ifStmt.getElse()) + and not exists(ifExpr.getElse()) The ``where`` clause is now: .. code-block:: ql where - ifStmt.getThen().(BraceStmt).getNumberOfElements() = 0 and - not exists(ifStmt.getElse()) + ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0 and + not exists(ifExpr.getElse()) #. Re-run the query. @@ -123,8 +124,8 @@ Further reading .. |language-code| replace:: ``rust`` -.. |example-url| replace:: https://github.com/alamofire/alamofire +.. |example-url| replace:: https://github.com/rust-lang/rustlings .. |image-quick-query| image:: ../images/codeql-for-visual-studio-code/quick-query-tab-rust.png -.. |result-col-1| replace:: The first column corresponds to the expression ``ifStmt`` and is linked to the location in the source code of the project where ``ifStmt`` occurs. +.. |result-col-1| replace:: The first column corresponds to the expression ``ifExpr`` and is linked to the location in the source code of the project where ``ifExpr`` occurs. From dba4b5e5a942f13daf40fa102cfad6a52f5d7cd8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 25 Sep 2025 14:01:22 +0100 Subject: [PATCH 088/307] Rust: Add images. --- .../basic-rust-query-results-1.png | Bin 0 -> 31181 bytes .../basic-rust-query-results-2.png | Bin 0 -> 29554 bytes .../quick-query-tab-rust.png | Bin 0 -> 9316 bytes 3 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png create mode 100644 docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png new file mode 100644 index 0000000000000000000000000000000000000000..479b2482b8a31e738407547faf7db3785ce5e650 GIT binary patch literal 31181 zcmbq)Ra6|!6E6}VfdGNv8XyoHg1ZEF2(E$Px=3)?MG{;>Ah^3jg6rb$?u!$2@dcJ$ zF5myY-nTmseWvTo>8kowbyaosnMh4_1zc&nPGuU=$QoiI?cll=Qo- z=Ly<_rmBwIyLa!%$jI2(*gna~$ji%*jg2ugGjo6ZI669t;xjiqJlx;kKR7tp+1aU9 z{wO3QBq1S{mX;(`Q!5*;0#u&^*KEiHF< zcSA$NmX?;}wFIWFu3lJJ2m*l?7Z>$17a}4e6O)oM*O2k?@$BquzY>12NoXkNL#3sq zqobqw1qAHv?W?M)oSmJUo12%GN@QeYf`fz0%F4vW#lC&}R$E&u=2f1RmF4K@$SH5^ z$iHeFSKM&8xiHRHzWh>dZDOp)r#ms%} zqrDYfLQSh~9DC>r`i%&Hv1BeN9#WJ&{)4i67W182g+9f`P=FUK%9H#ZM@Ut>CUa_XsD*tyGy zzvGKpaY!g0DksJ^FVb}MwKt}1n!EfG^b6=j6Xiv%uS#2;MDAL#Ti%@=746cNL%P^N z5SbC=ZB3IKLFr~eTQ&wQ7&={FUzauU_#H%@8bXy4LX|&snmc&P?GGMse)WKY;uWVP zE3M@D9@OP7EDFwj<>0)~kRj0F&egs| zT1&cd$#l!_wnKU7iO*Y$PW`gApNC=c!ztB4W?dWUM1YL^i*2QV5OFMscXco1=wjQS zyw7I~*cO8SzbRp#3b%_s2W*wN8RAsf4B6;Icww9gQnH*i3A%wzgW==yQSei>HGuvm zur6U6=>PWr=hNg9)!BMq_9%t_7Wy8VZR$MyAV+!z^KiR02G=^}m4xHl8M^$t6PT5} z%GxvqEC|YK@a}6l1|sabyY)A%PHMdWd8PfR^77qAJdwG3@KpXr2 zaqF8{y9sk8`wY&CB0~LIzghzkW|$H0)jks zrhd3>1pOzcRjJ7(+?e33+ z&kbCt`j|gLBgo{8+H|9V3>#;H%JTl?hWQTI@I|SqJFOdd_E59aIFQ)L3@;7qe@Zzf zJUZwtJzR^H7R_BaGv$p}T=e>1+)BlQt5OSiv_FU6ke_*jCV-0zzeVfst;FHsNkYj- zvemhrL6W-}1z2gCi0nkiTCpM5R?a#tL(MOeLA!91j<|BCN+1;d z3^M>3W8L~#=8!AZl(0!5odsV(EU+Eix?ANN$s3Iq|C7J*KaSX7G_G4m)qlFU0vOwZ z)p{06Ao_J#I}aiAr}Y%1x3{;1z*G6G1-`&`ct=wS9v0SkO&oQ!#OpVSTIP8bkXUf= z`}x1_#`}LfE9O33k_{~*T=*Os_{nQVh`8xg_GzX4wQa$~fz=Wv@fTT}{Cc_bD(4#c z+LJ*1&KFpcl9A=y#{XWV7V33=@X@;g2)gB-Fb}FSNxlWyN|G^kAuuOuvXEYZyq(-G;_v2rCQdDo3&KP}> zteyci1OmSvpTYd*#3ZU9 zBRznUd?LlDmj3TTGszk2*@9>nUf?fk0203OO(5*x1ojA=#WQNOV)&f&*%RjJtlkN@ zh3nf}@fnUPKXqh=712Q@7j)D2dR+`9HbdL10)LWMK!7Z^t}sm}z;@0Tzw}}xWN2bf zu8HoyJxZ_9Vt$@3Q8uBzp@Zu*Gu_Xqn~=9;+Q)1j9@XIJFp%Y*BN5mdJR@v~H&7PC z76mZX>N)a`V0MJH$vd9z8CaV=nMlXbM;cc^!ig@7>mILER$U*mQfJX-LD&f*ABv=-@HDkClm~YsS44l({zG!Dl_T$e zF$b` z?+e=A!@Nbr{y-k#SCjqWgPI873*K?{i`Fqu=WU4WEuVAbul$rX)!9nlu_y(cugu>9 zrwUK^V}RR}lK1${5YCHc;NpnS_o;hazfx+@$wr@dNQtgjpC-lyI76iD;y@okx&}zu zoTRm4=+BY-_y112a|Mu=iU?=tFH6mk$xevgGC#GX_6ZZpK} zg~jpxZsA)P+}9PnJmd!Mh=8ABuK@%;uK@ttz&12kMl2C*HKQ3)-G#7W=ttZ#Mc}PN z#aKiHJis~OqVVwnY_k`T)ZkiA@KvGD2;$7~^~3nU=%^1u+)Ea;2JLKyoc!1V`V+!d zai3o!n;|jqQ^GaCt?U|L0O9rOOwgbHOmGL-_5zk6PVmgF81i7FxFo<+^7Z8A2xiro z8eAo7H%#?i#HFp_Muu9P5g1nx?l_p`XQ9-!a78;{Mg-ZX^*VF;kiZ+aa|gA!-?0i} zrt4w|ZI2=#?naeor1p(;b9%41GdiVnoP1iWwjQchho$B>!`Bg>4WsaT)e&Q+nnNz@ zRy4n&CYp3lMMjOp2U%WI@@T=MU4=7Np=H;o4~US6T@6SiY(zGrQoWI?jfpU?nlPcB z_-%Z(*3?mhx-9O16=CucHUY-sa!ke))VjLdBqM2>FW$l`Cj)!YBN1MudgATuO9QKX z;*pKN%^188(?#dB^?-~2&YlHKBJjWbr20L?MOa0^Qu%xMXVS2b!FRjKqb8>z9qTb$ zg{;#ANupe)M3%(iOu)~2sv>KF9Wngq!Hg~@$^NWY2$zdlG7=qz7;rbGNH1jj)*rJO zk*z#=2%B)UQTgHW(9y3~@NLLI>ULB$H^N6dpSj8qQT?}7_g~=1RGAQa{+V+Ga5b?; z(V{|BS73+c*0^D`qcA@|8ztJ*!c`pkt8V!2#7~rXwl6H$? zP7Lf$WhW2QN>5?_n`l#aCJkn5$Dr%hkT@`VN7Q4F9@v@lGHoy)!sb9og1~xd0mSIQ zGby_pJ7H?we??T69dp6w=O9*nJJnHHG;bQyK3W|Q^Os}Z(NlDGVHFc^TynH|%O-|P z14#2HYu#>(M6FRbGTG-Ji+0N$5RGKqaD|@+%+5luhR9uHXMM6|FhE;s1HdEu^Gsk} zDm~f;AZYzYREf(lG}&vI>ZVOmDeG1aY(L87Txa>K16a=OMf^KrMYZ_r9|OzC6dtYQ z@n$RpGJ;Dg^#CxyQ*Mn4sW3_BO2b(4!6rf2B~3f?r;Mg~GMjcC2|~vA@YJkszL9xL z;EZogrm_5aG6Um#qFhki@k7z8Z0ZiFfjl;zGhdk{&A)`ZT6CWAL{tz1En=yQ<6k;AMQOW203l~Z3UOt%GL8p;`i zm5el5Zuk%4gFA1G0)XrV4;bwB6ZaxcBP`#^pz%B+o5l8*+RSWTV3o{h{ChXK9UErv z4Co%=KqW}*8pnw-n`rUuMzo@viG&sYxAo9t^!F#jo*Vd^1rrF6)yGyZOgPc-};s(l^qjVX^o`pYzJeK2XcyVs&tq^ zb2X-c8aluM-*XA^=$5PiJ-HtxsN)m=)JeL6Ka9UE$27j337zoF1_zm8H0o9|*Ty_h z?>oP~UvaSg+KDmw6Tgugg!|st&*=|>XT={ASXCzc`t)00sbN+j8J?nYar6*f?H5^5luQL?S1W~EF-@?f^}jBh<>EZ0{2TX-mj%@mEL^L8(glw~kgK3tdnR|r&K zh)bTKo|}|0pMy40Nr+JR1FPS1jQ_5z z+awSpb%)@MJ8r2K-9G+6yd5d<@LEmP=*1&N(2EPT*pLFC$NkaTm+ukU@K5ER&N1l6 zWg=02HD)A8y~cylJ|f~us4Ttpa44Pjeb2kHCopJ#^0aK!@_~hWbpM`U5_-j{5zmEGIw&UF%^uS75TNQYu?v=k}jV^6IkkC4bCc~dZl>5S$_ z)D!i>JO!m3J-0WVy?)EU1^g_)@K=p;m!)w0@iW+tEcnCp9i2-HA{!g;%v%$q=hr_N z&(t5dGdMt9va~1Hxb>pcfYI5rpAs4q2YwX937bbBBn?P?nsB95xK2nz690q4tF;-<2w}_0kU3itN^6~I41>ypx?mlfghGwJzdsAfGP;!X| zh8}Y?I>f`AU8otb=3bcRaCX0p%UbS&?*o#*QzIDN;HU3gz@{L`$+a;v9OGIf&}60o#zCI2&&2(5BJTCd(Ftm-xst z<4A=3Uoa>kDyIbjDOidXCUwTn%Tqf!L9$Vr(B5b1=Qir5e$qU ze0(IPxq$;*$Aj!oylrtbe#W~8NZDRYx=ku9vYEXjcx_o|3JGE~grP<3$wY4L31y#T z)PNqhSI@)$c{?87aL;Z0HqBXuN-l}E+Ku+?TsjFi976-`|lZSY|4 ziA(v|O6`;RyVY=h{HHm`K9MRHd(lI=-v5iyEF;w}->hP}x_!zR@#QgVHv2Q?TakmG z%Nn172V(vcP4<5S{4N>94p7Y6!OnmZyc<|7TbHE1SSPJ?+7s%BX-LA0xS*Fg(wc); z76xyX@;og`KU7fESVVLTC0f&j7k=K#Kv}E2d~IG~L9MViv9#17Hz>X+`CJsATV%S| z3*7eSbVKsE6At)JXZ9nt%f_0t35vcq6qe(i!Q_$)-V5(IRf@eU0s6VyPyQg^sn^Q^ z<}+k`w4+yY9UnoYAWqYJ>5yhi8%VsR<&6!b!x2uv#aVAzxL{CxV+l0T>Fc& zvxb^80BVGso|KG>dA!&xF}~aRu(_I}AP?-Sg2NQfAWt;bW?t&~;CNX!Fy^;cVx&yC z3~irRP}t25?3=%J3_&<`C-32z#Y1QIF1;~AIJ$|Z3cC+W>y%y8gIG^XkPW3WK=eZO zgYCID`rC_&`sjES7;KCNL@PdK3;Z&G_YYQQOmHL1Ux`!Y`6Vtfk-|1gqOxaZ&2w$l zMwecGFnq3BvDuhp-;iY&xeAAb-@_Mr^r2`t+Oz<$zbB=B2@qlM@HjG8V~pQ~s;U;~ zeSdWGqlSi)z1jTYW@twt9_hnPj}S+DJiqG>1q5M1V#IvTSw`AVGRZ)Lgcf?*B90QW zgbOE7n0>}TL4`YNMUv6W?^*04&`N#d?0&HDz0Ypifl+R&4 zDIH5;;ukyTO>&1w8va5Ry3@5zBzrvJnn;mvL_YncRb19Vs1-w24G^E1GJcuAOuO7>r?l4?h@$ zB*Qe23eTXxeI<(A-|wn_)oii>HPt4Q(~?rx$O*mVPdFp=G#eM6`@rO6+YHWUWjfOP z$?zpbIHT;P?K|SFSzRlkgrohaH%%6ifgF_&^q2E?eUY2KbPwTs{If3KqCNA>d*bnm z@}$X8Tm^izUVQ93D!TfrogI~p-3#Gtz+4%BY?p<-2r7WXLqC$OxtVOZvv0I)-VHT0 z-%U6C(QsXK+nU%uC4B7AV>c_umQ}g(PP~7_rjIMDEWyDx)$1!xv0EBHvxp-5i{qU! z>Idkw)6Yy7vSny3eFZK_ra#?PegC~JxRjrL&M5ywuS+?7JDo?w$%;{P%1{Lco1A3T ze4MSwZ~ltzqa3XWyYz#jw!I@7=D7^PA20Pk>o{cX^ZykZmvByZz+h|G)e-Vd&mZt! z4$64FAU=TKp_TWEGp#+_jG|bCORFQxBu@v&lXLRBStYoplh?Z0IBNB#&7@k@6th@D zWC#M&+J$1pE1XHP!r`Fa;ftnpN~$HsLU7eGgdOsM_Ucw!qu9Ak{FbYG-yxu+aX zoZ{cGdCI4phf$im!Z^y{>E{zp#DiN(P|F%0Ew_R zSWwfzv)}E~tTv+ol6L`iE??r!=}8JCnn;?GDzaZiQIx+y{``_zzQfnxULLnv8Wnyi zM_F+>B456D=oFGQSCN>Lwd@(YU7n5YDmlGTD}h(|?e{)$KFtxevu-y-jz1|CKWnQ!v?j+19J&EmE@%vag$TVQr|Y@4NTy&dtM6 zO9{p*6bIaW^J%B{^F&Z5gJSS4c`;GvzX?hEVQHD{K2}i_JO9d# zmluCEV)?_DaM~_{E&rszHP#p2-l=rpr*v2n@kzRA-uy=4M;k!?oSVRt^|Vb`w$w<2 zkON1K*>TtTr>wo%A97@|mh>+lYmU((jXl@5N;wAb8VWu z{i1{K52BLr)$1y4y#z&+()7J-q9!y!7zAYO3I27wfZ(ouTpz{_II>5^`Q(OE>P+uf zd%7`^F5f_eg8V&fV0W5&2MLe+!|t?ohQ;{c zKc^r!h9RJQ2`kKN12S!2$@Uc#M7=+=^tDc|SQrO%nx*RwpT19@9|}x(_D|c$N17RW z*~0zDQ#yzJslw&l&opc?fr9`f$Kk!qG>b@i$wYg{IB#gy^X8jpETz3ywa!0^uqAPtnVwSRl3AI6vcJL{T3@S#dSi7@ zm93SK10Uj=NI1cCMIC$1O&;SH8#jMead0dFNoN2EGx0P@ZOSf`NFkD5weLzci|TKZ ze|o8c=6kL!X7C8*z~2Ges{B3ZclB!~Qn;w&DF+mH7GXuGL&0xJkmw%iqlo`SIjY`& z*`fBKB0!etjcjA#s+o@dTdm7B7J4h^;nr9h>$mZTP*e^z^5QAEEAKk3UjS)Yij41- z&klGn?CO2?`z#taWfOWZG#_5QmUYX~LN!pb=rP*FeD$=od$*c+1uNYGINmlL8eb3X zkezp$)12q4TPM_7^qw~@j$aK~%p+W~`ddq%P-~ieB{9S_7*-U%j{WD16VvH5z zpt0e{xn>(1W_s<$Ro96Y+4AI^zxLwI+e+L5KG052eyRA zc_k%%EmYRO*FjFky6Ur>Tb@wlZqK?b-Jkm1>EcylNkd#c5Qaj#t!#{mi0$$5B#C>y z>|U+wtbHe$sd8WM956tBZWo4m2|hqMXzLSLoD%l#6)WdZ`*9X*!>Fhk;nPGuQz znKEZslRISRTyP}Gm*o-BROg}wB4G;E_tWaq6HI0JT?6;5^tn0}Vr?|jo5W?h{IJm0 zusdn&`tDXh3|+8Vh8_m4X*PG=6T$m&Ter}xH3ch@s^sfBu(%<4Ne8SlC;yvb& zEugsi&ijmwiF z7+ESKtU_Yb>jGln1yDepH#z4*Lw_K1V3dh7|d~N$$PzL8(W2n#bO(_ z^dr^#zh1dNSqYG2*cY?fp7g`vm!!w7wR~b_+MscO8uqRjsEOj8$|9EPa*-GiVWHpdi~?G2jwVB@xlq#UpZvo$D1_#$Z+uoy+n zF}|c>v_tYJp2w|v#LK*C>Xzq@*OhSKo8z}<^D^ke_peR|Yh^v}&Q!rx=>AF{)^6AT zY*n4nkr^oYr=9(f{z~HiQh2gilY-}PxurHjEN)Wy%6pHk+h-XP?oNel^w%mL`*`o~ z+fenDKO|5U+pQFAsYEu$Qy?{a#EvP-8eA}OW%f3Gklf)S8W9xVT^PU!=0Uvm$6dS$Z}C zj4H=zy^{kG*nL40cLdd^)E}A5k;HQn!rlQCsHQzvKPN}-{SM)$%a2*x%Bd$8f@l?W z^A#0rLPQ?ff>TuOW!Grzeqn3rf~=S_Z`Ta}R4*=9O0OY4+4e_v%&~>ukj-r!qykJs zQ^GH2d%9POw6>axgBRTt$}>F4-g6n9cAfo{iR8C4nGc*@3#Ujh)b?!eX(;n@!!9Rt z))d510#>;wmh~sN2B5WT?E*ZqPbTJ#<5t5u0c*`}h?hupPY$hRh{Bf7BccTV*{Gpl zEd9{linl%jAO#(&U8qV$=xyA*A61-iJoX`YNwf~~KA#ycM_c&Xh6H2yb;jSMKY8yq zgXWc)i9%JrhT7rS)vq-7^MBMWU>YdB7{;OvxSYJ1a1W-Ki!576zbD+EIDLJPoWhl; zA|#nMtbj7KS(1brRAPH5&{y44N&sVsqK%#v-BkUyuGeY~H^#KnjDoM8lHh$qHPcP^D?e{)rtS*7Hv8T6iH|~3r{WO9JRG$;3oY>NyOGH~R;l>l()zMW*)B>Ly9y-d z8n(w3w+J(~k?a*M@HzLkMhyh{f7O5NxEp~y-7XV@pp<%{1Fq-($c4n&M`}|VvkY1Z zv>N2TY_ATwKSTNiRz(b%=^q3Kg&PbV#oQ*Cq18p>&KP4zE8{=GT%e$wDOtgDHENXd zp68njt+(YK6t1!bZY6X_6ylgT2~7;)s7J45i!_r{eNo!qY$Z3+`!qLi#hyZ8CQCJ7 zi8avE9+IQEuEBG77M9Wp?)XEA#OuHgj-Pb7qde+8ZrO6b_I{+cxUok{2%qeRQA*b! zC4RP}x+bZkRT+Vpz3tu{wjoJkn=_8THpy_$LtL6%7a{qS&3Wgc65|jzF9NA()WJZ< zkZh5h6R|EQ^f}fX#p52xjxw(r3ud;DmyP4`7dKGE&#x!54 zDz>}TjW>Q(F`IRT5kSA4*Fsz`l>A&=-FiRGOP^mXQ-gYExCP0wbIzdjk1?-rO727j zoumOiuiGCelPVS;IE>K0vPB!(?~7IGe60q{F`O~Y7ub_L{RXeQY(38f&j+o(b58Mr z^bHyyp6Uv*131A+UU=A_{iQjiQ_}N1>fb$bu$uD2iG^Qf``mqfLXO&QqSAIQA>#rz z{h5rD!Ca?L*Wr(+;$Q>Uba zlf{>YS#am09%e^i>UZ*~+TbheVRP)~yPtg)-+e-qljQn@2(XcV!M0z1N6Uep`fO7k z1K&}HNTUHmb;(VR_?G8t(3)sNNi%^PENP0$=u?;sMX%+um|1S0wR4e}!hGz4h;(VM zLh_B9cL3A4R5Txd;lzO(jJLgN6;=9LyV9Ka)ct6q4C#ff^)+YIxh_N~by?YD9ftg` zmQrj_P)%so(7Ppf060Z$9>{9tSABNjo^Rq)ruK;_6^5}=tH~l}IAnEmV&b{VEJ6C7 zeK_plB`jB2;M2U^ZM1RA(DdeR)gD^H>PICISLfezkMRJZr#a{WNUjlEw0Am+R~}Dj zwt(Aazm%6M9hFOmezjymGnCd%-~nN58=ZLkiS|X}Z+G6!G!~Zrwk_!4{gnY%LN?#W zyxdQ!@&!beBVr4cX6pyP0$RtCgo$=j7?Z_=$Wqc)NQf0!uC)@C28&|$pu~+NV!{w+ zVPVw-+!QFZ<-ITH;;^XUN7(f}ap9_35Ym`gm*^HI$;=tN-jcTXtN}RI(!Z`m@;7u^t<}GkV|0Q8k-o?{FvDTN=1wfA3o?6kfQv!kISM&LM)vh9 zMJ9j^UrdkX<76njp0CpM9jo)z(kh(dJ-h$A1Gu*gaxcwDb+V8aaj#UyS+Zcx-yK9w z9FNEm&;mr$;Knb;2dne@v8&?s7Vby1Rw3jgOYs{K;`VJ||A=aEMn&qEG--zK&obQN z0iTwhP#*b3e@X%*yE&huS{)~zJTm$Io4Ry(R2xB6c3&d$%(>bDJ(C5O_7I7*L0_tfASnb~#k1l)%C!`5h zzkvyI=(~I-HB~Jm&{QES`Bo)|`XA!9zh!XJcc5l0JX6Ytzud__mKEk#B>hEj$hZbXT-rUoIgpqM3(W za6)py1qbb7b(L$uAtop2qPCMzs)_jZ052cTPDu;nJqL$}VTd}Qu3+q#+1Uc(K()bd z4=PcjLry`gupX%!131ZklcHvBL-1-XC_WJ9tT~z;%ee z{^R>I@cu;m&?9=nBdW|Xdit_8GFq+_rtG1TDO(oV`(p5-5{?H?mYi%4iHDgOEhFG8 zL}(Z#AV92l>8Vl3q7xB1h6o0OnohKd*IWNVPFYe zs0Ys$;+0(?O_8)WjUlzQ`6E|#~v3=32E{qP({CS6|oip7-5-*TxyjHl%Skn7dPNchwg*XwwQ|J87Rd5bHv;Q zj3yzl+yb4op9z&pZOQrGc!AVYDnrwHHz7JBZ*Lzp9}AQ7lIo2>Zpwr?{(P>f5Vm7S zsax#N4=|Jw*31I&DIyHc7Co7`pGAv2dx@olO&r(C>WUqHKofCXPomU_%|D|*+rT(sh{2sBTT+&1$=6`S>O{!DXQn1W)l_^ zMZIeQW9fwcap~|g!u2-8at&pnAy|hTK6dXZxr0RYTW=ZDz_XIHjX_@tqAN%Hcj;5cvaa{GOFn3SYMdP@RmL zO=zaL7il(pXyb14@y|fv=yMnPy(l+{z@vDXR|Or4Q%ZU3D=0(vSp5uIE@CM1F2%6AnwU3e42>+2md`>o$VQs9dUqZlH(;Fd=^p?W zlTqRQ>(8j0#Y}d3J^A4#?I~3V=xVQi8W`~wU2yIt)1xK&Ti`4tqLh?-idy8DmiA14 z7HQVGbm1L1Tja;yecm9&OoS zQv|^C>F1o3H12`8nZ33-M0UO|**d>Y_Bl!rK~|5V|GkX(ZaF0^jS_zw!3&@#b z_xli_&*^EP%j}GU9PmqE7F>1pBqq1Y*LwGPf}FhRzHk=P2jiDF<3jtNjPz!32e%zj zWcld0m3s>cCiw|`_=lO71rnJSoPk_b{CNxG8OR3LaS5N^!T-2rqDd@W!%QI+DYk~E z!H4JfX}d@yRZQnR0)e3sGJBF4$p={y%~)Ux;YI-iu48+Fxs1C7YKdxzIs$4}x>W*< z3uJQr3#^3;5k?r`1StXn$#bUc2XrC=e6w~RLgns)h!6Nkl&5IkMD-P>6~50OE8v=c zho^?Wx%(J2TF{nkQGxV#1?4B?EEt5}WE#Hc-X_=dnfoU(B7oo+I#@YVIE&79Y#Xc+ z#CI(H5lvB_K#8H`fW^1mf-`4ie9$j$cQA29>S^Z=Pdg>27PJj~W?6FpKtJ?+_7yPZKrnuTz&?)^2$f#J${ z6gnKocT6yb$@yG{KRZ*=PKjXeyiwX4!Mhphe^EslQy4RcDk{(8Dm1yPKTYWQiX5~6 zdF7!{f^4VXqV2*fWq!Q1I8eDAh&8CYYIIs+Bh>zwWWc}6K1R|JyQO8ax1w3Yh3D9BKO8}TXJPUvfa($HhEJ2)|{pd>K#_WgU#=c8xMxuw8rB%}#At zvc3l%8%NpIW?%*vRUIO$b~(gUV^sBK=C=Lne6^| ze^N1}i_k2K(@;|MK>D{>1O*9H)g=Ys1Ev!^#J%qh%B(|5+CqFIiFO*SGXVuR>VV-@ zA36muSNVQ>OwZ`&Ky?1I`3Va4+9{`LEIjzK;)dhvXx_c)&IG!VJ~S(Vj#0y-mF+UT_O(&J!r>D@c|yvqA$Zf9oR>XTjFTH2Thf)oD%p5_~n&P z&;dA0#dM49zi`07>MuEx`@$|7wR3@BS$wu1?ciNo4xcmQ*O3DM*5%Ob8hq)RaG{pkZfy7HbRBmw27bX%_Oyu#a@yaYl`?IfbS^3v{MJ4Rz8Q`W3>P>Ze zpETw{4Zk9Z9L3YE{G0?gw%+I!$sZe5DD(Rj=S!gLk*zQ;U?QotL(@7+T1Z_kS3~@{TWcG$yVZj6-1DZG zar_xX7?{$3Np0|tGkw0`Af6(mg1W?xUDs0oH#pJEW7gKHw%Ug^B^arkesexLru%KkpdDIq2A{J%O1$LpKDq7;ERc3_>(gT_N|A<=d|MFc8Kn7 zm9O|j^XCp^`uucLX=tyio2z@XtJ<{j(JA*8_d&@{?dxq0bLG#xWeBmUUz$J9oWvvV zKh|9ut(Y%AirE#oZ8`~K0?2KY&5kJQqCv0jZDhPkWXTs>y|TW z_0FYhGwfA{tER>+!jljc4W~MZBcJ!rt<#+5X}^p>%bVC1q>E3pugom&qL>TdZ0Wt} zJTM#CX>)9CuKq-0fEm8FtY$^q4z+2=2Vul>;cZIAmFE^j=x%H?iD9$^fTeod)Jr@Z z1iSpTCnO9;?tt%9w}Uq*9$UZp_7%pE6*@a5sG&>0vzfvp{|4HyQa@!9e3grxYe7b` zvzUkSD(lFiNi9E}(==N=s?<9ag`AE#hB>kGuUw0TiwkGVSH${?pLKZbBd#uPyy5XE zl5-!heLMEcUnMJaVC9App@tv$Q%ddXpandfm0byz8-vT}+j#6On!Pt|4PzXL9`mKa zo=iOAjo2aanlI0YWq;6XMbw?B>CW?sCEdWXezyoFHU2cmz@Nf~)BU~Fu3stkx=A-K zT@i`ATH^@lg+pd6tMnXW>-!*r2RS|&^Q{90pev0r?EKJd6A-}8!7u6ILqfI0DG5Wnk5Pf~E+wg}@X)3-ZslFah1;qr$LD(IL;7Z^2bug z&BzPlLJfICb&utrZ;4b3D46K(HJOO}zlsc$qLDq~k`aGm>)~I6uwx9J!&b3a#6lY1 z!n0QKxIy^Tfs5=k|0oxDnGLgPr7L@^i9d^!ms7b8Il0TT3z&5h z^2C9^K2)|Px(1o?oic%JXfAS?HXC#$#pXyUfjq>$TOS@wXNmgI0nNq!@_4fZm$z(y zrFI7KS>cORD8PGmsZEe)^eNT+`zKG7TinVOfkYAG%Nh<7-f2hmwkbDQ@`BzOX!B9TfE_dDy0ROW?8eCL*ycbOJpL+(ez3>V8(7 zRrdC6+Ym$s9)FwGj~*y`$00R*$#*@j^RtalxT;^NOi5KCH1~(*teL>$desnc<%O=A zQgAA}iNC5k=Cp?GL$3q3|62-83*^8@l-F!ROclViH7eDSkBa8pZ<2hU7^rWXHeVZu z%A^!yHuxM~UXyi+8NCZ~XBNgURVdKH{Z)GR5jFAT$o@^@d9T|h)q(Luxwp`w45oE8 zd@ZfTgKYz%scjz|)?f|FxXWlhIlO_*8o_!V;Gr6Rg-;Co$VMk;_ETtY0hf<|F^ik+ z_qKM3s95{pyaJMD-%L_K>_j|y@oD2vJWRueMF%UFi>HexihfP!fgW9Hspo$}4j>MiZb z|LN+j!=n1WxKTSW29_x%;)!=&;#CHaJ^kyZSg736&6(5q z07$Mi=@uo|w*oNBwpG zF<-7aEF|YPEKEi7HRwR~ol@$2SdBEKNuEJ%LzlC6=cm@Uawvtc9NZ2S@=Fp=K5STD zHSC$z!LU-{nS4F^xd6qcZas+t0t@#+LkyHQwZ%Y#uDs*J6S7)%Z^>8njA$bd`x>a& zc@t@pvMOmlURHnGnl)Y5a7iEEs?I{uVVBI@+*i7)2D{e^f$h|pi>)AZuFy4JP z2#7iVm(+iI!pq9Me!srndCcY9xg{-!^h2ovFuenMPDgS`7jshEho^7}@+=?|tuhdjNZ@L>R4+*~siop+@ z+gs@aZ3d%On;^rYY%vJHeus*QZ*`wBu|Q_# zl!P_%$RyJ7!c&V7kx=zCUIc($K6vG4Fi3?lB!VbS%Ce{Z}a* z2<-{@>_U-sO?L3qC%4o zyIOsxM+?5TB*rC@{96Q_F>qmKo!e)>0j22l*(UF4Kl%P0^Rs7kc)@Fj{s=v)Tx|&? z0*#<8M?dVtrl{y7gl=6ye>__d8BkaGOaFIG1hp=HB7tNO5pvetJ~$uoe6CzbaT}8 zpmC$MdOIl8w#xTwB0=7D)9V1WrKt=-T)tt&B#r!-$LHc)q=PZoS&xe3HRvj3D)afG zyR_UD-dsN%1-j+|8}BDg5YGJar(|5iLS7K&2?z<~>l1D1J63rR<={)_^7>-8>}_NE zFTLRh7r+uR7~M8{jyg60)>^*(evi03&^CsG5lZyS$l^c$Hu^);8%re;@4(Iaf?q$! zikJUd`8(6vlO3k zHAqWTHx99td-XER_NEIkU3H7U37#Z?z}J2#7EJmw; z_jIk*?Yvl+Gz-2*pbt+V(aNI}symD|GwEiL16`-iGM zz&n~+s0fs5Ct*Skf^U>`yA_7M+v&Jl3}UbN*p=HP`~225sT&At+tu4+cld-k8$KC`9lm9s#iGiQgrMSdZl`;fiM8$0w( zpARRFNhJ1O1cRlD70c(vC}kd-82i_0Jo5?5uSLq{HbZ|B?{<9=?&fy_zS8PbLDWss3wc#Go5V`@w!4mNx1Aw7#a!@l*Z!s?GKFbyJZd-!2;q;ZHbHADV z&jw~1s9~PEh~349L($t=>Al?UU!6rrh0;#Cxl)m>OWRz{K^9+6+*K-PF8H0<`hwm9PS!pT=QWZf6f+Zk9GT5XZ;HY zbJQmf93z}>+ywUDs~LFKzWNvp65WgV&#JSF1~3GCaC@_K0!l2=OBJ_zx20+JGemqL z?KmO@$}a8)by-tEF~OzB$*uE)w>=&^t7(pm&apB^x$`MydK-Lx4}amLj#yUs(diS> zTCo<7Jb>eu`BM^+ybB>%p4Bt@NKxk|wwg=eGwKt#yZgKaQJvAiEwZD(BUlnYWis{s zW6r{3Ay`RirLy#9S5G7E&ataZ;}-%d<8@SoGXM5y*Upfd$>`r$?~$V#5bh=ZBImxL zBtgs5u?O9#hm{+?p49vP<{9+^StQI3E&P>PZ=bzqf6}#iu4E)F!a@1PmUlm*Fa6R- zumeYyEE$W2GzvpMqxLU4{gJ=cd?D<9~{EGzh# z?!yk_d)Ql<5`VT**Kn3)&uJV#%%GSs`YyaAwd?Bi1Bwb5cYB} zOaKPLm_Ym39lw2t{{83X;xV?d;nSP<7G1QnCPj$0(iAlf#fmrYCRh)zJ)sA0VE<*$EG=+6P6zs(O zZbw-ekdrluZ;J{F5|@Fu-G#+ORU|$swSwsFb6Op3L^ zcFLTe*YYB0*4H>b!+ZC6oA_TMG<^!fY|*npORx1EQZ>{MZN6$0$ADl=zuDW~O<+yXme5+7TANUuw_^6wsP8&( z3%~c_f#BI>_Gk*dUAb(I%yFDOm4eXi>MOY{rMsr$(xTwLTg_!&If3Ql^X&uldnvMP zNgH;0G+Xr>S#SWudLC*S9XCLL1Ty}>jO9Jh^gegJqCQsMPOrk&bU$ungjWSV&e{|G zeuP4lO_5-|xla6nJY;^!%Yq9TO*t25oIK8Bmc;drWS~HX5EB*`(d#8x@_v$>JMv)J zJ!{SyZ(jN^zP%eM*G;`nalv?axD)2Vfz!E9noWk+MXfoiOufGKLuXdCDQ;8>#WC0( z{`6C?A`#C%d0#WVbaw{U;tD-px^K}uoA-y6mB)p?XC~pGK4QF@r`(DfxuCy#GS&%{r{e^+-U5e8u1c$o1;TWj^(^X(w$nk>2;0aJRnCH#@3kx(c&IH+j&c9+vfYPnWe;6T7cYZr+Zdx3yF2_ zuNspX()G}E&T!8n#2(%=G0mLo{KR{g0R@;0ye)MD3PMZQ#MO|UKXm!Z5LC=&X4fdW z19OTUQq@NnVz>FixZd$TtNAwC15067Cfk5llpyU8AbSeuMu8#J$g|Zgr0%Vc8{`inVcUVG#%q5$Y1Y z)LwerX*DXVrUv@@0V?F&4I1bMbGAYI1cwgRVr`Gh)*hV05B{K^D>z~@5&d4>&CT+` z?v!$A+$RFuV58qNJ-CsDCmy56J8rG#gs8%spc2~1mamCK$Fk3;iJ0?#0oKPN=Gbz6 zA4@FQu;AXg$mQR1uaV}e5QmBECeZ@BPBR@2r*O~O(+BegAx()sB^$%O^X+FRFGl56 zWt^n%p4z9|TP%4`Cf}aXpgf%eUoV!&>>A*ONTmgKM6AX0Z^IJlX-pEs{Qf9?wD@Um z$x_(U+SNSet5yjn0us2w6CBEyH_Hb-?kpz1m~5ohIt zrCt;X$j$+j8Db@V@C=Rj`qRKVaa6Y?*KLK=Z+>vzC_g2-Q5hF(*Iz<@`kvi~5EL*B zP+s}tu9RpC+zJ@UGYR$XdGrAHx(+YJ*;Z26O;Z0-f|s6OA7LSp(Y@pkM21&K~?YV+kU9K>y!vw4^?KmX8+s?V~@8X@^_F$=?| zw;fC-A7FB7{cng7KapKIIsaC}3}{QTaz)6UCoL&4)4ySXVo>Sar*$x>bX?bG-@m6l zo$gAJyN4IsBY}@gN9fkW@Ip9TeYdcGoo=jhMMdZuC-~sU^cb z`8R|B$qyEZ1P4KIpvJ-&7K%3=*HmDxzX|Jpqr@BVL5@Id43`(DAj^Bm4#5fi67|0c zoN$oXMhR=D0h;6%oqtWh7k48*)B`ho^cxoDZ*P5qWhu-^0r^D28c zE$b+p)i_et#wGoMq@8o^hza=QuWQoe>bsXvZQrJKKlv$SR^h{CZZdGbBWf*u@+NZa zx~llO%gABUQjsg41bE?{Z}MzF#<;fJ6o@}_QKQ9kf?oU3V5`M8d9D9<~=GPwOPz37RAI;rC;OcIs}z^4J%PU0%s<{ zK$}B0trvz}DISR%3ik)Q@)S&)No?(<7x)1Iuj-iAFY8gJ^_#iB zeNts4!k>p>q&CzK+TZy@4P)arRdB#}!haKtIz7OE!EtMm@22LT%403M=+)jk*b3*2 zDI)d4Auj)&Ab6=gU<22kX~|vORj+9sUiGm6Al$gHxvRUq?R41v$ioc2W4V37&wks9 zdvjCabPb}rMVBxj5+=p3Pbv*#ITE-0k=ap-+7vXV5HF+0G{@cK1+fG{I^}rzyw64W z_Ho)iSvU$@#9oFzYfJ_#yH zG7@mtCaU6U>=HOs`1^r!l(oRX$fTtA6{%o#q1^VAyFAoNYXc72IygLZ<)GUMgneM^ zU8Wp8sd_NSapdz+0A?ON;!|^ANV}kdDIiaj$BxL5ArvV5OXgh~FjU+-zz4c)ZT0Tj z8`iu+KiXkmCt2*jV*H&dU^j8Vl4l^0SAf&)H|)=~6oPDD{0a9h_$bskusyXEfuj2% zhetscr9TAwaN=ia@Z%!xyIXUNG!$U^zoc!f_IE*^#!npEfmH*(0*cfObuiQm?It(i zN)@s%o&!)4iNM=((^1DCOeX!I7P&WM+qD3!l)>Lz5vn-}+gF5I*>6l_H@DY}i`7)0 zfy+Ew%-OyDXSOs~-N*gX`S+WM5Udva;-gP)!QzrWR{S-@!f>na>3Ew9q$B6LHBoFZ&rUR1K)F+e|nDEze5WAIdeu8P#g(iqoNiC9H7h= z#=rA_AN$T&56-oHRgU>jlWto{B-wrwYSR6w0@Rol!D_fKo}L4gk)sm%E}1nZVTRFQ zRg4F`*nkJID`WJ+Txa+IxQ9PdfaVjU@To6@=5hgDjQ0>BIu0jc#fs2wJd~x+zMlcc zNyEWaQkS68|1a}V!CSC{8O`O%6glDybwo|ve0Ii&^7(URMr_bQ< zKY954V7^58ixcfqUe~>FL2j~WhX}ALJ%UVx1PU1c{F$TO2272`RejR!ijLD(MRp*W zKOCNpXX%}+1f*=^p6_VI@A@pbwgzoJV@)%LeRi3N0YT&rM9hU}9PSBH)<3{7Y};Q! ztu;1npTKjy4fQ6=;$Utkoqyl!L7|hy;@OXB zy1{QOzYKNEzR9=Qv+?|@-kHC5;Q!~B?qi$BA9n^9EWezQR;V!+{SjmYd6!dt0kP}x zJl-)NoGn-ev`PUtfs)4ZP)Mzxc!wIE71qE2K{lZU-7TmLXWjGK$;Y9pJbSz;dYiLsi+mPOdf4-}l`@RX--oZ1V!S8u@p@p5JI4&QHav1VhoJVcbf-*sevqnYh!uZg zc+{3nOg@hvq2T)bJ&Oo#rvjQE_4e3%zd2&pYCIT37V*eet`Jp)lvYAf*w?nUAVSQ22n4qj1OIo8PpaBGs+R zQ1>&ZLwn2Yw=P_S_Rx)2G?5k($#-7h+V^r=CaR1<9+Nx7-w6cpa$sBhDhi)k%@s&_ z1Lne@&m7*5lYN%3XX|b=7hL(K!nTdu2zJJ5dL|HsU6}BceDUiS=Q5x{8{Z~5y*t~! zs{|M;29yI! zuBY%*U#cga#`8Kgl;Z5Cmt^JS0Z?T9>2=7rp8&~P4_DE9a$kaL*nn$C(R-ZF{$0P< zM5I%%qyL~}KWupw1g4gfwdYSl;m1hHdYjVkOWM|@jRy{m( z!6YVgfWZOVI_7EE{=!2nVTMpHrf&1~h6eV2Zj z2MWXDy)g@65In@f$L~As$Fj!fO5C}B(#A10bOYBpzHL+90|a!SvFAo7@I9{uW*FoS za)CeCcQHqxy|=n%x}}QM^_!5a@M7jIRozeK=F+O&O>2T~+3y;PTb}Qe_KN|~SSX;K zx{p@-FIrNM;1P>WjhlwSRblm2{3y!-T-kKKDHJU2pQrFIz&7J>X8W=`Gx4YIxn3@x z*z9~6xOjIXa@9tJapg~FbdL4XzF#xnXX5CQAK&Z_{kRUrb=j`Wp0Q?S2VcyFJ=1|Dxvt!G&PZKck8P=g^-3?Wco)VOk2KVsTz)m+brMOu54 zx@Z{PYm2inn}k?#a<=d%Rz8JUSY$Se>0u%5l zyuRCGB!4z@v3lKpNM!$KyjK6j48JFT)c)^;aTJ99i|6Ql=0O!5sg-u~B5sA7KUDkZ zwG2)&9~1lP4}@z+8ncO6(@es%lL>|f#i zCGd+}y!>wUD^Np3@}_(od2C(@LhXX<{QP7zmEN-qKy=am({7NbV^PB4qXhQ{IM->S zb@3Flh+fnoC^eO{G_G^FZM|NniN=|Y=9zoc@UMkd4Uqux&Z??$qY8?g>f?Liza$;@ zRzm7TkCG-}w{d@(X5on|u(q-;!ix3K`ebnvKqc;-N3zJ%!xd3s`R+kbuG`^@7HsZ> zg!-BaFV@BvtZpUuT?`|xNV|6JzqF(&S5|u2;67iCWH$aZ4I_{x?(C|?5vU}*b2Z`g zV$gLPz5iHUr?b0ulk18rnA;#8six*=LmW%uPe*r1&5^G2xVBhtUBE+^w!1D}uM*LV zatxwfmwEdtmftFvMCUE*yze24mB~BJ5Az;k_o>3vv#g#JZ)aY*`01h2CMNFwGa&GC z`G}f~-Sduntb{m}Tf9tcJoKt|@e%gb{p%D7!?ow3qQ=DL!Xvk=X-k4DwfIkH1<}8E z`F@XjHoO(BE_2Yx_ukL+T$O$WO}(O}`X%-Yr{WWm>)52qCX$Z85;-uwev4%qwSRt< zl$XFC8+}S32hB|tsd7Y*#2m6)6a*A+PJiX! zGfv_su+Ccl)1O+c40znNJ^auCgsQ~O0vCl{Yary~XUtvQ^}9}dd* z7ID*dHAH=bs)|EfYW@v&rV?g|bbfAPu!FIb?)aRV6zRzi)lysov? z$y}V;MiE*+Tn&-s!qR;0LG?($3!A@+%Q^g(+5(ZVM_l5!gz79#%4yD;R=cm5M0_Pp zX&!M!TpKN@a)4h==N*0|)AfUNnS@<~80(@Ej11$i-zKG4qv77quUl2SUVd-~>9P86 z058Fx;_xQ7P;h*Qu7~C3;vYTWAUmwWA^>C_YWBJATZbn3Bkped+8jgY_Mv6@&TqI$ z%ky3y{Ar&D4#aa3@Pk(oWagM1e>!Y7-vs48I9&zdY)%hJFBy+Z=rlx5XnYDYI&^iO-_L`f4 zJu&9z(T3{s;o9Th7)-b3xa4$b%DmYr54megDmyY&s@i1^+Sv7W2xufeD&D$8)=GKV z8y!!>RCbmIy_gg^B&0Pyy$Q~f$h+KFVdN2h%J#AuiBdLa3d|z~bvGDcpR&Ex)|%Wo z@Uhz{A*6Uhg46qF(RucuN#r($u1IK7b;6fl+zyIN#Kir`-H~6+lh_l~ix&<`z>)YX zDJdr(4r6P#K;&vMt_rT&^9uF73*OiEmAEcWWcI7QFA^62VrRPfrX96m8Go9CHGw$+ zGHvLap4?UL`)|Tj6*;tMbhhMUelh6BhAU-(0a9Ed1?&4-9><2EaIB#FpJ?(TqjcG0 z#V~L~H@6jFf-nJ7�nsW#{^n#gk5k6x4}$EigTm^=oghfmkY@hJ0{uea_{VYg3dA zEtzY}E9B<^wh#hANx^mhA8xrI*VYh5JpAal%#7F`Zilc`CYSNjN`l@ceWh<+;XN`e z37hM_--7Q}{V-m!ru7~Qw_|F@wq5Sr@^~zB1dg>-)fVe%cwI0U@Uj*tio}eFS@vZc zvEx-?MSRarrpli(dhtp9+GIu5+_Vqe$Pm*(@SRl=xf2#14nruvTbw>J4ZG}5@#sSb81Dn z_;TRPM21FIQ;Nhqc*RM-GTLU5{O8lzy#L0Bq0bh_z9Vk%9}yLM^|Sgm5iIavYl-tt zAy^Px^Fps{$l;G)y;U%GR0~)uyB~P-XTs*k_BD>Zit)mkzoFkZH|rc?vZh#;-X*?JN$>GTDO|S@Wb`_wB-O61umcEsN7Ad@6raM}f+U$PZ zgyv@}3smF${F88+!qKtWcC750RqM^SzQ9)51kotErn>A{+6UebjqE5Ml}EEg#eq_g zA)fD{8DAzAVAzLBRo>WMnjD8m{*jR(qN)8`bnTJh`+lABlw=OL{o!o&I!Dj)GuU#t z_6)~Sf?&`Ie5em)uO<5idW27@%h=1pADgWoXw7`Vb3N(gO8+UL1IXvQ*Y2;~x1Xb7 zN=TNh;PN?|Q`wVtn9PwuU#&zX^<}qI!uH$Cj~de!E)+?^Zg_8Um+Odc*dKt)bk;eI z23bpIndHoQOeiS7M0jE`-)_@q!r%QQz27)u?NrDP;%piMzOeSYeVBE=J|^A-XPd9M z?{3#!nfXsHaz-aM%Vo^WsEvO0vZ`%O80cSfZ?Muh9AGDGD{0h<%h}Kp_))l6W>w)v zEM%_It)7|-mR#Z`K2j-N5iCHmt|T57wAOvn&bpZ zFcLXt4&y?w8ocv9$DrGS*)KGn#1NHvbH)zzt--RD#l*O(pgK19>|?=Ot55CCe|8_h z;k>lRqK=k!=7p`bwOy_T;W4IhzaPh&HkX%wEZxdGd}JSQ7>){+z~DljV)_VqyTvFc zfu5j@DA{%1*fYH6G}0u?IDX{?@ocEs)rmn`5W+KCEYDDM-{#QPNYoR!p7gg@8_#M1 zh~G^@`|~U6cZT;c1;Id%3G-&t;$h$dj7j)WvAH~HJ?9THu8hD<(fHp?gLn(zP)Wvz zJ^MnDFW?wWr5WLBfoDE2V<7qA;}mQ}LgN`tIcgp;l|)u)!tpcq9#0k#b(^V^uv;#unmBT?E_cl$Uo)kY#j>851?)j;gsB#D-H#lz*Om z6|>M=PS?#y_UwgW#>Pi1UAeiXM(5PDvzIHdFLB7RkAAmsfSO)=OZDZ-M93X{Pn@>r zSKdrCMe?{EtgT=Cfps~KmxhLR&Ic32{m|N;lA+=qye~cyYy&IDdH$mRi)fYi12DPQ z>L{njYn7eR<^C(~3mcfMBX|g3(PFC0GZT84L|cM~`ce8Ad02M-O#_p@9kX>+a3K^M4}P zXWRjK-0g4LLW-V#K}6>+?IzX12k7t+VHD-L%-Wl<@{VKf;P72GeOkQ3E{_?xdoZ#q zg;6;?i7hB8?iU@LUF;7sgdozdmB5%7?PmS}_a^GLV9ymM&KCARCE?FdY`lz~75nN* zugVb|6I#|2OYW$Widh8b_Su26S5iZUX@vIaaT`>QViqfk_iK5;oaqDKcZB@~+1B!0 zZ>fgB4~ZdE-(w9Iaf!=#qOFRQ;$ZNuimGxH_(sn>_m2nk!UHomA>BvlI;n*V$MDoCfGi-vS${pd4K1uJPXxdhi6w+ElALT~X%x%eK#<$2V?l3tt_ zSD8LMc%l)-vm+({)*yEVGA|!js|0-yu1Ye&1IFVa9a& z-HgqYu`kg}f1Z*)`uTjR5!s7`T_;ulIDnV!b#y?_;6fMwe3TY|u{pVe&e677+V1kQ zt81{io__bkg8>i%1EB5XCD!I6U@XEBLRGXCnx z_uSm`Wm7RlJ4r%X1IV*SNX7Gg!$};9lS#t0yc1Oinu4i@&-A1C$p${n zu!nk4u$Qj8e3UK(qRCQ|D^KnTO}yMGGPs*$ja{b_!>zBEPZBivU^hsb{T2V{#bdYC z6KX`()zX)%`K=8&#qQSsGOMPi49lwfB%I?D46GHhpl`q3q&Kwvy^{mck!|w(w+YRi z_Cq)|$CHzyKV~tlU-N(ktP`gfmdqt0#IN%JkLRR}cC)lW5Xk+k6sgg&cq!t(tuVqz z`B+O9HTn!VO^1L-%x4>>x!6DzJ4Vsi2+VqjeBfzYoW}m@C@7_NFF$7eemx z{A%p}D#Y(^Li>-5)Y5}T`BaW;7alW z9b^M`b$C{jrt#3I4ydLX5n&#Stx#Wr1r{*=D^+Ztna5Xhh))UHEt#?rv8~FH5a|TZ zpVHgx4cEw41GD!Q*Y=oFh4WvjQoX8q9q?9>_$!4v9!Eopm`)>*vGI)QV^%>>9yZvF-8D`QVVgExc_qEyFgQWIVwD%r1-sbFT&kyftrK^k)?4E z$VbG#S<{e$!r-0!SlrJbFF1z7nUVt+=V8l98_qnR!PpF6xc52F`7N*%h?N=?X^IE0 z+r*w+r@nNG)bJQH3_r&5y5Eoa5}e(jgnNuqK3}=?A%Ydlq>w*j!!gt`%HDPPO1C?iPAoy5X zsu#wHF2!;_Z~0q~(q9ge-L|Z5PT?!Z!Cfd{<`Z%La5F?lYT$n*jYx~_uuN?*urUn> z(`kkbQ<8SSfqDI=)4=W>r(yYH6$42P)paP6eZ{~PKS66dcT6I4fD8Kv@ep?bs=~QD?qpWnyXP}oLn(``-z?w%hu(p?B zI1KkI;=Vsur;vkL<4NsYMG2AU_}=vCsO|2xCJVgvK8mhA27CuohF0-Uxp&85fa|p` zk^leGBed5+K4Hjsb-o+f?+`iuUp!v*pXe$Kd>Gmdh7Vf$6m%^K6reJIj5CZ-!tzh@ha+HMe8=slVx+c|`%u5kL zLD1K$x=u!sasA}3s7hx1R*wZ3?>RC*$M0!^=F&x}ZF1&HpT*K(m|pdw8>-Kbw1*kk zY3*{2ZSOx(SAhn7+;3XnIYh{4;Y}WfvU%hww0fMcvS6p{I^Be z=z|$`728scyEOv+FhiDvJ5>~z?+a7!4^jat4m*ZIM;z*~)JM8+De3QuUk-7ra8Ro? z=j(8k%Mc|&2)y{zCdSs)>pS>$_eD+>Ij>|9xEHmM=kqJ~Bm~#vVnaXHP=4qSwfpcB z&q}cC>stRa_SM2kJ?D6p*lmaLttWYajPj+~sizOh^7Nv3RVfqx1qXwj)_+*dFUAZR z#=tb!5X1b2isxQSx-wkVf<50GQ9a*llxsU^l1@7xI7_U4nGAYGQz%Y#Id!rW<-J`={rB?|r9IXNs^%~u#aJWrPxlMmxM4v^uxjw#c&3!EM(;>kE z>pOk#OG_4}yuZUw$k+#SSEH5F3m?3F_)%hvSJl>JE9dUuZF=zd);DEnQ0)JvqCA#EvP=y3X`tB>!d= zDw6(q0%=hqY)=EO#`g#?is*R^`k+Y<13oF*Tk>uy53jo;63m3vw#LBjcrk*Q2SXb7 ze+Gq0k*u&_i#_RkL^N7zZk$BvHEXi>h@D7rw)0hDFIT<5^$CIw26J^!RCU*g+?NJ3YA{f0+q(ANs`m ze4ppxT#IBY^GXh$wWypJQ%t2m^sj5MTv5T-30(2=^>1xh5<-qo$fxB6Ijh_ds`J+| zSRdCQ8Wmu(t@ns;%egUI%?5PjS#VIFO~-D^W?jmDQ`~;jjKppZtd0SUrL9U2vCCXo21>|l{_P44p=4_v`6`#ieFR`b-} zSZvmQ>%31ZGhM`P-2}v!%;%WT!fl&c+i75;)^w7Ye#{G?KStyLe0c`;eqVfBa{;E= zMb-xLhr7Ipo=gmhGh|9^)mZ~}J31mOYP45R$MAMP+5v@6hy{5%P3`X9k5 j7|lNEZZPG(?RG%I6D`tiGJ|Q;jHRZcrCh1_HvInq4G=4I literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png new file mode 100644 index 0000000000000000000000000000000000000000..a8af2a9e2ec24a39347f4a290ad78da1755b7f52 GIT binary patch literal 29554 zcmZsCWmH_jvMz4HT?Th|7@Xkl?(R0YyUXANcZcBa?m-eDxC|N~B)EsiIrq=IYu){) z_o~&stE;N}+f`lFacU~EXeh)eP*6~4@^VrdP*89{C@5$VB-jtix)4E~5p#zMBq~zS(90w;CCnqN*6;;F622ub31_ow&dKw84VPaxJx%L$Z zUF9-_{6A%z^@ea$%$`ThB zi;9Y>udnax>t$tS<>uys@?Ea1tSl=l>+bG0Gc%*7r%g^y*3;9|*47pk6+=VEk(ZZ` zi;GiIQYtJgw6?Ym2ncX@cXxGleSd%V^71k=GHP#ccQlmt_4N%74z{zi)6mdRs=Q~Q zXJ~G2mXwqXvlf(*k;&isS6ouOzE)*vX{oBJ%FD;6G+L`rdg%QJJVV69okVqqIC#lp`oxGLL zY_#icD@BC?JT4aE+I%cL4C3Jf={8zX;oP;gk!FtWQIQUy3>8v((*6B?R$gIYH6E`N zIp3;5!+^xRTz}D^_Mjl^Cck>q807)W-m>!0(6$9{Z&OQ4HCYn}A!WUk>Erm}UGv!d zaQTqRAolk8DwiyEr<97UEU&4qKzVLCHSkETQ(8~4bBLKPFB9irDZWZvN1U%lef;N4 z5a+zZjJA+gpq`(LDfwPMI&tJest#D)DL_huqS~N>Cg)FkzP_upGl_kvZ+t45VM18~ zF?re%v3pyVtGlJVxrLCqnY55e&P+jPXX|8vOIVm)WFmWle=QW08@IgFXD#22i@Z&j z4LLwe2ph_{p)}t2_&Fw0TW5nc?>MxPj8XBi&v4Rs6wZ5NC|*4pFfgQjj&3|Nrxbl;8t) zQ}$id<^mek`v+zr&a2$Up!@OW>$S=cHpn_uja<;%cW4Ht;55b~Qw`^>bR)dUS=ZLO z^L5iNOj#u$q&`hyaBTwSdJpHzpJwDgJS)Jt-y>rItYDBpFijl|v1=c~*Gx$zBOaV}=mUyO@v# z3Oqi)+(Bmn^Ck8Q%|z}=)yoMbtj=Mb>y!>seBm%sebI`qnX^v8l&2zfaSyFysp;I9 z(6#cO1?|iY7qfrg)29kNUxg{@5+GfymkJf zMt0jMJkZtxVuuNUq-~oW{R9p}-5+tNNAsuWxR~_A@(IsXuo2+ACIwxMw&G7*nLKf* zG?N5?c^I+Dc~40-$P{25j#oc`BL3Sj6)1t4myX;R!|1P0r*IOUOz$^-$*f>ng(DeT z_SF^-nn!`89FrPZx`tmG`JGZ)qr$p(=7$v~zB3)TEHAHa{qD}`{%A8P@$Gk$JzflW zG9M!}0L3R{rjmHEkjon;!{|64!fJUTa(q}h=l9L3b{uuDvu1aLl=HYSuIN`56rA&o zU>7LH4==cv8{kidfeZrp^-YG3W>Y`Q8b5YX$Akgrc^*#vz8;PJOdDORW9HbyC`fn-~@5FreVvmvn|vC=5E!=VLG24>(jNc{rV*w z7z;1XvTzX%dX(z$B<45`h*Or6#p^vJZtsPe_GeD(Ab;x%cV*0IxmJOk(%13XA_*Gf zrLW;U8Pm3+7bL{m-N1SK&&Z3X#nnGdqHUh^G_Tv5zkJVxZck|D(thL}Dg8Efb$9md z?&8_q8?QINKQy%EN6%zSj8jn&m_sCT^k2Qd6V&8vh}l~MxAVUl&jbEd_NkLIC1!G> zQQ;M9SLhS|L9em7Hg0(HLB1+$60hT+<&fZ(c zH<`bnwM~bxH~aCN_)rU@YcfTpzUE(eg+Ga(Y~w6d4HcB{J>@zZ?2Xa#1qefamIuJtktv0x_A*<8~?q+ zR>43MSZe11+Vl6malZfZ?8O&3bQg-siB7a=jz@`3_N(Q=Z3`jPW0fEEr=gLD);iQ4 z8W(Tw^?qn)ZQmzY(gsIDUYqHP_<9e>&@!wr0mz%eg*A(*nfoVl7SqKt$3LsRSP1s! zpZ%;`Q5YV9lx$7c*EznQ1MJ{r@~8bD^dW6MURh(t%L16FQ@&($)_aKnZLdO3Wi5HC zREiT=cQ}=-LxM3ZgbJXNP%1;3M1<9=8)6Mlpp!*zq^DJn(le)cyd;~plqWK;?w`7a zizj5VhqcR1Ku{x6B!{3Pgu*%Xm-6m zHW0KgMB2Kph?MWMPll-Y2?RjM!^mW`Y+O;Do7Bghqz|d)p3=&@gJ}L;#jYEPLDtX! zw9F4?3c<**z4`}Zc7h0HW6Q?i);9-#8pa6lU{7MiQq$W~z!6zY>n2mViPw9ggxXL^ z2Qu9R##sH2G_gYtm~I*diJmYZqvhOk)Ephd$n5c62vTV(5P!&_o0wzaVyU6DtsD6I zRgGyZ)#2)qP{aY#kZ(yCW631ZaX5rpenpxGQ#QtchGjzw!2X`Qy|vZn=W+M*LLq91 z6#C5XV`q^iH+4cKYRa6m`1yQkoxTtCLFIx!aXq0PBS93S-E^PT?3nJ625~?Yp6Cji zV3gHh#>^-oNtEbQ>loq5wrQmb)1dR>FG`0NBFHk=(I66*tNo#-))$0vJOi@i%_Yq%^03Xzq2*X=Vc3d3cJ{K{yOV z1>~N~bCev)5e>yi@&x0{MV)Zci|W?9DqOV6JggTK-?k&2*4@wkhVC@=;(rC%Gd}4W-wK> zQHyF%|LCIv@-cq(px4X5*3`@pWN*&s2IlhAS=s61J2Rl)J)fPm`1*O>;iUyltigo= z+xC)1%@bk%TK)17E8K-P8nfsxiuKVS$g@l|SW{euT&)XGM*WfWmj`l`VzN~J{eWF?&Pg09_t`ZMSy%W zRftk#g)f?O5ex;7ipSNiWP?Pm-9{E0+f&JQX|a|0@TcalKPj=wrU; z?I*Kc%D5OJdaQpTunsWL$WKb?$fcB4jMX;Kv8^a^&Qw;6+dGG)iGuy&+9M%)3yWyL;be;OX7O9&7(D#Jy6=I3hS*|J5eG35 zX;+b`r6&)t!a9KM?`1Ozh>m$*_Z60c#+n4a3IFqO=VifG?kkeQeiw>s!4erHH&+}W z?fvv$muMHf{l9#o|Lt*;;RnKu;RpZc0Gtd_@<(vS0P7=m#sCom!(+%3 zu`U1}9^MakSY1u+@4F_P?B~y)vHnA%{}1V}HSplYonZKC+}D5t;~ic$G4O)(5<-sY z@)ufgG=y%u?F+fr*S729PKk5LnWs-VjhP{)mn!8oFS&0b_>^4ks^9q4;3hjqmz&Fs zOeqk5PGEH;h}5~_1E2HV5 za*8Dxde|qVssA3Fkefp{xmq{uNkCN?s&XOqQ$tcg(0cnT<$fHFYst7*E@OafLr7hP z7rZq8pKpz$B;()NDygDJ(@g6hGD#?}pv_1qyAxu4NmxZOA?;Z#<*ZZNp*UAoccZrX zTHkuveH<7mG?7dtfuY8oR{hKJ20;om6LR{}W4-0*@FUQ3a)kz)C@AdO#B+DVqM4n<}s-sx>0Ch+@ViUtqG8SS`*T5|*NF9;~-`HDwFP26_w*9@4eGgPS9nS>&HG$|h zjbtr6|HV?9dCG3w`}pTs{BK43Q3+Tg710{@R@2aNlE+ExZK6@> zG7f*%?p)iSd45TG0TzlDU!en065;bzY$;iUJq3e^_eG9~lQ%4LN0SpgxcCc6&U=RQ z1G`gjh})^bnTxu2D~Q&TQwD-BOUTVU3`Hphoc`l*>0{mFq;&42*<+uF3HOY z-^HrhE;V@MUz?nLGywf&HK^2&!c+TTDs+P$yXdyK&2j%V+%otrHe(Zt-13+zX4;r4 zh^%^VZ(kvZJjHpQjHU#hr6`~1=i$M&X3J;TNlxTS061;W*JRReI+TDiXZH-sz(YDc zP53yYn$*qbUj$iZ?l~+)fk|kN8z83AU2dsdv^abe66U>JYBNwR1zFwX^{n~4J(iL- zZzu1}xE`c5&osC$lpxQ8&WjEJ0TNg%ORbL7CAQB;vpvmu=>$YM@ z=>l8N1ED+&BXr6wAO217Yp#ds<+6r2|JnARPu*L0%W<`$Gz|E+sB0O#_~tkm-5oNL zdwvbiK)$^*aVzMo5(fa0+KUv`_6+{~wP9xeo*8u@>H)C;s{Vh)Ml!1a?Bk=_yUVhmr6>h*!MJH}`HsGAJ&Cjb_i?xKnAy+zE z!UEjTcjJ*L?P=XDwE?F>Qqu?4tHNV@W>PYC7LsVOEAt;eJ(pjQ_RcTWK1nSdoBgwQ zLzRN%jIQc$6sAIsA%~_zG(igb9?HvV4I?X6zT<;@o?h$saCB^QPZaZ0Ieb(xOUSFV z)^@l#07zdgDdN9OJ=9LpCZ2e9uomhFQ-aYK?aGUeRviRG0m|!e3m(S$K(mQh2dE@y zAgq5FUg71pDVR3p=|j1l!6oM6)UWE~*oNpa@@^C)u~alSy2+|MOEb$OVEr+}PwIcD zv=t*HF`{6(wSnkh1o-J)t08wb6YGSk?j^c`?cb-eT#9?f)(ojT3uxmQ32ZMJ|FL6T zMY~9Fn*tNi$&4;E6lN^D_BPHvFE<4MH<^SA=uR;l7|G}PON9B90?_@~)txPE{N<>>y7-ZL%e-zFRf1EW)y=y2}szc}id+%7Kq)gR+@h zk{^7wX|n@?S=r z$~K`UKH!&lB$*cpdmEYhU%P(z$@uC@WC!XG1(mHFnm9`yA4D#whQn%wm}rv9Z2KJs zua?@V@LqK7ZS%D+()6wu>-#BeFRL*X98c&R$>cRUYPvsvsLTB=;A_r{qrMM_!xUb2 zN{E#0FUy=wYaFj~?lobK{hX!dXHwd(OHyCufSRy*JD(8|6*DYVOXQ?0bw(roEFvc}yn}** z?Xee?-UR)P3Z*;FMsAE?`bc3s7nn;S9T_T}tD!j@X4*C$i}PzE z*v)7WW+){#z^hF_-7}|sEnpU{?>fLq8b>th6x+{*pSQf6R=GbC*E#Q1yhJsp-}2|+ zN>5^}?~B_23b>Gh3r;DGqCERF=%`Q;S8&?Uo-RVNSk+(HlaknkOwL0{|ttpa+dB_mQ*EoLtTo(M4g>9j$Md~bgsj0K4LKXAFglj5TN z$rcmP83I)ivFH2MZpaS$xS0qOHDiKIK3>>20# zL_3_38(p}e!_O+NK>k#(ga**p{bN($3V2;;Q&8@cbXn50=1~L|t1@JQ@g;gyH-4zp z9`Am6SxzG_G1_!g(>BezC1pRG0$HBj=>*wr^de{_X@2|)?E)M<@yWqDEKn|)WztK=X5dP-E#b`q} z*@yadW=<@z^rU@WvgbrhqXDXI>o|=OYD0Cd<4r=XHSL(V)$7AH5e}Jz#rVGFH5nA| znO?7rkl8-Me8o3q2AZrt%5cDTuH2WV!O7-HV{r4qk!05Wd_Zi4G^%3w)N9th8nHI? z^8h;%GdVG{ISxwlf+j$^$b!1s7x0tty@ua>ia@tQKA8}o8$8^6M>o5%HSHDg-jTHh z8X!k3c{CJB$>i8R%Smptm_FifCdF>_g{7*C)d1_92{mM?MZ+Xyn7U2BJxf0a4Z=B|6&e7Re%{^+XvPu99u(|_rPX;LZk0MP`7>s_H=V>X`sL}lIlpD@3rPX-S~ zZyAS%6b|6kYpjRbfkhI}E$s*?qhp$mZs!&n%|=asC+||=50VPqbEn|SrU6qg1NoTA zo2)oh_i~L){(0k`%d6WSv#cdPXi1r?(_?+(pKQXSU0za8WMBgfGi?ZCqFRXD6s%>( znHwdTqt$iwlS~4{3L=m=*BD27*${YGIhJ};e^nwPj7LewJdHMg!BPws6KrnZ@-n1( zM*{)uJ_EFl)|;Z*wgbdg)zWg8P<9~6Mq|hpmKSZB@+tK8p#6L zuHNW(oG5ye2>% zpVlzq;>#LkBYlif;a+swo|HFEJ|*1MiQFqIfnE{zDhXu0Ss|f)Xw{zPj&^EO%GYG| zX)^Ij`JciAk<=yIFcP&ZwZz?1B@m%zxp6}ZfpDKYJ@_9-8+1$X8 z{p;%}w-xxo+UGa?xqR44x+`#z03%D2Y zJQy)T*y9CJc(Q#&qc#%rLiHg}55iqG@`-)dFv%0nmN_F6cJR}BG5!T?G-BHjN;GUP zKGNSGzs8I4PxX;u3VsYN)>kT7_N3|Kf*hx_0qFWF@ZL)<}}zTIqbrLLx^zT6`vrsb0CN)(HGBHUB)FtEpdTpM z9=9(}kC}Z+LMHP^&CSeC4#uW^&&@V@=PN$q9x5toGHYoF0|zG$oZaXvA&!?$+dSuG z!P^EzK^(T+fuQ>wN=u7UDJt)}mX<^8U#yp0Ky_IMra6903|-rR8{EdNn;FcrqmM<9 zuVsPcXqf%BJ}fh{ct zsc{D0SknR=n3LTF_-P4HxQrQ{q!?4bp7rh7pmzFYRKRV3oWj(UPR)`H_b8(W>L?~P zeJu@LCf&1jp+h5bF780_hP?4qCd~wC*W`FK5UyrKzC&7%PB3`^Nj1 z(u?E$JwfOt&VA)if6!~YcfiZi*!X_m&8pC!0KiWR&u)UD&M#p{l1Ml6xKNbn#fooG zB}seAc)+iawCCsP^nVzChjG7{U^@cv@3c8eF?Z|nWY2b#km7~HH zH8UANKu*%ga^+ho6>S?>GYJUcYBW_9lQ{@(F8AgJC)Y#zz=Kz7s>PPSbp0gtsHZ&v zu=zlU3-!`Zx{UPseI~HW3%!w`0Q#oAY$Sq*PfVy-_Y8K_A!pCFdc)AJ?{LT8BT16v z^n~f=#=n(?%&Y(?bwG9RmV!Zk6J~EmX>IDe&ckEV!#KWQ91(?LP0+jbw@Zo*oq2lY zg!xjjFxtUcS? z5^>wnn%}xLkL&ihx+S-|A#7p&XoSq-&(MK*gORp%qVQ#d(uu)Q`9)(Tez3yb*B&6v zID!E0t+PodqWCMsw;owg_QDptv6*btB*xm_DJJs$mQ7`i9bg~AV-6w|1{LAP0NJ3v zn6AkI25JP5Ka_rp>ZV~Gl5a6!<;c=^7K1q%zK^L+$P0-bJB~8!@D`qg0GETDK}h_e zF`r;9u|zxsB>*?XrQ?)ma4?@Mi+bx#{y=pz1;$o(k4Q^9$^w#HA~Yzt^8`__EDR2& zf4Bj|q1Fuh9mgqACVjnmfOa|-_=pv!D~Vz2`^Br1UlDT56Mu2HtU)lF8%aSNjEL5? z$QZz2o)b>~Dj+U}F@k&SIHfyCZyoA*pcCG`@F{wb6v$APp^!KO1KOfgoN%L9$ji}} z?5$&j$F7i&Kk**=o%1AcNW~xot@~*a5;Y3j4P(z$yIowW^e=D8xG|+ObsWUrlmO*Q zrU&rn(UAmf#baeMg5UBNEy?)~D!flUH!;ZD$q_b^i<*-Y!DOx@aX3R!m4gi6`pEJ9 z5S&jvz^qsJ&^0NRqJf5y{2UI=#v3Q;*fMczLvh^rxJLq2=%O=-Z}ARsH(Snn$znC; zBo`tMEjW}7Y`>3SrOsj{tia{`=T3=~^4E|z8J$4M0T?42}_HX^iTGGU* z?sgiFD)Gn5?0_(7O{G#0*2@Mjdd>IQgR8(u(9W16!2e-ZC)D2oJtATkZ%P$02$B+E1IErpVLvNr;? z-VCJ=W#(>Mg6V7J_5c@Cs<&G70zJW#Cl2(?j@qG%epYKU@(7yh<^oy!1MDQZh!g)% z++=8KWn|x#*=oeolv6rc;5`}*6S!NGu}U96zoLkrK*LAbv&>IWsipT?)ss)Ia!pj* zgNcu5Q^_VzA5<@}quH*gBJz;ti zdLY5102byjO8Hx*Z4Ao|D1YClwx4=U`70zy2my3D<4ZMYia|G9j=Iq>22*e@_0s!z z;H1l1T+iiI3e-;SRq{k!S=-&Aw$n|=(F3>q(OgVK?mE!7Q(koAKuH5z)jxskI=ACS z^kR=Dv!#AfB9IZO3&+b^y=k3%BR~=@dTPSx>8U+R=!SvFD^)Ffxe^7h{}?4$$f~tt z7Mhe2tW;b2n^Tl) z2_{qKz7#B`ueJ{=wYA7PN6q%(4iEh}EVO;K(gu8Qv%$T#QHzMfb8I#_@Bn=8nb}e) z2f{$Ja=_UM;$ZE^DP|{OPNK+;udOD)hS|^EJcW_XT`%~B{+Wb>Nid`95&@Z0>7Z*S z{sQ)$E`Xrq;zw!SL4>6J+28#JgY)uj7%LqTE?Ai}oGXE~c7yPAkgf>f3V(+ss#+z+ zG{q?3UZ(K}Z1FB{UbF{5GvlDQ3*TUjg(!&Vf`f{s+kjNlEYeiqH=+ zQ%7TDqN-QJUuv-acK@PK8Uw{_N*_Y+QI?`2f&Qw|%#pNZlt`jJ)Cn zPF7b8RsB*8d>qHbh?eyriUK(o%$bBQH^04K%2Xr9hlNi3Hmy2~fXrhc>gICdxxM#^ zHXDx6knj?FXR>!V)qfXoE(#zdi(`l#EYAG0`5k3q#h9fAq2T;>*Eg0gUH@}AEzEbF70sQD1;q+$FsU8CjMZ_e=7bFh~#MkKB5u%`2WNtc^+l) zWpkOYSFOIVRz9Pu>ja&l=<@A1I$4ja82OFv0U<_6_v0)(U$qywjPvuy;5%U9w} zZjA)!Lp*Bigi&Kcl|*&p$*n=rAp@Tq2jXNU9|0vP#ng+9PX!yLUIZzt6qGJfig6w# zq?8viDIDMVkPXKlOotE8ccJwfOpcWMlnN!o1OI)>ei)o2-U&IPr;!g0kp}cS^%^>_ z$Ceh_af4z*EHtDdIeML?{~j8I`QA7Ri?>Mpg3_k^aIJC~2X+UN@P7-7762__XTtuq7-WTb9TYD--v9n|B;bnfj7r@7$b9xQ3ll$1Ofu83ulG;&ax^D&#oVvZd6tJi#oxS(!#l$684foP zwU}v6inHVzu;MsTkVWfdkBRrNWc{64yP5aXKS|%CUo&Ls8jf%!?vn)&wwg*Y7k9M{a4zx2wI z2W5t-?;>-7$QOTAVFq8}A|Aw4;}2vYf@A7d ziq7pv2G}^VCDlzbfT?D@%nc{!HC*aJgcQ>pra$npXS3TajiJKhWHU~8Jqj#ToHC@{ zaw?++#MY|R!fZf>{zc|d*`tyRQVPEicmXMIu*}TS1)vhR^{cc8%zBGwWW#$k+230Y z!&e(D4x)_E_+)4&gj-v!VKBlfkTKydfCn-UA@F6?08IKdzNGy4SACiE@83T%BmOM< z!UYG|8#5hl>_dq5D8@H}$;N-RiidS|2X&A~|Bn@=JMlA?TJR{^`g%D()%x%Ekvf&g zQ;jcdtWTW$4`I)R?=)KP0ae;{ZGXW%O=_V(t3okevHu#&5e~j$|7tPak^Qgr_nWn| zHod7hK~~JMwBR>BRgZ?RSb3TXw8u>K8t`g@e>6BL@Gi>Un*6X-5>pjwdJ`BB#jWsB zyOE-SxW$pg`hXAVi;cw-6s=CCvS^2B$0%!IONJ+)iIjj>vX(YBCSOwr4lYs3!jm5| zjrJ%$w=GkBQH)J)?IDv<0_Ag#Ed_7k#vAJ@;DjW=|NQpV)vDhd`Ua99m%*&dayGNu}ojXhx6JajlrDO<&(ML+hG17ME?78eRXRruRqMkq2Jn?yYe(%gw~YA^kW zC5jUL3AS8I~}&cA4v5%kv|e;}PBjCc}?Pl!p@VDic5HluOS&CJ4JDDr7ewcsKT zcSX|*6Vk=eSQsJ28Kw}X58H5IB8Vmuz6;mHv2hZY$&kMl1O#l%XNgHJdEKUO2V4rA z?0BH-U(#1q^$+I#vm!CGk{#NR9{x94AKe)_MhR=FWhIgPn>vmitab}d0a|&2of6!P zgh2qa8m$b3Fx1z5nBn#+hlKqpoNX%wkdy(J7K8m7w(i-ydbUS?hlwCaCpH4Cl4N3! zmr!PFDAa6>0G@d?-7G(vBM=L8Kd#aP#U93R1DdBOOz-UNX*B>a1j>S#7BWW^Baklm z>aZptOf8Z^*ADTd?KCf#)U0YOtdd7pc_Z}^!Z0KQuwn&`?JF=J(*Hm=uY>Fit>#of}rVu%HcC1E%4TRtLV_35C-8hp>&9n>y z(PWyEjEH&&WlbXtQ?{Pvji9L^!hGzkVGujMF+lZL5j1s5+Vf!?bSsTsZ4JP+r*RU> zr(bd=21*grt{?ezV@*ZYQ_0qgm47np--DxMv|H|M&vxr@o@M{>sF$J29RPt%>1?52O#8zFbh-sVPi}z8d)qD4{f;mO2=(EF0 zoOgwsRQU5w`i^Yx*lban{Q)b{N(s8=Y|DRV*)v_j((M-9vw<`fC~xAb*a)rPZZXD( zJ7E5i*5;*{uQ?3;n{V)jbrXB( zVn9B!6!g~Rk*orGs8S=@UhXJF`W_zc!-(JCk;hUWF?s|#+1zN}<8I`9%TK#2es^$ux``b&ZRw&+%<@OwXi!NW)0V%vXGMSlpBc`{qW7Q7793)X z%y=@TTUD!Ve_CUL;pHy&G{2{$DvcdIzC2YHpIl|gV7Nw-_0=SMvMBEr0;$jUdn`Qg zS!PnwF=9@YhEg2&0fQR2ET1tFnq;(4x*IkP#V@!)Lp@=1&cZz4_K~8SWp)G%jlbm3 zaeq2EI|5)SiV(_hbZA+2Ti$A~F%pmVV*^b2=;`t^d^VjVde>dq+8A zgC=k(zHun<&71kf{MC!!0Qz_5(|n@JenQ4C&=r?M zw|%RprFLtoUy*}FZ4)@Wes8olI=PxCmQd&Y&fOEp8|Zwiq3<{u6M$?rHY^DUYSsKy z+18X7l3;#KcVAeNsfmj(Ejf>61R2Ngq#9mGz_x5sEqDBhvs(P|!=s9R+{U0H0-34U zbJ{zci>jdPt>v4HEMF@4pG^x^-&^_b&vfG%;t&Q+;7kj}nh~HI6?^_(4iu|IrZ$x* zfvr|Z_xTW3!S8YDUFmp?Qzwqg8|n9j-_&bADY?ay1P_>}OOL31KXg-LT%JlsU8j*} zsM<>Ec_ZKCJj&zbYZWD#NALIKIQw=ma;AAV z9ql;%SRlQZfB;oPRih5~;&#&zf_4t1Gak?d)C*t37F}yCcrF>$67lI;^@8P+5#05+ z21e?jdPM9%ZUvTngda3k0)XOb!L?zGDGtXY-K>gPDn77m2Q%?#L08mgjHMQSi#NR0 z0Aa|ET_Fh}0IUM615;pVVcB%X^&&op1n{O#D;%~qaIp)4#UYD+1HyTkmdP5`{a6}q zG`A+NZl-x2C3xZmY~Y(Wc0*p1eij8)Lm@*~D4_LkiW-_MAgU;74hD+_VmDtD4M~&X z_%Kr_Q$-(NGVeLW?Q`_f+9((o>I44E;u$jeTW}Ep3N8&Jxe`~OeFq>C+_R2swrI;6 z=@brnbVKfU0^qq>u;n;tZ6w|y^;^rmt_>rA%ONJ)duo91q@^9F%whthpv2jgsdRN+ zp`r{RU7cOUfodc8*-4iLOcU;-Nd#_P0RP6~gt}`GAX1Flb#W7V0A7265*5|4_%WOd z7L1zrrysl{z9TLFgkiAE|HNC8#w*XRmuqF>9oPs2#tdm&eXhJmB4ft4UP**Knj^h* z^f=xBx%7z!+;dY_RsYtd;bVWRP{4+MYq$V8>QwbyEf53EO3dL&34^gac@nqHXAT@chL^u;?Y~22WR5`g7{{Uaz`pGS;fUh zFiST;SP*|gB5+$q$H&LrS}K=q6f^HnLl|4t)JYuH3U3j{8E#q*o?*YKm-z{%pOL%T zd+H6bg43{LMx=>+tVFI+g@`Uc8HN=V^P;mZof1YJ;yEIEs<;^(q|l6~9uBOvL#AdC z6Q2y$P#MvQWXiskM4h-Nl%E(sQe7f3X-?_7k zF{f;lYLHK?C&%l7ROm?#OC~jBjAI&~l4Jy3KJxJ$C~?$TU)Yz8rL)UFEKWfK20CP8 zi7T?o=5r9&upt@Mq!9X6FHhgg#=*X(aMOt*H9E)n-46c4q?!U_FvkwtN6P%7M*3kF zdEt1z1&q-XTrmADmHnft$@t7i4^W4*n3Fv^KWb|nTk)U^_R{Z3Ae0HY81jDl_eBl1 zH+>8X@w&B{G&jCDeHLI%GKR=#qv9mv4T}xN@VF3{SD6=r7h*zBz8%j;JRkm|^LHVo z(T}_OpYOxlTmdHGtk@qv3M?6x@AFO3We3RoT zoT3D+d6=;Kp1i%w0BUAqt+{Kq{y6SDb_wnD3&-pA1QajvhUv{4Uu<1Q9(20F_NKvM z%ceQ2h1|vggw`Xfjt`gr!~#W4u6$iK_w|tw{y?3gd&72l^ltvxhM)5a2(KHuc2;dd ztQjt*C(Mtq+Nnc-!aVgbuXhCuV6F7hZ7o*$+hUDyl-5cHhwfh21|3}Ux@KRLeG1ig zFasRy5P8|54zUl0>s6>Uc$~Fv9_SC<6;D#jwBe$%okmnB5bwm>O2?MpKm;O*3M;dI zViFQ*AqL%~Q`r4^KXnN>*gxJ5W5b?2m%aMe zE0BB{3)BhsLBL1-3wMGq4A48fg6g`|&&Kg_a5I0p1o-+qY?Cd(k)K|nq6Pw_MzH-s_1#@u>pP1m+WF({fkufEEq0fD3+;H87!s^BaEx|fS!)`Aw`E~U{#u?? zf(11g)EH;!<+sv`BH0vhdFkbe21kI96}DWFxw&Dc8&KUMi`s}dHf|bvYC4AT&CGz* z^bZXK2iDWU#-FgL4%9dh7GLsiT&{=fP>`g zYOZ$_Ym+|@{Va1Rn>j^{xIQKhFFGhFgB>5}f0|u3P+dp+q)zLQBsoaQ z@DY1d#!2@GigLr;(V?+GeSW?m_Tu3xFZvm9WliyY=;}h@f(=^+P!YAVvOvi2l`XWm z62T8W=94@hdk!m=)hg9nJ;3pfc#lQRu2+6(*ujfA2O(N7hN{lF9?1$(V!!<+p3boBD z3i*6iM0GW_~I7L>E>w$|Ln+9NfgE=-PngWxY_ZbzF zToi89L<;L~52q^Rlq3-^MyI(N{IUYmW6%Iv6A`f}l{99ZjE^{$eomD9xJsd3E&^-j zhW%Fo6uXi*EYB_na6$U~v`+vb#6B6X2LWn;7C3Vm;kDQX8ejEz-MkliV(r=wFFVNQB8u8PZIY#KDCAcqBLV{#3FjL z+7zxEmmwdeBn1Uk?8-29yr3MVq&THvK7iPQK5kXz4f_pWRMlU8ktSO=H;w0gcX5`q zzn3ut+{^z*Aaay!rZSobJX&ai%Wtsno6Cdf6%cx@IoL06IAyOcrl$=~_YQL(Bm!6W zn^~)hy87jYHnt2_)V)ycdVv^9#`2z?NZ*eAg?jE}A9MNNe9HJ)?p!5*UieptR70dx zYrdtq`p+L6)2g;qkIU881Aa}IlKggCBP(#rxb*{@fB=P2WjwptKRlxLn{fW<0}Fpy z7TVWk;Fo!X=KTv-%DO_CG=kF{B@uW&WJnoYZe2Q_C^pKfY-#Ym zxx32n!bio@rXK>&|Rz@nj~Kn~eF3Z>wnV+{@|XO-_^Q zk_`9_pn#}OTM-qxJahQ`aI%SiSq0EC45c6o7F=p$jnnBb0p^Yc2GkuYdX^sWV{ z4&yjeS^x#WEeCooAtZj6?tk7{veR()q4q<6pqf!d!bZZPbBAJ~6OKTi5Dg(AA|dA6 zLQ(&xW6{*4Vz~(|%n0-dbc~x8#39cu)Gai%?1Nz_CBRJrX!g+;^FIUWBVnW6hLHac z^1CIq|I)s%Vdj9h$9L6AgKx35BILdc2JKAmX)jb!iCrkkJ1bEkNbI!uD`49kN5s8Eqx02{MCQr>OEh0%sY&TCgH%Edh@SDj_N9D?6gVC5` zh>=Ut=52mH`jd#WyK4cxj<<#cI)voq>sa#C`e4q`vny$$Sef$U;My4IMES@He z2>=1q8K#5*=(KN=0V+-2X>d7e@e%9QPVho9xlG9MBTxn@iQzEGQ9RA)@nRIH?uP%$&BNF_7ry%QE%A;8FlM*19>1UJ31hjVV-rG@{IsQNUxk zZXD|8omzKHrrn1LsI*c;7j5kJH{6=s?nc!YKS%d_?DMc;_SA_|UG2gHH!M@#q3OGR zIXR0A2bVc|G1@T(^jCT(2+%HzKGe9^7cBrg=7G@O@@@q$2InS&@os1j1w<&6Yfbzm zH&iAk`p~BV_$Xd#IzF8KdHH|1Q|6NL4iwY1ZrVemj^TsW)-D#G?q>{#fOfQfgag#* z`=Jx;sm_417N9qpsqW&B#~SHkwzvwA=#w;{o&M;rX;a)m@$|=X^S=Vz(}2OiYeJS2 zAh!16au@*f#ah{F#~-#Udz>>jdI8dO4wzK1)6$MD!xQIDD3ei15#mJH4aKH2;8oQ_ zMb^aPRf_a3NY1cdQLS}QvD;`!*~OaAaCRIiQTiaOH*!V zp~r}M2A(hJom;vq<4Jp0Jy+w{ZhsmCZ?2*@!r!NJXp$_@trX;r*6{c!1j_3Fk9c4>iW~kWZp#9B zwt+a?ZW2A79=R*BDTGaN#Oi@UoD* zIliu5MT!lJ^u=3aSmuHQzkD{!+y%k1tY#65-lMIU8s3K(f|G|B$)ELNlQGr0PG4n< z9|@af9Xng$sta)GGCi@+E&29w205B{y+%r!CChC1HJNi8d+66%HSU7Av$0fHRSj5@ z`_%0bCI5IPAObG|%fMzgo|YYMr!>CF#$#8D>k>v+&BpF1b*e9p;*7s3<^vKbz0fEk zgb+eV-wY!u3*xuAQibG`lG~CVv!6DFvZbQ)<2Mp@o!GTn^oO$IztVQO3ygm2N=~h! zCq@7=tEL-VU+=_hhe?y`s=?m6vE6~_2(@{PK}5&15>*I%BM|4;CttUI{NsRwm?{6K z%(((SY?t^oR`?N=Tb>}3dKz3~P|G*d1F`tA?h(s~w`L9H5~;cu;IK?ALmp!7XCMO= zmGu0=-(!T=ZmCdiV58~qemVG9;3~PwPORCu)xsm{bHK{j>PjZw9I}!ZJd|HP7RV}r=&?rSmX~fdr(ldr-UK-M4H?_sZumaO-0o2wS~JP( z6qSl+a$Gz&;6z>=2QWim+3lNG0BORuoPU7cNP_nR9_N^ko&C)^ z`&KDL>iBuWbTL4Gsjgx2sqNb_=pUn<+4n~hS0ZcAsvE&=Ci4(Kb5R@WD5VJ};Z*_Q zU}A0evG+jHNmCsjVIk;KM)b`qDCgc~17?0B`c%m?;1k&IU1H4n3(c_#&pf1Y?>^)( zuy2YM{lDG?<_gSzO;Zu}B{c-e{*smbWxYH)b&w05qegbvNb(9n_Wi7W#yDh3L?bVR6wyTsT$ertkM?# z7Xs2bK^1k+i#WZ#B$j_!);;Id?1cy$z=1G|qz&^(3)eFGpVR!M+Zwo0%hKWBKREIM znD~<`2|^C3s_`WP#L{UXb3Ao12#w7!58`U-PS>50XYaf$Ad5;D_$uWIy5w`pU-xN= zvkfJgWMNy+UpUpjW(655Zg)~`M9x>aSi~Td?<~-kH^Eby~IzLO_A^JAz>s-LydqKyi3 z(*F!#!KR(Lt&`zaj0KND$Cl9uWweKENnrP}0&3U)`imRFQQ3()&dJM(%3NjCo;*Fc zzp97!iLO<_XMNPa44ULP#C(v9SI4Rl;_Sld8G4*lHP!i_3P{{7CWpZJ!*jWI7gwcq z8CNQl8&Ygj%~s~u*|F0{3e@FsBBDY$_aSl>WHW`$zdhzy^exm&X_rb-E>2JE$k*^d zC|i2h7&!DDUez&TJO&DgEf27Uq2Y=UXCTbLunjTc55; zLT{~>s7#UyZO}lPKD(nBgR5VYOwEBY|3>`9VwAEpKPD`jaf+Yx` zh~Dd?@3fe9!79;$-Myv-$)hs@G&@nT+aqR~`rOG?xnMPfdf8Wpfc-cqmhc~Anxk{` zh4ZMSGq26fwYX_I6mpN=zQNicmTQIsGQE`d3xS?nqiHknrHiomlr zeKB-A5XNNZL2AyFPecRivWRv?X^%LtoMl6Z0+eZ|60z(Mo-NqORY*ZC(`36^B_mg@FK#2-5Y%-X!PL~t_u!^0) z8t48{vk%j%@mJ(Q5TUh(vVKr$60)7u6%KrK#ZuCvNV*zT7Lh|KXH~sNiXD)|Sm5WJ zyBLE;?M~v>X^G}X4`qkHOj3)a?=Ff%UY>rM7oCQ_MPi$L$}xP2_+2AJjbfiMp&6%e za9#I(PI~diucP1�fE_M-A$0IJ>QAZ$zfI0 z2CWh#SGk(r;EU3rP$eaM7Tn6p!~ zgFB-AYTv8ggYypwm1de_J+`G8sC3w%1Y$&c`hdY$XG?+YEn(6%n<&+!s`zOQG#lg{ zhDJvgWP3dy4#KVag@$qsK`r0*z30ibc>EFB-?ksrZ`{P0&^bdJM?XWO@nR7ro;c~fs`5FGuY$~(PtZ3 zVH*e#;w%IZ8&AYZ;DGW{{is~j7&(Y_4AzU|y9gmRm$K*$Vfve@+|WfiJsL{H2nM_%H@(hBcZ2>W`oNRfVal;Uz+K_ zn>&`LO8d24&EBc~MW?&j?8jTh7rMEI6F&=niA zZb8GAgUxH;s!FxL$$&qC^^U2Q6GEX`qDnzvZ!KZ`-Hln}!*1xR%o0)zyRGhYuke!t zLqHeUK@3+0Lb`iko#VLFbo^+9p?&o|#kc{$mGZ`(kG)qu%~;9}@GgDeqlezc7_OpQ z`|1(6K+`RjKMw2?EuFgW2v~i~H^Wf-YXCg~89DOe|*Tmd#YS*gCF zxYbqudoOG#xh`HGft5uyAuJ3(h=OQ>sK+yu6|l-fu@Y6H%@$r2%BqeN z>9LWxkfMzMPWfL)AJ|>Ef@@?m(IF^y2!$;LYNf%snZ4~tvlp#D1aQ;Q@R9>K)~zl# zi_92p#~!xb9T<=m;FxDo3ylq;TywI9pZ#3L2t*Sp+=-M|X_HujHd961Xf$ue zlby2>$^izTRUf3d>`_Q>=V#yShKdFAjDJuj+WBnZWM@72pJ#69ah*<_EHJQvE^X`6 zG8g{vn`f^Ev!BE2u&Tf<4qEm}uTJt|@h2 zJ^BeW(}WtuJ@sqT@eSDsrck?!I1FV}G|@u}%Ph_>>m2(cJSqZ5VfbjoPQ;q4N5G{# z(4RPO2xQ-KwMB4>3fdMQ;ua+hZ`*lkl=Mbi-=Q_|&EE@BnX$H2vhdpT7)DH9WSH2l zHlsFS;OZ_t28x*>F9n%^PhpKOvHX_jJ_-AE{Yf*yv{*t!b zA|8}6S!N`OYY}R`jf>deFKwc-!vDof#lsSPtpGCy)W48Z&lcZqO@?=?pHp+6pi^&S z?5p<6L(SBtYAUcxK5LoO@zkiN;)?5i=BTENO;Mr8W7nqa@>rZu{}tr@;@O3=IwhXB z?4I3mK*tctnJ2TV!?%#x?rZrI%gX0B=H#Q8VIz zSqpX~>t;ktsIPK+Ls{ZgAVO%5Nb(lI2+)j7i^gzM$0f-r>>#!F2u4(F`X9EHzvPZQjjqy905D!wOk{ zyIOJ&uwg!_BxIOxwZntK_PyW!djC?YfVv4T~FrktzLHEPm{$h>v9 z^&XKD<^YCH++rsNc=*c{M5b5c&o>3vKrh7h8MQL;8B;`|qGOEw z&t{&f;ujbKY%3k)o&Mm+;Nck1ZFsTa?_J=E^CXC;@1!cLvtuBKt> z>mliQCHh^KM49vb6<(mXNtz<@6B)W1F6-)Ty-vrO>t|H>WNB1y$c;hT2W3)ZxZ@1O zi>g6%fT%dY&ng@onnTis!|YcuwGmP>z~Um|0!|4L^Q*2B^bZK^X2KSi8>p`Ty${S% z!BfluJau)SbfOLAhetY;xLbs_2*Npx=unaysW1NuvJLuxT_w*$y>!7&1t;DoumkJc z2)OQ3&&kSyJoM%Y9%7zcugK3X$&&-0o*yW|wP9lDpAm(jr6cg1vwIq_=)y&%KfDi^ z@-*g;@!+6htcn3}$EZ!%THi3?deB%_YH_LDJ4@h@h9Ml4asx-BmlTv3eYzj3mjbRd zQsVg`d=EH~)OpYhg(m;eA;vdZ`2ORJ#RMjV0ntukNkDPRahH7qyZ6yHhN{Yb{s3`__clUt?qwLM;o!mmj>678-+V6o)bJP&ir@4uPeA1c zYz&vs(ZwOmu;60h0cfXz^~y`ezMq;h5z+PUw2)rowk7>KI8X>N{PACT^h^kRXP8mK z_CdMSsGp-kT{Q4$`N;ut%AYOZ+*_W$?NEa_t?WO`Qz_!#^u4QwEN;cxK5)ibN`Ell z+-XZ6Oa%j)pSYM(6Nt_!_0Q!|R4mCbz`-*0%-F5qDK@Sgv@cUv+_g;qEV^sP^%T)-vNFoc%Nt@Q@sf&bLfzcVk67Oh#L*s4@s|UhLZ*Ik zPV0Y$8om3NmrGaZ0mKSp8@l*>Sj~71t4c{^>b9w+853K?hn*yw-^^VKxmX(1kd z$WsbY<#=h1#eAIDY^5}18gIdrDj_UHGT-4E1Z)-E8uJ87R8ps^TFXbt#imzXw73sl z!8BZZU7t(DPONEQ?$-e9{EboaFS~UkyG#9kEk~7lVdT8awlQVRCOOyOjz=K#jv3dZ zi?3?tH$1|cwz3UX>cx{ZqF)F#g{Muh+b8tMBwv|-!KZYuGxnG53K@+7800Sgx4Kx* zg!(akvdRySvK0Pp%eL1RxA?8oZ>`LdyI7a~h(GrS+RMmh8&`DW4V`|nD&!Xu(uL!} zorF_7^W1aty!qYx6#q}G$5m5qVg$%;ux`$^oy7@+?^QpT<|BbMh(w4)2Sm&bOo$8f zH-(60gK4O^fylQ;Xd^Am_0zNUfBgcmf4E=_GzlkAp_mDP|AE&E1OycmN0o#&;e&jK zY?LD^x@dGj!Jz;1*i-S#R>WBo{zd}*kLT+VM4!k9ahC60@iJ!z6VS)L5C}peH`A~! z%jNpm@q{%;p^<@N9`u-cRmMR|cQ$^SQ*h-I7iWdt>^`USOP*{;67LH3+(T!Jn3qN+ zw;u0Lx$A%8iuRp_Ooq>X7KG=W^qvd^$MBXVjnbE?W=4f0mry>hj3B{Xn8r(A|R=Y z(wixg&6r}A{06T?3;^MW^}D<$;U5IyyJ`Poy;Bw0zeR-8#1!qzP{)I+77 zjw5W(_0j24AQ9Ex6K#HYj+8ytz}?Mbt+llnm&+r4EroyBFxk-rhTu3MH-9eR(q1_xR4T0i(b9sTSh&)R4!TJFvuNRRU#d`tm`7Gm?O;ENd>nn*plMK zy%fzUp9_(m%EbS9|KR6tv`FNzQp-AUw)U&e7*zKCBevWXi~==r?jwma_?q<7@oFd- z`<6MgEGiK_-}u_O$byUbQBOZ^L=x!kVm4_8r{<9@vRLk}o2ZhD2FCD~a6ZZou;hj=(n2r}9pZ z1Xae+s-Jz_#bR2O<1btc$?=j__UD7-vqPa!GNUw6a~PiIX-53acVCgffFPs(L7TuA zGFW=yRXb-WueGg^YX!29ho^G4%jdICac@1cs|y z8p#BzvrH%{63@XQG`W3w$7%1)8)y{XA;{>W|<@fw(yNS9~BY$%< zX;zy{Jrpl@JdBB%FtZCd0Uw7Sw$s+h0+Ft)DB%9^IdXIC`aZ@|X8IMyKNggY*32)Z z^zp+c4&c(;EXrJTn_?!$6N{ZZoJzou@CU-z3-AXN3FL(oAh&evE(O)OUrWu zsNfJq!|le{M|QS!>M25P{g975cu25HY9IR zMoP@7lXn=sYfXC|-pe<`A;IAJ^;ud_l1v}kvhs`|@51UoDu(CuX&Zs;&$R+a`EI3T zP5NYpD${ko9OP!=Xm&wCjiY_HFHWP1H+tw7S|0wlbweK5ZWB6u&Vp(POWSJkbA)_G zCiBrstAfmvy;IVXJg@6v%rYBgpC+dj&FX1TsoE~2p~y3X*lxrl=ys4+J`|a(@*B$} zz4GN0+pW=9*H_x4I$bsL?qJNGn4#4nMi<8tK1&n}CHIO}PhP+xC5l?&B$26#BRMg0 zXQi&h4C{SGd(`!=#}hfd$iqng&)+zaQc=nnSVORA+S*5(ZQY^Tf68C2cb?)l8oV6q zhDxul{ffuN;*Ze?itQ`Qpq5cwGtjP(7d;zMILSZd1%sM?>{bh zfr=>L7lvcN+}uABy{vHY-5Eiw8K?(Q#wdV~%$K#!|J;X^F`9)x8+;5l;(LXq1N!%* z+~_;@XZy7BbUD%l6-;9HHTd+tab2|nqdAJ@unt*@k-Du9xc^Bzn0zl*c4)(118Ex#8ujrdw@K$k8DbxJrPz*>jfs-O4%$c&xP5X-%r;Qx!|f^wbw z5`fKs+b{HJWH7&M#xBO71IfvV1O@k1#`_*{9Wvz?PkS!yc2#eW<1JrTrx z^Ld5-^LuUi2fnF&%lyoj8JSO}6Q$P;wHYMjbR-niAYAoPYZ4S}&U||0->d+4WZ2bd zKvJW&Ct97)dibe`o=5=n3^}#P19$?uHiKZnD1Nk1@FhB=@9oZL5`=EO{u+!KRPg9E z*dh{ZAeH#t4)x;e^$8hS*4sPDS#5}A_m9Jdo8nm?D~hJh>bR7)x)k zb!n2->Y`HJqLtIYq~jg080J<8__i=Yd9=G-?$)6PDKzIC$gdYa-=cjnt05KA;U%8J z->A{cLVm(NGB01gKlQ$`-1}wm4kgBrdEO(fFY+HIhtt#44Q6T5u%AEoZ646coM0DBh5a!{AYFx33E| z@?s{{1eJUS##n&dC^B^*U1Z;f!%OVWX(-Ex`YYL~Tp?YXT(0l%2EjD2)tLn3nS;H( z{o_k{8(UB}S<{hw`*8%$`Uln3ztg{Corp4VO08G7LfPS?0YOr>Ht&gVn*#Tb6DI;b z&VAsEeEa|0e!zg1n=l5>rNco>l)odG|0jY^B;!JqHyNm!5#2eRWewHRhI{Rv5IYyW{Evw(cz=F*K71eZkWeQ{K^^F^Ps1IH8=oBD|A^Vx8uSWGmy?&;YLi}r5y7eDB*)+D_Tn0B-ucQSc)Gi3 zh=IiymCt>Fabn?$trc&Ksu1Lv>vN}<34^|m5Udc|}>twLATQ9mx zyf!;GcsocBH(Y-X_mvnRKx%zSta{4(MkH2DGUsN{*&Ua)P!vdT&gZmpm7rC$`<9zw z%U6_~gFvB7gpZ}jeaY2AbZpb1bcFISQY=nkar*}`b?k{*f&P|{*#JKBTg<*)0oE`> zlCxxTJMMz6yW8`Kem(n3U@z7Oa7VrRJ`ThOHBl2%m zyj|{JWRImp1W9FDzxuZNt&HKC+?HZHiB!0Zdfu5VkG#5}_$xBfnqh_9{!Y&Dj-E;E zFo$7wb;!8_H!`+8iUJF$3&HzNPS6)WM(Pj^ zdFi>`^fIrl4B{ktPgi=H1Xc7yj{FvxhDoPfymOHTX?SFv!%N~2pk{KeXe#-fEJNi! zi_k}n#HwbgO`|Vj1tAR4#Heyh&_opjU?njwB5~m9%81snRaVkyKPV|qpLceXk78GJ zU-zu1iQZ7G&N60kkLe-+7S>%eGH?Es)26DqMUzm;v&YNtA!($dMN?}_Yvg&ZOLqBo zt{AWV9(0?Qwl2*v^;s+|PC)1-WV! z{TJ)p&uT24>=~Hkeenl9%N%YtnvpPJ<;|nNjxG|Jtt`T|zToB0zd>+0My@iaar3wJ z_V2{BT1V<%6ThuoFP6ISk_BD*H8*^W*ztS+tgqYpF(Bzf6=znws#_J!2oJj|lQt&- zcTbG8j39UFwnAyHgYIIM6uT$4s~jHZhwI`>U8ZdNqQ%q^?464FD@o%AC>pw;GCbF& zwKDG?_N54K=ssFKv%nOl(rRzyshvn(M(y~V8uKX+QSq#I7Z2bhsvW z&$nq#=Kx2Dl!)Mh82`rLP^$Pj^6Kc5W~bGnp(z+v5+rN1C_C-ePgqn!bxjpEsj`l{ zX$c4-eMxo5FjZxkfFnzE(Y)~cxV3qr@4n-sSBSRupki(`9d;^n-H9mG>whe7>G;W) zPwK2-zpzrWu}U-6Pik}IpW`esZ_Y&v>0BjYt@qNnp5$&d6aN*#41*qAHu`fq;M29( zl)&(%&|vvkX86|HB_VA;!3UCl{5;rS)k$1;km9QBdKu3QI67)Hiy1_OM0*Mm+iQvvY2)-iILmpIrUI)gq5Fl~v3^o}21%C+2#K>7?S+FF(Ye#;TPh z--Hk3pG`+>kyKfA(Ela5iaZWEhA({>I#vG>N%bdtZ{WJWmwq;B4+RPCD0u(t(bZM# z2M#n__(A-i=0xymqXQJjcBqc`(#N@TO#CK^pB_N4O*i#|b~(x+z4qUs$_8#T+*gnnA0o`f{a{90_^t z_p@=PB8ALSzKY4&Eg*Zj{@|T?sFXU$qqS=KG6B5-k`*p?K<`r(&ZLL&z$J@UezHSt zLDp+rq>XQxggbykQUlFVNE+LC38Lj%=@e-_$mv1zi1Jqjnk0E<6ea2(A)`R@`xI5M zk-yeWM?82}IFq~h=w{cta?#hWwXkp736Jr9jiFs)O33y_z8b{lxb){QmgZwnVe!wt zDRyC52B)O?TX)9`q@g}%;y+mPUOmd(hQ_kTaWUkWT?{*;n$YDQM0rEh-eXoNMocOaa&bGJlNOUm1@xL_=CAw+lv-QA`*WyB+@QT zw6?V&ptFKlde$y&4rO5$0_G97Fq6~=*&ZI@v92P|sA0b z0=3XDSL#Jl(-Z6>$B+6@j%w_?SY2RIdSK{U6Njc45=eteI=sY?V1&g#>+3O&k{{u1 zTsWe5u1zU

    Q-aqG?ATW!8)!Q~RplSa9+osZiW8uB*24w9sLz2ci-wWvsMW=TU) zpj77<64Mqa!jvLX(Hq}%v*3$RM+zA0nkd7K=Q!`E8@1WlokQgJyT*>vmxJaIw&o;j zZLtXvRFFLf{+B0x4Xv|$xl^v$1ATwNl0{GCtHCY8RUSy)A0IjL9`VFzWNMnx)AOYX z1Vu}w>I(_K#)bEXtx9H=&8WlLD|n+bf?tQ#GV3fnzEqLssVNtfsy0K1{AOM*3i=|? zH_`mp2s($0GDl$X*frdaLI8Xsz!X{tu0$``PvE73@*|RqaK}iwdnN&x#r2?o>W}s1 z!WEz81U}8c(H(6kKS*5>_|6>yeJoWRW%nG!39IH?6oue9Tv2{EPA3AGr=F&-!s5k* zL=!7WI2s%yR5EKed#a~+jO3nW{wA~`p7bB3LUpW6p?gf5aj2qwGAur-&ZGLY?{s zd^Q?9qbkdkZMF#*gOY^asPP9~8NEok6p)3dR=mrj`|=kQM8@B790uE%qszi`ClYf+ zO`lLBA_d;0+)>ThntlO6`rZ%_}Vi=)Q{b%Mp8 ziY9!}5(F@^3Ch8P&8>23mdc|Ok*iesl_WN2tovl8`=QSCrO)1NB$x@39g!J{7wbO4L3a9y! z>X}bN<^UhU72Gz_4&L%4PzD_sLzY3UmCzd;r)1U7I8_ugv0Bcr9YAv5+)Bd72~s7< zHs)jHl*Qu}#frc#q8Vi~it!U8l$r_c8NAWnN+4>TDlumHyJ0MIyD;NKv_`pp-_nP&~4i(H(!Xs6q(gAeNPQG6-Hqw4aRgi=Or2xyuK>uK}Y0FUzfs*g^-NP`M}zWe3yvIQX&NSavF5WrtFW zC3-(2x0aR&D!%r3oyD#3$wycDpuVKm1{zw_#?+7yh1GCFl;IC*b{}|^6X^+_L{U~lq6YK0_pj?K`GJq#EPw`ag@|82{rlVyE@LWsN93UR>)Jn? zUeis@BpWY;i+zg^3qN1NK-)wlRXbCB1R0aSrOyxWAlGL7I;FF~Ku2wYVR$;chLH9! z>h2nG?-=~Rqk;Zaphhi3ehlX^1n~xi$;Hl1AuAH(3_PX(g&xCwZ`K4iFuj%`8ltYh+ru=k|a|PFEHn3@G+=mn#Nsbq~;jkmC*+N zs^bJEi9`GGdpF+-8VFviSjl`)RSIP~pDh{##1H*(*i2wiq literal 0 HcmV?d00001 diff --git a/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png b/docs/codeql/images/codeql-for-visual-studio-code/quick-query-tab-rust.png new file mode 100644 index 0000000000000000000000000000000000000000..467785fb3b4ec538fe56f23eab6ef65ebcaa13ee GIT binary patch literal 9316 zcmb_?Ra6vC*#6Q;ilnrZ#4e$9iZn~J)Y2s^NQjg)N_V(RH%m85E=Wj7!_o*+A|ag; z%E#}2^}qNozqyz*XX4D6cb?~c-gnMK>u9Nv644U@002@oRYg4j02}$xE+WKvsKdI` zgaH7oZ#o(fB|17fR#sMSZtl_1Q9eGtk&%(1p`n`Un!&-r&dyFICMFvjn}UJ@PEO8> zii)zbvfkcaVPWBxmKJ}1e_meRjEoEq508O?0X8-^UteD@FRz%Gn5?X<_0S zCMG5}G&Fn)`-DcLkw|1$S65qGTTxMwva&J+0@2XWsI9HFx3>=s4b9EXb#ZY?OG|5S zZ#T@IGcz;$`}Z#jg@VCg4h{|q3JS8avTxtMef|11=%MiQcXV_>p-@9ZLsL`J{{H@& z+8V>G*}S|wt)V&-6B9`KWMpKdoKw7~r>BvTk*jy8mX?;%hoX>>5RHiD$!UyU>hRIw z(c0Qtety1YG`gy)icea7c42;JX9pyw&Gwx4?CgwN^!4@iwNBz!1yxN!6)2aWgp^gN zgxQDjWM4%^MRt(jGY(GmkQ!m_HyXVaYOMv%9)XhK-WK+*l7c`UMOjgZo4L993kS2; z@6tp)9Rf@>`LtAA^^_G$Q)TQT4WKs03R3(~T~0}nR~eCxZhrChhKgc>I&xw<3^-x{ z0GpATqCCWRX@ALFd&!Eb`{ezNF|(y3@eEs3%+5jTx7E|6s3Z6B?g-Izi

    ?ZB=D|P zk0!{Bhgh!Wb2y99aBm`?{rcd;FdAA;aRsu<|0Q{;AxzSd@$FZVfn>%-sr<`td{*<7 zp4SUTUtd)}U$EsPbt@^bwKP;nM09q-zdWV1Ie!__{7kVAUod=9jH^Qp0dQ)cbO!9w z)vbCD-gm-f|5!~<{W)H{G`#TziUk!WDzF*SO~hVV&7qXQUB5Lo86qVDSuQU~jQn!c zTYjlB-Xa((a(33#v&O%_T!5A~ELG&}8@5kLbk~HJ{D!(V?95RlCc==L&CT`86t0ET z1^0)a@xf`lvxj{o!ZtoAQ&X6h-L50e<_6vv0ZqDY=A+=0asf|n?RUue@^gcXDzeO7 z;r$Or)-y_q^S$0A+p{;G)A9O9+e4XikrlnRqJ5<%?QKoZ&u~{%eK8d6L+MJybPGcJH!Q1>nL-nn?!zccxoD}arsly8s zD>T%e!E*X%pJ)cdc6dQi6q2&B4*d+7h;u%8>57_iYF&V!%&^bh@8uKyR9R9qW>3QA z^?EMm<_PJ4y725VRBM6n!AltX(uVoD*rbyQLN*?%J)gCtZxF>X5Xo+Hu~7k1HM?5}!ozb!s8QIVWCR0$Z!w4|ps1bm{b0)R9mgB7-{kB}8d* zeoy-ETnS+1m$$OWyOkWiDzs9U-k5=Y>k?`rEn>g)xp6h2%;}T03)4(+=W|`DPtSD` zHN?puQLO&mK_!@tzzGFuu@&9JjMvio6x@JJc`szeTq8Ua@}U)@gY#=$U4b+`l8;p6|8=hU z2p*PLS#^BVCd1}iX*ggb14=CDORHI19$H*?hK6o5iICJ~p&J%H;e^r-d{yemh~&JB zW&OtYOp)URKHeN|9D&-2`I`Osvu(!s#dCZBhhl#vrkH#N!1nQ{by|XLt@SrNh@^m~ z{-O11S`g6LBMAvYa*nNi*~kio(>MfuJHM#cw#x4b*VS4Z`zdxJ@Ucd1Cu84$esQv& zD!lc17~bt{#bo8IS{b3x!9#DHPC~xdbU5s!=P9)m1l9x%Y-c^sXt80ASe{is^B{O< z^5!@u7JfJq7b-9cC91U^iQd$_bAT&b-n`sB=QWQ!Aw9vf5`ICA#b)FAErvAtn0HKJ z>Gvd!L2?1De!Hn|1qywg(!eao^EK(gD`m*1$n|HNyaK}A=jBnLHj^X6cIQB)jkj#q z+($MC%p2gFd3nvbOA2x@LU>e?zOh8Yd2KIF+I-j2?)MZ@qe-G6Dlj!cIB~Q;mbPTV ziOGvkMli2Hz-<_l%jCJf!p%1BkR;vsb3OY^n^$DiwPXldVacOGNV(U$L@D)v@tED1 z$uhka`kY~GNI$V|fzhKA-!1A_inX&&i`o3VQ$B+GHIU3y0@b~SB)Dl*BIBsyNdfA2 z0%L)?kM`e+QEgSdQ^GOfjpXPF`*MpEJd~Z^RFbo}vzA7Bqj5uwGwR*p?;H1!$3wTeC_(;1 zG=ViPXk_XKlfRoy>8pwqC&&?A1;UQU-EK&!*|wWAib9-J%k0Tl9_2M$9yxKe3bUGt zMj2g#x+l5de2bVE7>m4-FVpr)Qt-D`naPrJs=JP?dWAJCVae<#EdryL-cl6)xn9sd zfl#jn?78el_8Ib+#raUGF zO>eu(SnbE1KAnB1j$qrcueM12uquiksv7I+hzG9*z z`-hDU&19-Zoh19o-u;o&iY@yc*Hqrw6h6ZFZj{eySL5OgS0$0;KWlw3KritOobHcC zn=IX>mXVR@@(C)X0!VQrc(Gr4n$GFC2BshdL#&}Ah$zP)>~P#$I?lpnI(~5#khx*1 z?IQ!%IwwJUBQKM}JrAyOn*KJ=!qbuaR05U+?Q*9?ot~AcZI4Ijl1{l+LlUsbl1wsB zT!Uxb&g_-V+$%jWx)}a+w3TciV&+GCxYUgC8$*cC?3ZdBAPCX+BU@iwDQ=r6CEEPYoZdd`%`~k5Wzeo`;t4M!l`S?wClLR*8;c9d_OwV z%ASY~DYa^4-4o+ye&-cYU*%YmgRJr{ioIa5> zkwH|++JW}}yu}S$AES9Q4rCY>vkMf(AAl`vG?!nJ5uz&4 zrKqPDqLnt#o8a~R!0&yz_JdY;Pn;EZk~VBN_c??>)$Uk8nTc*i8>nANXmlUyTmy$P z8n&B(&-G*)^O979qXg+dpRPJyhRh2X*U$iyYJJr^8p+BNdDP~WC$d@TT*V{TWxdUi zuBz38=^nGpg5LDgRy}PwtSh-|9T^uBXExdn#fUm-yj?tYQzOZLHkN9Sei6TU@Los& zccf?c?I&rM+ZHKunFU^f+v<9#VwJfDs99Z-m2iyy!@Vt-9kl;FxcNL4?c*kN>F(xs zvS{UuQ_$*vHG(Gg$vrS{YiKcge|?c9=j{{he{sifdG>z5qH}TO z?Rm>km!l@D?mylQx88%5znT z_=o5>Ux$S5`5-PYm0jNpd@8IlfNGN7*sWzAILqW_C$;n{ypnkJXr-%pum-g3*X$D; z*nWJzxPsm|g!9P-1|3X&Elp&RjT8KI7U+ z?*s`oaHvnijKFNK{a7GJP~@G}SHtrus*a9hZ)Rf7kWj&jRuN8o#Sdeg!#HywRWe5k z)pwP8Bey@rtHnNU?h9dq3=$n_3OufHs>VGQWv6~DT z0WUG>Y5VC$>qwqITJt8G@jD4 z;8##0x%r$iu1BwgHQ1RRkEVr$U~phCP_3PWt9(Bu+7q`k=lJ;vGm!Lc(D&x2*7tqZ z;Na_x6VN+A>t%mVr|K-G_ENU`mmts{z54f`jnTq&6L-xjp^;B;T-_N-rbiY|)RR~9 zSV^n3gm1lx0I{D>D7Ld1cgVj|;@*gml zHHmA*#7Hc~WrKm-kB9dZfijkA)RD;>!YD>dULUn)}Qg+sV)Tr`UMd+*o!y z4bSG9mk~l&Se`K`Egp$cOob54c&`y#yX*%>X>-&^Jj07n@|nF(DvleiLILjYZ+;0^ zA8a1zkyl@2CWX^x4PFUY*be{x37cRN_E}MG_p>M19LfTHlr{}$-y(O+A;?eGs!eXO zfnj4NPxHPw25k8vzPQ!MBz&&?#V#bg`CDaco%+@?q(r=}cG^NVZAl=Wn?eDoz1sTg zt0;8`AC!@g0GyQ-KNHLEgM)+G zcT2rxLF~9cLcHQ>9~de4K+R3nhG&l8Me4&IQgwf+v~So62!l4KF$ zKO$`9rcq1JTD3k2a)CGsSI)Zs$js(uO@lyKAWs|@mdEf0U#Ugz=ls(oa351K8LTxu zL+gBknGJ$yN4*-*31nL#n<|gM(I^U~G*bW>M+VZrgNGO*mk};Z^5OD$%0K+T=#Aa5 zg_GOqlU!1}kGrWY=Vt*9Vt?s`nW-Tg__0OQW>W zSV=_HV@28G?C?##;-O~p?U=ecw^}e_TJ>TQ#xwQ}T za}Og6j~v?TqlgHQo++jW8rICbvDK(?OXy2n$CLzkEJ z(T)xGQ);s?JAIC3LJ!(!d)9O>7W*B!(@xsh%P;Y>SgZpd5_+rs!q}pAWb$UcC$-4? zLt&?3Fys<8?+)jlLO5>X2QiOjbxuY$T1F$>?2xC!Q-mQL6eL;;nEf$JF|jf2Lajc% z=(+oUz`*2H#t zTQDPH8QKBm&ndCnHl@x;bi+G544{(zQlNuR-_0Au>|Ak0^Ow(Hs85Gfj}yMWXvbeB zo^J}dJUgjCf)$73=cKKQ9KGxp$Dqxqc$$lUa--x{o>g$2b-jv%2zv%Av5>02yb5l9 zGWP$7cQe+^{Z(6r0!35}t0*O@R0uYH8Z+j{i|h_}hqRu9xM1|u5N7DO$&^<82#&P9 zov@@DLEnntA`*!MGyZD$CCrS_HBou}&||`(nh65st#>?x67SGo`51x@&P~X(ANO(F zR%Ms|EKKwSt26_eaJ!RnbQ*lp28DjV8pM9t+j%&Xs=4sWi4QA7RG`AT@FHBctg%JuU%3b zdn^xferta>WQ?%f9u!JY;15e8PC{d2JvsDwLRh@fKtp7opU_lP$?H;ya@uojX}T4x zUJ}-vZYD?Hp<@F*G_W5n7QT@7W-j-T7#ysbRq-zRb@AOb0(Hg@(2hsS0#Gm$dhEKA zP|DIkhtTiue4sH!o&hItdtpWJD^KBMJQM~HNh6b zTbCn8ww^7&T>Wxd$uyK6+`{u&t2A|ERF`N#uHc7L;nS7TMuwtDS|BNht2Jln6tgD@ z@FB+rH4z-VQKgumHhj~Dl!<#tS9*!q$4u&lUuuuygxcoruo8P3yiuuUkKuqhB{(8X zD9T-83u;EUQ z;uP!<6%-^r=U~I=nf_;6^Mwf03&TO`>?xPOGCeE(yI8$g>HBjmLThUbEwB0MIR1_< ziuglTB#5=n#2tMAAVPw^l7vT0q>rEKwn$Wt_?OGP%G!~YWOboPdvg4~&@sA>>YMUu z{kyyQYbk_xD?GTnGEJaMA9_5fJ)D)dJUp%~b(r^qTZ{k|YmxoKW9>k9sb90O3Aw^@ z*Lbwo<$HcN)IW7|wRisyc{-iu_Sv%Q?qV!Wj#rF8m87Nz^Xk-Vu%(OpKIBRO3cdQL z2P^-{`_H`n{JVW)o{X$?Kr#0Ovw>(Wwe{|9>S?OJ(xa|>i|e83_NzTGnA2?)GhzDq zv$Ws8^XWABnEz_v)el!Q=aM6#{1L^npce+A2o ztm|fw$ zD*Ouw?&VXDOUqmhU=?b`2XCIt+pY%XoAvtC@_Lci!Uwfw4P-?uwEv+3Zianp|1~-Y z*ceU3z-}GD7-`X`#Cb0TW`xRw-jt}&WYJZI^ zEtK_RjvIO4bwL6YyXPUj87&}cza0o|bej5O*VhxNU*_T8*%(w1LSR(Q$Glrv2fSyw zUvm64Gqba*we95qHR1i3bF6Y~= ztk3#y!fB*id27VKLJSVz2nzH6wBu*uAvKJ)BT2muN$Elvqu;V zAD)+@Ar{GPL-osIdF%lg!Ac2|tpWzw?1wQ}c@Jk}N zp*tT2!P~|*w_XcomrJY*?tXZl&!hm3WrpC;;;o-!w|p-W7O7pnm94%nDaw#{wwd5bYwg zDchzhkh&0xO)Pp`1gtRgIW?m9w}5A1G}6kSKjvpyrHX+fxziD0$msJ~*{J}r48aGC zXAFcU3cG_PsKE@tQ8dK{B8E@)ny_1E8mjjIh);g)+s$%Mosyrq*zqJfd4T^eVG8vX z_#5eRB_Frxe$~qr-HJK^lwZYnD&<0qGr2@DGZ-%cE(IUpTJpu0Ww=z{!SCd(|uz5xf{2{6n&2hNek)=HZn253QOb=m$*Kh(*-3k&J?u zOqm~Jwvg}}@sKlNXjw6 zj@by69;lI~k*zIMzy}8Wio#V?D|;gv>1r}oa20*c9g_|X{iVbC8X6@VW|ct3O++ac zpUvV;Sqc2nQ1T%T0(G+dQGyJ=z64Q^_?NMC=l)XCRCAOgj{2ozo`tC&z%I)#b6(pS z#Q{Q;B|Zsf#4C0DIJ#3<>+KooaZt2u-AO9PRzJN!2IzrLGI2z&N=36y6g*iGZ6B)v{PYxUIzr3Ze<_7BX{Onfd4chOhmclAl{%R@N&C(jUlW$| ztV#I&wW_B3SO9#e!@8VLG0yifZh=|$AyzpQd?aFKv4a=Cra;XXG=hQ+0mz`hJi%r@STknWP%7?l7jC34y}c`zrsa)DrpFf)5hziLgBbhSm_Rjtvhl!n zFQ(s+^R&1{d3I|&McT~h-|zDLJc^iq4#WdP0%{vk>!)`l*=H>;-}cT607>i2G~YWW zbA>#DV$a18Q-qC(M4jXKcvhVnT0Md@})5nrw7`-J;Vk z?;oG$KjV^42*v?I=NU6eDPYR<7G6cY*e}uQSCGOs4&2T-VcOA;(+2IF9tAcFe=<7e zP*KTq#`FnX_*_NQCItA+A&zVyP^atzW~f_z_J&nf9!CkuyHV|wu2|8Qq8Cq(DeODU zgWTywBZH__K1~DXa2@WSC09eWNBnm$J_bh7Mf2%x5f`?a*T>ih literal 0 HcmV?d00001 From b49b84e0727dff636306f2d9121341dd6b6e094b Mon Sep 17 00:00:00 2001 From: ewillonermsft <129988051+ewillonermsft@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:10:48 -0700 Subject: [PATCH 089/307] Remove this[] logic from the commit. Stub should not include code logic. --- csharp/ql/test/resources/stubs/System.Web.cs | 26 +------------------- 1 file changed, 1 insertion(+), 25 deletions(-) diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs index f1d15e1212c2..ed9ed5dda55f 100644 --- a/csharp/ql/test/resources/stubs/System.Web.cs +++ b/csharp/ql/test/resources/stubs/System.Web.cs @@ -184,31 +184,7 @@ public class HttpRequest public string UserAgent(string s) => null; public string UrlReferrer(string s) => null; public NameValueCollection ServerVariables => null; - // Default property that goes through the collections - // QueryString, Form, Cookies, ClientCertificate and ServerVariables - public String this[String key] - { - get - { - String s; - - s = QueryString[key]; - if (s != null) - return s; - - s = Form[key]; - if (s != null) - return s; - - HttpCookie c = Cookies[key]; - if (c != null) - return c.Value; - - s = ServerVariables[key]; - if (s != null) - return s; - } - } + public String this[String key] => null; } public class HttpRequestWrapper : System.Web.HttpRequestBase From b267bd11e07c5cb4a8a560a5e15087f1616cc480 Mon Sep 17 00:00:00 2001 From: ewillonermsft <129988051+ewillonermsft@users.noreply.github.com> Date: Thu, 25 Sep 2025 10:37:56 -0700 Subject: [PATCH 090/307] Update properties to getters which is inline with the actual implementation. --- csharp/ql/test/resources/stubs/System.Web.cs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs index ed9ed5dda55f..c15b871095ff 100644 --- a/csharp/ql/test/resources/stubs/System.Web.cs +++ b/csharp/ql/test/resources/stubs/System.Web.cs @@ -178,12 +178,12 @@ public class HttpRequest public string RawUrl { get; set; } public HttpCookieCollection Cookies => null; public bool IsAuthenticated { get; set; } - public NameValueCollection Form => null; - public NameValueCollection Headers => null; - public NameValueCollection Params => null; - public string UserAgent(string s) => null; - public string UrlReferrer(string s) => null; - public NameValueCollection ServerVariables => null; + public NameValueCollection Form { get; } + public NameValueCollection Headers { get; } + public NameValueCollection Params { get; } + public string UserAgent { get; } + public Uri UrlReferrer { get; } + public NameValueCollection ServerVariables { get; } public String this[String key] => null; } From 21fe142955f3c1285ae832f51765756181bc25aa Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 10:39:49 +0100 Subject: [PATCH 091/307] Update rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp Co-authored-by: Simon Friis Vindum --- rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp index ef08ff27b9c3..f3d1735251e6 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp @@ -14,7 +14,7 @@ -

    The following example creates a cookie using the cookie crate without the 'Secure' attribute:

    +

    The following example creates a cookie using the cookie crate without the 'Secure' attribute:

    From 57f84873b441399cdea83ea429301a2119cb1cda Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 11:29:11 +0100 Subject: [PATCH 092/307] Rust: Split off cookieOptionalBarrier predicate (as suggested) and expand / clarify the QLDoc. --- .../security/InsecureCookieExtensions.qll | 43 ++++++++++++++----- 1 file changed, 32 insertions(+), 11 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 3525614c0dc6..721f30c1a376 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -49,20 +49,40 @@ module InsecureCookie { } /** - * Holds if cookie attribute `attrib` (`secure` or `partitioned`) is set to `value` (`true` or `false`) at `node`. - * A value that cannot be determined is treated as `false`. + * Holds if a models-as-data optional barrier for cookies is specified for `summaryNode`, + * with arguments `attrib` (`secure` or `partitioned`) and `arg` (argument index). For example, + * if a summary has input: + * ``` + * [..., Argument[self].OptionalBarrier[cookie-secure-arg0], ...] + * ``` + * then `attrib` is `secure` and `arg` is `0`. * - * This references models-as-data optional barrier nodes, for example `OptionalBarrier[cookie-secure-arg0]`. + * The meaning here is that a call to the function summarized by `summaryNode` would set + * the cookie attribute `attrib` to the value of argument `arg`. This may in practice be + * interpretted as a barrier to flow (when the cookie is made secure) or as a source (when + * the cookie is made insecure). */ - predicate cookieSetNode(DataFlow::Node node, string attrib, boolean value) { - exists( - FlowSummaryNode summaryNode, string barrierName, CallExprBase ce, int arg, - DataFlow::Node argNode - | - // decode a `cookie-`... optional barrier + private predicate cookieOptionalBarrier(FlowSummaryNode summaryNode, string attrib, int arg) { + exists(string barrierName | DataFlowImpl::optionalBarrier(summaryNode, barrierName) and attrib = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 1) and - arg = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 2).toInt() and + arg = barrierName.regexpCapture("cookie-(secure|partitioned)-arg([0-9]+)", 2).toInt() + ) + } + + /** + * Holds if cookie attribute `attrib` (`secure` or `partitioned`) is set to `value` + * (`true` or `false`) at `node`. For example, the call: + * ``` + * cookie.secure(true) + * ``` + * sets the `"secure"` attribute to `true`. A value that cannot be determined is treated + * as `false`. + */ + predicate cookieSetNode(DataFlow::Node node, string attrib, boolean value) { + exists(FlowSummaryNode summaryNode, CallExprBase ce, int arg, DataFlow::Node argNode | + // decode the models-as-data `OptionalBarrier` + cookieOptionalBarrier(summaryNode, attrib, arg) and // find a call and arg referenced by this optional barrier ce.getStaticTarget() = summaryNode.getSummarizedCallable() and ce.getArg(arg) = argNode.asExpr().getExpr() and @@ -78,7 +98,8 @@ module InsecureCookie { then value = true // `true` flows to here else value = false // `false`, unknown, or multiple values ) and - // and find the node where this happens + // and find the node where this happens (we can't just use the flow summary node, since its + // shared across all calls to the modelled function, we need a node specific to this call) ( node.asExpr().getExpr() = ce.(MethodCallExpr).getReceiver() // e.g. `a` in `a.set_secure(true)` or From f458149655c1bf7ab9b8673fb480926e65d0d86a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 11:32:45 +0100 Subject: [PATCH 093/307] Rust: Remove a sentance from the qhelp. --- rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp index f3d1735251e6..561b334c5101 100644 --- a/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp +++ b/rust/ql/src/queries/security/CWE-614/InsecureCookie.qhelp @@ -4,7 +4,7 @@ -

    Failing to set the 'Secure' attribute on a cookie allows it to be transmitted over an unencrypted (HTTP) connection. If an attacker can observe a user's network traffic (for example over an insecure Wi‑Fi network), they can access sensitive information in the cookie and potentially use it to impersonate the user.

    +

    Failing to set the 'Secure' attribute on a cookie allows it to be transmitted over an unencrypted (HTTP) connection. If an attacker can observe a user's network traffic, they can access sensitive information in the cookie and potentially use it to impersonate the user.

     From 77e7898f718087df6debe850bbc74e9946957289 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 11:49:23 +0100 Subject: [PATCH 094/307] Rust: Use US spelling in comment. --- rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll index 721f30c1a376..d5d15c821d87 100644 --- a/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/InsecureCookieExtensions.qll @@ -99,7 +99,7 @@ module InsecureCookie { else value = false // `false`, unknown, or multiple values ) and // and find the node where this happens (we can't just use the flow summary node, since its - // shared across all calls to the modelled function, we need a node specific to this call) + // shared across all calls to the modeled function, we need a node specific to this call) ( node.asExpr().getExpr() = ce.(MethodCallExpr).getReceiver() // e.g. `a` in `a.set_secure(true)` or From 27b6f12b3c0414dc1a498a8c564da7dac37f99c4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 14:30:27 +0100 Subject: [PATCH 095/307] Rust: Use the suggested cleaner implementation for getStmtOrExpr. --- rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 648a4eab9b88..9120728dcbc7 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -33,7 +33,7 @@ module Impl { AstNode getStmtOrExpr(int index) { result = this.getStatement(index) or - index = max(int i | i = -1 or exists(this.getStatement(i))) + 1 and + index = this.getNumberOfStatements() and result = this.getTailExpr() } From 4570d7e46e205703ef46e4c997601ce322567e6f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 14:32:05 +0100 Subject: [PATCH 096/307] Rust: Replace getBlockChildNode with uses of getStmtOrExpr. --- .../controlflow/internal/ControlFlowGraphImpl.qll | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll b/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll index ddc4dae9b958..609a68fc3925 100644 --- a/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll +++ b/rust/ql/lib/codeql/rust/controlflow/internal/ControlFlowGraphImpl.qll @@ -266,15 +266,8 @@ module ExprTrees { } } - private AstNode getBlockChildNode(BlockExpr b, int i) { - result = b.getStmtList().getStatement(i) - or - i = b.getStmtList().getNumberOfStatements() and - result = b.getStmtList().getTailExpr() - } - class AsyncBlockExprTree extends StandardTree, PreOrderTree, PostOrderTree, AsyncBlockExpr { - override AstNode getChildNode(int i) { result = getBlockChildNode(this, i) } + override AstNode getChildNode(int i) { result = this.getStmtList().getStmtOrExpr(i) } override predicate propagatesAbnormal(AstNode child) { none() } } @@ -282,7 +275,7 @@ module ExprTrees { class BlockExprTree extends StandardPostOrderTree, BlockExpr { BlockExprTree() { not this.isAsync() } - override AstNode getChildNode(int i) { result = getBlockChildNode(this, i) } + override AstNode getChildNode(int i) { result = this.getStmtList().getStmtOrExpr(i) } override predicate propagatesAbnormal(AstNode child) { child = this.getChildNode(_) } } From 1236e2b8295cc3202e19ec76c433c374cb54bbb4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 14:55:06 +0100 Subject: [PATCH 097/307] Rust: Add references to alternatives in the getStmtOrExpr methods. --- .../ql/lib/codeql/rust/elements/internal/StmtListImpl.qll | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll index 9120728dcbc7..d56b4c49ce21 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/StmtListImpl.qll @@ -29,6 +29,10 @@ module Impl { class StmtList extends Generated::StmtList { /** * Gets the `index`th statement or expression of this statement list (0-based). + * + * This includes both the statements and any tail expression in the statement list. To access + * just the statements, use `getStatement`. To access just the tail expression, if any, + * use `getTailExpr`. */ AstNode getStmtOrExpr(int index) { result = this.getStatement(index) @@ -39,6 +43,10 @@ module Impl { /** * Gets any of the statements or expressions of this statement list. + * + * This includes both the statements and any tail expression in the statement list. To access + * just the statements, use `getAStatement`. To access just the tail expression, if any, + * use `getTailExpr`. */ final AstNode getAStmtOrExpr() { result = this.getStmtOrExpr(_) } From c7f6f2c8e1a6a42a23d84b215a87aa7e8c685f00 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 26 Sep 2025 16:40:25 +0100 Subject: [PATCH 098/307] Rust: Consistency fix for reusables/extractors.rst. --- docs/codeql/reusables/extractors.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index c09926666b0a..4365d1062582 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -20,7 +20,7 @@ - ``python`` * - Ruby - ``ruby`` - - Rust + * - Rust - ``rust`` * - Swift - ``swift`` From e0444c531b9925bb14f9aae15c4b185f472d2034 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 29 Sep 2025 13:25:30 +0200 Subject: [PATCH 099/307] Java: Add integration test for constant expr detection --- .../ConstantExpAppearsNonConstant.expected | 1 + .../ConstantExpAppearsNonConstant.qlref | 1 + .../java/evaluation-to-constant-errortype/Test.java | 7 +++++++ .../java/evaluation-to-constant-errortype/test.py | 2 ++ 4 files changed, 11 insertions(+) create mode 100644 java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected create mode 100644 java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref create mode 100644 java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java create mode 100644 java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected new file mode 100644 index 000000000000..1dcec10c6ee9 --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected @@ -0,0 +1 @@ +| Test.java:3:8:3:15 | | Expression always evaluates to the same value. | diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref new file mode 100644 index 000000000000..6d7e1f5cb7ff --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref @@ -0,0 +1 @@ +Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql \ No newline at end of file diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java b/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java new file mode 100644 index 000000000000..913c7817c7f7 --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/Test.java @@ -0,0 +1,7 @@ +class Test { + public static void updateFlashlights(Minecraft mc){ + if(mc.world != null){ + + } + } +} \ No newline at end of file diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py b/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py new file mode 100644 index 000000000000..759e4cf8b82b --- /dev/null +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/test.py @@ -0,0 +1,2 @@ +def test(codeql, java): + codeql.database.create(build_mode="none") \ No newline at end of file From 659afb5f3049c934e03e6b5c1dc93af8e7bb2896 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 29 Sep 2025 13:28:55 +0200 Subject: [PATCH 100/307] Java: Fix false positives in evaluation-to-constant query for ErrorType --- .../src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql index 50f508626317..094c8bbc70c8 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql @@ -19,7 +19,7 @@ predicate isConstantExp(Expr e) { // A literal is constant. e instanceof Literal or - e instanceof TypeAccess + exists(TypeAccess ta | ta = e | not ta.getType() instanceof ErrorType) or e instanceof ArrayTypeAccess or From b82d8c22521ad141948077cabbde0a3e824edadb Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 29 Sep 2025 13:29:34 +0200 Subject: [PATCH 101/307] Java: Accept new test results after query change --- .../ConstantExpAppearsNonConstant.expected | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected index 1dcec10c6ee9..e69de29bb2d1 100644 --- a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.expected @@ -1 +0,0 @@ -| Test.java:3:8:3:15 | | Expression always evaluates to the same value. | From 0728692e93f26b9d43ac05c0bd51a067a17d1163 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 29 Sep 2025 14:23:16 +0200 Subject: [PATCH 102/307] Rust: Add tests for functions as lambdas --- .../dataflow/closures/inline-flow.expected | 50 ------------------- .../dataflow/{closures => lambdas}/Cargo.lock | 0 .../dataflow/lambdas/inline-flow.expected | 50 +++++++++++++++++++ .../{closures => lambdas}/inline-flow.ql | 0 .../dataflow/{closures => lambdas}/main.rs | 50 +++++++++++++++---- 5 files changed, 91 insertions(+), 59 deletions(-) delete mode 100644 rust/ql/test/library-tests/dataflow/closures/inline-flow.expected rename rust/ql/test/library-tests/dataflow/{closures => lambdas}/Cargo.lock (100%) create mode 100644 rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected rename rust/ql/test/library-tests/dataflow/{closures => lambdas}/inline-flow.ql (100%) rename rust/ql/test/library-tests/dataflow/{closures => lambdas}/main.rs (53%) diff --git a/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected b/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected deleted file mode 100644 index a2cee10f246d..000000000000 --- a/rust/ql/test/library-tests/dataflow/closures/inline-flow.expected +++ /dev/null @@ -1,50 +0,0 @@ -models -edges -| main.rs:11:20:11:52 | if cond {...} else {...} | main.rs:12:10:12:16 | f(...) | provenance | | -| main.rs:11:30:11:39 | source(...) | main.rs:11:20:11:52 | if cond {...} else {...} | provenance | | -| main.rs:16:20:16:23 | ... | main.rs:18:18:18:21 | data | provenance | | -| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance | | -| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | | -| main.rs:23:13:23:13 | a | main.rs:16:20:16:23 | ... | provenance | | -| main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | provenance | | -| main.rs:33:9:33:9 | a | main.rs:34:21:34:21 | a | provenance | | -| main.rs:33:13:33:22 | source(...) | main.rs:33:9:33:9 | a | provenance | | -| main.rs:34:9:34:9 | b | main.rs:35:10:35:10 | b | provenance | | -| main.rs:34:13:34:22 | f(...) | main.rs:34:9:34:9 | b | provenance | | -| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | provenance | | -| main.rs:34:21:34:21 | a | main.rs:34:13:34:22 | f(...) | provenance | | -| main.rs:42:16:42:25 | source(...) | main.rs:44:5:44:5 | [post] f [captured capt] | provenance | | -| main.rs:44:5:44:5 | [post] f [captured capt] | main.rs:45:10:45:13 | capt | provenance | | -| main.rs:44:5:44:5 | [post] f [captured capt] | main.rs:49:5:49:5 | g [captured capt] | provenance | | -| main.rs:49:5:49:5 | g [captured capt] | main.rs:47:14:47:17 | capt | provenance | | -nodes -| main.rs:11:20:11:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | -| main.rs:11:30:11:39 | source(...) | semmle.label | source(...) | -| main.rs:12:10:12:16 | f(...) | semmle.label | f(...) | -| main.rs:16:20:16:23 | ... | semmle.label | ... | -| main.rs:18:18:18:21 | data | semmle.label | data | -| main.rs:22:9:22:9 | a | semmle.label | a | -| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) | -| main.rs:23:13:23:13 | a | semmle.label | a | -| main.rs:27:20:27:23 | ... | semmle.label | ... | -| main.rs:28:9:32:9 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | -| main.rs:33:9:33:9 | a | semmle.label | a | -| main.rs:33:13:33:22 | source(...) | semmle.label | source(...) | -| main.rs:34:9:34:9 | b | semmle.label | b | -| main.rs:34:13:34:22 | f(...) | semmle.label | f(...) | -| main.rs:34:21:34:21 | a | semmle.label | a | -| main.rs:35:10:35:10 | b | semmle.label | b | -| main.rs:42:16:42:25 | source(...) | semmle.label | source(...) | -| main.rs:44:5:44:5 | [post] f [captured capt] | semmle.label | [post] f [captured capt] | -| main.rs:45:10:45:13 | capt | semmle.label | capt | -| main.rs:47:14:47:17 | capt | semmle.label | capt | -| main.rs:49:5:49:5 | g [captured capt] | semmle.label | g [captured capt] | -subpaths -| main.rs:34:21:34:21 | a | main.rs:27:20:27:23 | ... | main.rs:28:9:32:9 | if cond {...} else {...} | main.rs:34:13:34:22 | f(...) | -testFailures -#select -| main.rs:12:10:12:16 | f(...) | main.rs:11:30:11:39 | source(...) | main.rs:12:10:12:16 | f(...) | $@ | main.rs:11:30:11:39 | source(...) | source(...) | -| main.rs:18:18:18:21 | data | main.rs:22:13:22:22 | source(...) | main.rs:18:18:18:21 | data | $@ | main.rs:22:13:22:22 | source(...) | source(...) | -| main.rs:35:10:35:10 | b | main.rs:33:13:33:22 | source(...) | main.rs:35:10:35:10 | b | $@ | main.rs:33:13:33:22 | source(...) | source(...) | -| main.rs:45:10:45:13 | capt | main.rs:42:16:42:25 | source(...) | main.rs:45:10:45:13 | capt | $@ | main.rs:42:16:42:25 | source(...) | source(...) | -| main.rs:47:14:47:17 | capt | main.rs:42:16:42:25 | source(...) | main.rs:47:14:47:17 | capt | $@ | main.rs:42:16:42:25 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/closures/Cargo.lock b/rust/ql/test/library-tests/dataflow/lambdas/Cargo.lock similarity index 100% rename from rust/ql/test/library-tests/dataflow/closures/Cargo.lock rename to rust/ql/test/library-tests/dataflow/lambdas/Cargo.lock diff --git a/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected new file mode 100644 index 000000000000..ef9a97677e1b --- /dev/null +++ b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected @@ -0,0 +1,50 @@ +models +edges +| main.rs:10:20:10:52 | if cond {...} else {...} | main.rs:11:10:11:16 | f(...) | provenance | | +| main.rs:10:30:10:39 | source(...) | main.rs:10:20:10:52 | if cond {...} else {...} | provenance | | +| main.rs:15:20:15:23 | ... | main.rs:17:18:17:21 | data | provenance | | +| main.rs:22:9:22:9 | a | main.rs:23:13:23:13 | a | provenance | | +| main.rs:22:13:22:22 | source(...) | main.rs:22:9:22:9 | a | provenance | | +| main.rs:23:13:23:13 | a | main.rs:15:20:15:23 | ... | provenance | | +| main.rs:27:20:27:23 | ... | main.rs:27:26:27:52 | if cond {...} else {...} | provenance | | +| main.rs:28:9:28:9 | a | main.rs:29:21:29:21 | a | provenance | | +| main.rs:28:13:28:22 | source(...) | main.rs:28:9:28:9 | a | provenance | | +| main.rs:29:9:29:9 | b | main.rs:30:10:30:10 | b | provenance | | +| main.rs:29:13:29:22 | f(...) | main.rs:29:9:29:9 | b | provenance | | +| main.rs:29:21:29:21 | a | main.rs:27:20:27:23 | ... | provenance | | +| main.rs:29:21:29:21 | a | main.rs:29:13:29:22 | f(...) | provenance | | +| main.rs:37:16:37:25 | source(...) | main.rs:39:5:39:5 | [post] f [captured capt] | provenance | | +| main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:40:10:40:13 | capt | provenance | | +| main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:44:5:44:5 | g [captured capt] | provenance | | +| main.rs:44:5:44:5 | g [captured capt] | main.rs:42:14:42:17 | capt | provenance | | +nodes +| main.rs:10:20:10:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | +| main.rs:10:30:10:39 | source(...) | semmle.label | source(...) | +| main.rs:11:10:11:16 | f(...) | semmle.label | f(...) | +| main.rs:15:20:15:23 | ... | semmle.label | ... | +| main.rs:17:18:17:21 | data | semmle.label | data | +| main.rs:22:9:22:9 | a | semmle.label | a | +| main.rs:22:13:22:22 | source(...) | semmle.label | source(...) | +| main.rs:23:13:23:13 | a | semmle.label | a | +| main.rs:27:20:27:23 | ... | semmle.label | ... | +| main.rs:27:26:27:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | +| main.rs:28:9:28:9 | a | semmle.label | a | +| main.rs:28:13:28:22 | source(...) | semmle.label | source(...) | +| main.rs:29:9:29:9 | b | semmle.label | b | +| main.rs:29:13:29:22 | f(...) | semmle.label | f(...) | +| main.rs:29:21:29:21 | a | semmle.label | a | +| main.rs:30:10:30:10 | b | semmle.label | b | +| main.rs:37:16:37:25 | source(...) | semmle.label | source(...) | +| main.rs:39:5:39:5 | [post] f [captured capt] | semmle.label | [post] f [captured capt] | +| main.rs:40:10:40:13 | capt | semmle.label | capt | +| main.rs:42:14:42:17 | capt | semmle.label | capt | +| main.rs:44:5:44:5 | g [captured capt] | semmle.label | g [captured capt] | +subpaths +| main.rs:29:21:29:21 | a | main.rs:27:20:27:23 | ... | main.rs:27:26:27:52 | if cond {...} else {...} | main.rs:29:13:29:22 | f(...) | +testFailures +#select +| main.rs:11:10:11:16 | f(...) | main.rs:10:30:10:39 | source(...) | main.rs:11:10:11:16 | f(...) | $@ | main.rs:10:30:10:39 | source(...) | source(...) | +| main.rs:17:18:17:21 | data | main.rs:22:13:22:22 | source(...) | main.rs:17:18:17:21 | data | $@ | main.rs:22:13:22:22 | source(...) | source(...) | +| main.rs:30:10:30:10 | b | main.rs:28:13:28:22 | source(...) | main.rs:30:10:30:10 | b | $@ | main.rs:28:13:28:22 | source(...) | source(...) | +| main.rs:40:10:40:13 | capt | main.rs:37:16:37:25 | source(...) | main.rs:40:10:40:13 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | +| main.rs:42:14:42:17 | capt | main.rs:37:16:37:25 | source(...) | main.rs:42:14:42:17 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/closures/inline-flow.ql b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.ql similarity index 100% rename from rust/ql/test/library-tests/dataflow/closures/inline-flow.ql rename to rust/ql/test/library-tests/dataflow/lambdas/inline-flow.ql diff --git a/rust/ql/test/library-tests/dataflow/closures/main.rs b/rust/ql/test/library-tests/dataflow/lambdas/main.rs similarity index 53% rename from rust/ql/test/library-tests/dataflow/closures/main.rs rename to rust/ql/test/library-tests/dataflow/lambdas/main.rs index 66ce59a3b041..573e93311c5c 100644 --- a/rust/ql/test/library-tests/dataflow/closures/main.rs +++ b/rust/ql/test/library-tests/dataflow/lambdas/main.rs @@ -6,30 +6,25 @@ fn sink(s: i64) { println!("{}", s); } - fn closure_flow_out() { let f = |cond| if cond { source(92) } else { 0 }; sink(f(true)); // $ hasValueFlow=92 } fn closure_flow_in() { - let f = |cond, data| + let f = |cond, data| { if cond { sink(data); // $ hasValueFlow=87 } else { sink(0) - }; + } + }; let a = source(87); f(true, a); } fn closure_flow_through() { - let f = |cond, data| - if cond { - data - } else { - 0 - }; + let f = |cond, data| if cond { data } else { 0 }; let a = source(43); let b = f(true, a); sink(b); // $ hasValueFlow=43 @@ -49,9 +44,46 @@ fn closure_captured_variable() { g(); } +fn get_from_source() -> i64 { + source(93) +} + +fn pass_to_sink(data: i64) { + sink(data); // $ MISSING: hasValueFlow=34 +} + +fn function_flow_out() { + let f = get_from_source; + sink(f()); // $ MISSING: hasValueFlow=93 +} + +fn function_flow_in() { + let f = pass_to_sink; + let a = source(34); + f(a); +} + +fn get_arg(cond: bool, data: i64) -> i64 { + if cond { + data + } else { + 0 + } +} + +fn function_flows_through() { + let f = get_arg; + let a = source(56); + let b = f(true, a); + sink(b); // $ MISSING: hasValueFlow=56 +} + fn main() { closure_flow_out(); closure_flow_in(); closure_flow_through(); closure_captured_variable(); + function_flow_in(); + function_flow_out(); + function_flows_through(); } From 37ffe82ac94023148caa6f818bf81b4621b4fea0 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 29 Sep 2025 14:49:04 +0200 Subject: [PATCH 103/307] Rust: Handle functions as lambdas --- .../rust/dataflow/internal/DataFlowImpl.qll | 24 ++++++++------ .../codeql/rust/dataflow/internal/Node.qll | 4 +-- .../dataflow/lambdas/inline-flow.expected | 33 +++++++++++++++++++ .../library-tests/dataflow/lambdas/main.rs | 6 ++-- 4 files changed, 52 insertions(+), 15 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 4c252dfcd0f0..9fa0f0a5a834 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -295,13 +295,10 @@ module LocalFlow { class LambdaCallKind = Unit; /** Holds if `creation` is an expression that creates a lambda of kind `kind`. */ -predicate lambdaCreationExpr(Expr creation, LambdaCallKind kind) { - ( - creation instanceof ClosureExpr - or - creation instanceof Scope::AsyncBlockScope - ) and - exists(kind) +predicate lambdaCreationExpr(Expr creation) { + creation instanceof ClosureExpr + or + creation instanceof Scope::AsyncBlockScope } /** @@ -810,8 +807,15 @@ module RustDataFlow implements InputSig { /** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) { - exists(Expr e | - e = creation.asExpr().getExpr() and lambdaCreationExpr(e, kind) and e = c.asCfgScope() + exists(kind) and + exists(Expr e | e = creation.asExpr().getExpr() | + lambdaCreationExpr(e) and e = c.asCfgScope() + or + // A path expression, that resolves to a function, evaluates to a function + // pointer. Except if the path occurs directly in a call, then it's just a + // call to the function and not a function being passed as data. + resolvePath(e.(PathExpr).getPath()) = c.asCfgScope() and + not any(CallExpr call).getFunction() = e ) } @@ -931,7 +935,7 @@ module VariableCapture { } class ClosureExpr extends Expr instanceof ExprCfgNode { - ClosureExpr() { lambdaCreationExpr(super.getExpr(), _) } + ClosureExpr() { lambdaCreationExpr(super.getExpr()) } predicate hasBody(Callable body) { body = super.getExpr() } diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll index a1bdc367d0aa..e46b4375c04c 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/Node.qll @@ -454,7 +454,7 @@ newtype TNode = or lambdaCallExpr(_, _, e) or - lambdaCreationExpr(e.getExpr(), _) + lambdaCreationExpr(e.getExpr()) or // Whenever `&mut e` has a post-update node we also create one for `e`. // E.g., for `e` in `f(..., &mut e, ...)` or `*(&mut e) = ...`. @@ -478,5 +478,5 @@ newtype TNode = } or TSsaNode(SsaImpl::DataFlowIntegration::SsaNode node) or TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or - TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c, _) } or + TClosureSelfReferenceNode(CfgScope c) { lambdaCreationExpr(c) } or TCaptureNode(VariableCapture::Flow::SynthesizedCaptureNode cn) diff --git a/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected index ef9a97677e1b..7c99702aec63 100644 --- a/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/lambdas/inline-flow.expected @@ -17,6 +17,19 @@ edges | main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:40:10:40:13 | capt | provenance | | | main.rs:39:5:39:5 | [post] f [captured capt] | main.rs:44:5:44:5 | g [captured capt] | provenance | | | main.rs:44:5:44:5 | g [captured capt] | main.rs:42:14:42:17 | capt | provenance | | +| main.rs:47:29:49:1 | { ... } | main.rs:57:10:57:12 | f(...) | provenance | | +| main.rs:48:5:48:14 | source(...) | main.rs:47:29:49:1 | { ... } | provenance | | +| main.rs:51:17:51:25 | ...: i64 | main.rs:52:10:52:13 | data | provenance | | +| main.rs:62:9:62:9 | a | main.rs:63:7:63:7 | a | provenance | | +| main.rs:62:13:62:22 | source(...) | main.rs:62:9:62:9 | a | provenance | | +| main.rs:63:7:63:7 | a | main.rs:51:17:51:25 | ...: i64 | provenance | | +| main.rs:66:24:66:32 | ...: i64 | main.rs:66:42:72:1 | { ... } | provenance | | +| main.rs:76:9:76:9 | a | main.rs:77:21:77:21 | a | provenance | | +| main.rs:76:13:76:22 | source(...) | main.rs:76:9:76:9 | a | provenance | | +| main.rs:77:9:77:9 | b | main.rs:78:10:78:10 | b | provenance | | +| main.rs:77:13:77:22 | f(...) | main.rs:77:9:77:9 | b | provenance | | +| main.rs:77:21:77:21 | a | main.rs:66:24:66:32 | ...: i64 | provenance | | +| main.rs:77:21:77:21 | a | main.rs:77:13:77:22 | f(...) | provenance | | nodes | main.rs:10:20:10:52 | if cond {...} else {...} | semmle.label | if cond {...} else {...} | | main.rs:10:30:10:39 | source(...) | semmle.label | source(...) | @@ -39,8 +52,25 @@ nodes | main.rs:40:10:40:13 | capt | semmle.label | capt | | main.rs:42:14:42:17 | capt | semmle.label | capt | | main.rs:44:5:44:5 | g [captured capt] | semmle.label | g [captured capt] | +| main.rs:47:29:49:1 | { ... } | semmle.label | { ... } | +| main.rs:48:5:48:14 | source(...) | semmle.label | source(...) | +| main.rs:51:17:51:25 | ...: i64 | semmle.label | ...: i64 | +| main.rs:52:10:52:13 | data | semmle.label | data | +| main.rs:57:10:57:12 | f(...) | semmle.label | f(...) | +| main.rs:62:9:62:9 | a | semmle.label | a | +| main.rs:62:13:62:22 | source(...) | semmle.label | source(...) | +| main.rs:63:7:63:7 | a | semmle.label | a | +| main.rs:66:24:66:32 | ...: i64 | semmle.label | ...: i64 | +| main.rs:66:42:72:1 | { ... } | semmle.label | { ... } | +| main.rs:76:9:76:9 | a | semmle.label | a | +| main.rs:76:13:76:22 | source(...) | semmle.label | source(...) | +| main.rs:77:9:77:9 | b | semmle.label | b | +| main.rs:77:13:77:22 | f(...) | semmle.label | f(...) | +| main.rs:77:21:77:21 | a | semmle.label | a | +| main.rs:78:10:78:10 | b | semmle.label | b | subpaths | main.rs:29:21:29:21 | a | main.rs:27:20:27:23 | ... | main.rs:27:26:27:52 | if cond {...} else {...} | main.rs:29:13:29:22 | f(...) | +| main.rs:77:21:77:21 | a | main.rs:66:24:66:32 | ...: i64 | main.rs:66:42:72:1 | { ... } | main.rs:77:13:77:22 | f(...) | testFailures #select | main.rs:11:10:11:16 | f(...) | main.rs:10:30:10:39 | source(...) | main.rs:11:10:11:16 | f(...) | $@ | main.rs:10:30:10:39 | source(...) | source(...) | @@ -48,3 +78,6 @@ testFailures | main.rs:30:10:30:10 | b | main.rs:28:13:28:22 | source(...) | main.rs:30:10:30:10 | b | $@ | main.rs:28:13:28:22 | source(...) | source(...) | | main.rs:40:10:40:13 | capt | main.rs:37:16:37:25 | source(...) | main.rs:40:10:40:13 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | | main.rs:42:14:42:17 | capt | main.rs:37:16:37:25 | source(...) | main.rs:42:14:42:17 | capt | $@ | main.rs:37:16:37:25 | source(...) | source(...) | +| main.rs:52:10:52:13 | data | main.rs:62:13:62:22 | source(...) | main.rs:52:10:52:13 | data | $@ | main.rs:62:13:62:22 | source(...) | source(...) | +| main.rs:57:10:57:12 | f(...) | main.rs:48:5:48:14 | source(...) | main.rs:57:10:57:12 | f(...) | $@ | main.rs:48:5:48:14 | source(...) | source(...) | +| main.rs:78:10:78:10 | b | main.rs:76:13:76:22 | source(...) | main.rs:78:10:78:10 | b | $@ | main.rs:76:13:76:22 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/lambdas/main.rs b/rust/ql/test/library-tests/dataflow/lambdas/main.rs index 573e93311c5c..252b132ec744 100644 --- a/rust/ql/test/library-tests/dataflow/lambdas/main.rs +++ b/rust/ql/test/library-tests/dataflow/lambdas/main.rs @@ -49,12 +49,12 @@ fn get_from_source() -> i64 { } fn pass_to_sink(data: i64) { - sink(data); // $ MISSING: hasValueFlow=34 + sink(data); // $ hasValueFlow=34 } fn function_flow_out() { let f = get_from_source; - sink(f()); // $ MISSING: hasValueFlow=93 + sink(f()); // $ hasValueFlow=93 } fn function_flow_in() { @@ -75,7 +75,7 @@ fn function_flows_through() { let f = get_arg; let a = source(56); let b = f(true, a); - sink(b); // $ MISSING: hasValueFlow=56 + sink(b); // $ hasValueFlow=56 } fn main() { From 98a20f982037f5159a2474a48152b949e8a422dd Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 29 Sep 2025 14:58:34 +0200 Subject: [PATCH 104/307] Rust: Add change note --- .../lib/change-notes/2025-09-29-data-flow-function-pointer.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md diff --git a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md new file mode 100644 index 000000000000..7d1adb06e746 --- /dev/null +++ b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Improve data flow through functions being passed as function pointers. \ No newline at end of file From a7a4e43991d0c2290e593d0c7355dad77afa3256 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 29 Sep 2025 15:10:19 +0000 Subject: [PATCH 105/307] Post-release preparation for codeql-cli-2.23.2 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 41 files changed, 41 insertions(+), 41 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index bfebfa99d04d..80eecfca28d5 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.18 +version: 0.4.19-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 9dba67fea767..2de1276aa82d 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.10 +version: 0.6.11-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 23bf4d8fc9ec..435d013c47b6 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 5.6.1 +version: 5.6.2-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 7322e2571d12..f5193698fdb7 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.1 +version: 1.5.2-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 02e6cddfc17e..3c14c29940c0 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.49 +version: 1.7.50-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index 84e6c8ef7e08..efb3216f3b9b 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.49 +version: 1.7.50-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index aba9ee98b5a4..2f92b5edafdb 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.2.5 +version: 5.2.6-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index 7ecdec07f350..fad06a3e9289 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.4.1 +version: 1.4.2-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 3b1e2d9586bb..70529ff4f909 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.32 +version: 1.0.33-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index bc9bf12c80cc..20ace6482e44 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.3.5 +version: 4.3.6-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 816d4b958675..c85a94a90f58 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.6 +version: 1.4.7-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 7d0153cc5669..dabb65e61cef 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.1 +version: 7.7.2-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index bbfafc65503d..b1ee0395fb2e 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.8.1 +version: 1.8.2-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 74ccf251956f..da942ea28a88 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.12 +version: 2.6.13-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index cafde25bbf9e..2581f9476291 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.1.1 +version: 2.1.2-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 7d71d83613d3..7715f68107e7 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.32 +version: 1.0.33-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 5eba946c3cf0..35ab576bf1a9 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.16 +version: 4.0.17-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index b42e054bdadc..08336cbb3eb8 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.6.6 +version: 1.6.7-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 6dd0db034c30..a503103b95d0 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.0 +version: 5.1.1-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ce46bf8c37a3..a01acd1d674d 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.4.6 +version: 1.4.7-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 3c3ba893b14a..61c2ed8e81e1 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.17 +version: 0.1.18-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 09d251a5cb1b..57d3e972fc69 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.17 +version: 0.1.18-dev groups: - rust - queries diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 3924d67029dc..452f932edef9 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.6 +version: 0.0.7-dev groups: shared library: true dependencies: diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index a0158fea04f4..660b1e125122 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 3e46004181ff..166ef444b22c 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 1aaa401b7505..d9767452c27c 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index bf877f51d5fa..7dfaa7479629 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.10 +version: 0.0.11-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 5e9de8ad5131..85341d10420b 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index f69602228c9a..72347bcd1601 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index bbccd5e094c6..3c1f3fe02784 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.8 +version: 2.0.9-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 10ca1546f9f7..e28c5f26dd84 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.32 +version: 1.0.33-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index ce733dcd8b26..33dc89bc60cc 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index d665055f1253..5d257b81fc61 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 8a7bfdca9756..5d8f8a6011f0 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.13 +version: 0.0.14-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 4e24584b50e9..6bc1e76cfb49 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.16 +version: 2.0.17-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b13ab265b257..a045761cd92c 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 2352753b4724..33bf4527cf00 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.19 +version: 2.0.20-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 680cc4751ef5..62fcccb2453c 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 1c625bfdf4ae..6c49b5f27ba2 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.32 +version: 1.0.33-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index a05b05e1eea9..4ad0623d0f30 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 5.0.8 +version: 5.0.9-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 3dbc93c16d32..ea5431f192eb 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.6 +version: 1.2.7-dev groups: - swift - queries From 4846cf479125a33ed25f5bf3ae1ed2f4a58889b9 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 30 Sep 2025 10:21:17 +0200 Subject: [PATCH 106/307] Cargo: upgrade dependencies --- Cargo.lock | 138 +++++++++++++----------- ruby/extractor/Cargo.toml | 6 +- rust/ast-generator/Cargo.toml | 6 +- rust/extractor/Cargo.toml | 12 +-- rust/extractor/macros/Cargo.toml | 2 +- shared/tree-sitter-extractor/Cargo.toml | 2 +- 6 files changed, 89 insertions(+), 77 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 77be7b054ed7..b6456c841063 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -84,9 +84,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.99" +version = "1.0.100" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100" +checksum = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61" [[package]] name = "argfile" @@ -328,7 +328,7 @@ dependencies = [ "chalk-derive 0.103.0", "chalk-ir 0.103.0", "ena", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.12.1", "petgraph", "rustc-hash 1.1.0", @@ -351,9 +351,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931" +checksum = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae" dependencies = [ "clap_builder", "clap_derive", @@ -361,9 +361,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.47" +version = "4.5.48" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6" +checksum = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9" dependencies = [ "anstream", "anstyle", @@ -472,7 +472,7 @@ dependencies = [ "serde", "serde_json", "serde_with", - "toml 0.9.5", + "toml 0.9.7", "tracing", "tracing-flame", "tracing-subscriber", @@ -557,9 +557,9 @@ checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28" [[package]] name = "darling" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee" +checksum = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0" dependencies = [ "darling_core", "darling_macro", @@ -567,9 +567,9 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e" +checksum = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4" dependencies = [ "fnv", "ident_case", @@ -581,9 +581,9 @@ dependencies = [ [[package]] name = "darling_macro" -version = "0.20.11" +version = "0.21.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead" +checksum = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81" dependencies = [ "darling_core", "quote", @@ -1059,13 +1059,14 @@ dependencies = [ [[package]] name = "indexmap" -version = "2.11.1" +version = "2.11.4" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921" +checksum = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5" dependencies = [ "equivalent", "hashbrown 0.15.5", "serde", + "serde_core", ] [[package]] @@ -1490,7 +1491,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b4c5cc86750666a3ed20bdaf5ca2a0344f9c67674cae0515bec2da16fbaa47db" dependencies = [ "fixedbitset", - "indexmap 2.11.1", + "indexmap 2.11.4", ] [[package]] @@ -1559,9 +1560,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.40" +version = "1.0.41" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" +checksum = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1" dependencies = [ "proc-macro2", ] @@ -1666,7 +1667,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e876bb2c3e52a8d4e6684526a2d4e81f9d028b939ee4dc5dc775fe10deb44d59" dependencies = [ "dashmap", - "indexmap 2.11.1", + "indexmap 2.11.4", "la-arena", "ra_ap_cfg", "ra_ap_intern", @@ -1708,7 +1709,7 @@ checksum = "ebffdc134eccabc17209d7760cfff7fd12ed18ab6e21188c5e084b97aa38504c" dependencies = [ "arrayvec", "either", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "ra_ap_base_db", "ra_ap_cfg", @@ -1738,7 +1739,7 @@ dependencies = [ "drop_bomb", "either", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "la-arena", "ra-ap-rustc_abi", @@ -1807,7 +1808,7 @@ dependencies = [ "cov-mark", "either", "ena", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "la-arena", "oorandom", @@ -1845,7 +1846,7 @@ dependencies = [ "crossbeam-channel", "either", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "itertools 0.14.0", "line-index", "memchr", @@ -1947,7 +1948,7 @@ version = "0.0.301" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45db9e2df587d56f0738afa89fb2c100ff7c1e9cbe49e07f6a8b62342832211b" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "ra_ap_intern", "ra_ap_paths", "ra_ap_span", @@ -2106,7 +2107,7 @@ checksum = "6c174d6b9b7a7f54687df7e00c3e75ed6f082a7943a9afb1d54f33c0c12773de" dependencies = [ "crossbeam-channel", "fst", - "indexmap 2.11.1", + "indexmap 2.11.4", "nohash-hasher", "ra_ap_paths", "ra_ap_stdx", @@ -2211,9 +2212,9 @@ dependencies = [ [[package]] name = "regex" -version = "1.11.2" +version = "1.11.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912" +checksum = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c" dependencies = [ "aho-corasick", "memchr", @@ -2223,9 +2224,9 @@ dependencies = [ [[package]] name = "regex-automata" -version = "0.4.10" +version = "0.4.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6" +checksum = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad" dependencies = [ "aho-corasick", "memchr", @@ -2316,7 +2317,7 @@ dependencies = [ "crossbeam-utils", "hashbrown 0.15.5", "hashlink", - "indexmap 2.11.1", + "indexmap 2.11.4", "intrusive-collections", "papaya", "parking_lot", @@ -2414,10 +2415,11 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.219" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" dependencies = [ + "serde_core", "serde_derive", ] @@ -2442,11 +2444,20 @@ dependencies = [ "serde", ] +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + [[package]] name = "serde_derive" -version = "1.0.219" +version = "1.0.228" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" dependencies = [ "proc-macro2", "quote", @@ -2455,15 +2466,16 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.143" +version = "1.0.145" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a" +checksum = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "itoa", "memchr", "ryu", "serde", + "serde_core", ] [[package]] @@ -2477,24 +2489,24 @@ dependencies = [ [[package]] name = "serde_spanned" -version = "1.0.0" +version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83" +checksum = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee" dependencies = [ - "serde", + "serde_core", ] [[package]] name = "serde_with" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5" +checksum = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e" dependencies = [ "base64", "chrono", "hex", "indexmap 1.9.3", - "indexmap 2.11.1", + "indexmap 2.11.4", "schemars 0.9.0", "schemars 1.0.4", "serde", @@ -2506,9 +2518,9 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "3.14.0" +version = "3.14.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f" +checksum = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e" dependencies = [ "darling", "proc-macro2", @@ -2522,7 +2534,7 @@ version = "0.9.34+deprecated" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6a8b1a1a2ebf674015cc02edccce75287f1a0130d394307b36743c2f5d504b47" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "itoa", "ryu", "serde", @@ -2701,14 +2713,14 @@ dependencies = [ [[package]] name = "toml" -version = "0.9.5" +version = "0.9.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8" +checksum = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0" dependencies = [ - "indexmap 2.11.1", - "serde", - "serde_spanned 1.0.0", - "toml_datetime 0.7.0", + "indexmap 2.11.4", + "serde_core", + "serde_spanned 1.0.2", + "toml_datetime 0.7.2", "toml_parser", "toml_writer", "winnow", @@ -2725,11 +2737,11 @@ dependencies = [ [[package]] name = "toml_datetime" -version = "0.7.0" +version = "0.7.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3" +checksum = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1" dependencies = [ - "serde", + "serde_core", ] [[package]] @@ -2738,7 +2750,7 @@ version = "0.22.27" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "41fe8c660ae4257887cf66394862d21dbca4a6ddd26f04a3560410406a2f819a" dependencies = [ - "indexmap 2.11.1", + "indexmap 2.11.4", "serde", "serde_spanned 0.6.9", "toml_datetime 0.6.11", @@ -2748,9 +2760,9 @@ dependencies = [ [[package]] name = "toml_parser" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10" +checksum = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627" dependencies = [ "winnow", ] @@ -2763,9 +2775,9 @@ checksum = "5d99f8c9a7727884afe522e9bd5edbfc91a3312b36a77b5fb8926e4c31a41801" [[package]] name = "toml_writer" -version = "1.0.2" +version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64" +checksum = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109" [[package]] name = "tracing" @@ -2855,9 +2867,9 @@ dependencies = [ [[package]] name = "tree-sitter-embedded-template" -version = "0.23.2" +version = "0.25.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "790063ef14e5b67556abc0b3be0ed863fb41d65ee791cf8c0b20eb42a1fa46af" +checksum = "833d528e8fcb4e49ddb04d4d6450ddb8ac08f282a58fec94ce981c9c5dbf7e3a" dependencies = [ "cc", "tree-sitter-language", diff --git a/ruby/extractor/Cargo.toml b/ruby/extractor/Cargo.toml index f4de37e85126..b6e1ae901198 100644 --- a/ruby/extractor/Cargo.toml +++ b/ruby/extractor/Cargo.toml @@ -8,15 +8,15 @@ edition = "2024" # When updating these dependencies, run `misc/bazel/3rdparty/update_cargo_deps.sh` [dependencies] tree-sitter = ">= 0.23.0" -tree-sitter-embedded-template = "0.23.2" +tree-sitter-embedded-template = "0.25.0" tree-sitter-ruby = "0.23.1" clap = { version = "4.5", features = ["derive"] } tracing = "0.1" tracing-subscriber = { version = "0.3.20", features = ["env-filter"] } rayon = "1.11.0" -regex = "1.11.2" +regex = "1.11.3" encoding = "0.2" lazy_static = "1.5.0" -serde_json = "1.0.143" +serde_json = "1.0.145" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } diff --git a/rust/ast-generator/Cargo.toml b/rust/ast-generator/Cargo.toml index a5270923722c..fcba71b696c1 100644 --- a/rust/ast-generator/Cargo.toml +++ b/rust/ast-generator/Cargo.toml @@ -8,10 +8,10 @@ license = "MIT" [dependencies] ungrammar = "1.16.1" proc-macro2 = "1.0.101" -quote = "1.0.40" +quote = "1.0.41" either = "1.15.0" stdx = {package = "ra_ap_stdx", version = "0.0.301"} itertools = "0.14.0" mustache = "0.9.0" -serde = { version = "1.0.219", features = ["derive"] } -anyhow = "1.0.99" +serde = { version = "1.0.228", features = ["derive"] } +anyhow = "1.0.100" diff --git a/rust/extractor/Cargo.toml b/rust/extractor/Cargo.toml index 0f87bc22f9e1..223d9dfc68c2 100644 --- a/rust/extractor/Cargo.toml +++ b/rust/extractor/Cargo.toml @@ -6,8 +6,8 @@ license = "MIT" # When updating these dependencies, run `rust/update_cargo_deps.sh` [dependencies] -anyhow = "1.0.99" -clap = { version = "4.5.47", features = ["derive"] } +anyhow = "1.0.100" +clap = { version = "4.5.48", features = ["derive"] } figment = { version = "0.10.19", features = ["env", "yaml"] } num-traits = "0.2.19" ra_ap_base_db = "0.0.301" @@ -25,8 +25,8 @@ ra_ap_parser = "0.0.301" ra_ap_span = "0.0.301" ra_ap_cfg = "0.0.301" ra_ap_intern = "0.0.301" -serde = "1.0.219" -serde_with = "3.14.0" +serde = "1.0.228" +serde_with = "3.14.1" triomphe = "0.1.14" argfile = "0.2.1" codeql-extractor = { path = "../../shared/tree-sitter-extractor" } @@ -34,9 +34,9 @@ rust-extractor-macros = { path = "macros" } itertools = "0.14.0" glob = "0.3.3" chrono = { version = "0.4.42", features = ["serde"] } -serde_json = "1.0.143" +serde_json = "1.0.145" dunce = "1.0.5" -toml = "0.9.5" +toml = "0.9.7" tracing = "0.1.41" tracing-flame = "0.2.0" tracing-subscriber = "0.3.20" diff --git a/rust/extractor/macros/Cargo.toml b/rust/extractor/macros/Cargo.toml index 013ebd986b41..e2e51876ee7d 100644 --- a/rust/extractor/macros/Cargo.toml +++ b/rust/extractor/macros/Cargo.toml @@ -9,5 +9,5 @@ proc-macro = true # When updating these dependencies, run `rust/update_cargo_deps.sh` [dependencies] -quote = "1.0.40" +quote = "1.0.41" syn = { version = "2.0.106", features = ["full"] } diff --git a/shared/tree-sitter-extractor/Cargo.toml b/shared/tree-sitter-extractor/Cargo.toml index 8e60be7274f9..d02f02fd5888 100644 --- a/shared/tree-sitter-extractor/Cargo.toml +++ b/shared/tree-sitter-extractor/Cargo.toml @@ -12,7 +12,7 @@ tree-sitter = ">= 0.23.0" tracing = "0.1" tracing-subscriber = { version = "0.3.20", features = ["env-filter"] } rayon = "1.11.0" -regex = "1.11.2" +regex = "1.11.3" encoding = "0.2" lazy_static = "1.5.0" serde = { version = "1.0", features = ["derive"] } From ef80ff416fc3059d408c7aa850c256a7dd01d3d6 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 30 Sep 2025 10:28:42 +0200 Subject: [PATCH 107/307] Bazel: regenerate vendored cargo dependencies --- MODULE.bazel | 18 +- ....0.99.bazel => BUILD.anyhow-1.0.100.bazel} | 6 +- .../tree_sitter_extractors_deps/BUILD.bazel | 54 ++-- .../BUILD.camino-1.1.12.bazel | 2 +- .../BUILD.cargo-platform-0.2.0.bazel | 2 +- .../BUILD.cargo-util-schemas-0.8.2.bazel | 2 +- .../BUILD.cargo_metadata-0.21.0.bazel | 4 +- .../BUILD.chalk-derive-0.103.0.bazel | 2 +- .../BUILD.chalk-derive-0.104.0.bazel | 2 +- .../BUILD.chalk-solve-0.103.0.bazel | 2 +- .../BUILD.chrono-0.4.42.bazel | 2 +- ...p-4.5.47.bazel => BUILD.clap-4.5.48.bazel} | 4 +- ....bazel => BUILD.clap_builder-4.5.48.bazel} | 2 +- .../BUILD.clap_derive-4.5.47.bazel | 2 +- ...20.11.bazel => BUILD.darling-0.21.3.bazel} | 6 +- ....bazel => BUILD.darling_core-0.21.3.bazel} | 4 +- ...bazel => BUILD.darling_macro-0.21.3.bazel} | 6 +- .../BUILD.displaydoc-0.2.5.bazel | 2 +- .../BUILD.erased-serde-0.4.6.bazel | 2 +- .../BUILD.figment-0.10.19.bazel | 2 +- .../BUILD.globset-0.4.16.bazel | 2 +- ...11.1.bazel => BUILD.indexmap-2.11.4.bazel} | 4 +- .../BUILD.matchers-0.2.0.bazel | 2 +- .../BUILD.mustache-0.9.0.bazel | 2 +- .../BUILD.pear_codegen-0.2.9.bazel | 2 +- .../BUILD.petgraph-0.6.5.bazel | 2 +- ...BUILD.proc-macro2-diagnostics-0.10.1.bazel | 2 +- ...-1.0.40.bazel => BUILD.quote-1.0.41.bazel} | 71 ++++- ...ILD.ra-ap-rustc_index_macros-0.123.0.bazel | 2 +- .../BUILD.ra_ap_base_db-0.0.301.bazel | 2 +- .../BUILD.ra_ap_hir-0.0.301.bazel | 2 +- .../BUILD.ra_ap_hir_def-0.0.301.bazel | 2 +- .../BUILD.ra_ap_hir_ty-0.0.301.bazel | 2 +- .../BUILD.ra_ap_ide_db-0.0.301.bazel | 2 +- .../BUILD.ra_ap_load-cargo-0.0.301.bazel | 2 +- .../BUILD.ra_ap_proc_macro_api-0.0.301.bazel | 8 +- .../BUILD.ra_ap_project_model-0.0.301.bazel | 8 +- ...UILD.ra_ap_query-group-macro-0.0.301.bazel | 2 +- .../BUILD.ra_ap_vfs-0.0.301.bazel | 2 +- .../BUILD.ref-cast-impl-1.0.24.bazel | 2 +- ...-1.11.2.bazel => BUILD.regex-1.11.3.bazel} | 4 +- ...azel => BUILD.regex-automata-0.4.11.bazel} | 2 +- .../BUILD.salsa-0.23.0.bazel | 2 +- .../BUILD.salsa-macros-0.23.0.bazel | 2 +- .../BUILD.schemars-0.9.0.bazel | 4 +- .../BUILD.schemars-1.0.4.bazel | 4 +- .../BUILD.semver-1.0.26.bazel | 2 +- ....0.219.bazel => BUILD.serde-1.0.228.bazel} | 13 +- .../BUILD.serde-untagged-0.1.8.bazel | 2 +- .../BUILD.serde-value-0.7.0.bazel | 2 +- .../BUILD.serde_core-1.0.228.bazel | 167 +++++++++++ ...bazel => BUILD.serde_derive-1.0.228.bazel} | 6 +- ...3.bazel => BUILD.serde_json-1.0.145.bazel} | 36 +-- .../BUILD.serde_spanned-0.6.9.bazel | 2 +- ....bazel => BUILD.serde_spanned-1.0.2.bazel} | 4 +- ....0.bazel => BUILD.serde_with-3.14.1.bazel} | 8 +- ...l => BUILD.serde_with_macros-3.14.1.bazel} | 6 +- .../BUILD.serde_yaml-0.9.34+deprecated.bazel | 4 +- .../BUILD.syn-2.0.106.bazel | 2 +- .../BUILD.synstructure-0.13.2.bazel | 2 +- .../BUILD.thiserror-impl-2.0.16.bazel | 2 +- .../BUILD.toml-0.8.23.bazel | 2 +- ...oml-0.9.5.bazel => BUILD.toml-0.9.7.bazel} | 12 +- .../BUILD.toml_datetime-0.6.11.bazel | 2 +- ....bazel => BUILD.toml_datetime-0.7.2.bazel} | 4 +- .../BUILD.toml_edit-0.22.27.bazel | 4 +- ....2.bazel => BUILD.toml_parser-1.0.3.bazel} | 2 +- ....2.bazel => BUILD.toml_writer-1.0.3.bazel} | 2 +- .../BUILD.tracing-attributes-0.1.30.bazel | 2 +- .../BUILD.tracing-subscriber-0.3.20.bazel | 2 +- .../BUILD.tree-sitter-0.25.9.bazel | 4 +- ...ree-sitter-embedded-template-0.25.0.bazel} | 6 +- .../BUILD.triomphe-0.1.14.bazel | 2 +- .../BUILD.url-2.5.7.bazel | 2 +- .../BUILD.wasm-bindgen-backend-0.2.101.bazel | 2 +- .../BUILD.wasm-bindgen-macro-0.2.101.bazel | 2 +- ...D.wasm-bindgen-macro-support-0.2.101.bazel | 2 +- .../BUILD.windows-implement-0.60.0.bazel | 2 +- .../BUILD.windows-interface-0.59.1.bazel | 2 +- .../BUILD.yoke-derive-0.8.0.bazel | 2 +- .../BUILD.zerocopy-derive-0.8.27.bazel | 2 +- .../BUILD.zerofrom-derive-0.1.6.bazel | 2 +- .../BUILD.zerovec-derive-0.11.1.bazel | 2 +- .../tree_sitter_extractors_deps/defs.bzl | 272 +++++++++--------- 84 files changed, 553 insertions(+), 308 deletions(-) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.anyhow-1.0.99.bazel => BUILD.anyhow-1.0.100.bazel} (97%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.clap-4.5.47.bazel => BUILD.clap-4.5.48.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.clap_builder-4.5.47.bazel => BUILD.clap_builder-4.5.48.bazel} (99%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.darling-0.20.11.bazel => BUILD.darling-0.21.3.bazel} (96%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.darling_core-0.20.11.bazel => BUILD.darling_core-0.21.3.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.darling_macro-0.20.11.bazel => BUILD.darling_macro-0.21.3.bazel} (96%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.indexmap-2.11.1.bazel => BUILD.indexmap-2.11.4.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.quote-1.0.40.bazel => BUILD.quote-1.0.41.bazel} (72%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.regex-1.11.2.bazel => BUILD.regex-1.11.3.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.regex-automata-0.4.10.bazel => BUILD.regex-automata-0.4.11.bazel} (99%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde-1.0.219.bazel => BUILD.serde-1.0.228.bazel} (95%) create mode 100644 misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde_derive-1.0.219.bazel => BUILD.serde_derive-1.0.228.bazel} (97%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde_json-1.0.143.bazel => BUILD.serde_json-1.0.145.bazel} (91%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde_spanned-1.0.0.bazel => BUILD.serde_spanned-1.0.2.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde_with-3.14.0.bazel => BUILD.serde_with-3.14.1.bazel} (95%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.serde_with_macros-3.14.0.bazel => BUILD.serde_with_macros-3.14.1.bazel} (97%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.toml-0.9.5.bazel => BUILD.toml-0.9.7.bazel} (92%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.toml_datetime-0.7.0.bazel => BUILD.toml_datetime-0.7.2.bazel} (98%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.toml_parser-1.0.2.bazel => BUILD.toml_parser-1.0.3.bazel} (99%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.toml_writer-1.0.2.bazel => BUILD.toml_writer-1.0.3.bazel} (99%) rename misc/bazel/3rdparty/tree_sitter_extractors_deps/{BUILD.tree-sitter-embedded-template-0.23.2.bazel => BUILD.tree-sitter-embedded-template-0.25.0.bazel} (97%) diff --git a/MODULE.bazel b/MODULE.bazel index 9d09fc99722b..89fdbf86a4dd 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -98,11 +98,11 @@ use_repo( tree_sitter_extractors_deps = use_extension("//misc/bazel/3rdparty:tree_sitter_extractors_extension.bzl", "r") use_repo( tree_sitter_extractors_deps, - "vendor_ts__anyhow-1.0.99", + "vendor_ts__anyhow-1.0.100", "vendor_ts__argfile-0.2.1", "vendor_ts__chalk-ir-0.104.0", "vendor_ts__chrono-0.4.42", - "vendor_ts__clap-4.5.47", + "vendor_ts__clap-4.5.48", "vendor_ts__dunce-1.0.5", "vendor_ts__either-1.15.0", "vendor_ts__encoding-0.2.33", @@ -116,7 +116,7 @@ use_repo( "vendor_ts__num-traits-0.2.19", "vendor_ts__num_cpus-1.17.0", "vendor_ts__proc-macro2-1.0.101", - "vendor_ts__quote-1.0.40", + "vendor_ts__quote-1.0.41", "vendor_ts__ra_ap_base_db-0.0.301", "vendor_ts__ra_ap_cfg-0.0.301", "vendor_ts__ra_ap_hir-0.0.301", @@ -135,17 +135,17 @@ use_repo( "vendor_ts__ra_ap_vfs-0.0.301", "vendor_ts__rand-0.9.2", "vendor_ts__rayon-1.11.0", - "vendor_ts__regex-1.11.2", - "vendor_ts__serde-1.0.219", - "vendor_ts__serde_json-1.0.143", - "vendor_ts__serde_with-3.14.0", + "vendor_ts__regex-1.11.3", + "vendor_ts__serde-1.0.228", + "vendor_ts__serde_json-1.0.145", + "vendor_ts__serde_with-3.14.1", "vendor_ts__syn-2.0.106", - "vendor_ts__toml-0.9.5", + "vendor_ts__toml-0.9.7", "vendor_ts__tracing-0.1.41", "vendor_ts__tracing-flame-0.2.0", "vendor_ts__tracing-subscriber-0.3.20", "vendor_ts__tree-sitter-0.25.9", - "vendor_ts__tree-sitter-embedded-template-0.23.2", + "vendor_ts__tree-sitter-embedded-template-0.25.0", "vendor_ts__tree-sitter-json-0.24.8", "vendor_ts__tree-sitter-ql-0.23.1", "vendor_ts__tree-sitter-ruby-0.23.1", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel index cdcb7d554a24..26ed6194b686 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.99.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.anyhow-1.0.100.bazel @@ -96,9 +96,9 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.99", + version = "1.0.100", deps = [ - "@vendor_ts__anyhow-1.0.99//:build_script_build", + "@vendor_ts__anyhow-1.0.100//:build_script_build", ], ) @@ -154,7 +154,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.99", + version = "1.0.100", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel index 720687fcb84b..a5cfeccdcea8 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.bazel @@ -32,14 +32,14 @@ filegroup( # Workspace Member Dependencies alias( - name = "anyhow-1.0.99", - actual = "@vendor_ts__anyhow-1.0.99//:anyhow", + name = "anyhow-1.0.100", + actual = "@vendor_ts__anyhow-1.0.100//:anyhow", tags = ["manual"], ) alias( name = "anyhow", - actual = "@vendor_ts__anyhow-1.0.99//:anyhow", + actual = "@vendor_ts__anyhow-1.0.100//:anyhow", tags = ["manual"], ) @@ -80,14 +80,14 @@ alias( ) alias( - name = "clap-4.5.47", - actual = "@vendor_ts__clap-4.5.47//:clap", + name = "clap-4.5.48", + actual = "@vendor_ts__clap-4.5.48//:clap", tags = ["manual"], ) alias( name = "clap", - actual = "@vendor_ts__clap-4.5.47//:clap", + actual = "@vendor_ts__clap-4.5.48//:clap", tags = ["manual"], ) @@ -248,14 +248,14 @@ alias( ) alias( - name = "quote-1.0.40", - actual = "@vendor_ts__quote-1.0.40//:quote", + name = "quote-1.0.41", + actual = "@vendor_ts__quote-1.0.41//:quote", tags = ["manual"], ) alias( name = "quote", - actual = "@vendor_ts__quote-1.0.40//:quote", + actual = "@vendor_ts__quote-1.0.41//:quote", tags = ["manual"], ) @@ -482,50 +482,50 @@ alias( ) alias( - name = "regex-1.11.2", - actual = "@vendor_ts__regex-1.11.2//:regex", + name = "regex-1.11.3", + actual = "@vendor_ts__regex-1.11.3//:regex", tags = ["manual"], ) alias( name = "regex", - actual = "@vendor_ts__regex-1.11.2//:regex", + actual = "@vendor_ts__regex-1.11.3//:regex", tags = ["manual"], ) alias( - name = "serde-1.0.219", - actual = "@vendor_ts__serde-1.0.219//:serde", + name = "serde-1.0.228", + actual = "@vendor_ts__serde-1.0.228//:serde", tags = ["manual"], ) alias( name = "serde", - actual = "@vendor_ts__serde-1.0.219//:serde", + actual = "@vendor_ts__serde-1.0.228//:serde", tags = ["manual"], ) alias( - name = "serde_json-1.0.143", - actual = "@vendor_ts__serde_json-1.0.143//:serde_json", + name = "serde_json-1.0.145", + actual = "@vendor_ts__serde_json-1.0.145//:serde_json", tags = ["manual"], ) alias( name = "serde_json", - actual = "@vendor_ts__serde_json-1.0.143//:serde_json", + actual = "@vendor_ts__serde_json-1.0.145//:serde_json", tags = ["manual"], ) alias( - name = "serde_with-3.14.0", - actual = "@vendor_ts__serde_with-3.14.0//:serde_with", + name = "serde_with-3.14.1", + actual = "@vendor_ts__serde_with-3.14.1//:serde_with", tags = ["manual"], ) alias( name = "serde_with", - actual = "@vendor_ts__serde_with-3.14.0//:serde_with", + actual = "@vendor_ts__serde_with-3.14.1//:serde_with", tags = ["manual"], ) @@ -542,14 +542,14 @@ alias( ) alias( - name = "toml-0.9.5", - actual = "@vendor_ts__toml-0.9.5//:toml", + name = "toml-0.9.7", + actual = "@vendor_ts__toml-0.9.7//:toml", tags = ["manual"], ) alias( name = "toml", - actual = "@vendor_ts__toml-0.9.5//:toml", + actual = "@vendor_ts__toml-0.9.7//:toml", tags = ["manual"], ) @@ -602,14 +602,14 @@ alias( ) alias( - name = "tree-sitter-embedded-template-0.23.2", - actual = "@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template", + name = "tree-sitter-embedded-template-0.25.0", + actual = "@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template", tags = ["manual"], ) alias( name = "tree-sitter-embedded-template", - actual = "@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template", + actual = "@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template", tags = ["manual"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel index 9a90162b227e..8f8a62dbdd84 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.camino-1.1.12.bazel @@ -99,7 +99,7 @@ rust_library( version = "1.1.12", deps = [ "@vendor_ts__camino-1.1.12//:build_script_build", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel index bde1a5698f56..315a77ded829 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-platform-0.2.0.bazel @@ -90,6 +90,6 @@ rust_library( }), version = "0.2.0", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel index d0dfee25c63c..f74bdea2fe1c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo-util-schemas-0.8.2.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.8.2", deps = [ "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde-untagged-0.1.8//:serde_untagged", "@vendor_ts__serde-value-0.7.0//:serde_value", "@vendor_ts__thiserror-2.0.16//:thiserror", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel index c96de37e1161..12ce8fc813d9 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.cargo_metadata-0.21.0.bazel @@ -97,8 +97,8 @@ rust_library( "@vendor_ts__cargo-platform-0.2.0//:cargo_platform", "@vendor_ts__cargo-util-schemas-0.8.2//:cargo_util_schemas", "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__thiserror-2.0.16//:thiserror", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel index 5f5338398884..89aadd71e2ef 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.103.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.103.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel index cd0251c5806b..c5bea0da8449 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-derive-0.104.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.104.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel index 9f0abb9530a3..834e4c9b2051 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chalk-solve-0.103.0.bazel @@ -95,7 +95,7 @@ rust_library( deps = [ "@vendor_ts__chalk-ir-0.103.0//:chalk_ir", "@vendor_ts__ena-0.14.3//:ena", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.12.1//:itertools", "@vendor_ts__petgraph-0.6.5//:petgraph", "@vendor_ts__rustc-hash-1.1.0//:rustc_hash", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel index f6c987b4f921..806fa5bd5a52 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.chrono-0.4.42.bazel @@ -106,7 +106,7 @@ rust_library( version = "0.4.42", deps = [ "@vendor_ts__num-traits-0.2.19//:num_traits", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ] + select({ "@rules_rust//rust/platform:aarch64-apple-darwin": [ "@vendor_ts__iana-time-zone-0.1.63//:iana_time_zone", # aarch64-apple-darwin diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel index 6156a05c6ff3..c689eac509f6 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap-4.5.48.bazel @@ -101,8 +101,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "4.5.47", + version = "4.5.48", deps = [ - "@vendor_ts__clap_builder-4.5.47//:clap_builder", + "@vendor_ts__clap_builder-4.5.48//:clap_builder", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel index 70d567834783..b1d6e28a676d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_builder-4.5.48.bazel @@ -96,7 +96,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "4.5.47", + version = "4.5.48", deps = [ "@vendor_ts__anstream-0.6.20//:anstream", "@vendor_ts__anstyle-1.0.11//:anstyle", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel index 1f2d042d69d8..f4d794c20eb8 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.clap_derive-4.5.47.bazel @@ -95,7 +95,7 @@ rust_proc_macro( deps = [ "@vendor_ts__heck-0.5.0//:heck", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel similarity index 96% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel index 57a23dfb80e4..b40385ef20f3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling-0.21.3.bazel @@ -41,7 +41,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2021", proc_macro_deps = [ - "@vendor_ts__darling_macro-0.20.11//:darling_macro", + "@vendor_ts__darling_macro-0.21.3//:darling_macro", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -95,8 +95,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ - "@vendor_ts__darling_core-0.20.11//:darling_core", + "@vendor_ts__darling_core-0.21.3//:darling_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel index 8fe1dfc0606f..79e5b9b385f3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_core-0.21.3.bazel @@ -92,12 +92,12 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ "@vendor_ts__fnv-1.0.7//:fnv", "@vendor_ts__ident_case-1.0.1//:ident_case", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__strsim-0.11.1//:strsim", "@vendor_ts__syn-2.0.106//:syn", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel similarity index 96% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel index c32d23d3c48a..c150f931e327 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.20.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.darling_macro-0.21.3.bazel @@ -88,10 +88,10 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.20.11", + version = "0.21.3", deps = [ - "@vendor_ts__darling_core-0.20.11//:darling_core", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__darling_core-0.21.3//:darling_core", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel index a486cb7c1285..87651e8bda35 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.displaydoc-0.2.5.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.2.5", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel index 100d2f9727c6..8e03c63e500c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.erased-serde-0.4.6.bazel @@ -93,7 +93,7 @@ rust_library( }), version = "0.4.6", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__typeid-1.0.3//:typeid", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel index 8b6d7b8c56c6..641e4f015233 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.figment-0.10.19.bazel @@ -103,7 +103,7 @@ rust_library( deps = [ "@vendor_ts__figment-0.10.19//:build_script_build", "@vendor_ts__pear-0.2.9//:pear", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_yaml-0.9.34-deprecated//:serde_yaml", "@vendor_ts__uncased-0.9.10//:uncased", ] + select({ diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel index 6c5f8cd7929a..cdcb709b6513 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.globset-0.4.16.bazel @@ -97,7 +97,7 @@ rust_library( "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__bstr-1.12.0//:bstr", "@vendor_ts__log-0.4.28//:log", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel index c3763099eb85..be7b81b49f14 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.indexmap-2.11.4.bazel @@ -93,10 +93,10 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "2.11.1", + version = "2.11.4", deps = [ "@vendor_ts__equivalent-1.0.2//:equivalent", "@vendor_ts__hashbrown-0.15.5//:hashbrown", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel index 4ba339428228..da67f321d99f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.matchers-0.2.0.bazel @@ -90,6 +90,6 @@ rust_library( }), version = "0.2.0", deps = [ - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel index ae043e0e2a1a..cfaa72fda832 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.mustache-0.9.0.bazel @@ -91,6 +91,6 @@ rust_library( version = "0.9.0", deps = [ "@vendor_ts__log-0.3.9//:log", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel index ce5597c6f7ef..a8e7ad4bf41c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.pear_codegen-0.2.9.bazel @@ -92,7 +92,7 @@ rust_proc_macro( deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", "@vendor_ts__proc-macro2-diagnostics-0.10.1//:proc_macro2_diagnostics", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel index c643aefe2c7b..7c88eb609031 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.petgraph-0.6.5.bazel @@ -97,6 +97,6 @@ rust_library( version = "0.6.5", deps = [ "@vendor_ts__fixedbitset-0.4.2//:fixedbitset", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel index 120c4d6c2654..84323b7da799 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.proc-macro2-diagnostics-0.10.1.bazel @@ -101,7 +101,7 @@ rust_library( deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", "@vendor_ts__proc-macro2-diagnostics-0.10.1//:build_script_build", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__yansi-1.0.1//:yansi", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel similarity index 72% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel index 66b79239e47b..de02a99d0de0 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.40.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.quote-1.0.41.bazel @@ -6,7 +6,11 @@ # bazel run @@//misc/bazel/3rdparty:vendor_tree_sitter_extractors ############################################################################### -load("@rules_rust//cargo:defs.bzl", "cargo_toml_env_vars") +load( + "@rules_rust//cargo:defs.bzl", + "cargo_build_script", + "cargo_toml_env_vars", +) load("@rules_rust//rust:defs.bzl", "rust_library") package(default_visibility = ["//visibility:public"]) @@ -92,8 +96,71 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.40", + version = "1.0.41", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", + "@vendor_ts__quote-1.0.41//:build_script_build", + ], +) + +cargo_build_script( + name = "_bs", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + "**/*.rs", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "default", + "proc-macro", + ], + crate_name = "build_script_build", + crate_root = "build.rs", + data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + edition = "2018", + pkg_name = "quote", + rustc_env_files = [ + ":cargo_toml_env_vars", ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=quote", + "manual", + "noclippy", + "norustfmt", + ], + version = "1.0.41", + visibility = ["//visibility:private"], +) + +alias( + name = "build_script_build", + actual = ":_bs", + tags = ["manual"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel index b45b48ce2b9b..c0dff7478449 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra-ap-rustc_index_macros-0.123.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.123.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel index 3931158e4a14..73ba2f1d47fd 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_base_db-0.0.301.bazel @@ -103,7 +103,7 @@ rust_library( version = "0.0.301", deps = [ "@vendor_ts__dashmap-6.1.0//:dashmap", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__ra_ap_cfg-0.0.301//:ra_ap_cfg", "@vendor_ts__ra_ap_intern-0.0.301//:ra_ap_intern", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel index 3134859b4d20..668aa255fbe6 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir-0.0.301.bazel @@ -104,7 +104,7 @@ rust_library( deps = [ "@vendor_ts__arrayvec-0.7.6//:arrayvec", "@vendor_ts__either-1.15.0//:either", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__ra_ap_base_db-0.0.301//:ra_ap_base_db", "@vendor_ts__ra_ap_cfg-0.0.301//:ra_ap_cfg", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel index e97671e1b1be..77782b1df3ce 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_def-0.0.301.bazel @@ -112,7 +112,7 @@ rust_library( "@vendor_ts__drop_bomb-0.1.5//:drop_bomb", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__ra-ap-rustc_abi-0.123.0//:ra_ap_rustc_abi", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel index 7190559d3d8a..74b8972eda04 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_hir_ty-0.0.301.bazel @@ -113,7 +113,7 @@ rust_library( "@vendor_ts__cov-mark-2.1.0//:cov_mark", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__ena-0.14.3//:ena", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", "@vendor_ts__oorandom-11.1.5//:oorandom", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel index 9df94ba41656..da23d55cdd2c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_ide_db-0.0.301.bazel @@ -111,7 +111,7 @@ rust_library( "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__either-1.15.0//:either", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__line-index-0.1.2//:line_index", "@vendor_ts__memchr-2.7.5//:memchr", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel index 81cbfdd3eaf4..51fdf30d0bb9 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_load-cargo-0.0.301.bazel @@ -101,7 +101,7 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__anyhow-1.0.99//:anyhow", + "@vendor_ts__anyhow-1.0.100//:anyhow", "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__ra_ap_hir_expand-0.0.301//:ra_ap_hir_expand", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel index b23675474150..37f3378bd629 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_proc_macro_api-0.0.301.bazel @@ -44,7 +44,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2024", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -100,15 +100,15 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__ra_ap_intern-0.0.301//:ra_ap_intern", "@vendor_ts__ra_ap_paths-0.0.301//:ra_ap_paths", "@vendor_ts__ra_ap_span-0.0.301//:ra_ap_span", "@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx", "@vendor_ts__ra_ap_tt-0.0.301//:ra_ap_tt", "@vendor_ts__rustc-hash-2.1.1//:rustc_hash", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__tracing-0.1.41//:tracing", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel index 4332ecda1a72..29b6d793366a 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_project_model-0.0.301.bazel @@ -46,7 +46,7 @@ rust_library( crate_root = "src/lib.rs", edition = "2024", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -102,7 +102,7 @@ rust_library( }), version = "0.0.301", deps = [ - "@vendor_ts__anyhow-1.0.99//:anyhow", + "@vendor_ts__anyhow-1.0.100//:anyhow", "@vendor_ts__cargo_metadata-0.21.0//:cargo_metadata", "@vendor_ts__itertools-0.14.0//:itertools", "@vendor_ts__la-arena-0.3.1//:la_arena", @@ -115,8 +115,8 @@ rust_library( "@vendor_ts__ra_ap_toolchain-0.0.301//:ra_ap_toolchain", "@vendor_ts__rustc-hash-2.1.1//:rustc_hash", "@vendor_ts__semver-1.0.26//:semver", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", "@vendor_ts__temp-dir-0.1.16//:temp_dir", "@vendor_ts__tracing-0.1.41//:tracing", "@vendor_ts__triomphe-0.1.14//:triomphe", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel index a4099d462eef..ae0f619a3baa 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_query-group-macro-0.0.301.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.0.301", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel index 33b4db4d3562..868107cddc5b 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ra_ap_vfs-0.0.301.bazel @@ -96,7 +96,7 @@ rust_library( deps = [ "@vendor_ts__crossbeam-channel-0.5.15//:crossbeam_channel", "@vendor_ts__fst-0.4.7//:fst", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__nohash-hasher-0.2.0//:nohash_hasher", "@vendor_ts__ra_ap_paths-0.0.301//:ra_ap_paths", "@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel index ba548e9113ae..70bc6acb1161 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.ref-cast-impl-1.0.24.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "1.0.24", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel index 1c4f925a111f..2e26723c4785 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-1.11.3.bazel @@ -107,11 +107,11 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.11.2", + version = "1.11.3", deps = [ "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__memchr-2.7.5//:memchr", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel index 4b17c645f346..3f008ea863c7 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.10.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.regex-automata-0.4.11.bazel @@ -116,7 +116,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.4.10", + version = "0.4.11", deps = [ "@vendor_ts__aho-corasick-1.1.3//:aho_corasick", "@vendor_ts__memchr-2.7.5//:memchr", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel index a7a2366514f8..5ba01a304a85 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-0.23.0.bazel @@ -104,7 +104,7 @@ rust_library( "@vendor_ts__crossbeam-utils-0.8.21//:crossbeam_utils", "@vendor_ts__hashbrown-0.15.5//:hashbrown", "@vendor_ts__hashlink-0.10.0//:hashlink", - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__intrusive-collections-0.9.7//:intrusive_collections", "@vendor_ts__papaya-0.2.3//:papaya", "@vendor_ts__parking_lot-0.12.4//:parking_lot", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel index 03a3ef58912a..8d763b3ef958 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.salsa-macros-0.23.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.23.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel index 639b6c71a0d3..6f1dd98fa177 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-0.9.0.bazel @@ -92,7 +92,7 @@ rust_library( deps = [ "@vendor_ts__dyn-clone-1.0.20//:dyn_clone", "@vendor_ts__ref-cast-1.0.24//:ref_cast", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel index dce895551c83..81d7aa89ab54 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.schemars-1.0.4.bazel @@ -92,7 +92,7 @@ rust_library( deps = [ "@vendor_ts__dyn-clone-1.0.20//:dyn_clone", "@vendor_ts__ref-cast-1.0.24//:ref_cast", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde-1.0.228//:serde", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel index 1b139d7a87e1..b0460d053ae2 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.semver-1.0.26.bazel @@ -100,7 +100,7 @@ rust_library( version = "1.0.26", deps = [ "@vendor_ts__semver-1.0.26//:build_script_build", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel similarity index 95% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel index 86cb23175ba0..e58b661dec8f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.219.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-1.0.228.bazel @@ -46,9 +46,9 @@ rust_library( "std", ], crate_root = "src/lib.rs", - edition = "2018", + edition = "2021", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -102,9 +102,10 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.219", + version = "1.0.228", deps = [ - "@vendor_ts__serde-1.0.219//:build_script_build", + "@vendor_ts__serde-1.0.228//:build_script_build", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) @@ -148,7 +149,7 @@ cargo_build_script( "WORKSPACE.bazel", ], ), - edition = "2018", + edition = "2021", pkg_name = "serde", rustc_env_files = [ ":cargo_toml_env_vars", @@ -163,7 +164,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.219", + version = "1.0.228", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel index 0191982b73aa..f04da9de1ad5 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-untagged-0.1.8.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.1.8", deps = [ "@vendor_ts__erased-serde-0.4.6//:erased_serde", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__typeid-1.0.3//:typeid", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel index f6b8e9a212a5..c897b79e5c77 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde-value-0.7.0.bazel @@ -91,6 +91,6 @@ rust_library( version = "0.7.0", deps = [ "@vendor_ts__ordered-float-2.10.1//:ordered_float", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel new file mode 100644 index 000000000000..cfca5c545ab0 --- /dev/null +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_core-1.0.228.bazel @@ -0,0 +1,167 @@ +############################################################################### +# @generated +# DO NOT MODIFY: This file is auto-generated by a crate_universe tool. To +# regenerate this file, run the following: +# +# bazel run @@//misc/bazel/3rdparty:vendor_tree_sitter_extractors +############################################################################### + +load( + "@rules_rust//cargo:defs.bzl", + "cargo_build_script", + "cargo_toml_env_vars", +) +load("@rules_rust//rust:defs.bzl", "rust_library") + +package(default_visibility = ["//visibility:public"]) + +cargo_toml_env_vars( + name = "cargo_toml_env_vars", + src = "Cargo.toml", +) + +rust_library( + name = "serde_core", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "alloc", + "result", + "std", + ], + crate_root = "src/lib.rs", + edition = "2021", + rustc_env_files = [ + ":cargo_toml_env_vars", + ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=serde_core", + "manual", + "noclippy", + "norustfmt", + ], + target_compatible_with = select({ + "@rules_rust//rust/platform:aarch64-apple-darwin": [], + "@rules_rust//rust/platform:aarch64-apple-ios": [], + "@rules_rust//rust/platform:aarch64-apple-ios-sim": [], + "@rules_rust//rust/platform:aarch64-linux-android": [], + "@rules_rust//rust/platform:aarch64-pc-windows-msvc": [], + "@rules_rust//rust/platform:aarch64-unknown-fuchsia": [], + "@rules_rust//rust/platform:aarch64-unknown-linux-gnu": [], + "@rules_rust//rust/platform:aarch64-unknown-nixos-gnu": [], + "@rules_rust//rust/platform:aarch64-unknown-nto-qnx710": [], + "@rules_rust//rust/platform:aarch64-unknown-uefi": [], + "@rules_rust//rust/platform:arm-unknown-linux-gnueabi": [], + "@rules_rust//rust/platform:armv7-linux-androideabi": [], + "@rules_rust//rust/platform:armv7-unknown-linux-gnueabi": [], + "@rules_rust//rust/platform:i686-apple-darwin": [], + "@rules_rust//rust/platform:i686-linux-android": [], + "@rules_rust//rust/platform:i686-pc-windows-msvc": [], + "@rules_rust//rust/platform:i686-unknown-freebsd": [], + "@rules_rust//rust/platform:i686-unknown-linux-gnu": [], + "@rules_rust//rust/platform:powerpc-unknown-linux-gnu": [], + "@rules_rust//rust/platform:riscv32imc-unknown-none-elf": [], + "@rules_rust//rust/platform:riscv64gc-unknown-none-elf": [], + "@rules_rust//rust/platform:s390x-unknown-linux-gnu": [], + "@rules_rust//rust/platform:thumbv7em-none-eabi": [], + "@rules_rust//rust/platform:thumbv8m.main-none-eabi": [], + "@rules_rust//rust/platform:wasm32-unknown-unknown": [], + "@rules_rust//rust/platform:wasm32-wasip1": [], + "@rules_rust//rust/platform:x86_64-apple-darwin": [], + "@rules_rust//rust/platform:x86_64-apple-ios": [], + "@rules_rust//rust/platform:x86_64-linux-android": [], + "@rules_rust//rust/platform:x86_64-pc-windows-msvc": [], + "@rules_rust//rust/platform:x86_64-unknown-freebsd": [], + "@rules_rust//rust/platform:x86_64-unknown-fuchsia": [], + "@rules_rust//rust/platform:x86_64-unknown-linux-gnu": [], + "@rules_rust//rust/platform:x86_64-unknown-nixos-gnu": [], + "@rules_rust//rust/platform:x86_64-unknown-none": [], + "@rules_rust//rust/platform:x86_64-unknown-uefi": [], + "//conditions:default": ["@platforms//:incompatible"], + }), + version = "1.0.228", + deps = [ + "@vendor_ts__serde_core-1.0.228//:build_script_build", + ], +) + +cargo_build_script( + name = "_bs", + srcs = glob( + include = ["**/*.rs"], + allow_empty = True, + ), + compile_data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + "**/*.rs", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + crate_features = [ + "alloc", + "result", + "std", + ], + crate_name = "build_script_build", + crate_root = "build.rs", + data = glob( + include = ["**"], + allow_empty = True, + exclude = [ + "**/* *", + ".tmp_git_root/**/*", + "BUILD", + "BUILD.bazel", + "WORKSPACE", + "WORKSPACE.bazel", + ], + ), + edition = "2021", + pkg_name = "serde_core", + rustc_env_files = [ + ":cargo_toml_env_vars", + ], + rustc_flags = [ + "--cap-lints=allow", + ], + tags = [ + "cargo-bazel", + "crate-name=serde_core", + "manual", + "noclippy", + "norustfmt", + ], + version = "1.0.228", + visibility = ["//visibility:private"], +) + +alias( + name = "build_script_build", + actual = ":_bs", + tags = ["manual"], +) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel index f11ee965dbac..e3b6733407b3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.219.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_derive-1.0.228.bazel @@ -38,7 +38,7 @@ rust_proc_macro( "default", ], crate_root = "src/lib.rs", - edition = "2015", + edition = "2021", rustc_env_files = [ ":cargo_toml_env_vars", ], @@ -91,10 +91,10 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.219", + version = "1.0.228", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel similarity index 91% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel index 1a4cca70a4fb..5d6298313e49 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.143.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_json-1.0.145.bazel @@ -155,55 +155,55 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.143", + version = "1.0.145", deps = [ "@vendor_ts__itoa-1.0.15//:itoa", "@vendor_ts__memchr-2.7.5//:memchr", "@vendor_ts__ryu-1.0.20//:ryu", - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_json-1.0.143//:build_script_build", + "@vendor_ts__serde_core-1.0.228//:serde_core", + "@vendor_ts__serde_json-1.0.145//:build_script_build", ] + select({ "@rules_rust//rust/platform:aarch64-apple-darwin": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-apple-darwin + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-apple-darwin ], "@rules_rust//rust/platform:aarch64-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-pc-windows-msvc ], "@rules_rust//rust/platform:aarch64-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-unknown-linux-gnu ], "@rules_rust//rust/platform:aarch64-unknown-nixos-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # aarch64-unknown-linux-gnu, aarch64-unknown-nixos-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # aarch64-unknown-linux-gnu, aarch64-unknown-nixos-gnu ], "@rules_rust//rust/platform:arm-unknown-linux-gnueabi": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # arm-unknown-linux-gnueabi + "@vendor_ts__indexmap-2.11.4//:indexmap", # arm-unknown-linux-gnueabi ], "@rules_rust//rust/platform:i686-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # i686-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # i686-pc-windows-msvc ], "@rules_rust//rust/platform:i686-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # i686-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # i686-unknown-linux-gnu ], "@rules_rust//rust/platform:powerpc-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # powerpc-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # powerpc-unknown-linux-gnu ], "@rules_rust//rust/platform:s390x-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # s390x-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # s390x-unknown-linux-gnu ], "@rules_rust//rust/platform:x86_64-apple-darwin": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-apple-darwin + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-apple-darwin ], "@rules_rust//rust/platform:x86_64-pc-windows-msvc": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-pc-windows-msvc + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-pc-windows-msvc ], "@rules_rust//rust/platform:x86_64-unknown-freebsd": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-freebsd + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-freebsd ], "@rules_rust//rust/platform:x86_64-unknown-linux-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-linux-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-linux-gnu ], "@rules_rust//rust/platform:x86_64-unknown-nixos-gnu": [ - "@vendor_ts__indexmap-2.11.1//:indexmap", # x86_64-unknown-linux-gnu, x86_64-unknown-nixos-gnu + "@vendor_ts__indexmap-2.11.4//:indexmap", # x86_64-unknown-linux-gnu, x86_64-unknown-nixos-gnu ], "//conditions:default": [], }), @@ -320,7 +320,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "1.0.143", + version = "1.0.145", visibility = ["//visibility:private"], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel index ffb3bcf7240c..c596adf490ce 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-0.6.9.bazel @@ -93,6 +93,6 @@ rust_library( }), version = "0.6.9", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel index e0c6242de6f5..e51f544db4f1 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_spanned-1.0.2.bazel @@ -93,8 +93,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.0", + version = "1.0.2", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel similarity index 95% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel index 08f8fdf38800..39a38f4f337c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with-3.14.1.bazel @@ -43,8 +43,8 @@ rust_library( crate_root = "src/lib.rs", edition = "2021", proc_macro_deps = [ - "@vendor_ts__serde_derive-1.0.219//:serde_derive", - "@vendor_ts__serde_with_macros-3.14.0//:serde_with_macros", + "@vendor_ts__serde_derive-1.0.228//:serde_derive", + "@vendor_ts__serde_with_macros-3.14.1//:serde_with_macros", ], rustc_env_files = [ ":cargo_toml_env_vars", @@ -98,8 +98,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "3.14.0", + version = "3.14.1", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel index 5ce2041aa7f0..e6c0864d9f0f 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_with_macros-3.14.1.bazel @@ -88,11 +88,11 @@ rust_proc_macro( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "3.14.0", + version = "3.14.1", deps = [ - "@vendor_ts__darling-0.20.11//:darling", + "@vendor_ts__darling-0.21.3//:darling", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel index 46287f3ed281..63410f30d1c3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.serde_yaml-0.9.34+deprecated.bazel @@ -90,10 +90,10 @@ rust_library( }), version = "0.9.34+deprecated", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", + "@vendor_ts__indexmap-2.11.4//:indexmap", "@vendor_ts__itoa-1.0.15//:itoa", "@vendor_ts__ryu-1.0.20//:ryu", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__unsafe-libyaml-0.2.11//:unsafe_libyaml", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel index a4bd833e8e59..234b52999694 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.syn-2.0.106.bazel @@ -104,7 +104,7 @@ rust_library( version = "2.0.106", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__unicode-ident-1.0.19//:unicode_ident", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel index ed7ebbca4014..1043ced13843 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.synstructure-0.13.2.bazel @@ -95,7 +95,7 @@ rust_library( version = "0.13.2", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel index 4f363e2e5ca5..c8a6f5c3acaf 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.thiserror-impl-2.0.16.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "2.0.16", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel index bca02cb3cece..ba176cda49dc 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.8.23.bazel @@ -95,7 +95,7 @@ rust_library( }), version = "0.8.23", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_spanned-0.6.9//:serde_spanned", "@vendor_ts__toml_datetime-0.6.11//:toml_datetime", "@vendor_ts__toml_edit-0.22.27//:toml_edit", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel similarity index 92% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel index 50e11857e38f..ca4f62b9c484 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.5.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml-0.9.7.bazel @@ -95,13 +95,13 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.9.5", + version = "0.9.7", deps = [ - "@vendor_ts__serde-1.0.219//:serde", - "@vendor_ts__serde_spanned-1.0.0//:serde_spanned", - "@vendor_ts__toml_datetime-0.7.0//:toml_datetime", - "@vendor_ts__toml_parser-1.0.2//:toml_parser", - "@vendor_ts__toml_writer-1.0.2//:toml_writer", + "@vendor_ts__serde_core-1.0.228//:serde_core", + "@vendor_ts__serde_spanned-1.0.2//:serde_spanned", + "@vendor_ts__toml_datetime-0.7.2//:toml_datetime", + "@vendor_ts__toml_parser-1.0.3//:toml_parser", + "@vendor_ts__toml_writer-1.0.3//:toml_writer", "@vendor_ts__winnow-0.7.13//:winnow", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel index d0a8d2086cc8..8a9d6b7342b3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.6.11.bazel @@ -93,6 +93,6 @@ rust_library( }), version = "0.6.11", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel similarity index 98% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel index 6d3a99fb0f60..a94b3a87066c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_datetime-0.7.2.bazel @@ -93,8 +93,8 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.7.0", + version = "0.7.2", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde_core-1.0.228//:serde_core", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel index dad3750bcfec..ab36adb8f302 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_edit-0.22.27.bazel @@ -95,8 +95,8 @@ rust_library( }), version = "0.22.27", deps = [ - "@vendor_ts__indexmap-2.11.1//:indexmap", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__indexmap-2.11.4//:indexmap", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__serde_spanned-0.6.9//:serde_spanned", "@vendor_ts__toml_datetime-0.6.11//:toml_datetime", "@vendor_ts__toml_write-0.1.2//:toml_write", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel index 424946c20a6a..8b4c4668aa5e 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_parser-1.0.3.bazel @@ -92,7 +92,7 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.2", + version = "1.0.3", deps = [ "@vendor_ts__winnow-0.7.13//:winnow", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel similarity index 99% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel index 4193266e6d04..e90c3a61d877 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.toml_writer-1.0.3.bazel @@ -92,5 +92,5 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "1.0.2", + version = "1.0.3", ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel index f426539a31c0..ec9f805d2d30 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-attributes-0.1.30.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.1.30", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel index 13b54631970b..cef88b5639b0 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tracing-subscriber-0.3.20.bazel @@ -110,7 +110,7 @@ rust_library( "@vendor_ts__matchers-0.2.0//:matchers", "@vendor_ts__nu-ansi-term-0.50.1//:nu_ansi_term", "@vendor_ts__once_cell-1.21.3//:once_cell", - "@vendor_ts__regex-automata-0.4.10//:regex_automata", + "@vendor_ts__regex-automata-0.4.11//:regex_automata", "@vendor_ts__sharded-slab-0.1.7//:sharded_slab", "@vendor_ts__smallvec-1.15.1//:smallvec", "@vendor_ts__thread_local-1.1.9//:thread_local", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel index 0cb981e47550..46d6255099c3 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-0.25.9.bazel @@ -98,7 +98,7 @@ rust_library( }), version = "0.25.9", deps = [ - "@vendor_ts__regex-1.11.2//:regex", + "@vendor_ts__regex-1.11.3//:regex", "@vendor_ts__regex-syntax-0.8.6//:regex_syntax", "@vendor_ts__streaming-iterator-0.1.9//:streaming_iterator", "@vendor_ts__tree-sitter-0.25.9//:build_script_build", @@ -163,7 +163,7 @@ cargo_build_script( visibility = ["//visibility:private"], deps = [ "@vendor_ts__cc-1.2.37//:cc", - "@vendor_ts__serde_json-1.0.143//:serde_json", + "@vendor_ts__serde_json-1.0.145//:serde_json", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel similarity index 97% rename from misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel rename to misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel index a2cac2bd450c..2b40d8a34d6a 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.23.2.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.tree-sitter-embedded-template-0.25.0.bazel @@ -92,9 +92,9 @@ rust_library( "@rules_rust//rust/platform:x86_64-unknown-uefi": [], "//conditions:default": ["@platforms//:incompatible"], }), - version = "0.23.2", + version = "0.25.0", deps = [ - "@vendor_ts__tree-sitter-embedded-template-0.23.2//:build_script_build", + "@vendor_ts__tree-sitter-embedded-template-0.25.0//:build_script_build", "@vendor_ts__tree-sitter-language-0.1.5//:tree_sitter_language", ], ) @@ -147,7 +147,7 @@ cargo_build_script( "noclippy", "norustfmt", ], - version = "0.23.2", + version = "0.25.0", visibility = ["//visibility:private"], deps = [ "@vendor_ts__cc-1.2.37//:cc", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel index 1ea48d5a72d5..95d24ae522ca 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.triomphe-0.1.14.bazel @@ -96,7 +96,7 @@ rust_library( }), version = "0.1.14", deps = [ - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", "@vendor_ts__stable_deref_trait-1.2.0//:stable_deref_trait", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel index 4ac8b9941e57..6b0e6fcb6696 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.url-2.5.7.bazel @@ -98,6 +98,6 @@ rust_library( "@vendor_ts__form_urlencoded-1.2.2//:form_urlencoded", "@vendor_ts__idna-1.1.0//:idna", "@vendor_ts__percent-encoding-2.3.2//:percent_encoding", - "@vendor_ts__serde-1.0.219//:serde", + "@vendor_ts__serde-1.0.228//:serde", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel index 5a85b0e104d2..f859ddcd68b4 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-backend-0.2.101.bazel @@ -93,7 +93,7 @@ rust_library( "@vendor_ts__bumpalo-3.19.0//:bumpalo", "@vendor_ts__log-0.4.28//:log", "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__wasm-bindgen-shared-0.2.101//:wasm_bindgen_shared", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel index 4b1549c57ddf..b6d6862a2bcf 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-0.2.101.bazel @@ -90,7 +90,7 @@ rust_proc_macro( }), version = "0.2.101", deps = [ - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__wasm-bindgen-macro-support-0.2.101//:wasm_bindgen_macro_support", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel index c42233e4e244..cfee619986ac 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.wasm-bindgen-macro-support-0.2.101.bazel @@ -91,7 +91,7 @@ rust_library( version = "0.2.101", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__wasm-bindgen-backend-0.2.101//:wasm_bindgen_backend", "@vendor_ts__wasm-bindgen-shared-0.2.101//:wasm_bindgen_shared", diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel index b851ac187258..39e7c75ba657 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-implement-0.60.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.60.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel index 0d2150974e06..c91b2cb3347d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.windows-interface-0.59.1.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.59.1", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel index 88b72641dcb8..98706c66018c 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.yoke-derive-0.8.0.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.8.0", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel index b3cddbaed905..7342159d2558 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerocopy-derive-0.8.27.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.8.27", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel index facba68b2c70..b1ccbb6a85d7 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerofrom-derive-0.1.6.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.1.6", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", "@vendor_ts__synstructure-0.13.2//:synstructure", ], diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel index 06b27ed643f5..29b50b11ae3d 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/BUILD.zerovec-derive-0.11.1.bazel @@ -91,7 +91,7 @@ rust_proc_macro( version = "0.11.1", deps = [ "@vendor_ts__proc-macro2-1.0.101//:proc_macro2", - "@vendor_ts__quote-1.0.40//:quote", + "@vendor_ts__quote-1.0.41//:quote", "@vendor_ts__syn-2.0.106//:syn", ], ) diff --git a/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl b/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl index 6f5c2f2a7b20..4d7205ad951e 100644 --- a/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl +++ b/misc/bazel/3rdparty/tree_sitter_extractors_deps/defs.bzl @@ -295,28 +295,28 @@ def aliases( _NORMAL_DEPENDENCIES = { "ruby/extractor": { _COMMON_CONDITION: { - "clap": Label("@vendor_ts__clap-4.5.47//:clap"), + "clap": Label("@vendor_ts__clap-4.5.48//:clap"), "encoding": Label("@vendor_ts__encoding-0.2.33//:encoding"), "lazy_static": Label("@vendor_ts__lazy_static-1.5.0//:lazy_static"), "rayon": Label("@vendor_ts__rayon-1.11.0//:rayon"), - "regex": Label("@vendor_ts__regex-1.11.2//:regex"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), + "regex": Label("@vendor_ts__regex-1.11.3//:regex"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), "tree-sitter": Label("@vendor_ts__tree-sitter-0.25.9//:tree_sitter"), - "tree-sitter-embedded-template": Label("@vendor_ts__tree-sitter-embedded-template-0.23.2//:tree_sitter_embedded_template"), + "tree-sitter-embedded-template": Label("@vendor_ts__tree-sitter-embedded-template-0.25.0//:tree_sitter_embedded_template"), "tree-sitter-ruby": Label("@vendor_ts__tree-sitter-ruby-0.23.1//:tree_sitter_ruby"), }, }, "rust/ast-generator": { _COMMON_CONDITION: { - "anyhow": Label("@vendor_ts__anyhow-1.0.99//:anyhow"), + "anyhow": Label("@vendor_ts__anyhow-1.0.100//:anyhow"), "either": Label("@vendor_ts__either-1.15.0//:either"), "itertools": Label("@vendor_ts__itertools-0.14.0//:itertools"), "mustache": Label("@vendor_ts__mustache-0.9.0//:mustache"), "proc-macro2": Label("@vendor_ts__proc-macro2-1.0.101//:proc_macro2"), - "quote": Label("@vendor_ts__quote-1.0.40//:quote"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), + "quote": Label("@vendor_ts__quote-1.0.41//:quote"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), "stdx": Label("@vendor_ts__ra_ap_stdx-0.0.301//:ra_ap_stdx"), "ungrammar": Label("@vendor_ts__ungrammar-1.16.1//:ungrammar"), }, @@ -325,11 +325,11 @@ _NORMAL_DEPENDENCIES = { }, "rust/extractor": { _COMMON_CONDITION: { - "anyhow": Label("@vendor_ts__anyhow-1.0.99//:anyhow"), + "anyhow": Label("@vendor_ts__anyhow-1.0.100//:anyhow"), "argfile": Label("@vendor_ts__argfile-0.2.1//:argfile"), "chalk-ir": Label("@vendor_ts__chalk-ir-0.104.0//:chalk_ir"), "chrono": Label("@vendor_ts__chrono-0.4.42//:chrono"), - "clap": Label("@vendor_ts__clap-4.5.47//:clap"), + "clap": Label("@vendor_ts__clap-4.5.48//:clap"), "dunce": Label("@vendor_ts__dunce-1.0.5//:dunce"), "figment": Label("@vendor_ts__figment-0.10.19//:figment"), "glob": Label("@vendor_ts__glob-0.3.3//:glob"), @@ -351,10 +351,10 @@ _NORMAL_DEPENDENCIES = { "ra_ap_span": Label("@vendor_ts__ra_ap_span-0.0.301//:ra_ap_span"), "ra_ap_syntax": Label("@vendor_ts__ra_ap_syntax-0.0.301//:ra_ap_syntax"), "ra_ap_vfs": Label("@vendor_ts__ra_ap_vfs-0.0.301//:ra_ap_vfs"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), - "serde_with": Label("@vendor_ts__serde_with-3.14.0//:serde_with"), - "toml": Label("@vendor_ts__toml-0.9.5//:toml"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), + "serde_with": Label("@vendor_ts__serde_with-3.14.1//:serde_with"), + "toml": Label("@vendor_ts__toml-0.9.7//:toml"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-flame": Label("@vendor_ts__tracing-flame-0.2.0//:tracing_flame"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), @@ -363,7 +363,7 @@ _NORMAL_DEPENDENCIES = { }, "rust/extractor/macros": { _COMMON_CONDITION: { - "quote": Label("@vendor_ts__quote-1.0.40//:quote"), + "quote": Label("@vendor_ts__quote-1.0.41//:quote"), "syn": Label("@vendor_ts__syn-2.0.106//:syn"), }, }, @@ -376,9 +376,9 @@ _NORMAL_DEPENDENCIES = { "lazy_static": Label("@vendor_ts__lazy_static-1.5.0//:lazy_static"), "num_cpus": Label("@vendor_ts__num_cpus-1.17.0//:num_cpus"), "rayon": Label("@vendor_ts__rayon-1.11.0//:rayon"), - "regex": Label("@vendor_ts__regex-1.11.2//:regex"), - "serde": Label("@vendor_ts__serde-1.0.219//:serde"), - "serde_json": Label("@vendor_ts__serde_json-1.0.143//:serde_json"), + "regex": Label("@vendor_ts__regex-1.11.3//:regex"), + "serde": Label("@vendor_ts__serde-1.0.228//:serde"), + "serde_json": Label("@vendor_ts__serde_json-1.0.145//:serde_json"), "tracing": Label("@vendor_ts__tracing-0.1.41//:tracing"), "tracing-subscriber": Label("@vendor_ts__tracing-subscriber-0.3.20//:tracing_subscriber"), "tree-sitter": Label("@vendor_ts__tree-sitter-0.25.9//:tree_sitter"), @@ -748,12 +748,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__anyhow-1.0.99", - sha256 = "b0674a1ddeecb70197781e945de4b3b8ffb61fa939a5597bcf48503737663100", + name = "vendor_ts__anyhow-1.0.100", + sha256 = "a23eb6b1614318a8071c9b2521f36b424b2c83db5eb3a0fead4a6c0809af6e61", type = "tar.gz", - urls = ["https://static.crates.io/crates/anyhow/1.0.99/download"], - strip_prefix = "anyhow-1.0.99", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.anyhow-1.0.99.bazel"), + urls = ["https://static.crates.io/crates/anyhow/1.0.100/download"], + strip_prefix = "anyhow-1.0.100", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.anyhow-1.0.100.bazel"), ) maybe( @@ -1018,22 +1018,22 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__clap-4.5.47", - sha256 = "7eac00902d9d136acd712710d71823fb8ac8004ca445a89e73a41d45aa712931", + name = "vendor_ts__clap-4.5.48", + sha256 = "e2134bb3ea021b78629caa971416385309e0131b351b25e01dc16fb54e1b5fae", type = "tar.gz", - urls = ["https://static.crates.io/crates/clap/4.5.47/download"], - strip_prefix = "clap-4.5.47", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap-4.5.47.bazel"), + urls = ["https://static.crates.io/crates/clap/4.5.48/download"], + strip_prefix = "clap-4.5.48", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap-4.5.48.bazel"), ) maybe( http_archive, - name = "vendor_ts__clap_builder-4.5.47", - sha256 = "2ad9bbf750e73b5884fb8a211a9424a1906c1e156724260fdae972f31d70e1d6", + name = "vendor_ts__clap_builder-4.5.48", + sha256 = "c2ba64afa3c0a6df7fa517765e31314e983f51dda798ffba27b988194fb65dc9", type = "tar.gz", - urls = ["https://static.crates.io/crates/clap_builder/4.5.47/download"], - strip_prefix = "clap_builder-4.5.47", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap_builder-4.5.47.bazel"), + urls = ["https://static.crates.io/crates/clap_builder/4.5.48/download"], + strip_prefix = "clap_builder-4.5.48", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.clap_builder-4.5.48.bazel"), ) maybe( @@ -1158,32 +1158,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__darling-0.20.11", - sha256 = "fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee", + name = "vendor_ts__darling-0.21.3", + sha256 = "9cdf337090841a411e2a7f3deb9187445851f91b309c0c0a29e05f74a00a48c0", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling/0.20.11/download"], - strip_prefix = "darling-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling/0.21.3/download"], + strip_prefix = "darling-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling-0.21.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__darling_core-0.20.11", - sha256 = "0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e", + name = "vendor_ts__darling_core-0.21.3", + sha256 = "1247195ecd7e3c85f83c8d2a366e4210d588e802133e1e355180a9870b517ea4", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling_core/0.20.11/download"], - strip_prefix = "darling_core-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_core-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling_core/0.21.3/download"], + strip_prefix = "darling_core-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_core-0.21.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__darling_macro-0.20.11", - sha256 = "fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead", + name = "vendor_ts__darling_macro-0.21.3", + sha256 = "d38308df82d1080de0afee5d069fa14b0326a88c14f15c5ccda35b4a6c414c81", type = "tar.gz", - urls = ["https://static.crates.io/crates/darling_macro/0.20.11/download"], - strip_prefix = "darling_macro-0.20.11", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_macro-0.20.11.bazel"), + urls = ["https://static.crates.io/crates/darling_macro/0.21.3/download"], + strip_prefix = "darling_macro-0.21.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.darling_macro-0.21.3.bazel"), ) maybe( @@ -1698,12 +1698,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__indexmap-2.11.1", - sha256 = "206a8042aec68fa4a62e8d3f7aa4ceb508177d9324faf261e1959e495b7a1921", + name = "vendor_ts__indexmap-2.11.4", + sha256 = "4b0f83760fb341a774ed326568e19f5a863af4a952def8c39f9ab92fd95b88e5", type = "tar.gz", - urls = ["https://static.crates.io/crates/indexmap/2.11.1/download"], - strip_prefix = "indexmap-2.11.1", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.indexmap-2.11.1.bazel"), + urls = ["https://static.crates.io/crates/indexmap/2.11.4/download"], + strip_prefix = "indexmap-2.11.4", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.indexmap-2.11.4.bazel"), ) maybe( @@ -2278,12 +2278,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__quote-1.0.40", - sha256 = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d", + name = "vendor_ts__quote-1.0.41", + sha256 = "ce25767e7b499d1b604768e7cde645d14cc8584231ea6b295e9c9eb22c02e1d1", type = "tar.gz", - urls = ["https://static.crates.io/crates/quote/1.0.40/download"], - strip_prefix = "quote-1.0.40", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.quote-1.0.40.bazel"), + urls = ["https://static.crates.io/crates/quote/1.0.41/download"], + strip_prefix = "quote-1.0.41", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.quote-1.0.41.bazel"), ) maybe( @@ -2708,22 +2708,22 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__regex-1.11.2", - sha256 = "23d7fd106d8c02486a8d64e778353d1cffe08ce79ac2e82f540c86d0facf6912", + name = "vendor_ts__regex-1.11.3", + sha256 = "8b5288124840bee7b386bc413c487869b360b2b4ec421ea56425128692f2a82c", type = "tar.gz", - urls = ["https://static.crates.io/crates/regex/1.11.2/download"], - strip_prefix = "regex-1.11.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-1.11.2.bazel"), + urls = ["https://static.crates.io/crates/regex/1.11.3/download"], + strip_prefix = "regex-1.11.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-1.11.3.bazel"), ) maybe( http_archive, - name = "vendor_ts__regex-automata-0.4.10", - sha256 = "6b9458fa0bfeeac22b5ca447c63aaf45f28439a709ccd244698632f9aa6394d6", + name = "vendor_ts__regex-automata-0.4.11", + sha256 = "833eb9ce86d40ef33cb1306d8accf7bc8ec2bfea4355cbdebb3df68b40925cad", type = "tar.gz", - urls = ["https://static.crates.io/crates/regex-automata/0.4.10/download"], - strip_prefix = "regex-automata-0.4.10", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-automata-0.4.10.bazel"), + urls = ["https://static.crates.io/crates/regex-automata/0.4.11/download"], + strip_prefix = "regex-automata-0.4.11", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.regex-automata-0.4.11.bazel"), ) maybe( @@ -2918,12 +2918,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde-1.0.219", - sha256 = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6", + name = "vendor_ts__serde-1.0.228", + sha256 = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde/1.0.219/download"], - strip_prefix = "serde-1.0.219", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde-1.0.219.bazel"), + urls = ["https://static.crates.io/crates/serde/1.0.228/download"], + strip_prefix = "serde-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde-1.0.228.bazel"), ) maybe( @@ -2948,22 +2948,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde_derive-1.0.219", - sha256 = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00", + name = "vendor_ts__serde_core-1.0.228", + sha256 = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_derive/1.0.219/download"], - strip_prefix = "serde_derive-1.0.219", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_derive-1.0.219.bazel"), + urls = ["https://static.crates.io/crates/serde_core/1.0.228/download"], + strip_prefix = "serde_core-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_core-1.0.228.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_json-1.0.143", - sha256 = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a", + name = "vendor_ts__serde_derive-1.0.228", + sha256 = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_json/1.0.143/download"], - strip_prefix = "serde_json-1.0.143", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_json-1.0.143.bazel"), + urls = ["https://static.crates.io/crates/serde_derive/1.0.228/download"], + strip_prefix = "serde_derive-1.0.228", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_derive-1.0.228.bazel"), + ) + + maybe( + http_archive, + name = "vendor_ts__serde_json-1.0.145", + sha256 = "402a6f66d8c709116cf22f558eab210f5a50187f702eb4d7e5ef38d9a7f1c79c", + type = "tar.gz", + urls = ["https://static.crates.io/crates/serde_json/1.0.145/download"], + strip_prefix = "serde_json-1.0.145", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_json-1.0.145.bazel"), ) maybe( @@ -2978,32 +2988,32 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__serde_spanned-1.0.0", - sha256 = "40734c41988f7306bb04f0ecf60ec0f3f1caa34290e4e8ea471dcd3346483b83", + name = "vendor_ts__serde_spanned-1.0.2", + sha256 = "5417783452c2be558477e104686f7de5dae53dba813c28435e0e70f82d9b04ee", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_spanned/1.0.0/download"], - strip_prefix = "serde_spanned-1.0.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_spanned-1.0.0.bazel"), + urls = ["https://static.crates.io/crates/serde_spanned/1.0.2/download"], + strip_prefix = "serde_spanned-1.0.2", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_spanned-1.0.2.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_with-3.14.0", - sha256 = "f2c45cd61fefa9db6f254525d46e392b852e0e61d9a1fd36e5bd183450a556d5", + name = "vendor_ts__serde_with-3.14.1", + sha256 = "c522100790450cf78eeac1507263d0a350d4d5b30df0c8e1fe051a10c22b376e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_with/3.14.0/download"], - strip_prefix = "serde_with-3.14.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with-3.14.0.bazel"), + urls = ["https://static.crates.io/crates/serde_with/3.14.1/download"], + strip_prefix = "serde_with-3.14.1", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with-3.14.1.bazel"), ) maybe( http_archive, - name = "vendor_ts__serde_with_macros-3.14.0", - sha256 = "de90945e6565ce0d9a25098082ed4ee4002e047cb59892c318d66821e14bb30f", + name = "vendor_ts__serde_with_macros-3.14.1", + sha256 = "327ada00f7d64abaac1e55a6911e90cf665aa051b9a561c7006c157f4633135e", type = "tar.gz", - urls = ["https://static.crates.io/crates/serde_with_macros/3.14.0/download"], - strip_prefix = "serde_with_macros-3.14.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with_macros-3.14.0.bazel"), + urls = ["https://static.crates.io/crates/serde_with_macros/3.14.1/download"], + strip_prefix = "serde_with_macros-3.14.1", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.serde_with_macros-3.14.1.bazel"), ) maybe( @@ -3218,12 +3228,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml-0.9.5", - sha256 = "75129e1dc5000bfbaa9fee9d1b21f974f9fbad9daec557a521ee6e080825f6e8", + name = "vendor_ts__toml-0.9.7", + sha256 = "00e5e5d9bf2475ac9d4f0d9edab68cc573dc2fd644b0dba36b0c30a92dd9eaa0", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml/0.9.5/download"], - strip_prefix = "toml-0.9.5", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml-0.9.5.bazel"), + urls = ["https://static.crates.io/crates/toml/0.9.7/download"], + strip_prefix = "toml-0.9.7", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml-0.9.7.bazel"), ) maybe( @@ -3238,12 +3248,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_datetime-0.7.0", - sha256 = "bade1c3e902f58d73d3f294cd7f20391c1cb2fbcb643b73566bc773971df91e3", + name = "vendor_ts__toml_datetime-0.7.2", + sha256 = "32f1085dec27c2b6632b04c80b3bb1b4300d6495d1e129693bdda7d91e72eec1", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_datetime/0.7.0/download"], - strip_prefix = "toml_datetime-0.7.0", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_datetime-0.7.0.bazel"), + urls = ["https://static.crates.io/crates/toml_datetime/0.7.2/download"], + strip_prefix = "toml_datetime-0.7.2", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_datetime-0.7.2.bazel"), ) maybe( @@ -3258,12 +3268,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_parser-1.0.2", - sha256 = "b551886f449aa90d4fe2bdaa9f4a2577ad2dde302c61ecf262d80b116db95c10", + name = "vendor_ts__toml_parser-1.0.3", + sha256 = "4cf893c33be71572e0e9aa6dd15e6677937abd686b066eac3f8cd3531688a627", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_parser/1.0.2/download"], - strip_prefix = "toml_parser-1.0.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_parser-1.0.2.bazel"), + urls = ["https://static.crates.io/crates/toml_parser/1.0.3/download"], + strip_prefix = "toml_parser-1.0.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_parser-1.0.3.bazel"), ) maybe( @@ -3278,12 +3288,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__toml_writer-1.0.2", - sha256 = "fcc842091f2def52017664b53082ecbbeb5c7731092bad69d2c63050401dfd64", + name = "vendor_ts__toml_writer-1.0.3", + sha256 = "d163a63c116ce562a22cda521fcc4d79152e7aba014456fb5eb442f6d6a10109", type = "tar.gz", - urls = ["https://static.crates.io/crates/toml_writer/1.0.2/download"], - strip_prefix = "toml_writer-1.0.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_writer-1.0.2.bazel"), + urls = ["https://static.crates.io/crates/toml_writer/1.0.3/download"], + strip_prefix = "toml_writer-1.0.3", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.toml_writer-1.0.3.bazel"), ) maybe( @@ -3358,12 +3368,12 @@ def crate_repositories(): maybe( http_archive, - name = "vendor_ts__tree-sitter-embedded-template-0.23.2", - sha256 = "790063ef14e5b67556abc0b3be0ed863fb41d65ee791cf8c0b20eb42a1fa46af", + name = "vendor_ts__tree-sitter-embedded-template-0.25.0", + sha256 = "833d528e8fcb4e49ddb04d4d6450ddb8ac08f282a58fec94ce981c9c5dbf7e3a", type = "tar.gz", - urls = ["https://static.crates.io/crates/tree-sitter-embedded-template/0.23.2/download"], - strip_prefix = "tree-sitter-embedded-template-0.23.2", - build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.tree-sitter-embedded-template-0.23.2.bazel"), + urls = ["https://static.crates.io/crates/tree-sitter-embedded-template/0.25.0/download"], + strip_prefix = "tree-sitter-embedded-template-0.25.0", + build_file = Label("//misc/bazel/3rdparty/tree_sitter_extractors_deps:BUILD.tree-sitter-embedded-template-0.25.0.bazel"), ) maybe( @@ -4097,11 +4107,11 @@ def crate_repositories(): ) return [ - struct(repo = "vendor_ts__anyhow-1.0.99", is_dev_dep = False), + struct(repo = "vendor_ts__anyhow-1.0.100", is_dev_dep = False), struct(repo = "vendor_ts__argfile-0.2.1", is_dev_dep = False), struct(repo = "vendor_ts__chalk-ir-0.104.0", is_dev_dep = False), struct(repo = "vendor_ts__chrono-0.4.42", is_dev_dep = False), - struct(repo = "vendor_ts__clap-4.5.47", is_dev_dep = False), + struct(repo = "vendor_ts__clap-4.5.48", is_dev_dep = False), struct(repo = "vendor_ts__dunce-1.0.5", is_dev_dep = False), struct(repo = "vendor_ts__either-1.15.0", is_dev_dep = False), struct(repo = "vendor_ts__encoding-0.2.33", is_dev_dep = False), @@ -4115,7 +4125,7 @@ def crate_repositories(): struct(repo = "vendor_ts__num-traits-0.2.19", is_dev_dep = False), struct(repo = "vendor_ts__num_cpus-1.17.0", is_dev_dep = False), struct(repo = "vendor_ts__proc-macro2-1.0.101", is_dev_dep = False), - struct(repo = "vendor_ts__quote-1.0.40", is_dev_dep = False), + struct(repo = "vendor_ts__quote-1.0.41", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_base_db-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_cfg-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_hir-0.0.301", is_dev_dep = False), @@ -4133,17 +4143,17 @@ def crate_repositories(): struct(repo = "vendor_ts__ra_ap_syntax-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__ra_ap_vfs-0.0.301", is_dev_dep = False), struct(repo = "vendor_ts__rayon-1.11.0", is_dev_dep = False), - struct(repo = "vendor_ts__regex-1.11.2", is_dev_dep = False), - struct(repo = "vendor_ts__serde-1.0.219", is_dev_dep = False), - struct(repo = "vendor_ts__serde_json-1.0.143", is_dev_dep = False), - struct(repo = "vendor_ts__serde_with-3.14.0", is_dev_dep = False), + struct(repo = "vendor_ts__regex-1.11.3", is_dev_dep = False), + struct(repo = "vendor_ts__serde-1.0.228", is_dev_dep = False), + struct(repo = "vendor_ts__serde_json-1.0.145", is_dev_dep = False), + struct(repo = "vendor_ts__serde_with-3.14.1", is_dev_dep = False), struct(repo = "vendor_ts__syn-2.0.106", is_dev_dep = False), - struct(repo = "vendor_ts__toml-0.9.5", is_dev_dep = False), + struct(repo = "vendor_ts__toml-0.9.7", is_dev_dep = False), struct(repo = "vendor_ts__tracing-0.1.41", is_dev_dep = False), struct(repo = "vendor_ts__tracing-flame-0.2.0", is_dev_dep = False), struct(repo = "vendor_ts__tracing-subscriber-0.3.20", is_dev_dep = False), struct(repo = "vendor_ts__tree-sitter-0.25.9", is_dev_dep = False), - struct(repo = "vendor_ts__tree-sitter-embedded-template-0.23.2", is_dev_dep = False), + struct(repo = "vendor_ts__tree-sitter-embedded-template-0.25.0", is_dev_dep = False), struct(repo = "vendor_ts__tree-sitter-ruby-0.23.1", is_dev_dep = False), struct(repo = "vendor_ts__triomphe-0.1.14", is_dev_dep = False), struct(repo = "vendor_ts__ungrammar-1.16.1", is_dev_dep = False), From 5843fdbdd8e23757fa5a8936dfbb5d50b7b3ae82 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 25 Sep 2025 16:52:27 +0200 Subject: [PATCH 108/307] C#: Add a locations example. --- csharp/ql/test/library-tests/locations/A.cs | 35 +++++++++++++ csharp/ql/test/library-tests/locations/B.cs | 20 +++++++ csharp/ql/test/library-tests/locations/C.cs | 12 +++++ .../locations/locations.expected | 52 +++++++++++++++++++ .../test/library-tests/locations/locations.ql | 14 +++++ 5 files changed, 133 insertions(+) create mode 100644 csharp/ql/test/library-tests/locations/A.cs create mode 100644 csharp/ql/test/library-tests/locations/B.cs create mode 100644 csharp/ql/test/library-tests/locations/C.cs create mode 100644 csharp/ql/test/library-tests/locations/locations.expected create mode 100644 csharp/ql/test/library-tests/locations/locations.ql diff --git a/csharp/ql/test/library-tests/locations/A.cs b/csharp/ql/test/library-tests/locations/A.cs new file mode 100644 index 000000000000..7f641a0024e8 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/A.cs @@ -0,0 +1,35 @@ +using System; + +public abstract class A +{ + public abstract T Prop { get; } + public abstract T this[int index] { get; set; } + public abstract event EventHandler Event; + public void Apply(T t) { } + public abstract object ToObject(T t); +} + +public class A2 : A +{ + public override string Prop => ""; + + public override string this[int i] + { + get { return ""; } + set { } + } + + public override event EventHandler Event + { + add { } + remove { } + } + + public override object ToObject(string t) => t; + + public void M() + { + A2 other = new(); + other.Apply(""); + } +} diff --git a/csharp/ql/test/library-tests/locations/B.cs b/csharp/ql/test/library-tests/locations/B.cs new file mode 100644 index 000000000000..c4cfa9711162 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/B.cs @@ -0,0 +1,20 @@ +using System; + +public class B : A +{ + public override int Prop => 0; + + public override int this[int i] + { + get { return 0; } + set { } + } + + public override event EventHandler Event + { + add { } + remove { } + } + + public override object ToObject(int t) => t; +} diff --git a/csharp/ql/test/library-tests/locations/C.cs b/csharp/ql/test/library-tests/locations/C.cs new file mode 100644 index 000000000000..a4063646d53f --- /dev/null +++ b/csharp/ql/test/library-tests/locations/C.cs @@ -0,0 +1,12 @@ +using System; + +class C +{ + public void M() + { + B b = new B(); + b.Apply(0); + A2 a2 = new A2(); + a2.Apply(""); + } +} diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected new file mode 100644 index 000000000000..8b021b115d26 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -0,0 +1,52 @@ +member_locations +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A`1 | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:12:14:12:15 | A2 | A.cs:14:28:14:31 | Prop | A.cs:14:28:14:31 | A.cs:14:28:14:31 | +| A.cs:12:14:12:15 | A2 | A.cs:16:28:16:31 | Item | A.cs:16:28:16:31 | A.cs:16:28:16:31 | +| A.cs:12:14:12:15 | A2 | A.cs:22:40:22:44 | Event | A.cs:22:40:22:44 | A.cs:22:40:22:44 | +| A.cs:12:14:12:15 | A2 | A.cs:28:28:28:35 | ToObject | A.cs:28:28:28:35 | A.cs:28:28:28:35 | +| A.cs:12:14:12:15 | A2 | A.cs:30:17:30:17 | M | A.cs:30:17:30:17 | A.cs:30:17:30:17 | +| B.cs:3:14:3:14 | B | B.cs:5:25:5:28 | Prop | B.cs:5:25:5:28 | B.cs:5:25:5:28 | +| B.cs:3:14:3:14 | B | B.cs:7:25:7:28 | Item | B.cs:7:25:7:28 | B.cs:7:25:7:28 | +| B.cs:3:14:3:14 | B | B.cs:13:40:13:44 | Event | B.cs:13:40:13:44 | B.cs:13:40:13:44 | +| B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | +| C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | +accessor_location +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:12:14:12:15 | A2 | A.cs:14:36:14:37 | get_Prop | A.cs:14:36:14:37 | A.cs:14:36:14:37 | +| A.cs:12:14:12:15 | A2 | A.cs:18:9:18:11 | get_Item | A.cs:18:9:18:11 | A.cs:18:9:18:11 | +| A.cs:12:14:12:15 | A2 | A.cs:19:9:19:11 | set_Item | A.cs:19:9:19:11 | A.cs:19:9:19:11 | +| A.cs:12:14:12:15 | A2 | A.cs:24:9:24:11 | add_Event | A.cs:24:9:24:11 | A.cs:24:9:24:11 | +| A.cs:12:14:12:15 | A2 | A.cs:25:9:25:14 | remove_Event | A.cs:25:9:25:14 | A.cs:25:9:25:14 | +| B.cs:3:14:3:14 | B | B.cs:5:33:5:33 | get_Prop | B.cs:5:33:5:33 | B.cs:5:33:5:33 | +| B.cs:3:14:3:14 | B | B.cs:9:9:9:11 | get_Item | B.cs:9:9:9:11 | B.cs:9:9:9:11 | +| B.cs:3:14:3:14 | B | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | B.cs:10:9:10:11 | +| B.cs:3:14:3:14 | B | B.cs:15:9:15:11 | add_Event | B.cs:15:9:15:11 | B.cs:15:9:15:11 | +| B.cs:3:14:3:14 | B | B.cs:16:9:16:14 | remove_Event | B.cs:16:9:16:14 | B.cs:16:9:16:14 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql new file mode 100644 index 000000000000..6c1dcc3e385b --- /dev/null +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -0,0 +1,14 @@ +import csharp + +query predicate member_locations(Type t, Member m, SourceLocation l) { + t = m.getDeclaringType() and + l = m.getLocation() and + not l instanceof EmptyLocation and + not m instanceof Constructor +} + +query predicate accessor_location(Type t, Accessor a, SourceLocation l) { + t = a.getDeclaringType() and + l = a.getLocation() and + not l instanceof EmptyLocation +} From e9901305b2e79d77d9d22e053530994f4518cb30 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 25 Sep 2025 16:26:50 +0200 Subject: [PATCH 109/307] C#: Rename GeneratedLocation to EmptyLocation and make sure that we always create one such location. --- .../{GeneratedLocation.cs => EmptyLocation.cs} | 15 ++++++++------- .../Extractor/Analyser.cs | 3 +++ .../Semmle.Extraction.CSharp/Extractor/Context.cs | 8 ++++++-- 3 files changed, 17 insertions(+), 9 deletions(-) rename csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/{GeneratedLocation.cs => EmptyLocation.cs} (54%) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs similarity index 54% rename from csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs rename to csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs index d12f1ca51e00..f81db35fdbca 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/GeneratedLocation.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Locations/EmptyLocation.cs @@ -2,11 +2,11 @@ namespace Semmle.Extraction.CSharp.Entities { - public class GeneratedLocation : SourceLocation + public class EmptyLocation : SourceLocation { private readonly File generatedFile; - private GeneratedLocation(Context cx) + private EmptyLocation(Context cx) : base(cx, null) { generatedFile = GeneratedFile.Create(cx); @@ -26,15 +26,16 @@ public override void WriteId(EscapingTextWriter trapFile) public override int GetHashCode() => 98732567; - public override bool Equals(object? obj) => obj is not null && obj.GetType() == typeof(GeneratedLocation); + public override bool Equals(object? obj) => obj is not null && obj.GetType() == typeof(EmptyLocation); - public static GeneratedLocation Create(Context cx) => GeneratedLocationFactory.Instance.CreateEntity(cx, typeof(GeneratedLocation), null); + public static EmptyLocation Create(Context cx) + => EmptyLocationFactory.Instance.CreateEntity(cx, typeof(EmptyLocation), null); - private class GeneratedLocationFactory : CachedEntityFactory + private class EmptyLocationFactory : CachedEntityFactory { - public static GeneratedLocationFactory Instance { get; } = new GeneratedLocationFactory(); + public static EmptyLocationFactory Instance { get; } = new EmptyLocationFactory(); - public override GeneratedLocation Create(Context cx, string? init) => new GeneratedLocation(cx); + public override EmptyLocation Create(Context cx, string? init) => new EmptyLocation(cx); } } } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs index 3ea99a0d772c..4c8660c172ab 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Analyser.cs @@ -238,6 +238,9 @@ private void DoAnalyseCompilation() compilationEntity = Entities.Compilation.Create(cx); + // Ensure that the empty location is always created. + Entities.EmptyLocation.Create(cx); + ExtractionContext.CompilationInfos.ForEach(ci => trapWriter.Writer.compilation_info(compilationEntity, ci.key, ci.value)); ReportProgressTaskDone(currentTaskId, assemblyPath, trapWriter.TrapFile, stopwatch.Elapsed, AnalysisAction.Extracted); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs index f231c8238a96..b7160cd1f638 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs @@ -550,6 +550,10 @@ public bool Defines(ISymbol symbol) => !SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) || scope.InScope(symbol); + public bool ExtractLocation(ISymbol symbol) => + SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) && + scope.InScope(symbol); + /// /// Runs the given action , guarding for trap duplication /// based on key . @@ -582,14 +586,14 @@ public void WithDuplicationGuard(Key key, Action a) public Entities.Location CreateLocation() { return SourceTree is null - ? Entities.GeneratedLocation.Create(this) + ? Entities.EmptyLocation.Create(this) : CreateLocation(Microsoft.CodeAnalysis.Location.Create(SourceTree, Microsoft.CodeAnalysis.Text.TextSpan.FromBounds(0, 0))); } public Entities.Location CreateLocation(Microsoft.CodeAnalysis.Location? location) { return (location is null || location.Kind == LocationKind.None) - ? Entities.GeneratedLocation.Create(this) + ? Entities.EmptyLocation.Create(this) : location.IsInSource ? Entities.NonGeneratedSourceLocation.Create(this, location) : Entities.Assembly.Create(this, location); From 443c183e416f9ea6298d04c5ee9374b0ecad34e8 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 11:23:24 +0200 Subject: [PATCH 110/307] C#: Only extract locations for unbound declarations (if a declaration can be unfound) and don't extract empty locations. --- .../Entities/Accessor.cs | 6 ++++-- .../Entities/Attribute.cs | 4 ++-- .../Entities/Base/CachedEntity.cs | 18 ++++++++++++++++++ .../Entities/Base/CachedSymbol.cs | 1 + .../Entities/CommentBlock.cs | 2 +- .../Entities/CommentLine.cs | 2 +- .../Entities/Constructor.cs | 2 +- .../Entities/Destructor.cs | 2 +- .../Semmle.Extraction.CSharp/Entities/Event.cs | 6 ++++-- .../Entities/EventAccessor.cs | 6 ++++-- .../Entities/Expression.cs | 1 + .../Semmle.Extraction.CSharp/Entities/Field.cs | 3 +-- .../Entities/Indexer.cs | 6 ++++-- .../Entities/LocalVariable.cs | 2 +- .../Entities/NamespaceDeclaration.cs | 2 +- .../Entities/OrdinaryMethod.cs | 6 ++++-- .../Entities/Parameter.cs | 7 ++++--- .../PreprocessorDirective.cs | 2 +- .../Entities/Property.cs | 6 ++++-- .../Entities/Types/DynamicType.cs | 2 +- .../Entities/Types/NamedType.cs | 3 +-- .../Entities/Types/TupleType.cs | 2 +- .../Entities/Types/TypeParameter.cs | 2 +- .../Entities/UserOperator.cs | 3 +-- 24 files changed, 63 insertions(+), 33 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs index 66e45387d876..fe01e0f9b58d 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Accessor.cs @@ -63,8 +63,10 @@ public override void Populate(TextWriter trapFile) trapFile.accessors(this, kind, Symbol.Name, parent, unboundAccessor); - foreach (var l in Locations) - trapFile.accessor_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.accessor_location, this, Locations); + } Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs index e4799c05507f..0e1b756a37ce 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs @@ -59,11 +59,11 @@ public override void Populate(TextWriter trapFile) { var type = Type.Create(Context, Symbol.AttributeClass); trapFile.attributes(this, kind, type.TypeRef, entity); - trapFile.attribute_location(this, Location); + WriteLocationToTrap(trapFile.attribute_location, this, Location); if (attributeSyntax is not null) { - trapFile.attribute_location(this, Assembly.CreateOutputAssembly(Context)); + WriteLocationToTrap(trapFile.attribute_location, this, Assembly.CreateOutputAssembly(Context)); TypeMention.Create(Context, attributeSyntax.Name, this, type); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs index 96bef9732117..2002fe0f1d7a 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedEntity.cs @@ -1,3 +1,5 @@ +using System; +using System.Collections.Generic; using System.Diagnostics.CodeAnalysis; using System.IO; using Microsoft.CodeAnalysis; @@ -52,6 +54,22 @@ public string DebugContents } } + protected static void WriteLocationToTrap(Action writeAction, T1 entity, Location l) + { + if (l is not EmptyLocation) + { + writeAction(entity, l); + } + } + + protected static void WriteLocationsToTrap(Action writeAction, T1 entity, IEnumerable locations) + { + foreach (var loc in locations) + { + WriteLocationToTrap(writeAction, entity, loc); + } + } + public override bool NeedsPopulation { get; } public override int GetHashCode() => Symbol is null ? 0 : Symbol.GetHashCode(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs index c39eb6076b57..92861e97fdd8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Base/CachedSymbol.cs @@ -1,3 +1,4 @@ +using System; using System.Collections.Generic; using System.IO; using System.Linq; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs index 3c4cdcffc0e9..4e63f5535aad 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs @@ -11,7 +11,7 @@ private CommentBlock(Context cx, Comments.CommentBlock init) public override void Populate(TextWriter trapFile) { trapFile.commentblock(this); - trapFile.commentblock_location(this, Context.CreateLocation(Symbol.Location)); + WriteLocationToTrap(trapFile.commentblock_location, this, Context.CreateLocation(Symbol.Location)); Symbol.CommentLines.ForEach((l, child) => trapFile.commentblock_child(this, l, child)); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs index 7638eefce125..13cd002da79e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentLine.cs @@ -23,7 +23,7 @@ public override void Populate(TextWriter trapFile) { location = Context.CreateLocation(Location); trapFile.commentline(this, Type == CommentLineType.MultilineContinuation ? CommentLineType.Multiline : Type, Text, RawText); - trapFile.commentline_location(this, location); + WriteLocationToTrap(trapFile.commentline_location, this, location); } public override Microsoft.CodeAnalysis.Location? ReportingLocation => location?.Symbol; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs index c3ce2bb6d29e..045277784695 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs @@ -29,7 +29,7 @@ public override void Populate(TextWriter trapFile) ContainingType!.PopulateGenerics(); trapFile.constructors(this, Symbol.ContainingType.Name, ContainingType, (Constructor)OriginalDefinition); - trapFile.constructor_location(this, Location); + WriteLocationToTrap(trapFile.constructor_location, this, Location); if (MakeSynthetic) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs index b6a9c8e8f1b1..3d07c7d42de9 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs @@ -15,7 +15,7 @@ public override void Populate(TextWriter trapFile) ContainingType!.PopulateGenerics(); trapFile.destructors(this, $"~{Symbol.ContainingType.Name}", ContainingType, OriginalDefinition(Context, this, Symbol)); - trapFile.destructor_location(this, Location); + WriteLocationToTrap(trapFile.destructor_location, this, Location); } private static new Destructor OriginalDefinition(Context cx, Destructor original, IMethodSymbol symbol) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs index 888e1ba7304e..8828639820be 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs @@ -51,8 +51,10 @@ public override void Populate(TextWriter trapFile) TypeMention.Create(Context, syntax.ExplicitInterfaceSpecifier!.Name, this, explicitInterface); } - foreach (var l in Locations) - trapFile.event_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.event_location, this, Locations); + } foreach (var syntaxType in declSyntaxReferences .OfType() diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs index 1df6be7a2733..254e7c769569 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs @@ -48,8 +48,10 @@ public override void Populate(TextWriter trapFile) trapFile.event_accessors(this, kind, Symbol.Name, parent, unboundAccessor); - foreach (var l in Locations) - trapFile.event_accessor_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.event_accessor_location, this, Locations); + } Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs index a5cb6e316f41..93107fc6dab8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expression.cs @@ -40,6 +40,7 @@ protected sealed override void Populate(TextWriter trapFile) trapFile.expr_parent_top_level(this, info.Child, info.Parent); else trapFile.expr_parent(this, info.Child, info.Parent); + trapFile.expr_location(this, Location); if (Type.HasValue && !Type.Value.HasObliviousNullability()) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs index 0a91eb57ecdf..61b5c40e6e50 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs @@ -49,8 +49,7 @@ public override void Populate(TextWriter trapFile) } } - foreach (var l in Locations) - trapFile.field_location(this, l); + WriteLocationsToTrap(trapFile.field_location, this, Locations); if (!IsSourceDeclaration || !Symbol.FromSource()) return; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs index 1235b120253c..e6a188a6ab1e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Indexer.cs @@ -19,8 +19,10 @@ public override void Populate(TextWriter trapFile) var type = Type.Create(Context, Symbol.Type); trapFile.indexers(this, Symbol.GetName(useMetadataName: true), ContainingType!, type.TypeRef, OriginalDefinition); - foreach (var l in Locations) - trapFile.indexer_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.indexer_location, this, Locations); + } var getter = BodyDeclaringSymbol.GetMethod; var setter = BodyDeclaringSymbol.SetMethod; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs index f1c6813a66d6..f16faa7f5303 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/LocalVariable.cs @@ -41,7 +41,7 @@ public void PopulateManual(Expression parent, bool isVar) trapFile.localvars(this, Kinds.VariableKind.None, Symbol.Name, @var, Type.Create(Context, parent.Type).TypeRef, parent); } - trapFile.localvar_location(this, Location); + WriteLocationToTrap(trapFile.localvar_location, this, Location); DefineConstantValue(trapFile); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs index 12684c304a41..09ba3cc02b22 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/NamespaceDeclaration.cs @@ -35,7 +35,7 @@ public override void Populate(TextWriter trapFile) var ns = Namespace.Create(Context, @namespace); trapFile.namespace_declarations(this, ns); - trapFile.namespace_declaration_location(this, Context.CreateLocation(node.Name.GetLocation())); + WriteLocationToTrap(trapFile.namespace_declaration_location, this, Context.CreateLocation(node.Name.GetLocation())); var visitor = new Populators.TypeOrNamespaceVisitor(Context, trapFile, this); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs index bd3a637a624c..af4cd1a10cef 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs @@ -43,8 +43,10 @@ public override void Populate(TextWriter trapFile) } } - foreach (var l in Locations) - trapFile.method_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.method_location, this, Locations); + } PopulateGenerics(trapFile); Overrides(trapFile); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs index 76d518776caa..a5d208fc86fe 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs @@ -116,14 +116,16 @@ public override void Populate(TextWriter trapFile) trapFile.@params(this, Name, type.TypeRef, Ordinal, ParamKind, Parent!, Original); foreach (var l in Symbol.Locations) - trapFile.param_location(this, Context.CreateLocation(l)); + { + WriteLocationToTrap(trapFile.param_location, this, Context.CreateLocation(l)); + } if (!Symbol.Locations.Any() && Symbol.ContainingSymbol is IMethodSymbol ms && ms.Name == WellKnownMemberNames.TopLevelStatementsEntryPointMethodName && ms.ContainingType.Name == WellKnownMemberNames.TopLevelStatementsEntryPointTypeName) { - trapFile.param_location(this, Context.CreateLocation()); + WriteLocationToTrap(trapFile.param_location, this, Context.CreateLocation()); } if (Symbol.HasExplicitDefaultValue && Context.Defines(Symbol)) @@ -247,7 +249,6 @@ public override void Populate(TextWriter trapFile) var typeKey = VarargsType.Create(Context); // !! Maybe originaldefinition is wrong trapFile.@params(this, "", typeKey, Ordinal, Kind.None, Parent!, this); - trapFile.param_location(this, GeneratedLocation.Create(Context)); } protected override int Ordinal => ((Method)Parent!).OriginalDefinition.Symbol.Parameters.Length; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs index da39613e1247..9520e80d2459 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PreprocessorDirective.cs @@ -13,7 +13,7 @@ public sealed override void Populate(TextWriter trapFile) PopulatePreprocessor(trapFile); trapFile.preprocessor_directive_active(this, Symbol.IsActive); - trapFile.preprocessor_directive_location(this, Context.CreateLocation(ReportingLocation)); + WriteLocationToTrap(trapFile.preprocessor_directive_location, this, Context.CreateLocation(ReportingLocation)); var compilation = Compilation.Create(Context); trapFile.preprocessor_directive_compilation(this, compilation); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs index f8845a667cc7..ccffa1d95118 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Property.cs @@ -69,8 +69,10 @@ public override void Populate(TextWriter trapFile) TypeMention.Create(Context, syntax.ExplicitInterfaceSpecifier!.Name, this, explicitInterface); } - foreach (var l in Locations) - trapFile.property_location(this, l); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.property_location, this, Locations); + } if (IsSourceDeclaration && Symbol.FromSource()) { diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs index 5a840e3b9ef5..a3372726ae31 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/DynamicType.cs @@ -16,7 +16,7 @@ private DynamicType(Context cx, IDynamicTypeSymbol init) public override void Populate(TextWriter trapFile) { trapFile.types(this, Kinds.TypeKind.DYNAMIC, "dynamic"); - trapFile.type_location(this, Location); + WriteLocationToTrap(trapFile.type_location, this, Location); trapFile.has_modifiers(this, Modifier.Create(Context, "public")); trapFile.parent_namespace(this, Namespace.Create(Context, Context.Compilation.GlobalNamespace)); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs index 96c523d5bbdc..d43ec6860313 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs @@ -83,8 +83,7 @@ public override void Populate(TextWriter trapFile) // Class location if (!Symbol.IsGenericType || Symbol.IsReallyUnbound()) { - foreach (var l in Locations) - trapFile.type_location(this, l); + WriteLocationsToTrap(trapFile.type_location, this, Locations); } if (Symbol.IsAnonymousType) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs index d97e4b9dad57..7e7d3df107f4 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs @@ -55,7 +55,7 @@ public override void Populate(TextWriter trapFile) // about what locations are available for a tuple type. // Sometimes it's the source code, and sometimes it's empty. foreach (var l in Symbol.Locations) - trapFile.type_location(this, Context.CreateLocation(l)); + WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); } private readonly Lazy tupleElementsLazy; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs index 25fda9eabe9d..a74a547f87b8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs @@ -28,7 +28,7 @@ public override void Populate(TextWriter trapFile) foreach (var l in Symbol.Locations) { - trapFile.type_location(this, Context.CreateLocation(l)); + WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); } if (IsSourceDeclaration) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs index 141bded87acf..e37d16567e1b 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs @@ -26,8 +26,7 @@ public override void Populate(TextWriter trapFile) returnType.TypeRef, (UserOperator)OriginalDefinition); - foreach (var l in Locations) - trapFile.operator_location(this, l); + WriteLocationsToTrap(trapFile.operator_location, this, Locations); if (IsSourceDeclaration) { From b2cbac3250bd966055b8be90be99c53f011a152f Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 11:31:31 +0200 Subject: [PATCH 111/307] C#: Temporarily update the test expected file. --- .../locations/locations.expected | 20 ------------------- 1 file changed, 20 deletions(-) diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 8b021b115d26..fff89b29fc44 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -1,14 +1,4 @@ member_locations -| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | -| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | -| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | -| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | -| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | -| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | | A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | @@ -25,16 +15,6 @@ member_locations | B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | | C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | accessor_location -| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | -| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | -| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | -| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | -| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | | A.cs:3:23:3:26 | A`1 | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | | A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | From d7a2c7da18fac6ea813b2a23098898abdf9b448b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 11:23:58 +0200 Subject: [PATCH 112/307] C#: Adjust the QL library to use the locations of the unbound declarations. --- csharp/ql/lib/semmle/code/csharp/Callable.qll | 2 +- csharp/ql/lib/semmle/code/csharp/Event.qll | 4 ++-- csharp/ql/lib/semmle/code/csharp/Property.qll | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll index 7e17f853913a..ef0d0673ce2a 100644 --- a/csharp/ql/lib/semmle/code/csharp/Callable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll @@ -265,7 +265,7 @@ class Method extends Callable, Virtualizable, Attributable, @method { result = Virtualizable.super.getAnUltimateImplementor() } - override Location getALocation() { method_location(this, result) } + override Location getALocation() { method_location(this.getUnboundDeclaration(), result) } /** Holds if this method is an extension method. */ predicate isExtensionMethod() { this.getParameter(0).hasExtensionMethodModifier() } diff --git a/csharp/ql/lib/semmle/code/csharp/Event.qll b/csharp/ql/lib/semmle/code/csharp/Event.qll index a70799524787..39e2fdb7894a 100644 --- a/csharp/ql/lib/semmle/code/csharp/Event.qll +++ b/csharp/ql/lib/semmle/code/csharp/Event.qll @@ -68,7 +68,7 @@ class Event extends DeclarationWithAccessors, @event { result = DeclarationWithAccessors.super.getAnUltimateImplementor() } - override Location getALocation() { event_location(this, result) } + override Location getALocation() { event_location(this.getUnboundDeclaration(), result) } override string getAPrimaryQlClass() { result = "Event" } } @@ -99,7 +99,7 @@ class EventAccessor extends Accessor, @event_accessor { override Event getDeclaration() { event_accessors(this, _, _, result, _) } - override Location getALocation() { event_accessor_location(this, result) } + override Location getALocation() { event_accessor_location(this.getUnboundDeclaration(), result) } } /** diff --git a/csharp/ql/lib/semmle/code/csharp/Property.qll b/csharp/ql/lib/semmle/code/csharp/Property.qll index 60ea83c30117..e651639b6313 100644 --- a/csharp/ql/lib/semmle/code/csharp/Property.qll +++ b/csharp/ql/lib/semmle/code/csharp/Property.qll @@ -196,7 +196,7 @@ class Property extends DeclarationWithGetSetAccessors, @property { override PropertyAccess getAnAccess() { result.getTarget() = this } - override Location getALocation() { property_location(this, result) } + override Location getALocation() { property_location(this.getUnboundDeclaration(), result) } override Expr getAnAssignedValue() { result = DeclarationWithGetSetAccessors.super.getAnAssignedValue() @@ -328,7 +328,7 @@ class Indexer extends DeclarationWithGetSetAccessors, Parameterizable, @indexer result = DeclarationWithGetSetAccessors.super.getAnUltimateImplementor() } - override Location getALocation() { indexer_location(this, result) } + override Location getALocation() { indexer_location(this.getUnboundDeclaration(), result) } override string toStringWithTypes() { result = this.getName() + "[" + this.parameterTypesToString() + "]" @@ -408,7 +408,7 @@ class Accessor extends Callable, Modifiable, Attributable, Overridable, @callabl override Accessor getUnboundDeclaration() { accessors(this, _, _, _, result) } - override Location getALocation() { accessor_location(this, result) } + override Location getALocation() { accessor_location(this.getUnboundDeclaration(), result) } override string toString() { result = this.getName() } } From 018ccb3354d31a6db04f411ac14ce0abfba1ab5c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 11:32:23 +0200 Subject: [PATCH 113/307] C#: Update locations test expected output. --- .../locations/locations.expected | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index fff89b29fc44..8b021b115d26 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -1,4 +1,14 @@ member_locations +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | +| A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | +| A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | | A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | @@ -15,6 +25,16 @@ member_locations | B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | | C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | accessor_location +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | +| A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | +| A.cs:3:23:3:26 | A | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | | A.cs:3:23:3:26 | A`1 | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | | A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | From 63771110a5dd2dd619ab97e37742ca4837b482ed Mon Sep 17 00:00:00 2001 From: idrissrio Date: Tue, 30 Sep 2025 11:46:37 +0200 Subject: [PATCH 114/307] Java: Address review comment --- .../ConstantExpAppearsNonConstant.qlref | 3 ++- .../Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref index 6d7e1f5cb7ff..6d2b25768e5d 100644 --- a/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref +++ b/java/ql/integration-tests/java/evaluation-to-constant-errortype/ConstantExpAppearsNonConstant.qlref @@ -1 +1,2 @@ -Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql \ No newline at end of file +query: Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql index 094c8bbc70c8..28ae63bfd363 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql @@ -19,7 +19,7 @@ predicate isConstantExp(Expr e) { // A literal is constant. e instanceof Literal or - exists(TypeAccess ta | ta = e | not ta.getType() instanceof ErrorType) + e instanceof TypeAccess and not e.(TypeAccess).getType() instanceof ErrorType or e instanceof ArrayTypeAccess or From b5fda88bd3fa0cb7df637866a391c99dbcfa4fa2 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 12:04:39 +0100 Subject: [PATCH 115/307] Remove duplication of `UnsafeFieldReadSanitizer` --- .../go/security/OpenUrlRedirectCustomizations.qll | 15 --------------- .../go/security/RequestForgeryCustomizations.qll | 15 --------------- .../go/security/SafeUrlFlowCustomizations.qll | 15 +++++++++++++++ 3 files changed, 15 insertions(+), 30 deletions(-) diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 870edeee9621..14c0b232d8ba 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -121,21 +121,6 @@ module OpenUrlRedirect { /** A sink for an open redirect, considered as a sink for safe URL flow. */ private class SafeUrlSink extends SafeUrlFlow::Sink instanceof OpenUrlRedirect::Sink { } -/** - * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe - * URL. - */ -private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge { - UnsafeFieldReadSanitizer() { - exists(DataFlow::FieldReadNode frn, string name | - name = ["User", "RawQuery", "Fragment"] and - frn.getField().hasQualifiedName("net/url", "URL") - | - this = frn.getBase() - ) - } -} - /** * Reinstate the usual field propagation rules for fields, which the OpenURLRedirect * query usually excludes, for fields of `Params` other than `Params.Fixed`. diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index 2449ffe488ca..a34a47dd7eda 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -118,18 +118,3 @@ module RequestForgery { /** A sink for request forgery, considered as a sink for safe URL flow. */ private class SafeUrlSink extends SafeUrlFlow::Sink instanceof RequestForgery::Sink { } - -/** - * A read of a field considered unsafe for request forgery, considered as a sanitizer for a safe - * URL. - */ -private class UnsafeFieldReadSanitizer extends SafeUrlFlow::SanitizerEdge { - UnsafeFieldReadSanitizer() { - exists(DataFlow::FieldReadNode frn, string name | - (name = "RawQuery" or name = "Fragment" or name = "User") and - frn.getField().hasQualifiedName("net/url", "URL") - | - this = frn.getBase() - ) - } -} diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll index 5f0572db11ef..eefdea3a145a 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll @@ -40,4 +40,19 @@ module SafeUrlFlow { private class StringSlicingEdge extends SanitizerEdge { StringSlicingEdge() { this = any(DataFlow::SliceNode sn) } } + + /** + * A read of a field considered unsafe to redirect to, considered as a sanitizer for a safe + * URL. + */ + private class UnsafeFieldReadSanitizer extends SanitizerEdge { + UnsafeFieldReadSanitizer() { + exists(DataFlow::FieldReadNode frn, string name | + name = ["Fragment", "RawQuery", "User"] and + frn.getField().hasQualifiedName("net/url", "URL") + | + this = frn.getBase() + ) + } + } } From 5b07e8c9c49d8ae13d7540ad267d1da006d95dd2 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 12:05:06 +0100 Subject: [PATCH 116/307] Fix bug in `UnsafeFieldReadSanitizer` --- go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll index eefdea3a145a..8acd88fb26d8 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll @@ -49,7 +49,7 @@ module SafeUrlFlow { UnsafeFieldReadSanitizer() { exists(DataFlow::FieldReadNode frn, string name | name = ["Fragment", "RawQuery", "User"] and - frn.getField().hasQualifiedName("net/url", "URL") + frn.getField().hasQualifiedName("net/url", "URL", name) | this = frn.getBase() ) From c878af2b9db56db0ab56ae3ab231be106186bf8c Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 30 Sep 2025 13:26:01 +0200 Subject: [PATCH 117/307] Rust: Remove member predicates on `Type` --- .../rust/frameworks/rustcrypto/RustCrypto.qll | 3 +- rust/ql/lib/codeql/rust/internal/Type.qll | 82 ++----------------- .../codeql/rust/internal/TypeInference.qll | 17 ++-- 3 files changed, 19 insertions(+), 83 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll index 51d00f795d7e..c32b62d0359a 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll @@ -31,8 +31,7 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range { // extract the algorithm name from the type of `ce` or its receiver. exists(Type t, TypePath tp | t = inferType([ce, ce.(MethodCallExpr).getReceiver()], tp) and - rawAlgorithmName = - t.(StructType).asItemNode().(Addressable).getCanonicalPath().splitAt("::") + rawAlgorithmName = t.(StructType).asStruct().(Addressable).getCanonicalPath().splitAt("::") ) and algorithmName = simplifyAlgorithmName(rawAlgorithmName) and // only match a known cryptographic algorithm diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 29e6ed283bc6..da4924c59cbb 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -78,14 +78,6 @@ private predicate implTraitTypeParam(ImplTraitTypeRepr implTrait, int i, TypePar * types, such as traits and implementation blocks. */ abstract class Type extends TType { - /** Gets the struct field `name` belonging to this type, if any. */ - pragma[nomagic] - abstract StructField getStructField(string name); - - /** Gets the `i`th tuple field belonging to this type, if any. */ - pragma[nomagic] - abstract TupleField getTupleField(int i); - /** * Gets the `i`th positional type parameter of this type, if any. * @@ -117,10 +109,6 @@ class TupleType extends Type, TTuple { TupleType() { this = TTuple(arity) } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTupleTypeParameter(arity, i) } @@ -140,21 +128,14 @@ class UnitType extends TupleType { override string toString() { result = "()" } } -abstract private class StructOrEnumType extends Type { - abstract ItemNode asItemNode(); -} - /** A struct type. */ -class StructType extends StructOrEnumType, TStruct { +class StructType extends Type, TStruct { private Struct struct; StructType() { this = TStruct(struct) } - override ItemNode asItemNode() { result = struct } - - override StructField getStructField(string name) { result = struct.getStructField(name) } - - override TupleField getTupleField(int i) { result = struct.getTupleField(i) } + /** Get the struct that this struct type represents. */ + Struct asStruct() { result = struct } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(struct.getGenericParamList().getTypeParam(i)) @@ -170,17 +151,11 @@ class StructType extends StructOrEnumType, TStruct { } /** An enum type. */ -class EnumType extends StructOrEnumType, TEnum { +class EnumType extends Type, TEnum { private Enum enum; EnumType() { this = TEnum(enum) } - override ItemNode asItemNode() { result = enum } - - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(enum.getGenericParamList().getTypeParam(i)) } @@ -203,10 +178,6 @@ class TraitType extends Type, TTrait { /** Gets the underlying trait. */ Trait getTrait() { result = trait } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) } @@ -229,16 +200,13 @@ class TraitType extends Type, TTrait { } /** A union type. */ -class UnionType extends StructOrEnumType, TUnion { +class UnionType extends Type, TUnion { private Union union; UnionType() { this = TUnion(union) } - override ItemNode asItemNode() { result = union } - - override StructField getStructField(string name) { result = union.getStructField(name) } - - override TupleField getTupleField(int i) { none() } + /** Get the union that this union type represents. */ + Union asUnion() { result = union } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(union.getGenericParamList().getTypeParam(i)) @@ -262,10 +230,6 @@ class UnionType extends StructOrEnumType, TUnion { class ArrayType extends Type, TArrayType { ArrayType() { this = TArrayType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TArrayTypeParameter() and i = 0 @@ -285,10 +249,6 @@ class ArrayType extends Type, TArrayType { class RefType extends Type, TRefType { RefType() { this = TRefType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TRefTypeParameter() and i = 0 @@ -318,10 +278,6 @@ class ImplTraitType extends Type, TImplTraitType { /** Gets the function that this `impl Trait` belongs to. */ abstract Function getFunction(); - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { exists(TypeParam tp | implTraitTypeParam(impl, i, tp) and @@ -339,10 +295,6 @@ class DynTraitType extends Type, TDynTraitType { DynTraitType() { this = TDynTraitType(trait) } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override DynTraitTypeParameter getPositionalTypeParameter(int i) { result = TDynTraitTypeParameter(trait.getGenericParamList().getTypeParam(i)) } @@ -389,10 +341,6 @@ class ImplTraitReturnType extends ImplTraitType { class SliceType extends Type, TSliceType { SliceType() { this = TSliceType() } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { result = TSliceTypeParameter() and i = 0 @@ -404,10 +352,6 @@ class SliceType extends Type, TSliceType { } class NeverType extends Type, TNeverType { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } override string toString() { result = "!" } @@ -416,10 +360,6 @@ class NeverType extends Type, TNeverType { } class PtrType extends Type, TPtrType { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { i = 0 and result = TPtrTypeParameter() @@ -432,10 +372,6 @@ class PtrType extends Type, TPtrType { /** A type parameter. */ abstract class TypeParameter extends Type { - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } } @@ -634,10 +570,6 @@ class ImplTraitTypeTypeParameter extends ImplTraitType, TypeParameter { override Function getFunction() { result = function } - override StructField getStructField(string name) { none() } - - override TupleField getTupleField(int i) { none() } - override TypeParameter getPositionalTypeParameter(int i) { none() } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index 1f987d6572ea..772939e3b485 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -1173,8 +1173,8 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) { path = TypePath::cons(TRefTypeParameter(), path0) else ( not ( - argType.(StructType).asItemNode() instanceof StringStruct and - result.(StructType).asItemNode() instanceof Builtins::Str + argType.(StructType).asStruct() instanceof StringStruct and + result.(StructType).asStruct() instanceof Builtins::Str ) and ( not path0.isCons(TRefTypeParameter(), _) and @@ -1889,8 +1889,8 @@ final class MethodCall extends Call { // // See also https://doc.rust-lang.org/reference/expressions/method-call-expr.html#r-expr.method.autoref-deref path.isEmpty() and - t0.(StructType).asItemNode() instanceof StringStruct and - result.(StructType).asItemNode() instanceof Builtins::Str + t0.(StructType).asStruct() instanceof StringStruct and + result.(StructType).asStruct() instanceof Builtins::Str ) else result = this.getReceiverTypeAt(path) } @@ -2518,7 +2518,10 @@ private module Cached { */ cached StructField resolveStructFieldExpr(FieldExpr fe) { - exists(string name | result = getFieldExprLookupType(fe, name).getStructField(name)) + exists(string name, Type ty | ty = getFieldExprLookupType(fe, name) | + result = ty.(StructType).asStruct().getStructField(name) or + result = ty.(UnionType).asUnion().getStructField(name) + ) } /** @@ -2526,7 +2529,9 @@ private module Cached { */ cached TupleField resolveTupleFieldExpr(FieldExpr fe) { - exists(int i | result = getTupleFieldExprLookupType(fe, i).getTupleField(i)) + exists(int i | + result = getTupleFieldExprLookupType(fe, i).(StructType).asStruct().getTupleField(i) + ) } /** From 49efd574a09b71c24132d80acfe9fcd4d4841d64 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Tue, 30 Sep 2025 14:47:06 +0200 Subject: [PATCH 118/307] Rust: Add taint model for add on `String` --- .../frameworks/stdlib/lang-alloc.model.yml | 2 + .../strings/inline-taint-flow.expected | 41 ++++++++++++------- .../library-tests/dataflow/strings/main.rs | 4 +- 3 files changed, 30 insertions(+), 17 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 8eb3788ab1ef..1f14e222fd2a 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -46,5 +46,7 @@ extensions: - ["::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] - ["::parse", "Argument[self]", "ReturnValue.Field[core::result::Result::Ok(0)]", "taint", "manual"] - ["::trim", "Argument[self]", "ReturnValue.Reference", "taint", "manual"] + - ["::add", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["::add", "Argument[0].Reference", "ReturnValue", "taint", "manual"] # Vec - ["alloc::vec::from_elem", "Argument[0]", "ReturnValue.Element", "value", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index e6241590137f..ef137d85103e 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -1,11 +1,12 @@ models | 1 | Summary: <_ as core::convert::From>::from; Argument[0]; ReturnValue; taint | | 2 | Summary: ::from; Argument[0].Reference; ReturnValue; value | -| 3 | Summary: ::add; Argument[self]; ReturnValue; value | -| 4 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 6 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 7 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 3 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 4 | Summary: ::add; Argument[self]; ReturnValue; value | +| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 6 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 7 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 8 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | edges | main.rs:26:9:26:9 | s | main.rs:27:19:27:25 | s[...] | provenance | | | main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | s | provenance | | @@ -16,8 +17,12 @@ edges | main.rs:32:9:32:10 | s1 | main.rs:35:14:35:15 | s1 | provenance | | | main.rs:32:14:32:23 | source(...) | main.rs:32:9:32:10 | s1 | provenance | | | main.rs:35:9:35:10 | s4 | main.rs:38:10:38:11 | s4 | provenance | | -| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:3 | +| main.rs:35:14:35:15 | s1 | main.rs:35:14:35:20 | ... + ... | provenance | MaD:4 | | main.rs:35:14:35:20 | ... + ... | main.rs:35:9:35:10 | s4 | provenance | | +| main.rs:43:9:43:10 | s1 | main.rs:46:34:46:35 | s1 | provenance | | +| main.rs:43:14:43:23 | source(...) | main.rs:43:9:43:10 | s1 | provenance | | +| main.rs:46:33:46:35 | &s1 [&ref] | main.rs:46:10:46:35 | ... + ... | provenance | MaD:3 | +| main.rs:46:34:46:35 | s1 | main.rs:46:33:46:35 | &s1 [&ref] | provenance | | | main.rs:51:9:51:10 | s1 | main.rs:52:27:52:28 | s1 | provenance | | | main.rs:51:14:51:29 | source_slice(...) | main.rs:51:9:51:10 | s1 | provenance | | | main.rs:52:9:52:10 | s2 | main.rs:53:10:53:11 | s2 | provenance | | @@ -25,38 +30,38 @@ edges | main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:1 | | main.rs:52:27:52:28 | s1 | main.rs:52:14:52:29 | ...::from(...) | provenance | MaD:2 | | main.rs:63:9:63:9 | s | main.rs:64:16:64:16 | s | provenance | | -| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:4 | | main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:5 | +| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:6 | | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance | | -| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:4 | | main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:5 | +| main.rs:64:16:64:16 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:6 | | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance | | | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance | | | main.rs:68:13:68:22 | source(...) | main.rs:68:9:68:9 | s | provenance | | | main.rs:70:9:70:18 | formatted1 | main.rs:71:10:71:19 | formatted1 | provenance | | | main.rs:70:22:70:62 | ...::format(...) | main.rs:70:9:70:18 | formatted1 | provenance | | -| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:6 | +| main.rs:70:34:70:61 | MacroExpr | main.rs:70:22:70:62 | ...::format(...) | provenance | MaD:7 | | main.rs:73:9:73:18 | formatted2 | main.rs:74:10:74:19 | formatted2 | provenance | | | main.rs:73:22:73:60 | ...::format(...) | main.rs:73:9:73:18 | formatted2 | provenance | | -| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:6 | +| main.rs:73:34:73:59 | MacroExpr | main.rs:73:22:73:60 | ...::format(...) | provenance | MaD:7 | | main.rs:76:9:76:13 | width | main.rs:77:34:77:74 | MacroExpr | provenance | | | main.rs:76:17:76:32 | source_usize(...) | main.rs:76:9:76:13 | width | provenance | | | main.rs:77:9:77:18 | formatted3 | main.rs:78:10:78:19 | formatted3 | provenance | | | main.rs:77:22:77:75 | ...::format(...) | main.rs:77:9:77:18 | formatted3 | provenance | | -| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:6 | +| main.rs:77:34:77:74 | MacroExpr | main.rs:77:22:77:75 | ...::format(...) | provenance | MaD:7 | | main.rs:82:9:82:10 | s1 | main.rs:86:18:86:25 | MacroExpr | provenance | | | main.rs:82:9:82:10 | s1 | main.rs:87:18:87:32 | MacroExpr | provenance | | | main.rs:82:14:82:23 | source(...) | main.rs:82:9:82:10 | s1 | provenance | | | main.rs:86:10:86:16 | res | main.rs:86:18:86:25 | { ... } | provenance | | | main.rs:86:18:86:25 | ...::format(...) | main.rs:86:10:86:16 | res | provenance | | | main.rs:86:18:86:25 | ...::must_use(...) | main.rs:86:10:86:26 | MacroExpr | provenance | | -| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:6 | -| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:7 | +| main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:7 | +| main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:8 | | main.rs:87:10:87:16 | res | main.rs:87:18:87:32 | { ... } | provenance | | | main.rs:87:18:87:32 | ...::format(...) | main.rs:87:10:87:16 | res | provenance | | | main.rs:87:18:87:32 | ...::must_use(...) | main.rs:87:10:87:33 | MacroExpr | provenance | | -| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:6 | -| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:7 | +| main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:7 | +| main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:8 | nodes | main.rs:26:9:26:9 | s | semmle.label | s | | main.rs:26:13:26:22 | source(...) | semmle.label | source(...) | @@ -70,6 +75,11 @@ nodes | main.rs:35:14:35:15 | s1 | semmle.label | s1 | | main.rs:35:14:35:20 | ... + ... | semmle.label | ... + ... | | main.rs:38:10:38:11 | s4 | semmle.label | s4 | +| main.rs:43:9:43:10 | s1 | semmle.label | s1 | +| main.rs:43:14:43:23 | source(...) | semmle.label | source(...) | +| main.rs:46:10:46:35 | ... + ... | semmle.label | ... + ... | +| main.rs:46:33:46:35 | &s1 [&ref] | semmle.label | &s1 [&ref] | +| main.rs:46:34:46:35 | s1 | semmle.label | s1 | | main.rs:51:9:51:10 | s1 | semmle.label | s1 | | main.rs:51:14:51:29 | source_slice(...) | semmle.label | source_slice(...) | | main.rs:52:9:52:10 | s2 | semmle.label | s2 | @@ -115,6 +125,7 @@ testFailures #select | main.rs:28:16:28:21 | sliced | main.rs:26:13:26:22 | source(...) | main.rs:28:16:28:21 | sliced | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) | +| main.rs:46:10:46:35 | ... + ... | main.rs:43:14:43:23 | source(...) | main.rs:46:10:46:35 | ... + ... | $@ | main.rs:43:14:43:23 | source(...) | source(...) | | main.rs:53:10:53:11 | s2 | main.rs:51:14:51:29 | source_slice(...) | main.rs:53:10:53:11 | s2 | $@ | main.rs:51:14:51:29 | source_slice(...) | source_slice(...) | | main.rs:64:16:64:25 | s.as_str() | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str() | $@ | main.rs:63:13:63:22 | source(...) | source(...) | | main.rs:71:10:71:19 | formatted1 | main.rs:68:13:68:22 | source(...) | main.rs:71:10:71:19 | formatted1 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/strings/main.rs b/rust/ql/test/library-tests/dataflow/strings/main.rs index ca9db9a90265..40f629468325 100644 --- a/rust/ql/test/library-tests/dataflow/strings/main.rs +++ b/rust/ql/test/library-tests/dataflow/strings/main.rs @@ -43,7 +43,7 @@ fn string_add_reference() { let s1 = source(37); let s2 = "1".to_string(); - sink("Hello ".to_string() + &s1); // $ MISSING: hasTaintFlow=37 + sink("Hello ".to_string() + &s1); // $ hasTaintFlow=37 sink("Hello ".to_string() + &s2); } @@ -56,7 +56,7 @@ fn string_from() { fn string_to_string() { let s1 = source_slice(22); let s2 = s1.to_string(); - sink(s2); // $ MISSING: hasTaintFlow=22 - we are not currently able to resolve the `to_string` call above, which comes from `impl ToString for T` + sink(s2); // $ MISSING: hasTaintFlow=22 } fn as_str() { From f88daff45f5d9cf1a1f57d7f69b9c3a30863db99 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 30 Sep 2025 13:56:27 +0100 Subject: [PATCH 119/307] Java: note that classes with entirely private constructors can't be subclassed --- .../Concurrency/StartInConstructor.ql | 10 +++++++++- .../query-tests/StartInConstructor/Test.java | 16 +++++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql index 3c80e4519518..700b1fab8968 100644 --- a/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +++ b/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql @@ -15,6 +15,10 @@ import java +private predicate hasASubclass(RefType t) { + exists(RefType sub | sub != t | sub.getAnAncestor() = t) +} + /** * Holds if this type is either `final` or * `private` and without subtypes. @@ -24,7 +28,11 @@ private predicate cannotBeExtended(RefType t) { or // If the class is private, all possible subclasses are known. t.isPrivate() and - not exists(RefType sub | sub != t | sub.getAnAncestor() = t) + not hasASubclass(t) + or + // If the class only has private constructors, all possible subclasses are known. + forex(Constructor c | c.getDeclaringType() = t | c.isPrivate()) and + not hasASubclass(t) } from MethodCall m, Constructor c, Class clazz diff --git a/java/ql/test/query-tests/StartInConstructor/Test.java b/java/ql/test/query-tests/StartInConstructor/Test.java index 4c5a57d8b4be..ae8148af7873 100644 --- a/java/ql/test/query-tests/StartInConstructor/Test.java +++ b/java/ql/test/query-tests/StartInConstructor/Test.java @@ -30,4 +30,18 @@ public Private() { } } -} \ No newline at end of file + + public static class AllPrivateConstructors { + Thread myThread; + + private AllPrivateConstructors() { + myThread = new Thread("myThread"); + // OK - class cannot be extended outside this file, and is not in fact extended + myThread.start(); + } + + public static AllPrivateConstructors create() { + return new AllPrivateConstructors(); + } + } +} From 1b2bd30a292a3bf8973098ce72efbb0d72bb7716 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 30 Sep 2025 14:14:19 +0100 Subject: [PATCH 120/307] Update cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll Co-authored-by: Anders Schack-Mulligen --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index 042f815ac80c..b41a484eedc3 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -322,7 +322,7 @@ module GuardsInput implements SharedGuards::InputSig Date: Tue, 30 Sep 2025 14:15:55 +0100 Subject: [PATCH 121/307] C++: Update QLDoc. --- cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll index b41a484eedc3..e9ff5dbf5e48 100644 --- a/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll +++ b/cpp/ql/lib/semmle/code/cpp/controlflow/IRGuards.qll @@ -63,8 +63,8 @@ module GuardsInput implements SharedGuards::InputSig Date: Tue, 30 Sep 2025 15:26:30 +0200 Subject: [PATCH 122/307] Rust: Accept test changes --- .../security/CWE-089/SqlInjection.expected | 247 +++++++++++++++--- .../test/query-tests/security/CWE-089/sqlx.rs | 20 +- .../CWE-312/CleartextLogging.expected | 95 +++---- .../CWE-312/CleartextStorageDatabase.expected | 65 +++-- .../CWE-825/AccessAfterLifetime.expected | 8 +- 5 files changed, 315 insertions(+), 120 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index 329138efa245..46c49c8071df 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -2,79 +2,191 @@ | sqlx.rs:77:13:77:23 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:77:13:77:23 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | | sqlx.rs:78:13:78:23 | ...::query | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:78:13:78:23 | ...::query | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | | sqlx.rs:80:17:80:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:80:17:80:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:81:17:81:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:81:17:81:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | | sqlx.rs:82:17:82:27 | ...::query | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:82:17:82:27 | ...::query | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:113:17:113:29 | ...::raw_sql | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:113:17:113:29 | ...::raw_sql | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:120:17:120:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:120:17:120:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:127:17:127:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:127:17:127:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:136:40:136:53 | ...::query_as | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:136:40:136:53 | ...::query_as | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:145:40:145:53 | ...::query_as | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:145:40:145:53 | ...::query_as | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:153:17:153:27 | ...::query | sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:153:17:153:27 | ...::query | This query depends on a $@. | sqlx.rs:100:25:100:46 | ...::get | user-provided value | +| sqlx.rs:188:17:188:27 | ...::query | sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:188:17:188:27 | ...::query | This query depends on a $@. | sqlx.rs:173:25:173:46 | ...::get | user-provided value | edges | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | | -| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:3 | -| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:4 | -| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:6 | +| sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:5 | +| sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:6 | +| sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:10 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:10 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:14 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:55:84:55:96 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:59:17:59:72 | MacroExpr | provenance | | -| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 | -| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:7 | -| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 | -| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:8 | +| sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:12 | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance | | | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance | | -| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:8 | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:12 | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance | | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:36 | safe_query_3 | provenance | | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:5 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | | sqlx.rs:52:24:52:30 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | | | sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:30 | res | provenance | | | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | | -| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:12 | -| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:13 | -| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:5 | +| sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:16 | +| sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:17 | +| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:53:26:53:36 | &arg_string [&ref] | sqlx.rs:53:9:53:22 | unsafe_query_1 [&ref] | provenance | | | sqlx.rs:53:27:53:36 | arg_string | sqlx.rs:53:26:53:36 | &arg_string [&ref] | provenance | | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:5 | -| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:42 | unsafe_query_3 | provenance | | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:9 | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | provenance | MaD:13 | +| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance | | +| sqlx.rs:55:26:55:96 | ... + ... | sqlx.rs:55:26:55:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:55:26:55:102 | ... + ... | sqlx.rs:55:9:55:22 | unsafe_query_3 | provenance | | +| sqlx.rs:55:83:55:96 | &remote_string [&ref] | sqlx.rs:55:26:55:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:55:84:55:96 | remote_string | sqlx.rs:55:83:55:96 | &remote_string [&ref] | provenance | | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:42 | unsafe_query_4 | provenance | | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:5 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | | sqlx.rs:59:9:59:15 | res | sqlx.rs:59:17:59:72 | { ... } | provenance | | | sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:9:59:15 | res | provenance | | | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | | -| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:12 | -| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:13 | -| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:5 | +| sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:16 | +| sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:17 | +| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:77:25:77:36 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:77:25:77:45 | safe_query_3.as_str() [&ref] | sqlx.rs:77:13:77:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | sqlx.rs:78:13:78:23 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | sqlx.rs:80:17:80:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | sqlx.rs:81:17:81:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 | -| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:5 | -| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:82:29:82:42 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | provenance | MaD:13 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | sqlx.rs:82:17:82:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:100:9:100:21 | remote_string | sqlx.rs:102:84:102:96 | remote_string | provenance | | +| sqlx.rs:100:25:100:46 | ...::get | sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | sqlx.rs:100:25:100:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:100:25:100:78 | ... .unwrap() | sqlx.rs:100:25:100:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:100:25:100:85 | ... .text() [Ok] | sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | provenance | MaD:12 | +| sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | sqlx.rs:100:9:100:21 | remote_string | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:44 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:68 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:68 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:42 | unsafe_query_1 | provenance | | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance | | +| sqlx.rs:102:26:102:96 | ... + ... | sqlx.rs:102:26:102:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:102:26:102:102 | ... + ... | sqlx.rs:102:9:102:22 | unsafe_query_1 | provenance | | +| sqlx.rs:102:83:102:96 | &remote_string [&ref] | sqlx.rs:102:26:102:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:102:84:102:96 | remote_string | sqlx.rs:102:83:102:96 | &remote_string [&ref] | provenance | | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | sqlx.rs:113:17:113:29 | ...::raw_sql | provenance | MaD:3 Sink:MaD:3 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:120:17:120:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:127:17:127:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:136:40:136:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | sqlx.rs:145:40:145:53 | ...::query_as | provenance | MaD:2 Sink:MaD:2 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:153:17:153:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:173:9:173:21 | remote_string | sqlx.rs:175:84:175:96 | remote_string | provenance | | +| sqlx.rs:173:25:173:46 | ...::get | sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | provenance | Src:MaD:4 | +| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | sqlx.rs:173:25:173:78 | ... .unwrap() | provenance | MaD:11 | +| sqlx.rs:173:25:173:78 | ... .unwrap() | sqlx.rs:173:25:173:85 | ... .text() [Ok] | provenance | MaD:15 | +| sqlx.rs:173:25:173:85 | ... .text() [Ok] | sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | provenance | MaD:12 | +| sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | sqlx.rs:173:9:173:21 | remote_string | provenance | | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:42 | unsafe_query_1 | provenance | | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:9 | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | provenance | MaD:13 | +| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance | | +| sqlx.rs:175:26:175:96 | ... + ... | sqlx.rs:175:26:175:102 | ... + ... | provenance | MaD:8 | +| sqlx.rs:175:26:175:102 | ... + ... | sqlx.rs:175:9:175:22 | unsafe_query_1 | provenance | | +| sqlx.rs:175:83:175:96 | &remote_string [&ref] | sqlx.rs:175:26:175:96 | ... + ... | provenance | MaD:7 | +| sqlx.rs:175:84:175:96 | remote_string | sqlx.rs:175:83:175:96 | &remote_string [&ref] | provenance | | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:9 | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | provenance | MaD:13 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | sqlx.rs:188:17:188:27 | ...::query | provenance | MaD:1 Sink:MaD:1 | models | 1 | Sink: sqlx_core::query::query; Argument[0]; sql-injection | -| 2 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote | -| 3 | Source: std::env::args; ReturnValue.Element; commandargs | -| 4 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value | -| 5 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 6 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | -| 7 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 8 | Summary: ::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 10 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 11 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 12 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 13 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 2 | Sink: sqlx_core::query_as::query_as; Argument[0]; sql-injection | +| 3 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection | +| 4 | Source: reqwest::blocking::get; ReturnValue.Field[core::result::Result::Ok(0)]; remote | +| 5 | Source: std::env::args; ReturnValue.Element; commandargs | +| 6 | Summary: <_ as core::iter::traits::iterator::Iterator>::nth; Argument[self].Element; ReturnValue.Field[core::option::Option::Some(0)]; value | +| 7 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 8 | Summary: ::add; Argument[self]; ReturnValue; value | +| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 10 | Summary: ::unwrap_or; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | +| 11 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 12 | Summary: ::unwrap_or; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 13 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 14 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 15 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 16 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 17 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | sqlx.rs:47:9:47:18 | arg_string | semmle.label | arg_string | | sqlx.rs:47:22:47:35 | ...::args | semmle.label | ...::args | @@ -102,6 +214,11 @@ nodes | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | | sqlx.rs:54:27:54:39 | remote_string | semmle.label | remote_string | +| sqlx.rs:55:9:55:22 | unsafe_query_3 | semmle.label | unsafe_query_3 | +| sqlx.rs:55:26:55:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:55:26:55:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:55:83:55:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:55:84:55:96 | remote_string | semmle.label | remote_string | | sqlx.rs:56:9:56:22 | unsafe_query_4 | semmle.label | unsafe_query_4 | | sqlx.rs:59:9:59:15 | res | semmle.label | res | | sqlx.rs:59:17:59:72 | ...::format(...) | semmle.label | ...::format(...) | @@ -116,8 +233,62 @@ nodes | sqlx.rs:78:25:78:47 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | | sqlx.rs:80:17:80:27 | ...::query | semmle.label | ...::query | | sqlx.rs:80:29:80:51 | unsafe_query_2.as_str() [&ref] | semmle.label | unsafe_query_2.as_str() [&ref] | +| sqlx.rs:81:17:81:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:81:29:81:42 | unsafe_query_3 | semmle.label | unsafe_query_3 | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() | semmle.label | unsafe_query_3.as_str() | +| sqlx.rs:81:29:81:51 | unsafe_query_3.as_str() [&ref] | semmle.label | unsafe_query_3.as_str() [&ref] | | sqlx.rs:82:17:82:27 | ...::query | semmle.label | ...::query | | sqlx.rs:82:29:82:42 | unsafe_query_4 | semmle.label | unsafe_query_4 | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() [&ref] | semmle.label | unsafe_query_4.as_str() [&ref] | +| sqlx.rs:100:9:100:21 | remote_string | semmle.label | remote_string | +| sqlx.rs:100:25:100:46 | ...::get | semmle.label | ...::get | +| sqlx.rs:100:25:100:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | +| sqlx.rs:100:25:100:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:100:25:100:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | +| sqlx.rs:100:25:100:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| sqlx.rs:102:9:102:22 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:102:26:102:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:102:26:102:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:102:83:102:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:102:84:102:96 | remote_string | semmle.label | remote_string | +| sqlx.rs:113:17:113:29 | ...::raw_sql | semmle.label | ...::raw_sql | +| sqlx.rs:113:31:113:44 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:113:31:113:53 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:120:17:120:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:120:29:120:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:120:29:120:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:127:17:127:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:127:29:127:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:136:40:136:53 | ...::query_as | semmle.label | ...::query_as | +| sqlx.rs:136:55:136:68 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:145:40:145:53 | ...::query_as | semmle.label | ...::query_as | +| sqlx.rs:145:55:145:68 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:153:17:153:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:153:29:153:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:153:29:153:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | +| sqlx.rs:173:9:173:21 | remote_string | semmle.label | remote_string | +| sqlx.rs:173:25:173:46 | ...::get | semmle.label | ...::get | +| sqlx.rs:173:25:173:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | +| sqlx.rs:173:25:173:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:173:25:173:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | +| sqlx.rs:173:25:173:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| sqlx.rs:175:9:175:22 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:175:26:175:96 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:175:26:175:102 | ... + ... | semmle.label | ... + ... | +| sqlx.rs:175:83:175:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | +| sqlx.rs:175:84:175:96 | remote_string | semmle.label | remote_string | +| sqlx.rs:188:17:188:27 | ...::query | semmle.label | ...::query | +| sqlx.rs:188:29:188:42 | unsafe_query_1 | semmle.label | unsafe_query_1 | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | +| sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() [&ref] | semmle.label | unsafe_query_1.as_str() [&ref] | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs index 7f244c4b4cbb..151f9fa7c82e 100644 --- a/rust/ql/test/query-tests/security/CWE-089/sqlx.rs +++ b/rust/ql/test/query-tests/security/CWE-089/sqlx.rs @@ -78,7 +78,7 @@ async fn test_sqlx_mysql(url: &str, enable_remote: bool) -> Result<(), sqlx::Err let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=args1 if enable_remote { let _ = sqlx::query(unsafe_query_2.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 - let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote1 + let _ = sqlx::query(unsafe_query_3.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 let _ = sqlx::query(unsafe_query_4.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote1 } let _ = sqlx::query(prepared_query_1.as_str()).bind(const_string).execute(&pool).await?; // $ sql-sink @@ -97,7 +97,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er // construct queries let const_string = String::from("Alice"); - let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote2 + let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote2 let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'"; let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'"; let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=?"); // (prepared arguments are safe) @@ -110,21 +110,21 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er // ... let _ = sqlx::raw_sql(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::raw_sql(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 } // prepared queries (with extra variants) let _ = sqlx::query(safe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).execute(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&mut conn).await?; // $ sql-sink } // ... let _ = sqlx::query(safe_query_1.as_str()).fetch(&mut conn); // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch(&mut conn); // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).fetch(&mut conn); // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch(&mut conn); // $ sql-sink } // ... @@ -133,7 +133,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let row2: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_one(&mut conn).await?; // $ sql-sink println!(" row2 = {:?}", row2); if enable_remote { - let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_one(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_one(&mut conn).await?; // $ sql-sink } // ... @@ -142,7 +142,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let row4: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&const_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink println!(" row4 = {:?}", row4); if enable_remote { - let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ MISSING: Alert[rust/sql-injection]=remote2 + let _: (i64, String, String) = sqlx::query_as(unsafe_query_1.as_str()).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink $ Alert[rust/sql-injection]=remote2 let _: (i64, String, String) = sqlx::query_as(prepared_query_1.as_str()).bind(&remote_string).fetch_optional(&mut conn).await?.expect("no data"); // $ sql-sink } // ... @@ -150,7 +150,7 @@ async fn test_sqlx_sqlite(url: &str, enable_remote: bool) -> Result<(), sqlx::Er let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&const_string).fetch_all(&mut conn).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote2 + let _ = sqlx::query(unsafe_query_1.as_str()).fetch_all(&mut conn).await?; // $ sql-sink Alert[rust/sql-injection]=remote2 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink let _ = sqlx::query("SELECT * FROM people WHERE firstname=?").bind(&remote_string).fetch_all(&mut conn).await?; // $ sql-sink } @@ -170,7 +170,7 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx:: // construct queries let const_string = String::from("Alice"); - let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ MISSING: Source=remote3 + let remote_string = reqwest::blocking::get("http://example.com/").unwrap().text().unwrap_or(String::from("Alice")); // $ Source=remote3 let safe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &const_string + "'"; let unsafe_query_1 = String::from("SELECT * FROM people WHERE firstname='") + &remote_string + "'"; let prepared_query_1 = String::from("SELECT * FROM people WHERE firstname=$1"); // (prepared arguments are safe) @@ -185,7 +185,7 @@ async fn test_sqlx_postgres(url: &str, enable_remote: bool) -> Result<(), sqlx:: let _ = sqlx::query(safe_query_1.as_str()).execute(&pool).await?; // $ sql-sink let _ = sqlx::query(prepared_query_1.as_str()).bind(&const_string).execute(&pool).await?; // $ sql-sink if enable_remote { - let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink MISSING: Alert[rust/sql-injection]=remote3 + let _ = sqlx::query(unsafe_query_1.as_str()).execute(&pool).await?; // $ sql-sink Alert[rust/sql-injection]=remote3 let _ = sqlx::query(prepared_query_1.as_str()).bind(&remote_string).execute(&pool).await?; // $ sql-sink } diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected index 01d3b06a854e..3e7264cf02fc 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected @@ -136,15 +136,19 @@ edges | test_logging.rs:93:15:93:22 | password | test_logging.rs:93:14:93:22 | &password | provenance | Config | | test_logging.rs:94:11:94:28 | MacroExpr | test_logging.rs:94:5:94:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:96:9:96:10 | m2 | test_logging.rs:97:11:97:18 | MacroExpr | provenance | | +| test_logging.rs:96:14:96:49 | ... + ... | test_logging.rs:96:9:96:10 | m2 | provenance | | | test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:9:96:10 | m2 | provenance | | +| test_logging.rs:96:41:96:49 | &password | test_logging.rs:96:14:96:49 | ... + ... | provenance | MaD:17 | +| test_logging.rs:96:41:96:49 | &password [&ref] | test_logging.rs:96:14:96:49 | ... + ... | provenance | MaD:17 | | test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password | provenance | Config | +| test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password [&ref] | provenance | | | test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:99:9:99:10 | m3 | test_logging.rs:100:11:100:18 | MacroExpr | provenance | | | test_logging.rs:99:14:99:20 | res | test_logging.rs:99:22:99:45 | { ... } | provenance | | | test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:20 | res | provenance | | | test_logging.rs:99:22:99:45 | ...::must_use(...) | test_logging.rs:99:9:99:10 | m3 | provenance | | -| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:99:38:99:45 | password | test_logging.rs:99:22:99:45 | MacroExpr | provenance | | | test_logging.rs:100:11:100:18 | MacroExpr | test_logging.rs:100:5:100:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:118:12:118:41 | MacroExpr | test_logging.rs:118:5:118:10 | ...::log | provenance | MaD:12 Sink:MaD:12 | @@ -166,8 +170,8 @@ edges | test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... [&ref] | provenance | | | test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:34:176:40 | res | provenance | | | test_logging.rs:176:42:176:78 | ...::must_use(...) | test_logging.rs:176:34:176:79 | MacroExpr | provenance | | -| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:176:70:176:78 | password2 | test_logging.rs:176:42:176:78 | MacroExpr | provenance | | | test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | | test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | @@ -176,8 +180,8 @@ edges | test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... [&ref] | provenance | | | test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:36:180:42 | res | provenance | | | test_logging.rs:180:44:180:80 | ...::must_use(...) | test_logging.rs:180:36:180:81 | MacroExpr | provenance | | -| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:180:72:180:80 | password2 | test_logging.rs:180:44:180:80 | MacroExpr | provenance | | | test_logging.rs:183:9:183:19 | err_result2 [Err] | test_logging.rs:184:13:184:23 | err_result2 [Err] | provenance | | | test_logging.rs:183:47:183:68 | Err(...) [Err] | test_logging.rs:183:9:183:19 | err_result2 [Err] | provenance | | @@ -229,68 +233,68 @@ edges | test_logging.rs:226:36:226:59 | MacroExpr | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | provenance | | | test_logging.rs:226:52:226:59 | password | test_logging.rs:226:36:226:59 | MacroExpr | provenance | | | test_logging.rs:229:30:229:36 | res | test_logging.rs:229:38:229:61 | { ... } | provenance | | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:20 | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:18 | -| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:20 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:19 | +| test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | | test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:30:229:36 | res | provenance | | | test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:62 | MacroExpr | provenance | | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:20 | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:18 | -| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:20 | -| test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:21 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:19 | +| test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:21 | +| test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:229:54:229:61 | password | test_logging.rs:229:38:229:61 | MacroExpr | provenance | | | test_logging.rs:242:16:242:22 | res | test_logging.rs:242:24:242:49 | { ... } | provenance | | -| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:242:16:242:61 | ... .as_bytes() | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:16:242:22 | res | provenance | | | test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:50 | MacroExpr | provenance | | -| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:242:42:242:49 | password | test_logging.rs:242:24:242:49 | MacroExpr | provenance | | | test_logging.rs:245:20:245:26 | res | test_logging.rs:245:28:245:53 | { ... } | provenance | | -| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:245:20:245:65 | ... .as_bytes() | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | | test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:20:245:26 | res | provenance | | | test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:54 | MacroExpr | provenance | | -| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:245:46:245:53 | password | test_logging.rs:245:28:245:53 | MacroExpr | provenance | | | test_logging.rs:248:15:248:21 | res | test_logging.rs:248:23:248:48 | { ... } | provenance | | -| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:248:15:248:60 | ... .as_bytes() | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:15:248:21 | res | provenance | | | test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:49 | MacroExpr | provenance | | -| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:248:41:248:48 | password | test_logging.rs:248:23:248:48 | MacroExpr | provenance | | | test_logging.rs:251:15:251:21 | res | test_logging.rs:251:23:251:48 | { ... } | provenance | | -| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:19 | -| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:17 | +| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | +| test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:251:15:251:60 | ... .as_bytes() | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:15:251:21 | res | provenance | | | test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:49 | MacroExpr | provenance | | -| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:19 | -| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:17 | -| test_logging.rs:251:23:251:48 | MacroExpr | test_logging.rs:251:23:251:48 | ...::format(...) | provenance | MaD:21 | -| test_logging.rs:251:23:251:48 | { ... } | test_logging.rs:251:23:251:48 | ...::must_use(...) | provenance | MaD:22 | +| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:20 | +| test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:18 | +| test_logging.rs:251:23:251:48 | MacroExpr | test_logging.rs:251:23:251:48 | ...::format(...) | provenance | MaD:22 | +| test_logging.rs:251:23:251:48 | { ... } | test_logging.rs:251:23:251:48 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:251:41:251:48 | password | test_logging.rs:251:23:251:48 | MacroExpr | provenance | | models | 1 | Sink: ::log_expect; Argument[0]; log-injection | @@ -309,12 +313,13 @@ models | 14 | Sink: std::io::stdio::_eprint; Argument[0]; log-injection | | 15 | Sink: std::io::stdio::_print; Argument[0]; log-injection | | 16 | Summary: <_ as core::clone::Clone>::clone; Argument[self].Reference; ReturnValue; value | -| 17 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 18 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 19 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 20 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 21 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | -| 22 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | +| 17 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 18 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 19 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 20 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 21 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 22 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | +| 23 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | test_logging.rs:42:5:42:10 | ...::log | semmle.label | ...::log | | test_logging.rs:42:12:42:35 | MacroExpr | semmle.label | MacroExpr | @@ -414,7 +419,9 @@ nodes | test_logging.rs:94:5:94:9 | ...::log | semmle.label | ...::log | | test_logging.rs:94:11:94:28 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:96:9:96:10 | m2 | semmle.label | m2 | +| test_logging.rs:96:14:96:49 | ... + ... | semmle.label | ... + ... | | test_logging.rs:96:41:96:49 | &password | semmle.label | &password | +| test_logging.rs:96:41:96:49 | &password [&ref] | semmle.label | &password [&ref] | | test_logging.rs:96:42:96:49 | password | semmle.label | password | | test_logging.rs:97:5:97:9 | ...::log | semmle.label | ...::log | | test_logging.rs:97:11:97:18 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected index 028b2d88ac3d..3f0171042a1c 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextStorageDatabase.expected @@ -9,70 +9,79 @@ | test_storage.rs:204:31:204:37 | prepare | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:204:31:204:37 | prepare | This database operation may read or write unencrypted sensitive data from $@. | test_storage.rs:190:86:190:103 | get_phone_number(...) | get_phone_number(...) | edges | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:39 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:37 | insert_query2 | provenance | | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:7 | -| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:8 | +| test_storage.rs:71:9:71:21 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() | provenance | MaD:9 | | test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | -| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:6 | +| test_storage.rs:71:25:71:114 | ... + ... | test_storage.rs:71:25:71:121 | ... + ... | provenance | MaD:7 | | test_storage.rs:71:25:71:121 | ... + ... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:9:71:21 | insert_query2 | provenance | | | test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | | +| test_storage.rs:71:96:71:114 | &... | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 | +| test_storage.rs:71:96:71:114 | &... [&ref] | test_storage.rs:71:25:71:114 | ... + ... | provenance | MaD:6 | | test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... | provenance | Config | +| test_storage.rs:71:97:71:114 | get_phone_number(...) | test_storage.rs:71:96:71:114 | &... [&ref] | provenance | | +| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:100:25:100:37 | insert_query2 | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:100:25:100:46 | insert_query2.as_str() | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:100:25:100:46 | insert_query2.as_str() [&ref] | test_storage.rs:100:13:100:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:115:27:115:39 | insert_query2 | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:115:27:115:48 | insert_query2.as_str() | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 | | test_storage.rs:115:27:115:48 | insert_query2.as_str() [&ref] | test_storage.rs:115:13:115:25 | ...::raw_sql | provenance | MaD:5 Sink:MaD:5 | +| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:119:25:119:37 | insert_query2 | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:119:25:119:46 | insert_query2.as_str() | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:119:25:119:46 | insert_query2.as_str() [&ref] | test_storage.rs:119:13:119:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:125:25:125:37 | insert_query2 | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:125:25:125:46 | insert_query2.as_str() | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:125:25:125:46 | insert_query2.as_str() [&ref] | test_storage.rs:125:13:125:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | +| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | -| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:7 | -| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:8 | +| test_storage.rs:139:25:139:37 | insert_query2 | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | provenance | MaD:9 | | test_storage.rs:139:25:139:46 | insert_query2.as_str() | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:139:25:139:46 | insert_query2.as_str() [&ref] | test_storage.rs:139:13:139:23 | ...::query | provenance | MaD:4 Sink:MaD:4 | | test_storage.rs:189:9:189:24 | insert_query_bad | test_storage.rs:194:25:194:40 | insert_query_bad | provenance | | | test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | -| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:6 | +| test_storage.rs:189:28:189:117 | ... + ... | test_storage.rs:189:28:189:124 | ... + ... | provenance | MaD:7 | | test_storage.rs:189:28:189:124 | ... + ... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:9:189:24 | insert_query_bad | provenance | | | test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | | +| test_storage.rs:189:99:189:117 | &... | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:6 | +| test_storage.rs:189:99:189:117 | &... [&ref] | test_storage.rs:189:28:189:117 | ... + ... | provenance | MaD:6 | | test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... | provenance | Config | +| test_storage.rs:189:100:189:117 | get_phone_number(...) | test_storage.rs:189:99:189:117 | &... [&ref] | provenance | | | test_storage.rs:190:9:190:24 | select_query_bad | test_storage.rs:196:35:196:50 | select_query_bad | provenance | | | test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | -| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:6 | +| test_storage.rs:190:28:190:103 | ... + ... | test_storage.rs:190:28:190:109 | ... + ... | provenance | MaD:7 | | test_storage.rs:190:28:190:109 | ... + ... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:9:190:24 | select_query_bad | provenance | | | test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | | +| test_storage.rs:190:85:190:103 | &... | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:6 | +| test_storage.rs:190:85:190:103 | &... [&ref] | test_storage.rs:190:28:190:103 | ... + ... | provenance | MaD:6 | | test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:190:85:190:103 | &... | provenance | Config | +| test_storage.rs:190:86:190:103 | get_phone_number(...) | test_storage.rs:190:85:190:103 | &... [&ref] | provenance | | | test_storage.rs:194:24:194:40 | &insert_query_bad | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 | | test_storage.rs:194:24:194:40 | &insert_query_bad [&ref] | test_storage.rs:194:16:194:22 | execute | provenance | MaD:1 Sink:MaD:1 | | test_storage.rs:194:25:194:40 | insert_query_bad | test_storage.rs:194:24:194:40 | &insert_query_bad | provenance | Config | @@ -92,14 +101,16 @@ models | 3 | Sink: ::query_row; Argument[0]; sql-injection | | 4 | Sink: sqlx_core::query::query; Argument[0]; sql-injection | | 5 | Sink: sqlx_core::raw_sql::raw_sql; Argument[0]; sql-injection | -| 6 | Summary: ::add; Argument[self]; ReturnValue; value | -| 7 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 8 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 6 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 7 | Summary: ::add; Argument[self]; ReturnValue; value | +| 8 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 9 | Summary: ::as_str; Argument[self]; ReturnValue; value | nodes | test_storage.rs:71:9:71:21 | insert_query2 | semmle.label | insert_query2 | | test_storage.rs:71:25:71:114 | ... + ... | semmle.label | ... + ... | | test_storage.rs:71:25:71:121 | ... + ... | semmle.label | ... + ... | | test_storage.rs:71:96:71:114 | &... | semmle.label | &... | +| test_storage.rs:71:96:71:114 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:71:97:71:114 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:100:13:100:23 | ...::query | semmle.label | ...::query | | test_storage.rs:100:25:100:37 | insert_query2 | semmle.label | insert_query2 | @@ -125,11 +136,13 @@ nodes | test_storage.rs:189:28:189:117 | ... + ... | semmle.label | ... + ... | | test_storage.rs:189:28:189:124 | ... + ... | semmle.label | ... + ... | | test_storage.rs:189:99:189:117 | &... | semmle.label | &... | +| test_storage.rs:189:99:189:117 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:189:100:189:117 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:190:9:190:24 | select_query_bad | semmle.label | select_query_bad | | test_storage.rs:190:28:190:103 | ... + ... | semmle.label | ... + ... | | test_storage.rs:190:28:190:109 | ... + ... | semmle.label | ... + ... | | test_storage.rs:190:85:190:103 | &... | semmle.label | &... | +| test_storage.rs:190:85:190:103 | &... [&ref] | semmle.label | &... [&ref] | | test_storage.rs:190:86:190:103 | get_phone_number(...) | semmle.label | get_phone_number(...) | | test_storage.rs:194:16:194:22 | execute | semmle.label | execute | | test_storage.rs:194:24:194:40 | &insert_query_bad | semmle.label | &insert_query_bad | diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected index 0010127c5bbb..e1e2ba700265 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected @@ -164,7 +164,7 @@ edges | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:446:13:446:14 | p1 | provenance | | | lifetime.rs:443:6:443:7 | p1 | lifetime.rs:450:2:450:10 | return p1 | provenance | | | lifetime.rs:443:23:443:44 | ...::from_ref(...) | lifetime.rs:443:6:443:7 | p1 | provenance | | -| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:3 | +| lifetime.rs:443:42:443:43 | r1 | lifetime.rs:443:23:443:44 | ...::from_ref(...) | provenance | MaD:4 | | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:454:11:454:29 | get_ptr_from_ref(...) | provenance | | | lifetime.rs:450:2:450:10 | return p1 | lifetime.rs:460:13:460:31 | get_ptr_from_ref(...) | provenance | | | lifetime.rs:454:6:454:7 | p1 | lifetime.rs:459:13:459:14 | p1 | provenance | | @@ -175,7 +175,9 @@ edges | lifetime.rs:630:3:630:6 | str2 | lifetime.rs:641:14:641:17 | str2 | provenance | | | lifetime.rs:630:10:630:25 | &... | lifetime.rs:630:3:630:6 | str2 | provenance | | | lifetime.rs:654:4:654:7 | str2 | lifetime.rs:655:22:655:25 | str2 | provenance | | +| lifetime.rs:654:11:654:35 | ... + ... | lifetime.rs:654:4:654:7 | str2 | provenance | | | lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:4:654:7 | str2 | provenance | | +| lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:654:11:654:35 | ... + ... | provenance | MaD:3 | | lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:659:15:659:18 | ref1 | provenance | | | lifetime.rs:655:4:655:7 | ref1 | lifetime.rs:667:14:667:17 | ref1 | provenance | | | lifetime.rs:655:4:655:7 | ref1 [&ref] | lifetime.rs:659:15:659:18 | ref1 | provenance | | @@ -227,7 +229,8 @@ edges models | 1 | Summary: ::as_mut_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value | | 2 | Summary: ::as_ptr; Argument[0].Reference.Reference; ReturnValue.Reference; value | -| 3 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value | +| 3 | Summary: ::add; Argument[0].Reference; ReturnValue; taint | +| 4 | Summary: core::ptr::from_ref; Argument[0]; ReturnValue; value | nodes | deallocation.rs:148:6:148:7 | p1 | semmle.label | p1 | | deallocation.rs:148:30:148:38 | &raw const my_buffer | semmle.label | &raw const my_buffer | @@ -407,6 +410,7 @@ nodes | lifetime.rs:633:15:633:18 | str2 | semmle.label | str2 | | lifetime.rs:641:14:641:17 | str2 | semmle.label | str2 | | lifetime.rs:654:4:654:7 | str2 | semmle.label | str2 | +| lifetime.rs:654:11:654:35 | ... + ... | semmle.label | ... + ... | | lifetime.rs:654:31:654:35 | &str1 | semmle.label | &str1 | | lifetime.rs:655:4:655:7 | ref1 | semmle.label | ref1 | | lifetime.rs:655:4:655:7 | ref1 [&ref] | semmle.label | ref1 [&ref] | From a2a95755871b18de3c2d804ccd02db663dc6ced6 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 11:23:52 +0100 Subject: [PATCH 123/307] Add tests for safe URL flow --- .../OpenUrlRedirectCustomizations.qll | 2 +- .../security/RequestForgeryCustomizations.qll | 2 +- go/ql/lib/semmle/go/security/SafeUrlFlow.qll | 6 +- .../security/SafeUrlFlow/SafeUrlFlow.expected | 112 ++++++++++++++ .../go/security/SafeUrlFlow/SafeUrlFlow.go | 139 ++++++++++++++++++ .../go/security/SafeUrlFlow/SafeUrlFlow.ql | 15 ++ .../go/security/SafeUrlFlow/SafeUrlFlow.qlref | 4 + 7 files changed, 276 insertions(+), 4 deletions(-) create mode 100644 go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected create mode 100644 go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go create mode 100644 go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql create mode 100644 go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 14c0b232d8ba..c278bdf58c5d 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -6,7 +6,7 @@ import go import UrlConcatenation -import SafeUrlFlowCustomizations +private import SafeUrlFlowCustomizations import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard import semmle.go.dataflow.barrierguardutil.RegexpCheck import semmle.go.dataflow.barrierguardutil.UrlCheck diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index a34a47dd7eda..1298785b726c 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -4,7 +4,7 @@ import go import UrlConcatenation -import SafeUrlFlowCustomizations +private import SafeUrlFlowCustomizations import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard import semmle.go.dataflow.barrierguardutil.RegexpCheck import semmle.go.dataflow.barrierguardutil.UrlCheck diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index 77b7aeda591b..1fc39072dfbf 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -30,8 +30,10 @@ module SafeUrlFlow { predicate isBarrierOut(DataFlow::Node node) { // block propagation of this safe value when its host is overwritten - exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(node.getASuccessor(), f, _) + exists(Write w, DataFlow::Node b, Field f | + f.hasQualifiedName("net/url", "URL", "Host") and + b = node.getASuccessor() and + w.writesField(b, f, _) ) or node instanceof SanitizerEdge diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected new file mode 100644 index 000000000000..36129fab07cb --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -0,0 +1,112 @@ +#select +| SafeUrlFlow.go:11:24:11:46 | ...+... | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | +| SafeUrlFlow.go:14:29:14:44 | call to String | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:44 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:13:13:13:19 | selection of URL | here | +| SafeUrlFlow.go:18:11:18:28 | call to String | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:18:11:18:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | +| SafeUrlFlow.go:49:24:49:57 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:49:24:49:57 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | +| SafeUrlFlow.go:50:29:50:51 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:50:29:50:51 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | +| SafeUrlFlow.go:51:11:51:38 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:51:11:51:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | +| SafeUrlFlow.go:60:11:60:26 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:60:11:60:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:61:12:61:27 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:61:12:61:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:62:16:62:31 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:62:16:62:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:63:12:63:27 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:63:12:63:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:67:13:67:28 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:67:13:67:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:68:14:68:29 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:68:14:68:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:69:18:69:33 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:69:18:69:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:70:14:70:29 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:70:14:70:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:73:39:73:54 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:73:39:73:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:77:70:77:85 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:77:70:77:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:81:40:81:55 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:81:40:81:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | +| SafeUrlFlow.go:94:24:94:41 | call to String | SafeUrlFlow.go:87:14:87:21 | selection of Host | SafeUrlFlow.go:94:24:94:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:87:14:87:21 | selection of Host | here | +| SafeUrlFlow.go:116:11:116:23 | reconstructed | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:116:11:116:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | +| SafeUrlFlow.go:119:24:119:46 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:119:24:119:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | +| SafeUrlFlow.go:120:29:120:54 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:120:29:120:54 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | +| SafeUrlFlow.go:121:12:121:38 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:121:12:121:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | +edges +| SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | provenance | Sink:MaD:1 | +| SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:17:19:17:22 | host | provenance | | +| SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:14:29:14:35 | baseURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:17:19:17:22 | host | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | +| SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:49:24:49:57 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:50:29:50:51 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:51:11:51:38 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:60:11:60:17 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:61:12:61:18 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:62:16:62:22 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:63:12:63:18 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:67:13:67:19 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:68:14:68:20 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:69:18:69:24 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:70:14:70:20 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:73:39:73:45 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:77:70:77:76 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:81:40:81:46 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:60:11:60:17 | baseURL | SafeUrlFlow.go:60:11:60:26 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:61:12:61:18 | baseURL | SafeUrlFlow.go:61:12:61:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:62:16:62:22 | baseURL | SafeUrlFlow.go:62:16:62:31 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:63:12:63:18 | baseURL | SafeUrlFlow.go:63:12:63:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:67:13:67:19 | baseURL | SafeUrlFlow.go:67:13:67:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:68:14:68:20 | baseURL | SafeUrlFlow.go:68:14:68:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:69:18:69:24 | baseURL | SafeUrlFlow.go:69:18:69:33 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:70:14:70:20 | baseURL | SafeUrlFlow.go:70:14:70:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:73:39:73:45 | baseURL | SafeUrlFlow.go:73:39:73:54 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:77:70:77:76 | baseURL | SafeUrlFlow.go:77:70:77:85 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:81:40:81:46 | baseURL | SafeUrlFlow.go:81:40:81:55 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:87:14:87:21 | selection of Host | SafeUrlFlow.go:91:19:91:26 | safeHost | provenance | | +| SafeUrlFlow.go:91:19:91:26 | safeHost | SafeUrlFlow.go:94:24:94:32 | targetURL | provenance | Config | +| SafeUrlFlow.go:94:24:94:32 | targetURL | SafeUrlFlow.go:94:24:94:41 | call to String | provenance | MaD:3 Sink:MaD:1 | +| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:116:11:116:23 | reconstructed | provenance | Src:MaD:2 | +| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:119:24:119:46 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:120:29:120:54 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:121:12:121:38 | ...+... | provenance | Src:MaD:2 | +models +| 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | +| 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual | +| 3 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +nodes +| SafeUrlFlow.go:10:10:10:17 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:11:24:11:46 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:14:29:14:35 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:17:19:17:22 | host | semmle.label | host | +| SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:39:13:39:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:49:24:49:57 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:50:29:50:51 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:51:11:51:38 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:57:13:57:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:60:11:60:17 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:60:11:60:26 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:61:12:61:18 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:61:12:61:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:62:16:62:22 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:62:16:62:31 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:63:12:63:18 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:63:12:63:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:67:13:67:19 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:67:13:67:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:68:14:68:20 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:68:14:68:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:69:18:69:24 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:69:18:69:33 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:70:14:70:20 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:70:14:70:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:73:39:73:45 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:73:39:73:54 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:77:70:77:76 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:77:70:77:85 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:81:40:81:46 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:81:40:81:55 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:87:14:87:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:91:19:91:26 | safeHost | semmle.label | safeHost | +| SafeUrlFlow.go:94:24:94:32 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:94:24:94:41 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:106:13:106:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:116:11:116:23 | reconstructed | semmle.label | reconstructed | +| SafeUrlFlow.go:119:24:119:46 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:120:29:120:54 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:121:12:121:38 | ...+... | semmle.label | ...+... | +subpaths diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go new file mode 100644 index 000000000000..a1844deb6fc4 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go @@ -0,0 +1,139 @@ +package main + +import ( + "context" + "net/http" + "net/url" +) + +func testStdlibSources(w http.ResponseWriter, req *http.Request) { + host := req.Host // $ Source + http.Redirect(w, req, "https://"+host+"/safe", http.StatusFound) // $ Alert + + baseURL := req.URL // $ Source + w.Header().Set("Location", baseURL.String()) // $ Alert + + targetURL := url.URL{} + targetURL.Host = host // propagation to URL when Host is assigned + http.Get(targetURL.String()) // $ Alert +} + +func testSanitizerEdge1(w http.ResponseWriter, req *http.Request) { + baseURL := req.URL + + // SanitizerEdge: Query method call (unsafe URL method - breaks flow) + query := baseURL.Query() // sanitizer edge blocks flow here + http.Redirect(w, req, query.Get("redirect"), http.StatusFound) // no flow expected +} + +func testSanitizerEdge2(w http.ResponseWriter, req *http.Request) { + baseURL := req.URL + + // SanitizerEdge: String slicing (breaks flow) + urlString := baseURL.String() + sliced := urlString[0:10] // sanitizer edge blocks flow here + w.Header().Set("Location", sliced) // no flow expected +} + +func testFieldReads(w http.ResponseWriter, req *http.Request) { + baseURL := req.URL // $ Source + + // Test that other URL methods preserve flow + scheme := baseURL.Scheme // should preserve flow + host := baseURL.Host // should preserve flow + path := baseURL.Path // should preserve flow + fragment := baseURL.Fragment // should preserve flow + user := baseURL.User // should preserve flow (but unsafe field) + + // These should still have flow (not sanitized) + http.Redirect(w, req, "https://"+scheme+"://example.com", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://"+host+"/safe") // $ Alert + http.Get("https://example.com" + path) // $ Alert + http.Get(fragment) + http.Get(user.String()) +} + +func testRequestForgerySinks(req *http.Request) { + baseURL := req.URL // $ Source + + // Standard library HTTP functions (request-forgery sinks) + http.Get(baseURL.String()) // $ Alert + http.Post(baseURL.String(), "application/json", nil) // $ Alert + http.PostForm(baseURL.String(), nil) // $ Alert + http.Head(baseURL.String()) // $ Alert + + // HTTP Client methods (request-forgery sinks) + client := &http.Client{} + client.Get(baseURL.String()) // $ Alert + client.Post(baseURL.String(), "application/json", nil) // $ Alert + client.PostForm(baseURL.String(), nil) // $ Alert + client.Head(baseURL.String()) // $ Alert + + // NewRequest + Client.Do (request-forgery sinks) + request, _ := http.NewRequest("GET", baseURL.String(), nil) // $ Alert + client.Do(request) + + // NewRequestWithContext + Client.Do (request-forgery sinks) + reqWithCtx, _ := http.NewRequestWithContext(context.TODO(), "POST", baseURL.String(), nil) // $ Alert + client.Do(reqWithCtx) + + // RoundTrip method (request-forgery sink) + request2, _ := http.NewRequest("GET", baseURL.String(), nil) // $ Alert + transport := &http.Transport{} + transport.RoundTrip(request2) +} + +func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) { + safeHost := req.Host // $ Source + + // Test additional flow step: propagation when Host field is assigned + targetURL, _ := url.Parse("http://example.com/data") + targetURL.Host = safeHost // additional flow step from SafeUrlFlow config + + // Flow should propagate to the whole URL after Host assignment + http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert +} + +func testHostFieldOverwritten(w http.ResponseWriter, req *http.Request) { + baseURL := req.URL + + // Flow should be blocked when Host is overwritten + baseURL.Host = "something.else.com" + http.Get(baseURL.String()) +} + +func testFieldAccess(w http.ResponseWriter, req *http.Request) { + baseURL := req.URL // $ Source + + // Safe field accesses that should preserve flow + host := baseURL.Host + path := baseURL.Path + scheme := baseURL.Scheme + opaquePart := baseURL.Opaque + + // Reconstruct URL - flow should be preserved through field access + reconstructed := scheme + "://" + host + path + http.Get(reconstructed) // $ Alert + + // Test individual fields + http.Redirect(w, req, "https://"+host+"/path", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://example.com"+path) // $ Alert + http.Post(scheme+"://example.com/api", "application/json", nil) // $ Alert + use(opaquePart) // avoid unused variable warning + + // Unsafe field accesses that should be sanitized by UnsafeFieldReadSanitizer + // These read unsafe URL fields and should NOT have flow + unsafeUser := baseURL.User // sanitizer edge (User field) + unsafeQuery := baseURL.RawQuery // sanitizer edge (RawQuery field) + unsafeFragment := baseURL.Fragment // sanitizer edge (Fragment field) + + // These should NOT have flow due to sanitizer edges + if unsafeUser != nil { + http.Redirect(w, req, unsafeUser.String(), http.StatusFound) // no flow expected + } + w.Header().Set("Location", "https://example.com/?"+unsafeQuery) // no flow expected + http.Get("https://example.com/#" + unsafeFragment) // no flow expected +} + +// Helper function to avoid unused variable warnings +func use(vars ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql new file mode 100644 index 000000000000..badc69f386cb --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.ql @@ -0,0 +1,15 @@ +/** + * @id go/test-safe-url-flow + * @kind path-problem + * @problem.severity recommendation + */ + +import go +import semmle.go.security.RequestForgeryCustomizations +import semmle.go.security.OpenUrlRedirectCustomizations +import semmle.go.security.SafeUrlFlow +import SafeUrlFlow::Flow::PathGraph + +from SafeUrlFlow::Flow::PathNode source, SafeUrlFlow::Flow::PathNode sink +where SafeUrlFlow::Flow::flowPath(source, sink) +select sink.getNode(), source, sink, "A safe URL flows here from $@.", source.getNode(), "here" diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref new file mode 100644 index 000000000000..db1b80a6317c --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.qlref @@ -0,0 +1,4 @@ +query: SafeUrlFlow.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql From 701cff3ca4502e9ce333da4c1beaf73987dc0a8b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 29 Sep 2025 15:02:45 +0200 Subject: [PATCH 124/307] Rust: Macro call resolution --- .../hello-workspace/functions.expected | 2 +- .../hello-workspace/lib/src/a_module/mod.rs | 3 +- .../hello-workspace/lib/src/lib.rs | 9 + .../hello-workspace/summary.cargo.expected | 8 +- .../summary.rust-project.expected | 8 +- .../rust/elements/internal/MacroCallImpl.qll | 8 + .../codeql/rust/internal/PathResolution.qll | 270 +++++++++++++++--- .../internal/PathResolutionConsistency.qll | 4 +- .../PathResolutionInlineExpectationsTest.qll | 3 +- .../PathResolutionConsistency.expected | 6 - .../PathResolutionConsistency.expected | 69 ----- .../definitions/Definitions.expected | 7 + .../definitions/Definitions.qlref | 2 + .../PathResolutionConsistency.expected | 1 - .../library-tests/path-resolution/main.rs | 80 +++--- .../test/library-tests/path-resolution/my.rs | 4 +- .../path-resolution/my/my4/my5/mod.rs | 2 +- .../path-resolution/my/nested.rs | 8 +- .../library-tests/path-resolution/my2/mod.rs | 2 +- .../path-resolution/my2/my3/mod.rs | 2 +- .../path-resolution/my2/nested2.rs | 8 +- .../path-resolution/path-resolution.expected | 58 ++++ .../PathResolutionConsistency.expected | 15 - .../PathResolutionConsistency.expected | 74 ----- 24 files changed, 380 insertions(+), 273 deletions(-) create mode 100644 rust/ql/test/library-tests/definitions/Definitions.qlref diff --git a/rust/ql/integration-tests/hello-workspace/functions.expected b/rust/ql/integration-tests/hello-workspace/functions.expected index 0633774edf73..b30ae9be4742 100644 --- a/rust/ql/integration-tests/hello-workspace/functions.expected +++ b/rust/ql/integration-tests/hello-workspace/functions.expected @@ -1,2 +1,2 @@ | exe/src/main.rs:5:1:7:1 | fn main | -| lib/src/a_module/mod.rs:1:1:3:1 | fn hello | +| lib/src/a_module/mod.rs:1:1:4:1 | fn hello | diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs index dca921ab6432..d437e89e9bea 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs @@ -1,3 +1,4 @@ pub fn hello() { - println!("Hello, world!"); + my_macro!(); // $ item=my_macro + println!("Hello, world!"); // $ item=println } // HELLO diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs index e5b38ec20f6e..8c385ab5a949 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs @@ -1 +1,10 @@ +#[macro_use] +mod macros { + macro_rules! my_macro { + () => { + println!("my_macro!"); + }; + } +} + pub mod a_module; diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 5912f7d69baf..02b13afcfc26 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 9 | -| Lines of user code extracted | 9 | -| Macro calls - resolved | 2 | -| Macro calls - total | 2 | +| Lines of code extracted | 15 | +| Lines of user code extracted | 15 | +| Macro calls - resolved | 5 | +| Macro calls - total | 5 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 5912f7d69baf..02b13afcfc26 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 9 | -| Lines of user code extracted | 9 | -| Macro calls - resolved | 2 | -| Macro calls - total | 2 | +| Lines of code extracted | 15 | +| Lines of user code extracted | 15 | +| Macro calls - resolved | 5 | +| Macro calls - total | 5 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll index 0ed4d3073f05..17cc47d803f8 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/MacroCallImpl.qll @@ -12,6 +12,7 @@ private import codeql.rust.elements.internal.generated.MacroCall */ module Impl { private import rust + private import codeql.rust.internal.PathResolution pragma[nomagic] predicate isInMacroExpansion(AstNode root, AstNode n) { @@ -44,5 +45,12 @@ module Impl { isInMacroExpansion(this, result) and this.getTokenTree().getLocation().contains(result.getLocation()) } + + /** + * Gets the macro definition that this macro call resolves to. + * + * The result is either a `MacroDef` or a `MacroRules`. + */ + Item resolveMacro() { result = resolvePath(this.getPath()) } } } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index f1574ff38f3a..32a96e6256aa 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -11,13 +11,14 @@ private import codeql.util.Option private newtype TNamespace = TTypeNamespace() or - TValueNamespace() + TValueNamespace() or + TMacroNamespace() /** * A namespace. * - * Either the _value_ namespace or the _type_ namespace, see - * https://doc.rust-lang.org/reference/names/namespaces.html. + * Either the _value_ namespace, the _type_ namespace, or the _macro_ namespace, + * see https://doc.rust-lang.org/reference/names/namespaces.html. */ final class Namespace extends TNamespace { /** Holds if this is the value namespace. */ @@ -26,11 +27,16 @@ final class Namespace extends TNamespace { /** Holds if this is the type namespace. */ predicate isType() { this = TTypeNamespace() } + /** Holds if this is the macro namespace. */ + predicate isMacro() { this = TMacroNamespace() } + /** Gets a textual representation of this namespace. */ string toString() { this.isValue() and result = "value" or this.isType() and result = "type" + or + this.isMacro() and result = "macro" } } @@ -194,6 +200,16 @@ abstract class ItemNode extends Locatable { /** Gets the visibility of this item, if any. */ abstract Visibility getVisibility(); + abstract Attr getAnAttr(); + + pragma[nomagic] + final Attr getAttr(string name) { + result = this.getAnAttr() and + result.getMeta().getPath().(RelevantPath).isUnqualified(name) + } + + final predicate hasAttr(string name) { exists(this.getAttr(name)) } + /** * Holds if this item is public. * @@ -206,6 +222,8 @@ abstract class ItemNode extends Locatable { not this instanceof Use or this instanceof Variant + or + this instanceof MacroItemNode } /** Gets the `i`th type parameter of this item, if any. */ @@ -266,6 +284,12 @@ abstract class ItemNode extends Locatable { kind.isInternal() and useOpt.isNone() or + macroExportEdge(this, name, result) and + kind.isBoth() and + useOpt.isNone() + or + macroUseEdge(this, name, kind, useOpt, result) + or // items made available through `use` are available to nodes that contain the `use` useOpt.asSome() = any(UseItemNode use_ | @@ -365,11 +389,6 @@ abstract class ItemNode extends Locatable { or name = "crate" and this = result.(CrateItemNode).getASourceFile() - or - // todo: implement properly - name = "$crate" and - result = any(CrateItemNode crate | this = crate.getASourceFile()).(Crate).getADependency*() and - result.(CrateItemNode).isPotentialDollarCrateTarget() ) } @@ -442,7 +461,7 @@ abstract private class ModuleLikeNode extends ItemNode { } } -private class SourceFileItemNode extends ModuleLikeNode, SourceFile { +private class SourceFileItemNode extends ModuleLikeNode instanceof SourceFile { pragma[nomagic] ModuleLikeNode getSuper() { fileImport(result.getAnItemInScope(), this) } @@ -454,6 +473,8 @@ private class SourceFileItemNode extends ModuleLikeNode, SourceFile { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = SourceFile.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -487,14 +508,6 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } - pragma[nomagic] - predicate isPotentialDollarCrateTarget() { - exists(string name, RelevantPath p | - p.isDollarCrateQualifiedPath(name) and - exists(this.getASuccessor(name)) - ) - } - override string getName() { result = Crate.super.getName() } override Namespace getNamespace() { @@ -503,6 +516,8 @@ class CrateItemNode extends ItemNode instanceof Crate { override Visibility getVisibility() { none() } + override Attr getAnAttr() { none() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { c = this } @@ -524,12 +539,19 @@ class CrateItemNode extends ItemNode instanceof Crate { } class ExternCrateItemNode extends ItemNode instanceof ExternCrate { - override string getName() { result = super.getRename().getName().getText() } + override string getName() { + result = super.getRename().getName().getText() + or + not super.hasRename() and + result = super.getIdentifier().getText() + } override Namespace getNamespace() { none() } override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = ExternCrate.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -572,6 +594,8 @@ private class ConstItemNode extends AssocItemNode instanceof Const { override Visibility getVisibility() { result = Const.super.getVisibility() } + override Attr getAnAttr() { result = Const.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } } @@ -582,6 +606,8 @@ private class EnumItemNode extends TypeItemNode instanceof Enum { override Visibility getVisibility() { result = Enum.super.getVisibility() } + override Attr getAnAttr() { result = Enum.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -624,6 +650,8 @@ private class VariantItemNode extends ParameterizableItemNode instanceof Variant override Visibility getVisibility() { result = super.getEnum().getVisibility() } + override Attr getAnAttr() { result = Variant.super.getAnAttr() } + override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -652,12 +680,19 @@ class FunctionItemNode extends AssocItemNode, ParameterizableItemNode instanceof override predicate hasImplementation() { Function.super.hasImplementation() } - override Namespace getNamespace() { result.isValue() } + override Namespace getNamespace() { + // see https://doc.rust-lang.org/reference/procedural-macros.html + if this.hasAttr(["proc_macro", "proc_macro_attribute", "proc_macro_derive"]) + then result.isMacro() + else result.isValue() + } override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override Visibility getVisibility() { result = Function.super.getVisibility() } + override Attr getAnAttr() { result = Function.super.getAnAttr() } + override int getArity() { result = super.getNumberOfParamsInclSelf() } } @@ -720,6 +755,8 @@ final class ImplItemNode extends ImplOrTraitItemNode instanceof Impl { override Visibility getVisibility() { result = Impl.super.getVisibility() } + override Attr getAnAttr() { result = Impl.super.getAnAttr() } + TypeParamItemNode getBlanketImplementationTypeParam() { result = this.resolveSelfTy() } /** @@ -818,6 +855,8 @@ final private class ImplTraitTypeReprItemNode extends TypeItemNode instanceof Im override Visibility getVisibility() { none() } + override Attr getAnAttr() { none() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -837,6 +876,8 @@ private class ModuleItemNode extends ModuleLikeNode instanceof Module { override Visibility getVisibility() { result = Module.super.getVisibility() } + override Attr getAnAttr() { result = Module.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -890,6 +931,8 @@ private class StructItemNode extends TypeItemNode, ParameterizableItemNode insta override Visibility getVisibility() { result = Struct.super.getVisibility() } + override Attr getAnAttr() { result = Struct.super.getAnAttr() } + override int getArity() { result = super.getFieldList().(TupleFieldList).getNumberOfFields() } override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } @@ -930,6 +973,8 @@ final class TraitItemNode extends ImplOrTraitItemNode, TypeItemNode instanceof T override Visibility getVisibility() { result = Trait.super.getVisibility() } + override Attr getAnAttr() { result = Trait.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -987,6 +1032,8 @@ final class TypeAliasItemNode extends TypeItemNode, AssocItemNode instanceof Typ override Visibility getVisibility() { result = TypeAlias.super.getVisibility() } + override Attr getAnAttr() { result = TypeAlias.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { none() } @@ -1008,6 +1055,8 @@ private class UnionItemNode extends TypeItemNode instanceof Union { override Visibility getVisibility() { result = Union.super.getVisibility() } + override Attr getAnAttr() { result = Union.super.getAnAttr() } + override TypeParam getTypeParam(int i) { result = super.getGenericParamList().getTypeParam(i) } override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } @@ -1038,6 +1087,8 @@ private class UseItemNode extends ItemNode instanceof Use { override Visibility getVisibility() { result = Use.super.getVisibility() } + override Attr getAnAttr() { result = Use.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -1052,6 +1103,8 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = BlockExpr.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override predicate hasCanonicalPath(Crate c) { none() } @@ -1134,6 +1187,8 @@ final class TypeParamItemNode extends TypeItemNode instanceof TypeParam { override Visibility getVisibility() { none() } + override Attr getAnAttr() { result = TypeParam.super.getAnAttr() } + override TypeParam getTypeParam(int i) { none() } override Location getLocation() { result = TypeParam.super.getName().getLocation() } @@ -1176,6 +1231,48 @@ final private class TypeParamItemNodeImpl extends TypeParamItemNode instanceof T ItemNode resolveABoundCand() { result = resolvePathCand(this.getABoundPathCand()) } } +abstract private class MacroItemNode extends ItemNode { + override Namespace getNamespace() { result.isMacro() } + + override TypeParam getTypeParam(int i) { none() } + + override predicate hasCanonicalPath(Crate c) { this.hasCanonicalPathPrefix(c) } + + bindingset[c] + private string getCanonicalPathPart(Crate c, int i) { + i = 0 and + result = this.getCanonicalPathPrefix(c) + or + i = 1 and + result = "::" + or + i = 2 and + result = this.getName() + } + + language[monotonicAggregates] + override string getCanonicalPath(Crate c) { + this.hasCanonicalPath(c) and + result = strictconcat(int i | i in [0 .. 2] | this.getCanonicalPathPart(c, i) order by i) + } +} + +private class MacroRulesItemNode extends MacroItemNode instanceof MacroRules { + override string getName() { result = MacroRules.super.getName().getText() } + + override Visibility getVisibility() { result = MacroRules.super.getVisibility() } + + override Attr getAnAttr() { result = MacroRules.super.getAnAttr() } +} + +private class MacroDefItemNode extends MacroItemNode instanceof MacroDef { + override string getName() { result = MacroDef.super.getName().getText() } + + override Visibility getVisibility() { result = MacroDef.super.getVisibility() } + + override Attr getAnAttr() { result = MacroDef.super.getAnAttr() } +} + /** Holds if `item` has the name `name` and is a top-level item inside `f`. */ private predicate sourceFileEdge(SourceFile f, string name, ItemNode item) { item = f.(ItemNode).getADescendant() and @@ -1428,15 +1525,12 @@ class RelevantPath extends Path { pragma[nomagic] predicate isCratePath(string name, ItemNode encl) { - name = ["crate", "$crate"] and + name = "crate" and this.isUnqualified(name, encl) } pragma[nomagic] - predicate isDollarCrateQualifiedPath(string name) { - this.getQualifier().(RelevantPath).isCratePath("$crate", _) and - this.getText() = name - } + predicate isDollarCrate() { this.isUnqualified("$crate", _) } } private predicate isModule(ItemNode m) { m instanceof Module } @@ -1462,10 +1556,16 @@ private ItemNode getOuterScope(ItemNode i) { pragma[nomagic] private predicate unqualifiedPathLookup(ItemNode ancestor, string name, Namespace ns, ItemNode encl) { // lookup in the immediately enclosing item - any(RelevantPath p).isUnqualified(name, encl) and - ancestor = encl and - exists(ns) and - not name = ["crate", "$crate", "super", "self"] + exists(RelevantPath path | + path.isUnqualified(name, encl) and + ancestor = encl and + exists(ns) and + not name = ["crate", "$crate", "super", "self"] + | + pathUsesNamespace(path, ns) + or + not pathUsesNamespace(path, _) + ) or // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | @@ -1474,8 +1574,12 @@ private predicate unqualifiedPathLookup(ItemNode ancestor, string name, Namespac not ( name = "Self" and mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() - ) and + ) + | ancestor = getOuterScope(mid) + or + ns.isMacro() and + ancestor = mid.getImmediateParentModule() ) } @@ -1502,7 +1606,7 @@ private predicate sourceFileHasCratePathTc(ItemNode i1, ItemNode i2) = */ pragma[nomagic] private predicate keywordLookup(ItemNode ancestor, string name, RelevantPath p) { - // For `($)crate`, jump directly to the root module + // For `crate`, jump directly to the root module exists(ItemNode i | p.isCratePath(name, i) | ancestor instanceof SourceFile and ancestor = i @@ -1563,6 +1667,41 @@ module TraitIsVisible { } } +pragma[nomagic] +private predicate isMacroExpansion(AstNode expansion, Path macroDefPath) { + exists(MacroCall mc | + expansion = mc.getMacroCallExpansion() and + macroDefPath = mc.getPath() + ) + or + exists(ItemNode adt | + expansion = adt.(Adt).getDeriveMacroExpansion(_) and + macroDefPath = adt.getAttr("derive").getMeta().getPath() + ) +} + +pragma[nomagic] +predicate isInMacroExpansion(Path macroDefPath, AstNode n) { + isMacroExpansion(n, macroDefPath) + or + isInMacroExpansion(macroDefPath, n.getParentNode()) +} + +/** + * Holds if `n` is inside a macro expansion, and the macro _may_ originate from + * crate `crate`. + * + * The reason why we cannot be sure is that we need to consider all ancestor macro + * calls. + */ +pragma[nomagic] +predicate isInMacroFromCrateExpansion(CrateItemNode crate, AstNode n) { + exists(Path macroDefPath | + isInMacroExpansion(macroDefPath, n) and + crate.getASourceFile().getFile() = resolvePathCand(macroDefPath).getFile() + ) +} + pragma[nomagic] private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { exists(ItemNode res | @@ -1575,6 +1714,10 @@ private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { else result = res ) or + path.isDollarCrate() and + isInMacroFromCrateExpansion(result, path) and + ns = result.getNamespace() + or result = resolvePathCandQualified(_, _, path, ns) or result = resolveUseTreeListItem(_, _, path, _) and @@ -1647,8 +1790,6 @@ private predicate pathUsesNamespace(Path p, Namespace n) { p = any(PathExpr pe).getPath() or p = any(TupleStructPat tsp).getPath() - or - p = any(Meta m).getPath() ) or n.isType() and @@ -1670,6 +1811,47 @@ private predicate pathUsesNamespace(Path p, Namespace n) { or p = any(Path parent).getQualifier() ) + or + n.isMacro() and + ( + p = any(MacroCall mc).getPath() + or + p = any(Meta m).getPath() + ) +} + +/** + * Holds if crate `crate` exports the macro `macro` named `name` using + * a `#[macro_export]` attribute. + * + * See https://lukaswirth.dev/tlborm/decl-macros/minutiae/import-export.html. + */ +pragma[nomagic] +private predicate macroExportEdge(CrateItemNode crate, string name, MacroItemNode macro) { + crate.getASourceFile().getFile() = macro.getFile() and + macro.hasAttr("macro_export") and + name = macro.getName() +} + +/** + * Holds if item `i` contains a `mod` or `extern crate` definition that + * makes the macro `macro` named `name` available using a `#[macro_use]` + * attribute. + * + * See https://lukaswirth.dev/tlborm/decl-macros/minutiae/import-export.html. + */ +pragma[nomagic] +private predicate macroUseEdge( + ItemNode i, string name, SuccessorKind kind, UseOption useOpt, MacroItemNode macro +) { + exists(ItemNode m | + m = i.getASuccessor(_, _, useOpt) and + m.hasAttr("macro_use") + | + macro = m.(ModuleItemNode).getASuccessor(name, kind, _) + or + macro = m.(ExternCrateItemNode).getASuccessor(_, _, _).getASuccessor(name, kind, _) + ) } /** @@ -1700,8 +1882,7 @@ private ItemNode resolvePathCand(RelevantPath path) { | pathUsesNamespace(path, ns) or - not pathUsesNamespace(path, _) and - not path = any(MacroCall mc).getPath() + not pathUsesNamespace(path, _) ) and ( not path = CallExprImpl::getFunctionPath(_) @@ -1869,13 +2050,18 @@ private predicate typeImplEdge( pragma[nomagic] private predicate preludeItem(string name, ItemNode i) { - exists(Crate stdOrCore, ModuleLikeNode mod, ModuleItemNode prelude, ModuleItemNode rust | - stdOrCore.getName() = ["std", "core"] and - mod = stdOrCore.getSourceFile() and - prelude = mod.getASuccessor("prelude") and - rust = prelude.getASuccessor(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and - i = rust.getASuccessor(name) and - not name = ["super", "self"] + exists(Crate stdOrCore | stdOrCore.getName() = ["std", "core"] | + exists(ModuleLikeNode mod, ModuleItemNode prelude, ModuleItemNode rust | + mod = stdOrCore.getSourceFile() and + prelude = mod.getASuccessor("prelude") and + rust = prelude.getASuccessor(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and + i = rust.getASuccessor(name) and + not name = ["super", "self"] + ) + or + macroExportEdge(stdOrCore, name, i) + or + macroUseEdge(stdOrCore, name, _, _, i) ) } @@ -1918,7 +2104,7 @@ private module Debug { ) { p = getRelevantLocatable() and exists(ItemNode encl | - unqualifiedPathLookup(encl, name, ns, ancestor) and + unqualifiedPathLookup(ancestor, name, ns, encl) and p.isUnqualified(name, encl) ) and path = p.toStringDebug() diff --git a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll index b16565174e45..1c8ac649df36 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll @@ -9,8 +9,8 @@ private import PathResolution query predicate multiplePathResolutions(Path p, ItemNode i) { p.fromSource() and i = resolvePath(p) and - // known limitation for `$crate` - not p.getQualifier*().(RelevantPath).isUnqualified("$crate") and + // `panic` is defined in both `std` and `core`; both are included in the prelude + not p.getText() = "panic" and // `use foo::bar` may use both a type `bar` and a value `bar` not p = any(UseTree use | diff --git a/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll b/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll index df668194c075..f7606b941ace 100644 --- a/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll +++ b/rust/ql/lib/utils/test/PathResolutionInlineExpectationsTest.qll @@ -19,7 +19,8 @@ private module ResolveTest implements TestSig { exists(Comment c | c.getLocation().hasLocationInfo(filepath, line, _, _, _) and c.getCommentText().trim() = text and - c.fromSource() + c.fromSource() and + not text.matches("$%") ) } diff --git a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected index 354e6e0a4d28..141cfc355b9f 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/CONSISTENCY/PathResolutionConsistency.expected @@ -1,8 +1,2 @@ multipleCallTargets -| proc_macro.rs:15:5:15:10 | ...::new(...) | -| proc_macro.rs:25:5:25:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | -| proc_macro.rs:41:5:41:10 | ...::new(...) | | proc_macro.rs:44:27:44:30 | ...::to_tokens(...) | diff --git a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected index 0fb7a59f6f47..bf8bbca14007 100644 --- a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected @@ -1,80 +1,11 @@ multipleCallTargets -| test.rs:98:14:98:43 | ...::_print(...) | -| test.rs:110:14:110:33 | ...::_print(...) | | test.rs:113:62:113:77 | ...::from(...) | | test.rs:120:58:120:73 | ...::from(...) | -| test.rs:136:22:136:43 | ...::_print(...) | -| test.rs:141:22:141:43 | ...::_print(...) | -| test.rs:145:22:145:44 | ...::_print(...) | -| test.rs:161:26:161:110 | ...::_print(...) | -| test.rs:169:26:169:111 | ...::_print(...) | -| test.rs:179:30:179:68 | ...::_print(...) | -| test.rs:188:26:188:105 | ...::_print(...) | | test.rs:229:22:229:72 | ... .read_to_string(...) | | test.rs:664:22:664:43 | file.read(...) | | test.rs:673:22:673:41 | f1.read(...) | -| test.rs:697:18:697:38 | ...::_print(...) | -| test.rs:702:18:702:45 | ...::_print(...) | -| test.rs:720:38:720:42 | ...::_print(...) | -| test.rs:724:38:724:54 | ...::_print(...) | -| test.rs:729:38:729:51 | ...::_print(...) | -| test.rs:739:34:739:52 | ...::_print(...) | -| test.rs:758:14:758:43 | ...::_print(...) | -| test.rs:773:18:773:42 | ...::_print(...) | -| test.rs:777:18:777:42 | ...::_print(...) | -| test.rs:782:18:782:45 | ...::_print(...) | -| test.rs:789:30:789:34 | ...::_print(...) | -| test.rs:793:30:793:52 | ...::_print(...) | -| test.rs:802:30:802:43 | ...::_print(...) | -| test.rs:812:30:812:34 | ...::_print(...) | -| test.rs:816:30:816:52 | ...::_print(...) | -| test.rs:825:30:825:43 | ...::_print(...) | -| test.rs:840:14:840:43 | ...::_print(...) | -| test.rs:854:14:854:34 | ...::_print(...) | | test.rs:894:50:894:66 | ...::from(...) | | test.rs:894:50:894:66 | ...::from(...) | -| test.rs:896:14:896:31 | ...::_print(...) | -| test.rs:899:14:899:31 | ...::_print(...) | -| test.rs:902:14:902:31 | ...::_print(...) | -| test.rs:905:14:905:30 | ...::_print(...) | -| test.rs:907:27:907:36 | ...::_print(...) | -| test.rs:908:28:908:41 | ...::_print(...) | -| test.rs:911:14:911:33 | ...::_print(...) | -| test.rs:913:27:913:36 | ...::_print(...) | -| test.rs:914:28:914:41 | ...::_print(...) | -| test.rs:917:14:917:31 | ...::_print(...) | -| test.rs:919:27:919:36 | ...::_print(...) | -| test.rs:920:28:920:41 | ...::_print(...) | -| test.rs:923:14:923:34 | ...::_print(...) | -| test.rs:925:27:925:36 | ...::_print(...) | -| test.rs:926:28:926:41 | ...::_print(...) | -| test.rs:929:14:929:25 | ...::_print(...) | -| test.rs:931:27:931:36 | ...::_print(...) | -| test.rs:932:28:932:41 | ...::_print(...) | -| test.rs:935:14:935:31 | ...::_print(...) | -| test.rs:937:27:937:36 | ...::_print(...) | -| test.rs:938:28:938:41 | ...::_print(...) | -| test.rs:941:14:941:30 | ...::_print(...) | -| test.rs:943:27:943:36 | ...::_print(...) | -| test.rs:944:28:944:41 | ...::_print(...) | -| test.rs:947:14:947:33 | ...::_print(...) | -| test.rs:949:27:949:36 | ...::_print(...) | -| test.rs:950:28:950:41 | ...::_print(...) | -| test.rs:953:14:953:37 | ...::_print(...) | -| test.rs:955:27:955:36 | ...::_print(...) | -| test.rs:956:28:956:41 | ...::_print(...) | -| test.rs:959:14:959:36 | ...::_print(...) | -| test.rs:961:27:961:36 | ...::_print(...) | -| test.rs:962:28:962:41 | ...::_print(...) | -| test.rs:965:14:965:38 | ...::_print(...) | -| test.rs:967:27:967:36 | ...::_print(...) | -| test.rs:968:28:968:41 | ...::_print(...) | -| test.rs:971:14:971:45 | ...::_print(...) | -| test.rs:973:27:973:36 | ...::_print(...) | -| test.rs:974:28:974:41 | ...::_print(...) | -| test.rs:977:14:977:29 | ...::_print(...) | -| test.rs:979:27:979:36 | ...::_print(...) | -| test.rs:980:28:980:41 | ...::_print(...) | | test_futures_io.rs:45:27:45:84 | ...::read(...) | | test_futures_io.rs:49:27:49:51 | reader.read(...) | | test_futures_io.rs:83:22:83:39 | reader2.fill_buf() | diff --git a/rust/ql/test/library-tests/definitions/Definitions.expected b/rust/ql/test/library-tests/definitions/Definitions.expected index b6f8201240ac..3786ab947f2d 100644 --- a/rust/ql/test/library-tests/definitions/Definitions.expected +++ b/rust/ql/test/library-tests/definitions/Definitions.expected @@ -8,24 +8,31 @@ | main.rs:19:23:19:23 | T | main.rs:18:10:18:10 | T | path | | main.rs:19:29:19:32 | Self | main.rs:16:5:16:24 | struct S2 | path | | main.rs:20:16:20:16 | x | main.rs:19:20:19:20 | x | local variable | +| main.rs:29:5:29:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:29:22:29:26 | value | main.rs:29:50:29:54 | value | format argument | | main.rs:29:29:29:33 | width | main.rs:26:9:26:13 | width | local variable | | main.rs:29:36:29:44 | precision | main.rs:27:9:27:17 | precision | local variable | +| main.rs:30:5:30:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:30:22:30:22 | 0 | main.rs:30:34:30:38 | value | format argument | | main.rs:30:25:30:25 | 1 | main.rs:30:41:30:45 | width | format argument | | main.rs:30:28:30:28 | 2 | main.rs:30:48:30:56 | precision | format argument | | main.rs:30:34:30:38 | value | main.rs:28:9:28:13 | value | local variable | | main.rs:30:41:30:45 | width | main.rs:26:9:26:13 | width | local variable | | main.rs:30:48:30:56 | precision | main.rs:27:9:27:17 | precision | local variable | +| main.rs:31:5:31:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:31:21:31:22 | {} | main.rs:31:29:31:33 | value | format argument | | main.rs:31:24:31:25 | {} | main.rs:31:36:31:40 | width | format argument | | main.rs:31:29:31:33 | value | main.rs:28:9:28:13 | value | local variable | | main.rs:31:36:31:40 | width | main.rs:26:9:26:13 | width | local variable | +| main.rs:33:5:33:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:33:22:33:27 | people | main.rs:32:9:32:14 | people | local variable | +| main.rs:34:5:34:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:34:16:34:16 | 1 | main.rs:34:34:34:34 | 2 | format argument | | main.rs:34:19:34:20 | {} | main.rs:34:31:34:31 | 1 | format argument | | main.rs:34:23:34:23 | 0 | main.rs:34:31:34:31 | 1 | format argument | | main.rs:34:26:34:27 | {} | main.rs:34:34:34:34 | 2 | format argument | +| main.rs:35:5:35:13 | assert_eq | {EXTERNAL LOCATION} | MacroRules | path | +| main.rs:35:16:35:21 | format | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:35:31:35:35 | {:<5} | main.rs:35:40:35:42 | "x" | format argument | | main.rs:36:13:36:13 | S | main.rs:1:1:1:9 | struct S | path | | main.rs:37:13:37:14 | M1 | main.rs:5:1:23:1 | mod M1 | path | diff --git a/rust/ql/test/library-tests/definitions/Definitions.qlref b/rust/ql/test/library-tests/definitions/Definitions.qlref new file mode 100644 index 000000000000..425b65e820aa --- /dev/null +++ b/rust/ql/test/library-tests/definitions/Definitions.qlref @@ -0,0 +1,2 @@ +query: Definitions.ql +postprocess: utils/test/ExternalLocationPostProcessing.ql \ No newline at end of file diff --git a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected index 7a3fd01dbc7d..c316b9d29f6c 100644 --- a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,2 @@ multipleCallTargets | main.rs:124:9:124:11 | f(...) | -| proc_macro.rs:9:5:9:10 | ...::new(...) | diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 9051f7f8412e..44cf8ce09294 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -18,16 +18,16 @@ use my2::nested8_f; // $ item=I119 mod m1 { fn f() { - println!("main.rs::m1::f"); + println!("main.rs::m1::f"); // $ item=println } // I16 pub mod m2 { fn f() { - println!("main.rs::m1::m2::f"); + println!("main.rs::m1::m2::f"); // $ item=println } // I18 pub fn g() { - println!("main.rs::m1::m2::g"); + println!("main.rs::m1::m2::g"); // $ item=println f(); // $ item=I18 super::f(); // $ item=I16 } // I19 @@ -35,7 +35,7 @@ mod m1 { pub mod m3 { use super::f; // $ item=I18 pub fn h() { - println!("main.rs::m1::m2::m3::h"); + println!("main.rs::m1::m2::m3::h"); // $ item=println f(); // $ item=I18 } // I21 } // I20 @@ -46,7 +46,7 @@ mod m4 { use super::m1::m2::g; // $ item=I19 pub fn i() { - println!("main.rs::m4::i"); + println!("main.rs::m4::i"); // $ item=println g(); // $ item=I19 } // I23 } // I22 @@ -54,7 +54,7 @@ mod m4 { struct Foo {} // I24 fn h() { - println!("main.rs::h"); + println!("main.rs::h"); // $ item=println struct Foo {} // I26 @@ -63,7 +63,7 @@ fn h() { g(); // $ item=I19 struct Foo {} // I28 - println!("main.rs::h::f"); + println!("main.rs::h::f"); // $ item=println let _ = Foo {}; // $ item=I28 } // I27 @@ -75,7 +75,7 @@ fn h() { } // I25 fn i() { - println!("main.rs::i"); + println!("main.rs::i"); // $ item=println let _ = Foo {}; // $ item=I24 @@ -101,25 +101,25 @@ macro_rules! fn_in_macro { } fn j() { - println!("main.rs::j"); - fn_in_macro!(println!("main.rs::j::f")); + println!("main.rs::j"); // $ item=println + fn_in_macro!(println!("main.rs::j::f")); // $ item=fn_in_macro item=println f_defined_in_macro(); // $ item=f_defined_in_macro } // I31 mod m5 { pub fn f() { - println!("main.rs::m5::f"); + println!("main.rs::m5::f"); // $ item=println } // I33 } // I32 mod m6 { fn f() { - println!("main.rs::m6::f"); + println!("main.rs::m6::f"); // $ item=println } // I35 pub fn g() { - println!("main.rs::m6::g"); - // this import shadows the definition `I35`, which we don't currently handle + println!("main.rs::m6::g"); // $ item=println + // this import shadows the definition `I35`, which we don't currently handle use super::m5::*; // $ item=I32 f(); // $ item=I33 $ SPURIOUS: item=I35 } // I36 @@ -139,7 +139,7 @@ mod m7 { #[rustfmt::skip] pub fn f() -> MyEnum // $ item=I41 { - println!("main.rs::m7::f"); + println!("main.rs::m7::f"); // $ item=println let _ = MyEnum::A(0); // $ item=I42 let _ = MyEnum::B { x: 0 }; // $ item=I43 MyEnum::C // $ item=I44 @@ -151,7 +151,7 @@ mod m8 { fn f(&self); // I48 fn g(&self) { - println!("main.rs::m8::MyTrait::g"); + println!("main.rs::m8::MyTrait::g"); // $ item=println f(); // $ item=I51 Self::f(self); // $ item=I48 } // I49 @@ -160,26 +160,26 @@ mod m8 { struct MyStruct {} // I50 fn f() { - println!("main.rs::m8::f"); + println!("main.rs::m8::f"); // $ item=println } // I51 #[rustfmt::skip] impl MyTrait for MyStruct { // $ item=I47 item=I50 fn f(&self) { - println!("main.rs::m8::::f"); + println!("main.rs::m8::::f"); // $ item=println f(); // $ item=I51 Self::g(self); // $ item=I54 } // I53 fn g(&self) { - println!("main.rs::m8::::g"); + println!("main.rs::m8::::g"); // $ item=println } // I54 } // I52 #[rustfmt::skip] impl MyStruct { // $ item=I50 fn h(&self) { - println!("main.rs::m8::MyStruct::h"); + println!("main.rs::m8::MyStruct::h"); // $ item=println f(); // $ item=I51 } // I74 } // I73 @@ -207,7 +207,7 @@ mod m9 { #[rustfmt::skip] pub fn f() -> self::MyStruct { // $ item=I56 - println!("main.rs::m9::f"); + println!("main.rs::m9::f"); // $ item=println self::MyStruct {} // $ item=I56 } // I57 } @@ -312,7 +312,7 @@ mod m15 { trait Trait2 : Trait1 { // $ item=I79 fn f(&self) { - println!("m15::Trait2::f"); + println!("m15::Trait2::f"); // $ item=println Self::g(self); // $ item=I80 self.g(); // $ item=I80 } @@ -339,13 +339,13 @@ mod m15 { impl Trait1 // $ item=I79 for S { // $ item=I81 fn f(&self) { - println!("m15::::f"); + println!("m15::::f"); // $ item=println Self::g(self); // $ item=I77 self.g(); // $ item=I77 } // I76 fn g(&self) { - println!("m15::::g"); + println!("m15::::g"); // $ item=println } // I77 } @@ -353,13 +353,13 @@ mod m15 { impl Trait2 // $ item=I82 for S { // $ item=I81 fn f(&self) { - println!("m15::::f"); + println!("m15::::f"); // $ item=println } // I78 } #[rustfmt::skip] pub fn f() { - println!("m15::f"); + println!("m15::f"); // $ item=println let x = S; // $ item=I81 { // $ item=I86 fn f(&self) -> T { // $ item=I87 - println!("m16::Trait2::f"); + println!("m16::Trait2::f"); // $ item=println Self::g(self); // $ item=I85 self.g(); // $ item=I85 Self::c // $ item=I94 @@ -414,13 +414,13 @@ mod m16 { > // $ item=I86 for S { // $ item=I90 fn f(&self) -> S { // $ item=I90 - println!("m16::>::f"); + println!("m16::>::f"); // $ item=println Self::g(self); // $ item=I92 self.g() // $ item=I92 } // I91 fn g(&self) -> S { // $ item=I90 - println!("m16::>::g"); + println!("m16::>::g"); // $ item=println Self::c // $ item=I95 } // I92 @@ -434,14 +434,14 @@ mod m16 { > // $ item=I89 for S { // $ item=I90 fn f(&self) -> S { // $ item=I90 - println!("m16::>::f"); + println!("m16::>::f"); // $ item=println Self::c // $ MISSING: item=I95 } // I93 } #[rustfmt::skip] pub fn f() { - println!("m16::f"); + println!("m16::f"); // $ item=println let x = S; // $ item=I90 // $ item=I2 for S { // $ item=I4 fn f(&self) { - println!("m23::>::f"); + println!("m23::>::f"); // $ item=println } // I5 } @@ -667,14 +667,14 @@ mod m24 { #[rustfmt::skip] impl TraitA for Implementor { // $ item=I111 item=I118 fn trait_a_method(&self) { - println!("TraitA method called"); + println!("TraitA method called"); // $ item=println } // I119 } #[rustfmt::skip] impl TraitB for Implementor { // $ item=I113 item=I118 fn trait_b_method(&self) { - println!("TraitB method called"); + println!("TraitB method called"); // $ item=println } // I120 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index af2d35ed2753..612e40d493f9 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -3,11 +3,11 @@ pub mod nested; // I37 use nested::g; // $ item=I7 pub fn f() { - println!("my.rs::f"); + println!("my.rs::f"); // $ item=println } // I38 pub fn h() { - println!("my.rs::h"); + println!("my.rs::h"); // $ item=println g(); // $ item=I7 } // I39 diff --git a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs index 25a94fee7c14..dbaf9a43be8d 100644 --- a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs @@ -1,3 +1,3 @@ pub fn f() { - println!("my/my4/my5/mod.rs::f"); + println!("my/my4/my5/mod.rs::f"); // $ item=println } // I201 diff --git a/rust/ql/test/library-tests/path-resolution/my/nested.rs b/rust/ql/test/library-tests/path-resolution/my/nested.rs index 639ed241ae3e..d3c425e6a241 100644 --- a/rust/ql/test/library-tests/path-resolution/my/nested.rs +++ b/rust/ql/test/library-tests/path-resolution/my/nested.rs @@ -1,22 +1,22 @@ pub mod nested1 { pub mod nested2 { pub fn f() { - println!("nested.rs:nested1::nested2::f"); + println!("nested.rs:nested1::nested2::f"); // $ item=println } // I4 fn g() { - println!("nested.rs:nested1::nested2::g"); + println!("nested.rs:nested1::nested2::g"); // $ item=println f(); // $ item=I4 } // I5 } // I3 fn g() { - println!("nested.rs:nested1::g"); + println!("nested.rs:nested1::g"); // $ item=println nested2::f(); // $ item=I4 } // I6 } // I1 pub fn g() { - println!("nested.rs::g"); + println!("nested.rs::g"); // $ item=println nested1::nested2::f(); // $ item=I4 } // I7 diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 6b86c78237c9..c16d93216b0c 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -1,7 +1,7 @@ pub mod nested2; // I8 fn g() { - println!("my2/mod.rs::g"); + println!("my2/mod.rs::g"); // $ item=println nested2::nested3::nested4::f(); // $ item=I12 } // I9 diff --git a/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs index 169aeed6b288..d15877f8107a 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/my3/mod.rs @@ -1,5 +1,5 @@ pub fn f() { - println!("my2/my3/mod.rs::f"); + println!("my2/my3/mod.rs::f"); // $ item=println g(); // $ item=I9 h(); // $ item=I25 } // I200 diff --git a/rust/ql/test/library-tests/path-resolution/my2/nested2.rs b/rust/ql/test/library-tests/path-resolution/my2/nested2.rs index 47fed6d42998..318eb7e250a8 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/nested2.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/nested2.rs @@ -1,11 +1,11 @@ pub mod nested3 { pub mod nested4 { pub fn f() { - println!("nested2.rs::nested3::nested4::f"); + println!("nested2.rs::nested3::nested4::f"); // $ item=println } // I12 pub fn g() { - println!("nested2.rs::nested3::nested4::g"); + println!("nested2.rs::nested3::nested4::g"); // $ item=println } // I13 } // I11 } // I10 @@ -13,7 +13,7 @@ pub mod nested3 { pub mod nested5 { pub mod nested6 { pub fn f() { - println!("nested2.rs::nested5::nested6::f"); + println!("nested2.rs::nested5::nested6::f"); // $ item=println } // I116 } // I115 } // I114 @@ -21,7 +21,7 @@ pub mod nested5 { pub mod nested7 { pub mod nested8 { pub fn f() { - println!("nested2.rs::nested7::nested8::f"); + println!("nested2.rs::nested7::nested8::f"); // $ item=println } // I119 } // I118 } // I117 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 9315016fe6a0..84c492081ed2 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -61,26 +61,34 @@ resolvePath | main.rs:14:5:14:5 | g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:17:5:17:7 | my2 | main.rs:7:1:7:8 | mod my2 | | main.rs:17:5:17:18 | ...::nested8_f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:21:9:21:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:26:13:26:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:30:13:30:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:31:13:31:13 | f | main.rs:25:9:27:9 | fn f | | main.rs:32:13:32:17 | super | main.rs:19:1:43:1 | mod m1 | | main.rs:32:13:32:20 | ...::f | main.rs:20:5:22:5 | fn f | | main.rs:36:17:36:21 | super | main.rs:24:5:42:5 | mod m2 | | main.rs:36:17:36:24 | ...::f | main.rs:25:9:27:9 | fn f | +| main.rs:38:17:38:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:39:17:39:17 | f | main.rs:25:9:27:9 | fn f | | main.rs:46:9:46:13 | super | main.rs:1:1:826:2 | SourceFile | | main.rs:46:9:46:17 | ...::m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:46:9:46:21 | ...::m2 | main.rs:24:5:42:5 | mod m2 | | main.rs:46:9:46:24 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:49:9:49:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:50:9:50:9 | g | main.rs:29:9:33:9 | fn g | +| main.rs:57:5:57:11 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:62:13:62:14 | m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:62:13:62:18 | ...::m2 | main.rs:24:5:42:5 | mod m2 | | main.rs:62:13:62:21 | ...::g | main.rs:29:9:33:9 | fn g | | main.rs:63:9:63:9 | g | main.rs:29:9:33:9 | fn g | +| main.rs:66:9:66:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:67:17:67:19 | Foo | main.rs:65:9:65:21 | struct Foo | | main.rs:70:13:70:15 | Foo | main.rs:59:5:59:17 | struct Foo | | main.rs:72:5:72:5 | f | main.rs:61:5:68:5 | fn f | | main.rs:74:5:74:8 | self | main.rs:1:1:826:2 | SourceFile | | main.rs:74:5:74:11 | ...::i | main.rs:77:1:89:1 | fn i | +| main.rs:78:5:78:11 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:80:13:80:15 | Foo | main.rs:54:1:54:13 | struct Foo | | main.rs:84:16:84:18 | i32 | {EXTERNAL LOCATION} | struct i32 | | main.rs:87:17:87:19 | Foo | main.rs:83:9:85:9 | struct Foo | @@ -93,7 +101,13 @@ resolvePath | main.rs:93:57:93:63 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:93:57:93:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:93:80:93:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:104:5:104:11 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:105:5:105:15 | fn_in_macro | main.rs:95:1:101:1 | MacroRules | +| main.rs:105:18:105:24 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:106:5:106:22 | f_defined_in_macro | main.rs:105:18:105:42 | fn f_defined_in_macro | +| main.rs:111:9:111:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:117:9:117:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:121:9:121:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:123:13:123:17 | super | main.rs:1:1:826:2 | SourceFile | | main.rs:123:13:123:21 | ...::m5 | main.rs:109:1:113:1 | mod m5 | | main.rs:124:9:124:9 | f | main.rs:110:5:112:5 | fn f | @@ -101,21 +115,27 @@ resolvePath | main.rs:131:13:131:15 | i32 | {EXTERNAL LOCATION} | struct i32 | | main.rs:134:16:134:18 | i32 | {EXTERNAL LOCATION} | struct i32 | | main.rs:140:19:140:24 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | +| main.rs:142:9:142:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:143:17:143:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | | main.rs:143:17:143:25 | ...::A | main.rs:130:9:132:9 | A | | main.rs:144:17:144:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | | main.rs:144:17:144:25 | ...::B | main.rs:132:12:135:9 | B | | main.rs:145:9:145:14 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | | main.rs:145:9:145:17 | ...::C | main.rs:135:12:136:9 | C | +| main.rs:154:13:154:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:155:13:155:13 | f | main.rs:162:5:164:5 | fn f | | main.rs:156:13:156:16 | Self | main.rs:150:5:158:5 | trait MyTrait | | main.rs:156:13:156:19 | ...::f | main.rs:151:9:151:20 | fn f | +| main.rs:163:9:163:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:167:10:167:16 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | | main.rs:167:22:167:29 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | +| main.rs:169:13:169:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:170:13:170:13 | f | main.rs:162:5:164:5 | fn f | | main.rs:171:13:171:16 | Self | main.rs:166:5:177:5 | impl MyTrait for MyStruct { ... } | | main.rs:171:13:171:19 | ...::g | main.rs:174:9:176:9 | fn g | +| main.rs:175:13:175:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:180:10:180:17 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | +| main.rs:182:13:182:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:183:13:183:13 | f | main.rs:162:5:164:5 | fn f | | main.rs:189:17:189:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | | main.rs:190:9:190:15 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | @@ -130,6 +150,7 @@ resolvePath | main.rs:200:9:200:19 | ...::h | main.rs:180:21:184:9 | fn h | | main.rs:209:19:209:22 | self | main.rs:205:1:213:1 | mod m9 | | main.rs:209:19:209:32 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | +| main.rs:210:9:210:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:211:9:211:12 | self | main.rs:205:1:213:1 | mod m9 | | main.rs:211:9:211:22 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | | main.rs:221:12:221:12 | T | main.rs:218:7:218:7 | T | @@ -159,6 +180,7 @@ resolvePath | main.rs:298:21:298:21 | f | main.rs:290:19:291:19 | struct f | | main.rs:299:13:299:13 | f | main.rs:290:5:290:17 | fn f | | main.rs:313:9:313:14 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | +| main.rs:315:13:315:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:316:13:316:16 | Self | main.rs:311:5:319:5 | trait Trait2 | | main.rs:316:13:316:19 | ...::g | main.rs:308:9:308:20 | fn g | | main.rs:326:9:326:12 | Self | main.rs:321:5:334:5 | trait Trait3 | @@ -172,10 +194,14 @@ resolvePath | main.rs:331:13:331:17 | ...::g | main.rs:308:9:308:20 | fn g | | main.rs:339:10:339:15 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | | main.rs:340:11:340:11 | S | main.rs:336:5:336:13 | struct S | +| main.rs:342:13:342:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:343:13:343:16 | Self | main.rs:338:5:350:5 | impl Trait1 for S { ... } | | main.rs:343:13:343:19 | ...::g | main.rs:347:9:349:9 | fn g | +| main.rs:348:13:348:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:353:10:353:15 | Trait2 | main.rs:311:5:319:5 | trait Trait2 | | main.rs:354:11:354:11 | S | main.rs:336:5:336:13 | struct S | +| main.rs:356:13:356:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:362:9:362:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:363:17:363:17 | S | main.rs:336:5:336:13 | struct S | | main.rs:364:10:364:10 | S | main.rs:336:5:336:13 | struct S | | main.rs:365:14:365:19 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | @@ -192,6 +218,7 @@ resolvePath | main.rs:398:9:400:9 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | | main.rs:399:11:399:11 | T | main.rs:396:7:396:7 | T | | main.rs:401:24:401:24 | T | main.rs:396:7:396:7 | T | +| main.rs:402:13:402:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:403:13:403:16 | Self | main.rs:394:5:407:5 | trait Trait2 | | main.rs:403:13:403:19 | ...::g | main.rs:382:9:383:9 | fn g | | main.rs:405:13:405:16 | Self | main.rs:394:5:407:5 | trait Trait2 | @@ -200,9 +227,11 @@ resolvePath | main.rs:413:7:413:7 | S | main.rs:409:5:409:13 | struct S | | main.rs:415:11:415:11 | S | main.rs:409:5:409:13 | struct S | | main.rs:416:24:416:24 | S | main.rs:409:5:409:13 | struct S | +| main.rs:417:13:417:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:418:13:418:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | | main.rs:418:13:418:19 | ...::g | main.rs:422:9:425:9 | fn g | | main.rs:422:24:422:24 | S | main.rs:409:5:409:13 | struct S | +| main.rs:423:13:423:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:424:13:424:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | | main.rs:424:13:424:19 | ...::c | main.rs:427:9:428:9 | Const | | main.rs:427:18:427:18 | S | main.rs:409:5:409:13 | struct S | @@ -211,7 +240,9 @@ resolvePath | main.rs:433:7:433:7 | S | main.rs:409:5:409:13 | struct S | | main.rs:435:11:435:11 | S | main.rs:409:5:409:13 | struct S | | main.rs:436:24:436:24 | S | main.rs:409:5:409:13 | struct S | +| main.rs:437:13:437:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:438:13:438:16 | Self | main.rs:431:5:440:5 | impl Trait2::<...> for S { ... } | +| main.rs:444:9:444:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:445:17:445:17 | S | main.rs:409:5:409:13 | struct S | | main.rs:446:10:446:10 | S | main.rs:409:5:409:13 | struct S | | main.rs:447:14:449:11 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | @@ -230,8 +261,10 @@ resolvePath | main.rs:463:13:463:13 | S | main.rs:409:5:409:13 | struct S | | main.rs:481:14:481:16 | Foo | main.rs:471:9:473:9 | trait Foo | | main.rs:481:22:481:22 | X | main.rs:479:9:479:21 | struct X | +| main.rs:483:17:483:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:487:14:487:16 | Bar | main.rs:475:9:477:9 | trait Bar | | main.rs:487:22:487:22 | X | main.rs:479:9:479:21 | struct X | +| main.rs:489:17:489:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:494:9:494:9 | m | main.rs:470:5:492:5 | mod m | | main.rs:494:9:494:12 | ...::X | main.rs:479:9:479:21 | struct X | | main.rs:497:17:497:17 | X | main.rs:479:9:479:21 | struct X | @@ -252,6 +285,7 @@ resolvePath | main.rs:516:13:516:28 | ...::a_method | main.rs:476:13:476:31 | fn a_method | | main.rs:529:10:529:16 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | | main.rs:530:9:530:9 | S | main.rs:526:5:526:13 | struct S | +| main.rs:532:13:532:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:538:7:538:13 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | | main.rs:539:10:539:10 | T | main.rs:537:10:537:10 | T | | main.rs:541:9:541:9 | T | main.rs:537:10:537:10 | T | @@ -260,6 +294,9 @@ resolvePath | main.rs:542:9:542:18 | ...::f | main.rs:523:9:523:20 | fn f | | main.rs:547:9:547:9 | g | main.rs:536:5:543:5 | fn g | | main.rs:548:11:548:11 | S | main.rs:526:5:526:13 | struct S | +| main.rs:555:9:555:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:560:13:560:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:565:17:565:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:566:17:566:21 | super | main.rs:558:5:570:5 | mod m19 | | main.rs:566:17:566:24 | ...::f | main.rs:559:9:561:9 | fn f | | main.rs:567:17:567:21 | super | main.rs:558:5:570:5 | mod m19 | @@ -279,6 +316,7 @@ resolvePath | main.rs:611:10:613:5 | Trait1::<...> | main.rs:601:5:606:5 | trait Trait1 | | main.rs:612:7:612:10 | Self | main.rs:608:5:608:13 | struct S | | main.rs:614:11:614:11 | S | main.rs:608:5:608:13 | struct S | +| main.rs:616:13:616:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:622:17:622:17 | S | main.rs:608:5:608:13 | struct S | | main.rs:638:15:638:15 | T | main.rs:637:26:637:26 | T | | main.rs:643:9:643:24 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | @@ -293,8 +331,10 @@ resolvePath | main.rs:657:12:657:17 | TraitA | main.rs:628:5:630:5 | trait TraitA | | main.rs:668:10:668:15 | TraitA | main.rs:628:5:630:5 | trait TraitA | | main.rs:668:21:668:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | +| main.rs:670:13:670:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:675:10:675:15 | TraitB | main.rs:632:5:634:5 | trait TraitB | | main.rs:675:21:675:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | +| main.rs:677:13:677:19 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:683:24:683:34 | Implementor | main.rs:665:5:665:23 | struct Implementor | | main.rs:684:23:684:35 | GenericStruct | main.rs:636:5:639:5 | struct GenericStruct | | main.rs:690:9:690:36 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | @@ -425,6 +465,7 @@ resolvePath | main.rs:824:5:824:11 | AStruct | main.rs:702:1:702:17 | struct AStruct | | main.rs:825:5:825:29 | impl_with_attribute_macro | main.rs:770:1:789:1 | mod impl_with_attribute_macro | | main.rs:825:5:825:35 | ...::test | main.rs:785:5:788:5 | fn test | +| my2/mod.rs:4:5:4:11 | println | {EXTERNAL LOCATION} | MacroRules | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -445,6 +486,7 @@ resolvePath | my2/mod.rs:18:5:18:19 | ...::Deref | {EXTERNAL LOCATION} | trait Deref | | my2/mod.rs:25:9:25:13 | mymod | my2/mod.rs:22:1:23:10 | mod mymod | | my2/mod.rs:25:9:25:16 | ...::f | my2/renamed.rs:1:1:1:13 | fn f | +| my2/my3/mod.rs:2:5:2:11 | println | {EXTERNAL LOCATION} | MacroRules | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:56:1:75:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | @@ -456,8 +498,14 @@ resolvePath | my2/my3/mod.rs:10:5:10:20 | ...::nested6_f | my2/nested2.rs:15:9:17:9 | fn f | | my2/my3/mod.rs:12:5:12:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | | my2/my3/mod.rs:14:16:14:20 | Deref | {EXTERNAL LOCATION} | trait Deref | +| my2/nested2.rs:4:13:4:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:8:13:8:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:16:13:16:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my2/nested2.rs:24:13:24:19 | println | {EXTERNAL LOCATION} | MacroRules | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | +| my.rs:6:5:6:11 | println | {EXTERNAL LOCATION} | MacroRules | +| my.rs:10:5:10:11 | println | {EXTERNAL LOCATION} | MacroRules | | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | | my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | | my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | @@ -473,29 +521,39 @@ resolvePath | my.rs:30:13:30:15 | i32 | {EXTERNAL LOCATION} | struct i32 | | my.rs:33:16:33:18 | Err | {EXTERNAL LOCATION} | Err | | my.rs:35:5:35:6 | Ok | {EXTERNAL LOCATION} | Ok | +| my/my4/my5/mod.rs:2:5:2:11 | println | {EXTERNAL LOCATION} | MacroRules | +| my/nested.rs:4:13:4:19 | println | {EXTERNAL LOCATION} | MacroRules | +| my/nested.rs:8:13:8:19 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | +| my/nested.rs:14:9:14:15 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| my/nested.rs:20:5:20:11 | println | {EXTERNAL LOCATION} | MacroRules | | my/nested.rs:21:5:21:11 | nested1 | my/nested.rs:1:1:17:1 | mod nested1 | | my/nested.rs:21:5:21:20 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:21:5:21:23 | ...::f | my/nested.rs:3:9:5:9 | fn f | | proc_macro.rs:1:5:1:14 | proc_macro | {EXTERNAL LOCATION} | Crate(proc_macro@0.0.0) | | proc_macro.rs:1:5:1:27 | ...::TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:2:5:2:9 | quote | {EXTERNAL LOCATION} | Crate(quote@1.0.40) | +| proc_macro.rs:2:5:2:16 | ...::quote | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:5:25:5:35 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:5:44:5:54 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:5:60:5:70 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:6:16:6:18 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | +| proc_macro.rs:6:16:6:37 | ...::parse_macro_input | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:6:48:6:50 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:6:48:6:58 | ...::LitStr | {EXTERNAL LOCATION} | struct LitStr | | proc_macro.rs:6:48:6:58 | ...::parse::<...> | {EXTERNAL LOCATION} | fn parse | | proc_macro.rs:7:19:7:21 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | +| proc_macro.rs:7:19:7:40 | ...::parse_macro_input | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:7:51:7:53 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:7:51:7:61 | ...::ItemFn | {EXTERNAL LOCATION} | struct ItemFn | | proc_macro.rs:7:51:7:61 | ...::parse::<...> | {EXTERNAL LOCATION} | fn parse | | proc_macro.rs:8:21:8:23 | syn | {EXTERNAL LOCATION} | Crate(syn@2.0.103) | | proc_macro.rs:8:21:8:30 | ...::Ident | {EXTERNAL LOCATION} | struct Ident | | proc_macro.rs:8:21:8:35 | ...::new | {EXTERNAL LOCATION} | fn new | +| proc_macro.rs:8:38:8:43 | format | {EXTERNAL LOCATION} | MacroRules | +| proc_macro.rs:9:5:9:9 | quote | {EXTERNAL LOCATION} | MacroRules | | proc_macro.rs:16:24:16:34 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:16:43:16:53 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | | proc_macro.rs:16:59:16:69 | TokenStream | {EXTERNAL LOCATION} | struct TokenStream | diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected index d195a145aafc..fe1822bb82c7 100644 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/PathResolutionConsistency.expected @@ -42,15 +42,11 @@ multipleCallTargets | sqlx.rs:127:29:127:51 | unsafe_query_1.as_str() | | sqlx.rs:128:29:128:53 | prepared_query_1.as_str() | | sqlx.rs:131:54:131:74 | safe_query_1.as_str() | -| sqlx.rs:132:14:132:34 | ...::_print(...) | | sqlx.rs:133:54:133:78 | prepared_query_1.as_str() | -| sqlx.rs:134:14:134:34 | ...::_print(...) | | sqlx.rs:136:55:136:77 | unsafe_query_1.as_str() | | sqlx.rs:137:55:137:79 | prepared_query_1.as_str() | | sqlx.rs:140:54:140:74 | safe_query_1.as_str() | -| sqlx.rs:141:14:141:34 | ...::_print(...) | | sqlx.rs:142:54:142:78 | prepared_query_1.as_str() | -| sqlx.rs:143:14:143:34 | ...::_print(...) | | sqlx.rs:145:55:145:77 | unsafe_query_1.as_str() | | sqlx.rs:146:55:146:79 | prepared_query_1.as_str() | | sqlx.rs:149:25:149:45 | safe_query_1.as_str() | @@ -68,15 +64,4 @@ multipleCallTargets | sqlx.rs:186:25:186:49 | prepared_query_1.as_str() | | sqlx.rs:188:29:188:51 | unsafe_query_1.as_str() | | sqlx.rs:189:29:189:53 | prepared_query_1.as_str() | -| sqlx.rs:196:14:196:43 | ...::_print(...) | | sqlx.rs:202:57:202:85 | ...::from(...) | -| sqlx.rs:203:14:203:46 | ...::_print(...) | -| sqlx.rs:205:14:205:33 | ...::_print(...) | -| sqlx.rs:207:27:207:41 | ...::_print(...) | -| sqlx.rs:208:28:208:43 | ...::_print(...) | -| sqlx.rs:211:14:211:34 | ...::_print(...) | -| sqlx.rs:213:27:213:41 | ...::_print(...) | -| sqlx.rs:214:28:214:43 | ...::_print(...) | -| sqlx.rs:217:14:217:36 | ...::_print(...) | -| sqlx.rs:219:27:219:41 | ...::_print(...) | -| sqlx.rs:220:28:220:43 | ...::_print(...) | diff --git a/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected index ac6f2b2d997a..f4514168e3fe 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CONSISTENCY/PathResolutionConsistency.expected @@ -1,75 +1,7 @@ multipleCallTargets -| test_logging.rs:42:5:42:10 | ...::max_level(...) | -| test_logging.rs:43:5:43:10 | ...::max_level(...) | -| test_logging.rs:44:5:44:9 | ...::max_level(...) | -| test_logging.rs:45:5:45:10 | ...::max_level(...) | -| test_logging.rs:46:5:46:9 | ...::max_level(...) | -| test_logging.rs:47:5:47:8 | ...::max_level(...) | -| test_logging.rs:50:5:50:10 | ...::max_level(...) | -| test_logging.rs:51:5:51:10 | ...::max_level(...) | -| test_logging.rs:52:5:52:10 | ...::max_level(...) | -| test_logging.rs:53:5:53:10 | ...::max_level(...) | -| test_logging.rs:54:5:54:10 | ...::max_level(...) | -| test_logging.rs:55:5:55:10 | ...::max_level(...) | -| test_logging.rs:56:5:56:10 | ...::max_level(...) | -| test_logging.rs:57:5:57:10 | ...::max_level(...) | -| test_logging.rs:58:5:58:10 | ...::max_level(...) | -| test_logging.rs:59:5:59:10 | ...::max_level(...) | -| test_logging.rs:60:5:60:10 | ...::max_level(...) | -| test_logging.rs:61:5:61:10 | ...::max_level(...) | -| test_logging.rs:64:5:64:8 | ...::max_level(...) | -| test_logging.rs:65:5:65:8 | ...::max_level(...) | -| test_logging.rs:66:5:66:8 | ...::max_level(...) | -| test_logging.rs:67:5:67:8 | ...::max_level(...) | -| test_logging.rs:68:5:68:8 | ...::max_level(...) | -| test_logging.rs:71:5:71:10 | ...::max_level(...) | -| test_logging.rs:72:5:72:10 | ...::max_level(...) | -| test_logging.rs:73:5:73:10 | ...::max_level(...) | -| test_logging.rs:74:5:74:10 | ...::max_level(...) | -| test_logging.rs:75:5:75:10 | ...::max_level(...) | -| test_logging.rs:76:5:76:10 | ...::max_level(...) | -| test_logging.rs:77:5:77:10 | ...::max_level(...) | | test_logging.rs:77:20:77:36 | password.as_str() | -| test_logging.rs:78:5:78:10 | ...::max_level(...) | | test_logging.rs:78:22:78:38 | password.as_str() | -| test_logging.rs:81:5:81:10 | ...::max_level(...) | -| test_logging.rs:82:5:82:10 | ...::max_level(...) | -| test_logging.rs:83:5:83:10 | ...::max_level(...) | -| test_logging.rs:84:5:84:10 | ...::max_level(...) | -| test_logging.rs:85:5:85:10 | ...::max_level(...) | -| test_logging.rs:86:5:86:10 | ...::max_level(...) | | test_logging.rs:88:18:88:34 | password.as_str() | -| test_logging.rs:89:5:89:10 | ...::max_level(...) | -| test_logging.rs:90:5:90:10 | ...::max_level(...) | -| test_logging.rs:94:5:94:9 | ...::max_level(...) | -| test_logging.rs:97:5:97:9 | ...::max_level(...) | -| test_logging.rs:100:5:100:9 | ...::max_level(...) | -| test_logging.rs:104:5:104:9 | ...::max_level(...) | -| test_logging.rs:108:5:108:9 | ...::max_level(...) | -| test_logging.rs:112:5:112:9 | ...::max_level(...) | -| test_logging.rs:114:9:114:13 | ...::max_level(...) | -| test_logging.rs:118:5:118:10 | ...::max_level(...) | -| test_logging.rs:121:5:121:10 | ...::max_level(...) | -| test_logging.rs:123:5:123:10 | ...::max_level(...) | -| test_logging.rs:126:5:126:10 | ...::max_level(...) | -| test_logging.rs:130:5:130:10 | ...::max_level(...) | -| test_logging.rs:131:5:131:10 | ...::max_level(...) | -| test_logging.rs:132:5:132:10 | ...::max_level(...) | -| test_logging.rs:133:5:133:10 | ...::max_level(...) | -| test_logging.rs:140:5:140:9 | ...::max_level(...) | -| test_logging.rs:141:5:141:9 | ...::max_level(...) | -| test_logging.rs:142:5:142:9 | ...::max_level(...) | -| test_logging.rs:143:5:143:9 | ...::max_level(...) | -| test_logging.rs:144:5:144:9 | ...::max_level(...) | -| test_logging.rs:150:5:150:9 | ...::max_level(...) | -| test_logging.rs:151:5:151:9 | ...::max_level(...) | -| test_logging.rs:152:5:152:9 | ...::max_level(...) | -| test_logging.rs:153:5:153:9 | ...::max_level(...) | -| test_logging.rs:154:5:154:9 | ...::max_level(...) | -| test_logging.rs:192:12:192:37 | ...::_print(...) | -| test_logging.rs:193:14:193:37 | ...::_print(...) | -| test_logging.rs:194:13:194:38 | ...::_eprint(...) | -| test_logging.rs:195:15:195:38 | ...::_eprint(...) | | test_logging.rs:229:30:229:71 | ... .as_str() | | test_logging.rs:242:16:242:61 | ... .as_bytes() | | test_logging.rs:245:20:245:65 | ... .as_bytes() | @@ -134,9 +66,3 @@ multipleCallTargets | test_storage.rs:188:29:188:86 | ...::from(...) | | test_storage.rs:189:28:189:82 | ...::from(...) | | test_storage.rs:190:28:190:81 | ...::from(...) | -| test_storage.rs:217:14:217:47 | ...::_print(...) | -| test_storage.rs:219:27:219:41 | ...::_print(...) | -| test_storage.rs:220:28:220:43 | ...::_print(...) | -| test_storage.rs:223:14:223:51 | ...::_print(...) | -| test_storage.rs:225:27:225:41 | ...::_print(...) | -| test_storage.rs:226:28:226:43 | ...::_print(...) | From 537e7a8ec3c344bc7055fb3d9b4623f9edaed047 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 30 Sep 2025 16:24:38 +0200 Subject: [PATCH 125/307] Rust: Fix formatting --- .../PathResolutionConsistency.expected | 2 +- .../library-tests/path-resolution/main.rs | 3 +- .../path-resolution/path-resolution.expected | 760 +++++++++--------- 3 files changed, 383 insertions(+), 382 deletions(-) diff --git a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected index c316b9d29f6c..68c19fa671d9 100644 --- a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected @@ -1,2 +1,2 @@ multipleCallTargets -| main.rs:124:9:124:11 | f(...) | +| main.rs:125:9:125:11 | f(...) | diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 44cf8ce09294..037527c71be3 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -119,7 +119,8 @@ mod m6 { pub fn g() { println!("main.rs::m6::g"); // $ item=println - // this import shadows the definition `I35`, which we don't currently handle + + // this import shadows the definition `I35`, which we don't currently handle use super::m5::*; // $ item=I32 f(); // $ item=I33 $ SPURIOUS: item=I35 } // I36 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 84c492081ed2..04c16a4858ed 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -7,31 +7,31 @@ mod | main.rs:35:9:41:9 | mod m3 | | main.rs:45:1:52:1 | mod m4 | | main.rs:109:1:113:1 | mod m5 | -| main.rs:115:1:126:1 | mod m6 | -| main.rs:128:1:147:1 | mod m7 | -| main.rs:149:1:203:1 | mod m8 | -| main.rs:205:1:213:1 | mod m9 | -| main.rs:215:1:234:1 | mod m10 | -| main.rs:236:1:273:1 | mod m11 | -| main.rs:246:5:246:12 | mod f | -| main.rs:275:1:287:1 | mod m12 | -| main.rs:289:1:302:1 | mod m13 | -| main.rs:293:5:301:5 | mod m14 | -| main.rs:304:1:373:1 | mod m15 | -| main.rs:375:1:467:1 | mod m16 | -| main.rs:469:1:519:1 | mod trait_visibility | -| main.rs:470:5:492:5 | mod m | -| main.rs:521:1:551:1 | mod m17 | -| main.rs:553:1:571:1 | mod m18 | -| main.rs:558:5:570:5 | mod m19 | -| main.rs:563:9:569:9 | mod m20 | -| main.rs:573:1:598:1 | mod m21 | -| main.rs:574:5:580:5 | mod m22 | -| main.rs:582:5:597:5 | mod m33 | -| main.rs:600:1:625:1 | mod m23 | -| main.rs:627:1:695:1 | mod m24 | -| main.rs:712:1:764:1 | mod associated_types | -| main.rs:770:1:789:1 | mod impl_with_attribute_macro | +| main.rs:115:1:127:1 | mod m6 | +| main.rs:129:1:148:1 | mod m7 | +| main.rs:150:1:204:1 | mod m8 | +| main.rs:206:1:214:1 | mod m9 | +| main.rs:216:1:235:1 | mod m10 | +| main.rs:237:1:274:1 | mod m11 | +| main.rs:247:5:247:12 | mod f | +| main.rs:276:1:288:1 | mod m12 | +| main.rs:290:1:303:1 | mod m13 | +| main.rs:294:5:302:5 | mod m14 | +| main.rs:305:1:374:1 | mod m15 | +| main.rs:376:1:468:1 | mod m16 | +| main.rs:470:1:520:1 | mod trait_visibility | +| main.rs:471:5:493:5 | mod m | +| main.rs:522:1:552:1 | mod m17 | +| main.rs:554:1:572:1 | mod m18 | +| main.rs:559:5:571:5 | mod m19 | +| main.rs:564:9:570:9 | mod m20 | +| main.rs:574:1:599:1 | mod m21 | +| main.rs:575:5:581:5 | mod m22 | +| main.rs:583:5:598:5 | mod m33 | +| main.rs:601:1:626:1 | mod m23 | +| main.rs:628:1:696:1 | mod m24 | +| main.rs:713:1:765:1 | mod associated_types | +| main.rs:771:1:790:1 | mod impl_with_attribute_macro | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:20:1:20:12 | mod my3 | | my2/mod.rs:22:1:23:10 | mod mymod | @@ -71,7 +71,7 @@ resolvePath | main.rs:36:17:36:24 | ...::f | main.rs:25:9:27:9 | fn f | | main.rs:38:17:38:23 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:39:17:39:17 | f | main.rs:25:9:27:9 | fn f | -| main.rs:46:9:46:13 | super | main.rs:1:1:826:2 | SourceFile | +| main.rs:46:9:46:13 | super | main.rs:1:1:827:2 | SourceFile | | main.rs:46:9:46:17 | ...::m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:46:9:46:21 | ...::m2 | main.rs:24:5:42:5 | mod m2 | | main.rs:46:9:46:24 | ...::g | main.rs:29:9:33:9 | fn g | @@ -86,7 +86,7 @@ resolvePath | main.rs:67:17:67:19 | Foo | main.rs:65:9:65:21 | struct Foo | | main.rs:70:13:70:15 | Foo | main.rs:59:5:59:17 | struct Foo | | main.rs:72:5:72:5 | f | main.rs:61:5:68:5 | fn f | -| main.rs:74:5:74:8 | self | main.rs:1:1:826:2 | SourceFile | +| main.rs:74:5:74:8 | self | main.rs:1:1:827:2 | SourceFile | | main.rs:74:5:74:11 | ...::i | main.rs:77:1:89:1 | fn i | | main.rs:78:5:78:11 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:80:13:80:15 | Foo | main.rs:54:1:54:13 | struct Foo | @@ -108,363 +108,363 @@ resolvePath | main.rs:111:9:111:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:117:9:117:15 | println | {EXTERNAL LOCATION} | MacroRules | | main.rs:121:9:121:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:123:13:123:17 | super | main.rs:1:1:826:2 | SourceFile | -| main.rs:123:13:123:21 | ...::m5 | main.rs:109:1:113:1 | mod m5 | -| main.rs:124:9:124:9 | f | main.rs:110:5:112:5 | fn f | -| main.rs:124:9:124:9 | f | main.rs:116:5:118:5 | fn f | -| main.rs:131:13:131:15 | i32 | {EXTERNAL LOCATION} | struct i32 | -| main.rs:134:16:134:18 | i32 | {EXTERNAL LOCATION} | struct i32 | -| main.rs:140:19:140:24 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:142:9:142:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:143:17:143:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:143:17:143:25 | ...::A | main.rs:130:9:132:9 | A | -| main.rs:144:17:144:22 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:144:17:144:25 | ...::B | main.rs:132:12:135:9 | B | -| main.rs:145:9:145:14 | MyEnum | main.rs:129:5:137:5 | enum MyEnum | -| main.rs:145:9:145:17 | ...::C | main.rs:135:12:136:9 | C | -| main.rs:154:13:154:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:155:13:155:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:156:13:156:16 | Self | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:156:13:156:19 | ...::f | main.rs:151:9:151:20 | fn f | -| main.rs:163:9:163:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:167:10:167:16 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:167:22:167:29 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:169:13:169:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:170:13:170:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:171:13:171:16 | Self | main.rs:166:5:177:5 | impl MyTrait for MyStruct { ... } | -| main.rs:171:13:171:19 | ...::g | main.rs:174:9:176:9 | fn g | -| main.rs:175:13:175:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:180:10:180:17 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:182:13:182:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:183:13:183:13 | f | main.rs:162:5:164:5 | fn f | -| main.rs:189:17:189:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:190:9:190:15 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:190:9:190:18 | ...::f | main.rs:151:9:151:20 | fn f | -| main.rs:191:9:191:16 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:191:9:191:19 | ...::f | main.rs:167:33:172:9 | fn f | -| main.rs:192:10:192:17 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:193:10:193:16 | MyTrait | main.rs:150:5:158:5 | trait MyTrait | -| main.rs:196:17:196:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:198:17:198:24 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:200:9:200:16 | MyStruct | main.rs:160:5:160:22 | struct MyStruct | -| main.rs:200:9:200:19 | ...::h | main.rs:180:21:184:9 | fn h | -| main.rs:209:19:209:22 | self | main.rs:205:1:213:1 | mod m9 | -| main.rs:209:19:209:32 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | -| main.rs:210:9:210:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:211:9:211:12 | self | main.rs:205:1:213:1 | mod m9 | -| main.rs:211:9:211:22 | ...::MyStruct | main.rs:206:5:206:26 | struct MyStruct | -| main.rs:221:12:221:12 | T | main.rs:218:7:218:7 | T | -| main.rs:226:12:226:12 | T | main.rs:225:14:225:14 | T | -| main.rs:228:7:230:7 | MyStruct::<...> | main.rs:216:5:222:5 | struct MyStruct | -| main.rs:229:9:229:9 | T | main.rs:225:14:225:14 | T | -| main.rs:232:9:232:16 | MyStruct | main.rs:216:5:222:5 | struct MyStruct | -| main.rs:242:17:242:19 | Foo | main.rs:237:5:237:21 | struct Foo | -| main.rs:243:9:243:11 | Foo | main.rs:239:5:239:15 | fn Foo | -| main.rs:252:9:252:11 | Bar | main.rs:248:5:250:5 | enum Bar | -| main.rs:252:9:252:19 | ...::FooBar | main.rs:249:9:249:17 | FooBar | -| main.rs:257:13:257:15 | Foo | main.rs:237:5:237:21 | struct Foo | -| main.rs:258:17:258:22 | FooBar | main.rs:249:9:249:17 | FooBar | -| main.rs:259:17:259:22 | FooBar | main.rs:254:5:254:18 | fn FooBar | -| main.rs:267:9:267:9 | E | main.rs:262:15:265:5 | enum E | -| main.rs:267:9:267:12 | ...::C | main.rs:264:9:264:9 | C | -| main.rs:270:17:270:17 | S | main.rs:262:5:262:13 | struct S | -| main.rs:271:17:271:17 | C | main.rs:264:9:264:9 | C | -| main.rs:284:16:284:16 | T | main.rs:278:7:278:7 | T | -| main.rs:285:14:285:17 | Self | main.rs:276:5:286:5 | trait MyParamTrait | -| main.rs:285:14:285:33 | ...::AssociatedType | main.rs:280:9:280:28 | type AssociatedType | -| main.rs:294:13:294:16 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:294:13:294:21 | ...::m13 | main.rs:289:1:302:1 | mod m13 | -| main.rs:294:13:294:24 | ...::f | main.rs:290:5:290:17 | fn f | -| main.rs:294:13:294:24 | ...::f | main.rs:290:19:291:19 | struct f | -| main.rs:297:17:297:17 | f | main.rs:290:19:291:19 | struct f | -| main.rs:298:21:298:21 | f | main.rs:290:19:291:19 | struct f | -| main.rs:299:13:299:13 | f | main.rs:290:5:290:17 | fn f | -| main.rs:313:9:313:14 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:315:13:315:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:316:13:316:16 | Self | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:316:13:316:19 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:326:9:326:12 | Self | main.rs:321:5:334:5 | trait Trait3 | -| main.rs:326:15:326:20 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:327:9:327:10 | TT | main.rs:323:9:323:10 | TT | -| main.rs:327:13:327:18 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:329:25:329:26 | TT | main.rs:323:9:323:10 | TT | -| main.rs:330:13:330:16 | Self | main.rs:321:5:334:5 | trait Trait3 | -| main.rs:330:13:330:19 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:331:13:331:14 | TT | main.rs:323:9:323:10 | TT | -| main.rs:331:13:331:17 | ...::g | main.rs:308:9:308:20 | fn g | -| main.rs:339:10:339:15 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:340:11:340:11 | S | main.rs:336:5:336:13 | struct S | -| main.rs:342:13:342:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:343:13:343:16 | Self | main.rs:338:5:350:5 | impl Trait1 for S { ... } | -| main.rs:343:13:343:19 | ...::g | main.rs:347:9:349:9 | fn g | -| main.rs:348:13:348:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:353:10:353:15 | Trait2 | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:354:11:354:11 | S | main.rs:336:5:336:13 | struct S | -| main.rs:356:13:356:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:362:9:362:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:363:17:363:17 | S | main.rs:336:5:336:13 | struct S | -| main.rs:364:10:364:10 | S | main.rs:336:5:336:13 | struct S | -| main.rs:365:14:365:19 | Trait1 | main.rs:305:5:309:5 | trait Trait1 | -| main.rs:367:10:367:10 | S | main.rs:336:5:336:13 | struct S | -| main.rs:368:14:368:19 | Trait2 | main.rs:311:5:319:5 | trait Trait2 | -| main.rs:370:9:370:9 | S | main.rs:336:5:336:13 | struct S | -| main.rs:370:9:370:12 | ...::g | main.rs:347:9:349:9 | fn g | -| main.rs:380:24:380:24 | T | main.rs:378:7:378:7 | T | -| main.rs:382:24:382:24 | T | main.rs:378:7:378:7 | T | -| main.rs:385:24:385:24 | T | main.rs:378:7:378:7 | T | -| main.rs:386:13:386:16 | Self | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:386:13:386:19 | ...::g | main.rs:382:9:383:9 | fn g | -| main.rs:390:18:390:18 | T | main.rs:378:7:378:7 | T | -| main.rs:398:9:400:9 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:399:11:399:11 | T | main.rs:396:7:396:7 | T | -| main.rs:401:24:401:24 | T | main.rs:396:7:396:7 | T | -| main.rs:402:13:402:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:403:13:403:16 | Self | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:403:13:403:19 | ...::g | main.rs:382:9:383:9 | fn g | -| main.rs:405:13:405:16 | Self | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:405:13:405:19 | ...::c | main.rs:390:9:391:9 | Const | -| main.rs:412:10:414:5 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:413:7:413:7 | S | main.rs:409:5:409:13 | struct S | -| main.rs:415:11:415:11 | S | main.rs:409:5:409:13 | struct S | -| main.rs:416:24:416:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:417:13:417:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:418:13:418:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | -| main.rs:418:13:418:19 | ...::g | main.rs:422:9:425:9 | fn g | -| main.rs:422:24:422:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:423:13:423:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:424:13:424:16 | Self | main.rs:411:5:429:5 | impl Trait1::<...> for S { ... } | -| main.rs:424:13:424:19 | ...::c | main.rs:427:9:428:9 | Const | -| main.rs:427:18:427:18 | S | main.rs:409:5:409:13 | struct S | -| main.rs:427:22:427:22 | S | main.rs:409:5:409:13 | struct S | -| main.rs:432:10:434:5 | Trait2::<...> | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:433:7:433:7 | S | main.rs:409:5:409:13 | struct S | -| main.rs:435:11:435:11 | S | main.rs:409:5:409:13 | struct S | -| main.rs:436:24:436:24 | S | main.rs:409:5:409:13 | struct S | -| main.rs:437:13:437:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:438:13:438:16 | Self | main.rs:431:5:440:5 | impl Trait2::<...> for S { ... } | -| main.rs:444:9:444:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:445:17:445:17 | S | main.rs:409:5:409:13 | struct S | -| main.rs:446:10:446:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:447:14:449:11 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:448:13:448:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:451:10:451:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:452:14:454:11 | Trait2::<...> | main.rs:394:5:407:5 | trait Trait2 | -| main.rs:453:13:453:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:456:9:456:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:456:9:456:12 | ...::g | main.rs:422:9:425:9 | fn g | -| main.rs:458:9:458:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:458:9:458:12 | ...::h | main.rs:385:9:388:9 | fn h | -| main.rs:460:9:460:9 | S | main.rs:409:5:409:13 | struct S | -| main.rs:460:9:460:12 | ...::c | main.rs:427:9:428:9 | Const | -| main.rs:461:10:461:10 | S | main.rs:409:5:409:13 | struct S | -| main.rs:462:14:464:11 | Trait1::<...> | main.rs:376:5:392:5 | trait Trait1 | -| main.rs:463:13:463:13 | S | main.rs:409:5:409:13 | struct S | -| main.rs:481:14:481:16 | Foo | main.rs:471:9:473:9 | trait Foo | -| main.rs:481:22:481:22 | X | main.rs:479:9:479:21 | struct X | -| main.rs:483:17:483:23 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:487:14:487:16 | Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:487:22:487:22 | X | main.rs:479:9:479:21 | struct X | -| main.rs:489:17:489:23 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:494:9:494:9 | m | main.rs:470:5:492:5 | mod m | -| main.rs:494:9:494:12 | ...::X | main.rs:479:9:479:21 | struct X | -| main.rs:497:17:497:17 | X | main.rs:479:9:479:21 | struct X | -| main.rs:500:17:500:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:500:17:500:22 | ...::Foo | main.rs:471:9:473:9 | trait Foo | -| main.rs:501:13:501:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:501:13:501:23 | ...::a_method | main.rs:481:26:484:13 | fn a_method | -| main.rs:505:17:505:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:505:17:505:22 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:506:13:506:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:506:13:506:23 | ...::a_method | main.rs:487:26:490:13 | fn a_method | -| main.rs:510:17:510:17 | m | main.rs:470:5:492:5 | mod m | -| main.rs:510:17:510:22 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:511:13:511:13 | X | main.rs:479:9:479:21 | struct X | -| main.rs:511:13:511:23 | ...::a_method | main.rs:487:26:490:13 | fn a_method | -| main.rs:516:13:516:13 | m | main.rs:470:5:492:5 | mod m | -| main.rs:516:13:516:18 | ...::Bar | main.rs:475:9:477:9 | trait Bar | -| main.rs:516:13:516:28 | ...::a_method | main.rs:476:13:476:31 | fn a_method | -| main.rs:529:10:529:16 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:530:9:530:9 | S | main.rs:526:5:526:13 | struct S | -| main.rs:532:13:532:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:538:7:538:13 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:539:10:539:10 | T | main.rs:537:10:537:10 | T | -| main.rs:541:9:541:9 | T | main.rs:537:10:537:10 | T | -| main.rs:541:9:541:12 | ...::f | main.rs:523:9:523:20 | fn f | -| main.rs:542:9:542:15 | MyTrait | main.rs:522:5:524:5 | trait MyTrait | -| main.rs:542:9:542:18 | ...::f | main.rs:523:9:523:20 | fn f | -| main.rs:547:9:547:9 | g | main.rs:536:5:543:5 | fn g | -| main.rs:548:11:548:11 | S | main.rs:526:5:526:13 | struct S | -| main.rs:555:9:555:15 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:560:13:560:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:565:17:565:23 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:566:17:566:21 | super | main.rs:558:5:570:5 | mod m19 | -| main.rs:566:17:566:24 | ...::f | main.rs:559:9:561:9 | fn f | -| main.rs:567:17:567:21 | super | main.rs:558:5:570:5 | mod m19 | -| main.rs:567:17:567:28 | ...::super | main.rs:553:1:571:1 | mod m18 | -| main.rs:567:17:567:31 | ...::f | main.rs:554:5:556:5 | fn f | -| main.rs:584:13:584:17 | super | main.rs:573:1:598:1 | mod m21 | -| main.rs:584:13:584:22 | ...::m22 | main.rs:574:5:580:5 | mod m22 | -| main.rs:584:13:584:30 | ...::MyEnum | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:585:13:585:16 | self | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:589:13:589:17 | super | main.rs:573:1:598:1 | mod m21 | -| main.rs:589:13:589:22 | ...::m22 | main.rs:574:5:580:5 | mod m22 | -| main.rs:589:13:589:32 | ...::MyStruct | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:590:13:590:16 | self | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:594:21:594:26 | MyEnum | main.rs:575:9:577:9 | enum MyEnum | -| main.rs:594:21:594:29 | ...::A | main.rs:576:13:576:13 | A | -| main.rs:595:21:595:28 | MyStruct | main.rs:579:9:579:28 | struct MyStruct | -| main.rs:611:10:613:5 | Trait1::<...> | main.rs:601:5:606:5 | trait Trait1 | -| main.rs:612:7:612:10 | Self | main.rs:608:5:608:13 | struct S | -| main.rs:614:11:614:11 | S | main.rs:608:5:608:13 | struct S | -| main.rs:616:13:616:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:622:17:622:17 | S | main.rs:608:5:608:13 | struct S | -| main.rs:638:15:638:15 | T | main.rs:637:26:637:26 | T | -| main.rs:643:9:643:24 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:643:23:643:23 | T | main.rs:642:10:642:10 | T | -| main.rs:645:9:645:9 | T | main.rs:642:10:642:10 | T | -| main.rs:645:12:645:17 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:654:9:654:24 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:654:23:654:23 | T | main.rs:653:10:653:10 | T | -| main.rs:656:9:656:9 | T | main.rs:653:10:653:10 | T | -| main.rs:656:12:656:17 | TraitB | main.rs:632:5:634:5 | trait TraitB | -| main.rs:657:9:657:9 | T | main.rs:653:10:653:10 | T | -| main.rs:657:12:657:17 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:668:10:668:15 | TraitA | main.rs:628:5:630:5 | trait TraitA | -| main.rs:668:21:668:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:670:13:670:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:675:10:675:15 | TraitB | main.rs:632:5:634:5 | trait TraitB | -| main.rs:675:21:675:31 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:677:13:677:19 | println | {EXTERNAL LOCATION} | MacroRules | -| main.rs:683:24:683:34 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:684:23:684:35 | GenericStruct | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:690:9:690:36 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:690:9:690:50 | ...::call_trait_a | main.rs:647:9:649:9 | fn call_trait_a | -| main.rs:690:25:690:35 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:693:9:693:36 | GenericStruct::<...> | main.rs:636:5:639:5 | struct GenericStruct | -| main.rs:693:9:693:47 | ...::call_both | main.rs:659:9:662:9 | fn call_both | -| main.rs:693:25:693:35 | Implementor | main.rs:665:5:665:23 | struct Implementor | -| main.rs:699:3:699:12 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:699:3:699:24 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:703:6:703:12 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:705:7:705:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:705:7:705:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:708:7:708:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:708:7:708:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | -| main.rs:713:9:713:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:713:9:713:19 | ...::marker | {EXTERNAL LOCATION} | mod marker | -| main.rs:713:9:713:32 | ...::PhantomData | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:124:13:124:17 | super | main.rs:1:1:827:2 | SourceFile | +| main.rs:124:13:124:21 | ...::m5 | main.rs:109:1:113:1 | mod m5 | +| main.rs:125:9:125:9 | f | main.rs:110:5:112:5 | fn f | +| main.rs:125:9:125:9 | f | main.rs:116:5:118:5 | fn f | +| main.rs:132:13:132:15 | i32 | {EXTERNAL LOCATION} | struct i32 | +| main.rs:135:16:135:18 | i32 | {EXTERNAL LOCATION} | struct i32 | +| main.rs:141:19:141:24 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:143:9:143:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:144:17:144:22 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:144:17:144:25 | ...::A | main.rs:131:9:133:9 | A | +| main.rs:145:17:145:22 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:145:17:145:25 | ...::B | main.rs:133:12:136:9 | B | +| main.rs:146:9:146:14 | MyEnum | main.rs:130:5:138:5 | enum MyEnum | +| main.rs:146:9:146:17 | ...::C | main.rs:136:12:137:9 | C | +| main.rs:155:13:155:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:156:13:156:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:157:13:157:16 | Self | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:157:13:157:19 | ...::f | main.rs:152:9:152:20 | fn f | +| main.rs:164:9:164:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:168:10:168:16 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:168:22:168:29 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:170:13:170:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:171:13:171:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:172:13:172:16 | Self | main.rs:167:5:178:5 | impl MyTrait for MyStruct { ... } | +| main.rs:172:13:172:19 | ...::g | main.rs:175:9:177:9 | fn g | +| main.rs:176:13:176:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:181:10:181:17 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:183:13:183:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:184:13:184:13 | f | main.rs:163:5:165:5 | fn f | +| main.rs:190:17:190:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:191:9:191:15 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:191:9:191:18 | ...::f | main.rs:152:9:152:20 | fn f | +| main.rs:192:9:192:16 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:192:9:192:19 | ...::f | main.rs:168:33:173:9 | fn f | +| main.rs:193:10:193:17 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:194:10:194:16 | MyTrait | main.rs:151:5:159:5 | trait MyTrait | +| main.rs:197:17:197:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:199:17:199:24 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:201:9:201:16 | MyStruct | main.rs:161:5:161:22 | struct MyStruct | +| main.rs:201:9:201:19 | ...::h | main.rs:181:21:185:9 | fn h | +| main.rs:210:19:210:22 | self | main.rs:206:1:214:1 | mod m9 | +| main.rs:210:19:210:32 | ...::MyStruct | main.rs:207:5:207:26 | struct MyStruct | +| main.rs:211:9:211:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:212:9:212:12 | self | main.rs:206:1:214:1 | mod m9 | +| main.rs:212:9:212:22 | ...::MyStruct | main.rs:207:5:207:26 | struct MyStruct | +| main.rs:222:12:222:12 | T | main.rs:219:7:219:7 | T | +| main.rs:227:12:227:12 | T | main.rs:226:14:226:14 | T | +| main.rs:229:7:231:7 | MyStruct::<...> | main.rs:217:5:223:5 | struct MyStruct | +| main.rs:230:9:230:9 | T | main.rs:226:14:226:14 | T | +| main.rs:233:9:233:16 | MyStruct | main.rs:217:5:223:5 | struct MyStruct | +| main.rs:243:17:243:19 | Foo | main.rs:238:5:238:21 | struct Foo | +| main.rs:244:9:244:11 | Foo | main.rs:240:5:240:15 | fn Foo | +| main.rs:253:9:253:11 | Bar | main.rs:249:5:251:5 | enum Bar | +| main.rs:253:9:253:19 | ...::FooBar | main.rs:250:9:250:17 | FooBar | +| main.rs:258:13:258:15 | Foo | main.rs:238:5:238:21 | struct Foo | +| main.rs:259:17:259:22 | FooBar | main.rs:250:9:250:17 | FooBar | +| main.rs:260:17:260:22 | FooBar | main.rs:255:5:255:18 | fn FooBar | +| main.rs:268:9:268:9 | E | main.rs:263:15:266:5 | enum E | +| main.rs:268:9:268:12 | ...::C | main.rs:265:9:265:9 | C | +| main.rs:271:17:271:17 | S | main.rs:263:5:263:13 | struct S | +| main.rs:272:17:272:17 | C | main.rs:265:9:265:9 | C | +| main.rs:285:16:285:16 | T | main.rs:279:7:279:7 | T | +| main.rs:286:14:286:17 | Self | main.rs:277:5:287:5 | trait MyParamTrait | +| main.rs:286:14:286:33 | ...::AssociatedType | main.rs:281:9:281:28 | type AssociatedType | +| main.rs:295:13:295:16 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:295:13:295:21 | ...::m13 | main.rs:290:1:303:1 | mod m13 | +| main.rs:295:13:295:24 | ...::f | main.rs:291:5:291:17 | fn f | +| main.rs:295:13:295:24 | ...::f | main.rs:291:19:292:19 | struct f | +| main.rs:298:17:298:17 | f | main.rs:291:19:292:19 | struct f | +| main.rs:299:21:299:21 | f | main.rs:291:19:292:19 | struct f | +| main.rs:300:13:300:13 | f | main.rs:291:5:291:17 | fn f | +| main.rs:314:9:314:14 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:316:13:316:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:317:13:317:16 | Self | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:317:13:317:19 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:327:9:327:12 | Self | main.rs:322:5:335:5 | trait Trait3 | +| main.rs:327:15:327:20 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:328:9:328:10 | TT | main.rs:324:9:324:10 | TT | +| main.rs:328:13:328:18 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:330:25:330:26 | TT | main.rs:324:9:324:10 | TT | +| main.rs:331:13:331:16 | Self | main.rs:322:5:335:5 | trait Trait3 | +| main.rs:331:13:331:19 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:332:13:332:14 | TT | main.rs:324:9:324:10 | TT | +| main.rs:332:13:332:17 | ...::g | main.rs:309:9:309:20 | fn g | +| main.rs:340:10:340:15 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:341:11:341:11 | S | main.rs:337:5:337:13 | struct S | +| main.rs:343:13:343:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:344:13:344:16 | Self | main.rs:339:5:351:5 | impl Trait1 for S { ... } | +| main.rs:344:13:344:19 | ...::g | main.rs:348:9:350:9 | fn g | +| main.rs:349:13:349:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:354:10:354:15 | Trait2 | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:355:11:355:11 | S | main.rs:337:5:337:13 | struct S | +| main.rs:357:13:357:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:363:9:363:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:364:17:364:17 | S | main.rs:337:5:337:13 | struct S | +| main.rs:365:10:365:10 | S | main.rs:337:5:337:13 | struct S | +| main.rs:366:14:366:19 | Trait1 | main.rs:306:5:310:5 | trait Trait1 | +| main.rs:368:10:368:10 | S | main.rs:337:5:337:13 | struct S | +| main.rs:369:14:369:19 | Trait2 | main.rs:312:5:320:5 | trait Trait2 | +| main.rs:371:9:371:9 | S | main.rs:337:5:337:13 | struct S | +| main.rs:371:9:371:12 | ...::g | main.rs:348:9:350:9 | fn g | +| main.rs:381:24:381:24 | T | main.rs:379:7:379:7 | T | +| main.rs:383:24:383:24 | T | main.rs:379:7:379:7 | T | +| main.rs:386:24:386:24 | T | main.rs:379:7:379:7 | T | +| main.rs:387:13:387:16 | Self | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:387:13:387:19 | ...::g | main.rs:383:9:384:9 | fn g | +| main.rs:391:18:391:18 | T | main.rs:379:7:379:7 | T | +| main.rs:399:9:401:9 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:400:11:400:11 | T | main.rs:397:7:397:7 | T | +| main.rs:402:24:402:24 | T | main.rs:397:7:397:7 | T | +| main.rs:403:13:403:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:404:13:404:16 | Self | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:404:13:404:19 | ...::g | main.rs:383:9:384:9 | fn g | +| main.rs:406:13:406:16 | Self | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:406:13:406:19 | ...::c | main.rs:391:9:392:9 | Const | +| main.rs:413:10:415:5 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:414:7:414:7 | S | main.rs:410:5:410:13 | struct S | +| main.rs:416:11:416:11 | S | main.rs:410:5:410:13 | struct S | +| main.rs:417:24:417:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:418:13:418:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:419:13:419:16 | Self | main.rs:412:5:430:5 | impl Trait1::<...> for S { ... } | +| main.rs:419:13:419:19 | ...::g | main.rs:423:9:426:9 | fn g | +| main.rs:423:24:423:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:424:13:424:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:425:13:425:16 | Self | main.rs:412:5:430:5 | impl Trait1::<...> for S { ... } | +| main.rs:425:13:425:19 | ...::c | main.rs:428:9:429:9 | Const | +| main.rs:428:18:428:18 | S | main.rs:410:5:410:13 | struct S | +| main.rs:428:22:428:22 | S | main.rs:410:5:410:13 | struct S | +| main.rs:433:10:435:5 | Trait2::<...> | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:434:7:434:7 | S | main.rs:410:5:410:13 | struct S | +| main.rs:436:11:436:11 | S | main.rs:410:5:410:13 | struct S | +| main.rs:437:24:437:24 | S | main.rs:410:5:410:13 | struct S | +| main.rs:438:13:438:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:439:13:439:16 | Self | main.rs:432:5:441:5 | impl Trait2::<...> for S { ... } | +| main.rs:445:9:445:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:446:17:446:17 | S | main.rs:410:5:410:13 | struct S | +| main.rs:447:10:447:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:448:14:450:11 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:449:13:449:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:452:10:452:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:453:14:455:11 | Trait2::<...> | main.rs:395:5:408:5 | trait Trait2 | +| main.rs:454:13:454:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:457:9:457:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:457:9:457:12 | ...::g | main.rs:423:9:426:9 | fn g | +| main.rs:459:9:459:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:459:9:459:12 | ...::h | main.rs:386:9:389:9 | fn h | +| main.rs:461:9:461:9 | S | main.rs:410:5:410:13 | struct S | +| main.rs:461:9:461:12 | ...::c | main.rs:428:9:429:9 | Const | +| main.rs:462:10:462:10 | S | main.rs:410:5:410:13 | struct S | +| main.rs:463:14:465:11 | Trait1::<...> | main.rs:377:5:393:5 | trait Trait1 | +| main.rs:464:13:464:13 | S | main.rs:410:5:410:13 | struct S | +| main.rs:482:14:482:16 | Foo | main.rs:472:9:474:9 | trait Foo | +| main.rs:482:22:482:22 | X | main.rs:480:9:480:21 | struct X | +| main.rs:484:17:484:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:488:14:488:16 | Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:488:22:488:22 | X | main.rs:480:9:480:21 | struct X | +| main.rs:490:17:490:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:495:9:495:9 | m | main.rs:471:5:493:5 | mod m | +| main.rs:495:9:495:12 | ...::X | main.rs:480:9:480:21 | struct X | +| main.rs:498:17:498:17 | X | main.rs:480:9:480:21 | struct X | +| main.rs:501:17:501:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:501:17:501:22 | ...::Foo | main.rs:472:9:474:9 | trait Foo | +| main.rs:502:13:502:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:502:13:502:23 | ...::a_method | main.rs:482:26:485:13 | fn a_method | +| main.rs:506:17:506:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:506:17:506:22 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:507:13:507:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:507:13:507:23 | ...::a_method | main.rs:488:26:491:13 | fn a_method | +| main.rs:511:17:511:17 | m | main.rs:471:5:493:5 | mod m | +| main.rs:511:17:511:22 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:512:13:512:13 | X | main.rs:480:9:480:21 | struct X | +| main.rs:512:13:512:23 | ...::a_method | main.rs:488:26:491:13 | fn a_method | +| main.rs:517:13:517:13 | m | main.rs:471:5:493:5 | mod m | +| main.rs:517:13:517:18 | ...::Bar | main.rs:476:9:478:9 | trait Bar | +| main.rs:517:13:517:28 | ...::a_method | main.rs:477:13:477:31 | fn a_method | +| main.rs:530:10:530:16 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:531:9:531:9 | S | main.rs:527:5:527:13 | struct S | +| main.rs:533:13:533:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:539:7:539:13 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:540:10:540:10 | T | main.rs:538:10:538:10 | T | +| main.rs:542:9:542:9 | T | main.rs:538:10:538:10 | T | +| main.rs:542:9:542:12 | ...::f | main.rs:524:9:524:20 | fn f | +| main.rs:543:9:543:15 | MyTrait | main.rs:523:5:525:5 | trait MyTrait | +| main.rs:543:9:543:18 | ...::f | main.rs:524:9:524:20 | fn f | +| main.rs:548:9:548:9 | g | main.rs:537:5:544:5 | fn g | +| main.rs:549:11:549:11 | S | main.rs:527:5:527:13 | struct S | +| main.rs:556:9:556:15 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:561:13:561:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:566:17:566:23 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:567:17:567:21 | super | main.rs:559:5:571:5 | mod m19 | +| main.rs:567:17:567:24 | ...::f | main.rs:560:9:562:9 | fn f | +| main.rs:568:17:568:21 | super | main.rs:559:5:571:5 | mod m19 | +| main.rs:568:17:568:28 | ...::super | main.rs:554:1:572:1 | mod m18 | +| main.rs:568:17:568:31 | ...::f | main.rs:555:5:557:5 | fn f | +| main.rs:585:13:585:17 | super | main.rs:574:1:599:1 | mod m21 | +| main.rs:585:13:585:22 | ...::m22 | main.rs:575:5:581:5 | mod m22 | +| main.rs:585:13:585:30 | ...::MyEnum | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:586:13:586:16 | self | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:590:13:590:17 | super | main.rs:574:1:599:1 | mod m21 | +| main.rs:590:13:590:22 | ...::m22 | main.rs:575:5:581:5 | mod m22 | +| main.rs:590:13:590:32 | ...::MyStruct | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:591:13:591:16 | self | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:595:21:595:26 | MyEnum | main.rs:576:9:578:9 | enum MyEnum | +| main.rs:595:21:595:29 | ...::A | main.rs:577:13:577:13 | A | +| main.rs:596:21:596:28 | MyStruct | main.rs:580:9:580:28 | struct MyStruct | +| main.rs:612:10:614:5 | Trait1::<...> | main.rs:602:5:607:5 | trait Trait1 | +| main.rs:613:7:613:10 | Self | main.rs:609:5:609:13 | struct S | +| main.rs:615:11:615:11 | S | main.rs:609:5:609:13 | struct S | +| main.rs:617:13:617:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:623:17:623:17 | S | main.rs:609:5:609:13 | struct S | +| main.rs:639:15:639:15 | T | main.rs:638:26:638:26 | T | +| main.rs:644:9:644:24 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:644:23:644:23 | T | main.rs:643:10:643:10 | T | +| main.rs:646:9:646:9 | T | main.rs:643:10:643:10 | T | +| main.rs:646:12:646:17 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:655:9:655:24 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:655:23:655:23 | T | main.rs:654:10:654:10 | T | +| main.rs:657:9:657:9 | T | main.rs:654:10:654:10 | T | +| main.rs:657:12:657:17 | TraitB | main.rs:633:5:635:5 | trait TraitB | +| main.rs:658:9:658:9 | T | main.rs:654:10:654:10 | T | +| main.rs:658:12:658:17 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:669:10:669:15 | TraitA | main.rs:629:5:631:5 | trait TraitA | +| main.rs:669:21:669:31 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:671:13:671:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:676:10:676:15 | TraitB | main.rs:633:5:635:5 | trait TraitB | +| main.rs:676:21:676:31 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:678:13:678:19 | println | {EXTERNAL LOCATION} | MacroRules | +| main.rs:684:24:684:34 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:685:23:685:35 | GenericStruct | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:691:9:691:36 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:691:9:691:50 | ...::call_trait_a | main.rs:648:9:650:9 | fn call_trait_a | +| main.rs:691:25:691:35 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:694:9:694:36 | GenericStruct::<...> | main.rs:637:5:640:5 | struct GenericStruct | +| main.rs:694:9:694:47 | ...::call_both | main.rs:660:9:663:9 | fn call_both | +| main.rs:694:25:694:35 | Implementor | main.rs:666:5:666:23 | struct Implementor | +| main.rs:700:3:700:12 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:700:3:700:24 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | +| main.rs:704:6:704:12 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:706:7:706:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:706:7:706:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | +| main.rs:709:7:709:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:709:7:709:28 | ...::add_suffix | proc_macro.rs:4:1:13:1 | fn add_suffix | | main.rs:714:9:714:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:714:9:714:19 | ...::result | {EXTERNAL LOCATION} | mod result | -| main.rs:714:9:714:27 | ...::Result | {EXTERNAL LOCATION} | enum Result | -| main.rs:722:19:722:22 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:722:19:722:29 | ...::Input | main.rs:717:9:717:19 | type Input | -| main.rs:723:14:723:46 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:723:21:723:24 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:723:21:723:32 | ...::Output | main.rs:718:21:719:20 | type Output | -| main.rs:723:35:723:38 | Self | main.rs:716:5:724:5 | trait Reduce | -| main.rs:723:35:723:45 | ...::Error | main.rs:717:21:718:19 | type Error | -| main.rs:727:17:727:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | -| main.rs:727:29:727:33 | Input | main.rs:726:19:726:23 | Input | +| main.rs:714:9:714:19 | ...::marker | {EXTERNAL LOCATION} | mod marker | +| main.rs:714:9:714:32 | ...::PhantomData | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:715:9:715:11 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:715:9:715:19 | ...::result | {EXTERNAL LOCATION} | mod result | +| main.rs:715:9:715:27 | ...::Result | {EXTERNAL LOCATION} | enum Result | +| main.rs:723:19:723:22 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:723:19:723:29 | ...::Input | main.rs:718:9:718:19 | type Input | +| main.rs:724:14:724:46 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:724:21:724:24 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:724:21:724:32 | ...::Output | main.rs:719:21:720:20 | type Output | +| main.rs:724:35:724:38 | Self | main.rs:717:5:725:5 | trait Reduce | +| main.rs:724:35:724:45 | ...::Error | main.rs:718:21:719:19 | type Error | | main.rs:728:17:728:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | -| main.rs:728:29:728:33 | Error | main.rs:726:26:726:30 | Error | -| main.rs:735:11:735:16 | Reduce | main.rs:716:5:724:5 | trait Reduce | -| main.rs:736:13:739:9 | MyImpl::<...> | main.rs:726:5:729:5 | struct MyImpl | -| main.rs:737:13:737:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:738:13:738:17 | Error | main.rs:734:13:734:17 | Error | -| main.rs:741:22:744:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:742:13:742:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:743:13:743:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:743:13:743:23 | ...::Error | main.rs:745:11:749:9 | type Error | -| main.rs:746:22:748:9 | Option::<...> | {EXTERNAL LOCATION} | enum Option | -| main.rs:747:11:747:15 | Error | main.rs:734:13:734:17 | Error | -| main.rs:751:13:751:17 | Input | main.rs:733:13:733:17 | Input | -| main.rs:756:19:756:22 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:756:19:756:29 | ...::Input | main.rs:741:9:745:9 | type Input | -| main.rs:757:14:760:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | -| main.rs:758:13:758:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:758:13:758:24 | ...::Output | main.rs:749:11:752:9 | type Output | -| main.rs:759:13:759:16 | Self | main.rs:731:5:763:5 | impl Reduce for MyImpl::<...> { ... } | -| main.rs:759:13:759:23 | ...::Error | main.rs:745:11:749:9 | type Error | -| main.rs:766:5:766:7 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:766:11:766:14 | self | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:768:15:768:17 | ztd | {EXTERNAL LOCATION} | Crate(std@0.0.0) | -| main.rs:768:15:768:25 | ...::string | {EXTERNAL LOCATION} | mod string | -| main.rs:768:15:768:33 | ...::String | {EXTERNAL LOCATION} | struct String | -| main.rs:778:7:778:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | -| main.rs:778:7:778:26 | ...::identity | proc_macro.rs:15:1:18:1 | fn identity | -| main.rs:779:10:779:15 | ATrait | main.rs:774:5:776:5 | trait ATrait | -| main.rs:779:21:779:23 | i64 | {EXTERNAL LOCATION} | struct i64 | -| main.rs:781:11:781:13 | i64 | {EXTERNAL LOCATION} | struct i64 | -| main.rs:787:17:787:19 | Foo | main.rs:772:5:772:15 | struct Foo | -| main.rs:792:5:792:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:792:5:792:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:792:5:792:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:792:5:792:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:792:5:792:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:728:29:728:33 | Input | main.rs:727:19:727:23 | Input | +| main.rs:729:17:729:34 | PhantomData::<...> | {EXTERNAL LOCATION} | struct PhantomData | +| main.rs:729:29:729:33 | Error | main.rs:727:26:727:30 | Error | +| main.rs:736:11:736:16 | Reduce | main.rs:717:5:725:5 | trait Reduce | +| main.rs:737:13:740:9 | MyImpl::<...> | main.rs:727:5:730:5 | struct MyImpl | +| main.rs:738:13:738:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:739:13:739:17 | Error | main.rs:735:13:735:17 | Error | +| main.rs:742:22:745:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:743:13:743:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:744:13:744:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:744:13:744:23 | ...::Error | main.rs:746:11:750:9 | type Error | +| main.rs:747:22:749:9 | Option::<...> | {EXTERNAL LOCATION} | enum Option | +| main.rs:748:11:748:15 | Error | main.rs:735:13:735:17 | Error | +| main.rs:752:13:752:17 | Input | main.rs:734:13:734:17 | Input | +| main.rs:757:19:757:22 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:757:19:757:29 | ...::Input | main.rs:742:9:746:9 | type Input | +| main.rs:758:14:761:9 | Result::<...> | {EXTERNAL LOCATION} | enum Result | +| main.rs:759:13:759:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:759:13:759:24 | ...::Output | main.rs:750:11:753:9 | type Output | +| main.rs:760:13:760:16 | Self | main.rs:732:5:764:5 | impl Reduce for MyImpl::<...> { ... } | +| main.rs:760:13:760:23 | ...::Error | main.rs:746:11:750:9 | type Error | +| main.rs:767:5:767:7 | std | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:767:11:767:14 | self | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:769:15:769:17 | ztd | {EXTERNAL LOCATION} | Crate(std@0.0.0) | +| main.rs:769:15:769:25 | ...::string | {EXTERNAL LOCATION} | mod string | +| main.rs:769:15:769:33 | ...::String | {EXTERNAL LOCATION} | struct String | +| main.rs:779:7:779:16 | proc_macro | proc_macro.rs:0:0:0:0 | Crate(proc_macro@0.0.1) | +| main.rs:779:7:779:26 | ...::identity | proc_macro.rs:15:1:18:1 | fn identity | +| main.rs:780:10:780:15 | ATrait | main.rs:775:5:777:5 | trait ATrait | +| main.rs:780:21:780:23 | i64 | {EXTERNAL LOCATION} | struct i64 | +| main.rs:782:11:782:13 | i64 | {EXTERNAL LOCATION} | struct i64 | +| main.rs:788:17:788:19 | Foo | main.rs:773:5:773:15 | struct Foo | | main.rs:793:5:793:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:793:5:793:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:794:5:794:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:794:5:794:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:794:5:794:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:794:5:794:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:795:5:795:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:796:5:796:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:797:5:797:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:797:5:797:12 | ...::h | main.rs:56:1:75:1 | fn h | -| main.rs:798:5:798:6 | m1 | main.rs:19:1:43:1 | mod m1 | -| main.rs:798:5:798:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | -| main.rs:798:5:798:13 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:793:5:793:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:793:5:793:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:793:5:793:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:793:5:793:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:794:5:794:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:794:5:794:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:795:5:795:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:795:5:795:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:795:5:795:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:795:5:795:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:796:5:796:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:797:5:797:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:798:5:798:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:798:5:798:12 | ...::h | main.rs:56:1:75:1 | fn h | | main.rs:799:5:799:6 | m1 | main.rs:19:1:43:1 | mod m1 | | main.rs:799:5:799:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | -| main.rs:799:5:799:14 | ...::m3 | main.rs:35:9:41:9 | mod m3 | -| main.rs:799:5:799:17 | ...::h | main.rs:36:27:40:13 | fn h | -| main.rs:800:5:800:6 | m4 | main.rs:45:1:52:1 | mod m4 | -| main.rs:800:5:800:9 | ...::i | main.rs:48:5:51:5 | fn i | -| main.rs:801:5:801:5 | h | main.rs:56:1:75:1 | fn h | -| main.rs:802:5:802:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:803:5:803:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:804:5:804:5 | j | main.rs:103:1:107:1 | fn j | -| main.rs:805:5:805:6 | m6 | main.rs:115:1:126:1 | mod m6 | -| main.rs:805:5:805:9 | ...::g | main.rs:120:5:125:5 | fn g | -| main.rs:806:5:806:6 | m7 | main.rs:128:1:147:1 | mod m7 | -| main.rs:806:5:806:9 | ...::f | main.rs:139:5:146:5 | fn f | -| main.rs:807:5:807:6 | m8 | main.rs:149:1:203:1 | mod m8 | -| main.rs:807:5:807:9 | ...::g | main.rs:187:5:202:5 | fn g | -| main.rs:808:5:808:6 | m9 | main.rs:205:1:213:1 | mod m9 | -| main.rs:808:5:808:9 | ...::f | main.rs:208:5:212:5 | fn f | -| main.rs:809:5:809:7 | m11 | main.rs:236:1:273:1 | mod m11 | -| main.rs:809:5:809:10 | ...::f | main.rs:241:5:244:5 | fn f | -| main.rs:810:5:810:7 | m15 | main.rs:304:1:373:1 | mod m15 | -| main.rs:810:5:810:10 | ...::f | main.rs:360:5:372:5 | fn f | -| main.rs:811:5:811:7 | m16 | main.rs:375:1:467:1 | mod m16 | -| main.rs:811:5:811:10 | ...::f | main.rs:442:5:466:5 | fn f | -| main.rs:812:5:812:20 | trait_visibility | main.rs:469:1:519:1 | mod trait_visibility | -| main.rs:812:5:812:23 | ...::f | main.rs:496:5:518:5 | fn f | -| main.rs:813:5:813:7 | m17 | main.rs:521:1:551:1 | mod m17 | -| main.rs:813:5:813:10 | ...::f | main.rs:545:5:550:5 | fn f | -| main.rs:814:5:814:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:814:5:814:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:815:5:815:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:815:5:815:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:816:5:816:7 | my3 | my2/mod.rs:20:1:20:12 | mod my3 | -| main.rs:816:5:816:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:817:5:817:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:818:5:818:7 | m18 | main.rs:553:1:571:1 | mod m18 | -| main.rs:818:5:818:12 | ...::m19 | main.rs:558:5:570:5 | mod m19 | -| main.rs:818:5:818:17 | ...::m20 | main.rs:563:9:569:9 | mod m20 | -| main.rs:818:5:818:20 | ...::g | main.rs:564:13:568:13 | fn g | -| main.rs:819:5:819:7 | m23 | main.rs:600:1:625:1 | mod m23 | -| main.rs:819:5:819:10 | ...::f | main.rs:620:5:624:5 | fn f | -| main.rs:820:5:820:7 | m24 | main.rs:627:1:695:1 | mod m24 | -| main.rs:820:5:820:10 | ...::f | main.rs:681:5:694:5 | fn f | -| main.rs:821:5:821:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:821:5:821:11 | ...::h | main.rs:56:1:75:1 | fn h | -| main.rs:822:5:822:13 | z_changed | main.rs:700:1:700:8 | fn z_changed | -| main.rs:823:5:823:11 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:823:5:823:22 | ...::z_on_type | main.rs:706:5:706:16 | fn z_on_type | -| main.rs:824:5:824:11 | AStruct | main.rs:702:1:702:17 | struct AStruct | -| main.rs:825:5:825:29 | impl_with_attribute_macro | main.rs:770:1:789:1 | mod impl_with_attribute_macro | -| main.rs:825:5:825:35 | ...::test | main.rs:785:5:788:5 | fn test | +| main.rs:799:5:799:13 | ...::g | main.rs:29:9:33:9 | fn g | +| main.rs:800:5:800:6 | m1 | main.rs:19:1:43:1 | mod m1 | +| main.rs:800:5:800:10 | ...::m2 | main.rs:24:5:42:5 | mod m2 | +| main.rs:800:5:800:14 | ...::m3 | main.rs:35:9:41:9 | mod m3 | +| main.rs:800:5:800:17 | ...::h | main.rs:36:27:40:13 | fn h | +| main.rs:801:5:801:6 | m4 | main.rs:45:1:52:1 | mod m4 | +| main.rs:801:5:801:9 | ...::i | main.rs:48:5:51:5 | fn i | +| main.rs:802:5:802:5 | h | main.rs:56:1:75:1 | fn h | +| main.rs:803:5:803:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:804:5:804:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:805:5:805:5 | j | main.rs:103:1:107:1 | fn j | +| main.rs:806:5:806:6 | m6 | main.rs:115:1:127:1 | mod m6 | +| main.rs:806:5:806:9 | ...::g | main.rs:120:5:126:5 | fn g | +| main.rs:807:5:807:6 | m7 | main.rs:129:1:148:1 | mod m7 | +| main.rs:807:5:807:9 | ...::f | main.rs:140:5:147:5 | fn f | +| main.rs:808:5:808:6 | m8 | main.rs:150:1:204:1 | mod m8 | +| main.rs:808:5:808:9 | ...::g | main.rs:188:5:203:5 | fn g | +| main.rs:809:5:809:6 | m9 | main.rs:206:1:214:1 | mod m9 | +| main.rs:809:5:809:9 | ...::f | main.rs:209:5:213:5 | fn f | +| main.rs:810:5:810:7 | m11 | main.rs:237:1:274:1 | mod m11 | +| main.rs:810:5:810:10 | ...::f | main.rs:242:5:245:5 | fn f | +| main.rs:811:5:811:7 | m15 | main.rs:305:1:374:1 | mod m15 | +| main.rs:811:5:811:10 | ...::f | main.rs:361:5:373:5 | fn f | +| main.rs:812:5:812:7 | m16 | main.rs:376:1:468:1 | mod m16 | +| main.rs:812:5:812:10 | ...::f | main.rs:443:5:467:5 | fn f | +| main.rs:813:5:813:20 | trait_visibility | main.rs:470:1:520:1 | mod trait_visibility | +| main.rs:813:5:813:23 | ...::f | main.rs:497:5:519:5 | fn f | +| main.rs:814:5:814:7 | m17 | main.rs:522:1:552:1 | mod m17 | +| main.rs:814:5:814:10 | ...::f | main.rs:546:5:551:5 | fn f | +| main.rs:815:5:815:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:815:5:815:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:816:5:816:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:816:5:816:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:817:5:817:7 | my3 | my2/mod.rs:20:1:20:12 | mod my3 | +| main.rs:817:5:817:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:818:5:818:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:819:5:819:7 | m18 | main.rs:554:1:572:1 | mod m18 | +| main.rs:819:5:819:12 | ...::m19 | main.rs:559:5:571:5 | mod m19 | +| main.rs:819:5:819:17 | ...::m20 | main.rs:564:9:570:9 | mod m20 | +| main.rs:819:5:819:20 | ...::g | main.rs:565:13:569:13 | fn g | +| main.rs:820:5:820:7 | m23 | main.rs:601:1:626:1 | mod m23 | +| main.rs:820:5:820:10 | ...::f | main.rs:621:5:625:5 | fn f | +| main.rs:821:5:821:7 | m24 | main.rs:628:1:696:1 | mod m24 | +| main.rs:821:5:821:10 | ...::f | main.rs:682:5:695:5 | fn f | +| main.rs:822:5:822:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:822:5:822:11 | ...::h | main.rs:56:1:75:1 | fn h | +| main.rs:823:5:823:13 | z_changed | main.rs:701:1:701:8 | fn z_changed | +| main.rs:824:5:824:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:824:5:824:22 | ...::z_on_type | main.rs:707:5:707:16 | fn z_on_type | +| main.rs:825:5:825:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | +| main.rs:826:5:826:29 | impl_with_attribute_macro | main.rs:771:1:790:1 | mod impl_with_attribute_macro | +| main.rs:826:5:826:35 | ...::test | main.rs:786:5:789:5 | fn test | | my2/mod.rs:4:5:4:11 | println | {EXTERNAL LOCATION} | MacroRules | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -490,7 +490,7 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:56:1:75:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:826:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:827:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:56:1:75:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:25:34 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | From 92122fef58dd14000e90ca0579c06d506959cf67 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 30 Sep 2025 15:48:17 +0100 Subject: [PATCH 126/307] Rust: statement -> expression. --- .../codeql/codeql-language-guides/basic-query-for-rust-code.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst index 18fb0b1e6c69..75892e41d425 100644 --- a/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst +++ b/docs/codeql/codeql-language-guides/basic-query-for-rust-code.rst @@ -33,7 +33,7 @@ Running a quick query from IfExpr ifExpr where ifExpr.getThen().(BlockExpr).getStmtList().getNumberOfStmtOrExpr() = 0 - select ifExpr, "This 'if' statement is redundant." + select ifExpr, "This 'if' expression is redundant." .. include:: ../reusables/vs-code-basic-instructions/run-quick-query-2.rst From dd3f754cb36957a4440509aa6b6e71708893a676 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 12:35:03 +0100 Subject: [PATCH 127/307] Add change note. --- go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md diff --git a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md new file mode 100644 index 000000000000..5eeee51c4a3c --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. From daf0cf1c1bceefa712d5c4b1843030799af6f0b2 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 1 Oct 2025 11:43:51 +0200 Subject: [PATCH 128/307] Rust: Rename predicates --- .../rust/frameworks/rustcrypto/RustCrypto.qll | 2 +- rust/ql/lib/codeql/rust/internal/Type.qll | 8 ++++---- rust/ql/lib/codeql/rust/internal/TypeInference.qll | 14 +++++++------- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll index c32b62d0359a..123824b3d696 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll @@ -31,7 +31,7 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range { // extract the algorithm name from the type of `ce` or its receiver. exists(Type t, TypePath tp | t = inferType([ce, ce.(MethodCallExpr).getReceiver()], tp) and - rawAlgorithmName = t.(StructType).asStruct().(Addressable).getCanonicalPath().splitAt("::") + rawAlgorithmName = t.(StructType).getStruct().(Addressable).getCanonicalPath().splitAt("::") ) and algorithmName = simplifyAlgorithmName(rawAlgorithmName) and // only match a known cryptographic algorithm diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index da4924c59cbb..9dc15e31d996 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -134,8 +134,8 @@ class StructType extends Type, TStruct { StructType() { this = TStruct(struct) } - /** Get the struct that this struct type represents. */ - Struct asStruct() { result = struct } + /** Gets the struct that this struct type represents. */ + Struct getStruct() { result = struct } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(struct.getGenericParamList().getTypeParam(i)) @@ -205,8 +205,8 @@ class UnionType extends Type, TUnion { UnionType() { this = TUnion(union) } - /** Get the union that this union type represents. */ - Union asUnion() { result = union } + /** Gets the union that this union type represents. */ + Union getUnion() { result = union } override TypeParameter getPositionalTypeParameter(int i) { result = TTypeParamTypeParameter(union.getGenericParamList().getTypeParam(i)) diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index 772939e3b485..c9dbf0bac13b 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -1173,8 +1173,8 @@ private Type inferCallExprBaseType(AstNode n, TypePath path) { path = TypePath::cons(TRefTypeParameter(), path0) else ( not ( - argType.(StructType).asStruct() instanceof StringStruct and - result.(StructType).asStruct() instanceof Builtins::Str + argType.(StructType).getStruct() instanceof StringStruct and + result.(StructType).getStruct() instanceof Builtins::Str ) and ( not path0.isCons(TRefTypeParameter(), _) and @@ -1889,8 +1889,8 @@ final class MethodCall extends Call { // // See also https://doc.rust-lang.org/reference/expressions/method-call-expr.html#r-expr.method.autoref-deref path.isEmpty() and - t0.(StructType).asStruct() instanceof StringStruct and - result.(StructType).asStruct() instanceof Builtins::Str + t0.(StructType).getStruct() instanceof StringStruct and + result.(StructType).getStruct() instanceof Builtins::Str ) else result = this.getReceiverTypeAt(path) } @@ -2519,8 +2519,8 @@ private module Cached { cached StructField resolveStructFieldExpr(FieldExpr fe) { exists(string name, Type ty | ty = getFieldExprLookupType(fe, name) | - result = ty.(StructType).asStruct().getStructField(name) or - result = ty.(UnionType).asUnion().getStructField(name) + result = ty.(StructType).getStruct().getStructField(name) or + result = ty.(UnionType).getUnion().getStructField(name) ) } @@ -2530,7 +2530,7 @@ private module Cached { cached TupleField resolveTupleFieldExpr(FieldExpr fe) { exists(int i | - result = getTupleFieldExprLookupType(fe, i).(StructType).asStruct().getTupleField(i) + result = getTupleFieldExprLookupType(fe, i).(StructType).getStruct().getTupleField(i) ) } From c93852d87a9e5e2f56a6df04c5b604268ae3a279 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 11:00:09 +0100 Subject: [PATCH 129/307] Improve comments in test file --- .../security/SafeUrlFlow/SafeUrlFlow.expected | 165 +++++++++--------- .../go/security/SafeUrlFlow/SafeUrlFlow.go | 51 +++--- 2 files changed, 106 insertions(+), 110 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected index 36129fab07cb..4cbe81bf2be0 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -2,25 +2,26 @@ | SafeUrlFlow.go:11:24:11:46 | ...+... | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | | SafeUrlFlow.go:14:29:14:44 | call to String | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:44 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:13:13:13:19 | selection of URL | here | | SafeUrlFlow.go:18:11:18:28 | call to String | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:18:11:18:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | -| SafeUrlFlow.go:49:24:49:57 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:49:24:49:57 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | -| SafeUrlFlow.go:50:29:50:51 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:50:29:50:51 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | -| SafeUrlFlow.go:51:11:51:38 | ...+... | SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:51:11:51:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:39:13:39:19 | selection of URL | here | -| SafeUrlFlow.go:60:11:60:26 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:60:11:60:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:61:12:61:27 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:61:12:61:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:62:16:62:31 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:62:16:62:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:63:12:63:27 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:63:12:63:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:67:13:67:28 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:67:13:67:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:68:14:68:29 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:68:14:68:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:69:18:69:33 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:69:18:69:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:70:14:70:29 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:70:14:70:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:73:39:73:54 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:73:39:73:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:77:70:77:85 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:77:70:77:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:81:40:81:55 | call to String | SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:81:40:81:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:57:13:57:19 | selection of URL | here | -| SafeUrlFlow.go:94:24:94:41 | call to String | SafeUrlFlow.go:87:14:87:21 | selection of Host | SafeUrlFlow.go:94:24:94:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:87:14:87:21 | selection of Host | here | -| SafeUrlFlow.go:116:11:116:23 | reconstructed | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:116:11:116:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | -| SafeUrlFlow.go:119:24:119:46 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:119:24:119:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | -| SafeUrlFlow.go:120:29:120:54 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:120:29:120:54 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | -| SafeUrlFlow.go:121:12:121:38 | ...+... | SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:121:12:121:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:106:13:106:19 | selection of URL | here | +| SafeUrlFlow.go:47:24:47:57 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:24:47:57 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:48:29:48:51 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:48:29:48:51 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:49:11:49:38 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:49:11:49:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:58:11:58:26 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:58:11:58:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:59:12:59:27 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:59:12:59:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:60:16:60:31 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:60:16:60:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:61:12:61:27 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:61:12:61:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:65:13:65:28 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:65:13:65:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:66:14:66:29 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:66:14:66:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:67:18:67:33 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:67:18:67:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:68:14:68:29 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:68:14:68:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:71:39:71:54 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:71:39:71:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:75:70:75:85 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:75:70:75:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:79:40:79:55 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:79:40:79:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | +| SafeUrlFlow.go:90:24:90:41 | call to String | SafeUrlFlow.go:85:10:85:17 | selection of Host | SafeUrlFlow.go:90:24:90:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:85:10:85:17 | selection of Host | here | +| SafeUrlFlow.go:111:11:111:23 | reconstructed | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:111:11:111:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | +| SafeUrlFlow.go:114:24:114:46 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:114:24:114:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | +| SafeUrlFlow.go:115:29:115:54 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:115:29:115:54 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | +| SafeUrlFlow.go:116:12:116:38 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:116:12:116:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | +| SafeUrlFlow.go:117:12:117:21 | opaquePart | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:117:12:117:21 | opaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | edges | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | provenance | Sink:MaD:1 | | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:17:19:17:22 | host | provenance | | @@ -28,38 +29,39 @@ edges | SafeUrlFlow.go:14:29:14:35 | baseURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:17:19:17:22 | host | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | | SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:49:24:49:57 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | -| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:50:29:50:51 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:39:13:39:19 | selection of URL | SafeUrlFlow.go:51:11:51:38 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:60:11:60:17 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:61:12:61:18 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:62:16:62:22 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:63:12:63:18 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:67:13:67:19 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:68:14:68:20 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:69:18:69:24 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:70:14:70:20 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:73:39:73:45 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:77:70:77:76 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | SafeUrlFlow.go:81:40:81:46 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:60:11:60:17 | baseURL | SafeUrlFlow.go:60:11:60:26 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:24:47:57 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:48:29:48:51 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:49:11:49:38 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:58:11:58:17 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:59:12:59:18 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:60:16:60:22 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:61:12:61:18 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:65:13:65:19 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:66:14:66:20 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:67:18:67:24 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:68:14:68:20 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:71:39:71:45 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:75:70:75:76 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:79:40:79:46 | baseURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:58:11:58:17 | baseURL | SafeUrlFlow.go:58:11:58:26 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:59:12:59:18 | baseURL | SafeUrlFlow.go:59:12:59:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:60:16:60:22 | baseURL | SafeUrlFlow.go:60:16:60:31 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:61:12:61:18 | baseURL | SafeUrlFlow.go:61:12:61:27 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:62:16:62:22 | baseURL | SafeUrlFlow.go:62:16:62:31 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:63:12:63:18 | baseURL | SafeUrlFlow.go:63:12:63:27 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:67:13:67:19 | baseURL | SafeUrlFlow.go:67:13:67:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:65:13:65:19 | baseURL | SafeUrlFlow.go:65:13:65:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:66:14:66:20 | baseURL | SafeUrlFlow.go:66:14:66:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:67:18:67:24 | baseURL | SafeUrlFlow.go:67:18:67:33 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:68:14:68:20 | baseURL | SafeUrlFlow.go:68:14:68:29 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:69:18:69:24 | baseURL | SafeUrlFlow.go:69:18:69:33 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:70:14:70:20 | baseURL | SafeUrlFlow.go:70:14:70:29 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:73:39:73:45 | baseURL | SafeUrlFlow.go:73:39:73:54 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:77:70:77:76 | baseURL | SafeUrlFlow.go:77:70:77:85 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:81:40:81:46 | baseURL | SafeUrlFlow.go:81:40:81:55 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:87:14:87:21 | selection of Host | SafeUrlFlow.go:91:19:91:26 | safeHost | provenance | | -| SafeUrlFlow.go:91:19:91:26 | safeHost | SafeUrlFlow.go:94:24:94:32 | targetURL | provenance | Config | -| SafeUrlFlow.go:94:24:94:32 | targetURL | SafeUrlFlow.go:94:24:94:41 | call to String | provenance | MaD:3 Sink:MaD:1 | -| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:116:11:116:23 | reconstructed | provenance | Src:MaD:2 | -| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:119:24:119:46 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | -| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:120:29:120:54 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:106:13:106:19 | selection of URL | SafeUrlFlow.go:121:12:121:38 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:71:39:71:45 | baseURL | SafeUrlFlow.go:71:39:71:54 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:75:70:75:76 | baseURL | SafeUrlFlow.go:75:70:75:85 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:79:40:79:46 | baseURL | SafeUrlFlow.go:79:40:79:55 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:85:10:85:17 | selection of Host | SafeUrlFlow.go:88:19:88:22 | host | provenance | | +| SafeUrlFlow.go:88:19:88:22 | host | SafeUrlFlow.go:90:24:90:32 | targetURL | provenance | Config | +| SafeUrlFlow.go:90:24:90:32 | targetURL | SafeUrlFlow.go:90:24:90:41 | call to String | provenance | MaD:3 Sink:MaD:1 | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:111:11:111:23 | reconstructed | provenance | Src:MaD:2 | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:114:24:114:46 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:115:29:115:54 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:116:12:116:38 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:117:12:117:21 | opaquePart | provenance | Src:MaD:2 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual | @@ -73,40 +75,41 @@ nodes | SafeUrlFlow.go:17:19:17:22 | host | semmle.label | host | | SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | | SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:39:13:39:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:49:24:49:57 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:50:29:50:51 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:51:11:51:38 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:57:13:57:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:60:11:60:17 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:60:11:60:26 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:47:24:47:57 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:48:29:48:51 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:49:11:49:38 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:55:13:55:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:58:11:58:17 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:58:11:58:26 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:59:12:59:18 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:59:12:59:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:60:16:60:22 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:60:16:60:31 | call to String | semmle.label | call to String | | SafeUrlFlow.go:61:12:61:18 | baseURL | semmle.label | baseURL | | SafeUrlFlow.go:61:12:61:27 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:62:16:62:22 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:62:16:62:31 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:63:12:63:18 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:63:12:63:27 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:67:13:67:19 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:67:13:67:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:65:13:65:19 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:65:13:65:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:66:14:66:20 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:66:14:66:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:67:18:67:24 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:67:18:67:33 | call to String | semmle.label | call to String | | SafeUrlFlow.go:68:14:68:20 | baseURL | semmle.label | baseURL | | SafeUrlFlow.go:68:14:68:29 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:69:18:69:24 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:69:18:69:33 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:70:14:70:20 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:70:14:70:29 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:73:39:73:45 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:73:39:73:54 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:77:70:77:76 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:77:70:77:85 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:81:40:81:46 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:81:40:81:55 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:87:14:87:21 | selection of Host | semmle.label | selection of Host | -| SafeUrlFlow.go:91:19:91:26 | safeHost | semmle.label | safeHost | -| SafeUrlFlow.go:94:24:94:32 | targetURL | semmle.label | targetURL | -| SafeUrlFlow.go:94:24:94:41 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:106:13:106:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:116:11:116:23 | reconstructed | semmle.label | reconstructed | -| SafeUrlFlow.go:119:24:119:46 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:120:29:120:54 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:121:12:121:38 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:71:39:71:45 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:71:39:71:54 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:75:70:75:76 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:75:70:75:85 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:79:40:79:46 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:79:40:79:55 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:85:10:85:17 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:88:19:88:22 | host | semmle.label | host | +| SafeUrlFlow.go:90:24:90:32 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:90:24:90:41 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:101:13:101:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:111:11:111:23 | reconstructed | semmle.label | reconstructed | +| SafeUrlFlow.go:114:24:114:46 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:115:29:115:54 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:116:12:116:38 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:117:12:117:21 | opaquePart | semmle.label | opaquePart | subpaths diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go index a1844deb6fc4..45a2b20b8d4d 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go @@ -8,30 +8,28 @@ import ( func testStdlibSources(w http.ResponseWriter, req *http.Request) { host := req.Host // $ Source - http.Redirect(w, req, "https://"+host+"/safe", http.StatusFound) // $ Alert + http.Redirect(w, req, "https://"+host+"/path", http.StatusFound) // $ Alert baseURL := req.URL // $ Source w.Header().Set("Location", baseURL.String()) // $ Alert targetURL := url.URL{} - targetURL.Host = host // propagation to URL when Host is assigned + targetURL.Host = host // additional flow step from Host field to URL struct http.Get(targetURL.String()) // $ Alert } -func testSanitizerEdge1(w http.ResponseWriter, req *http.Request) { +func testBarrierEdge1(w http.ResponseWriter, req *http.Request) { baseURL := req.URL - // SanitizerEdge: Query method call (unsafe URL method - breaks flow) - query := baseURL.Query() // sanitizer edge blocks flow here + query := baseURL.Query() // barrier edge blocks flow here http.Redirect(w, req, query.Get("redirect"), http.StatusFound) // no flow expected } -func testSanitizerEdge2(w http.ResponseWriter, req *http.Request) { +func testBarrierEdge2(w http.ResponseWriter, req *http.Request) { baseURL := req.URL - // SanitizerEdge: String slicing (breaks flow) urlString := baseURL.String() - sliced := urlString[0:10] // sanitizer edge blocks flow here + sliced := urlString[0:10] // barrier edge (string slicing) blocks flow here w.Header().Set("Location", sliced) // no flow expected } @@ -42,12 +40,12 @@ func testFieldReads(w http.ResponseWriter, req *http.Request) { scheme := baseURL.Scheme // should preserve flow host := baseURL.Host // should preserve flow path := baseURL.Path // should preserve flow - fragment := baseURL.Fragment // should preserve flow - user := baseURL.User // should preserve flow (but unsafe field) + fragment := baseURL.Fragment // should not preserve flow + user := baseURL.User // should not preserve flow // These should still have flow (not sanitized) http.Redirect(w, req, "https://"+scheme+"://example.com", http.StatusFound) // $ Alert - w.Header().Set("Location", "https://"+host+"/safe") // $ Alert + w.Header().Set("Location", "https://"+host+"/path") // $ Alert http.Get("https://example.com" + path) // $ Alert http.Get(fragment) http.Get(user.String()) @@ -84,28 +82,25 @@ func testRequestForgerySinks(req *http.Request) { } func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) { - safeHost := req.Host // $ Source + host := req.Host // $ Source - // Test additional flow step: propagation when Host field is assigned targetURL, _ := url.Parse("http://example.com/data") - targetURL.Host = safeHost // additional flow step from SafeUrlFlow config + targetURL.Host = host // additional flow step from Host field to URL struct - // Flow should propagate to the whole URL after Host assignment http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert } func testHostFieldOverwritten(w http.ResponseWriter, req *http.Request) { baseURL := req.URL - // Flow should be blocked when Host is overwritten - baseURL.Host = "something.else.com" + baseURL.Host = "something.else.com" // barrier edge (Host field overwritten) blocks flow here http.Get(baseURL.String()) } func testFieldAccess(w http.ResponseWriter, req *http.Request) { baseURL := req.URL // $ Source - // Safe field accesses that should preserve flow + // These field accesses should preserve flow host := baseURL.Host path := baseURL.Path scheme := baseURL.Scheme @@ -119,20 +114,18 @@ func testFieldAccess(w http.ResponseWriter, req *http.Request) { http.Redirect(w, req, "https://"+host+"/path", http.StatusFound) // $ Alert w.Header().Set("Location", "https://example.com"+path) // $ Alert http.Post(scheme+"://example.com/api", "application/json", nil) // $ Alert - use(opaquePart) // avoid unused variable warning + http.Post(opaquePart, "application/json", nil) // $ Alert - // Unsafe field accesses that should be sanitized by UnsafeFieldReadSanitizer - // These read unsafe URL fields and should NOT have flow - unsafeUser := baseURL.User // sanitizer edge (User field) - unsafeQuery := baseURL.RawQuery // sanitizer edge (RawQuery field) - unsafeFragment := baseURL.Fragment // sanitizer edge (Fragment field) + // These field accesses should block flow + user := baseURL.User // barrier edge (User field) + query := baseURL.RawQuery // barrier edge (RawQuery field) + fragment := baseURL.Fragment // barrier edge (Fragment field) - // These should NOT have flow due to sanitizer edges - if unsafeUser != nil { - http.Redirect(w, req, unsafeUser.String(), http.StatusFound) // no flow expected + if user != nil { + http.Redirect(w, req, user.String(), http.StatusFound) // no flow expected } - w.Header().Set("Location", "https://example.com/?"+unsafeQuery) // no flow expected - http.Get("https://example.com/#" + unsafeFragment) // no flow expected + w.Header().Set("Location", "https://example.com/?"+query) // no flow expected + http.Get("https://example.com/#" + fragment) // no flow expected } // Helper function to avoid unused variable warnings From 2c7291d27e6d0bbd0c3acc95ead1fc37514c4f4b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 1 Oct 2025 11:12:04 +0100 Subject: [PATCH 130/307] Rust: Fix toctree bug. --- docs/codeql/codeql-language-guides/codeql-for-rust.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/codeql/codeql-language-guides/codeql-for-rust.rst b/docs/codeql/codeql-language-guides/codeql-for-rust.rst index 4d68f080b875..1c08acbf2fbe 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-rust.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-rust.rst @@ -9,6 +9,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: :hidden: + basic-query-for-rust-code codeql-library-for-rust analyzing-data-flow-in-rust From 353ee8baa096736f58ea63429b2436c99ae315ef Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Wed, 1 Oct 2025 11:33:47 +0100 Subject: [PATCH 131/307] C++: Port a test from the experimental directory to show that it works in the non-experimental "new" range analysis. --- cpp/ql/test/library-tests/ir/range-analysis/test.cpp | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp index 7234449a4ed2..0c1a98b06bb7 100644 --- a/cpp/ql/test/library-tests/ir/range-analysis/test.cpp +++ b/cpp/ql/test/library-tests/ir/range-analysis/test.cpp @@ -145,4 +145,15 @@ void nonterminating_without_operands_as_ssa(X *x) { while (x->n) { x->n--; } +} + +void test_with_irreduble_cfg(int i, int x) { + if (x < i) { + } else { + goto inLoop; + } + for(; i < x; i++) { + inLoop: + range(i); // $ range="<=InitializeParameter: x+0" + } } \ No newline at end of file From 936702a0e54149943efb929ab087f54648e297c4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 1 Oct 2025 11:49:54 +0100 Subject: [PATCH 132/307] Rust: Update graphics. --- .../basic-rust-query-results-1.png | Bin 31181 -> 33505 bytes .../basic-rust-query-results-2.png | Bin 29554 -> 33086 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png index 479b2482b8a31e738407547faf7db3785ce5e650..d4e34655a96e070d059fe9582f6c42249d08c907 100644 GIT binary patch literal 33505 zcmZU)1ymf}(k@H_gaCsC9Xvp=;O-DSxVyW%J3$6_cY?dS!{F{N86XgRa0qsJ&-woI zo%`SEwWfEM?ArBI^|tN~SCErHLBdCZfq_Ah{4S~l0|O6+fq5tN5%!G|^&rvpc7ih( zk`;o1sf$H^GK7D-e&?(tAq-PJMR@pDUba-xaM6&J;W4(iWiT|cH!@}LuyuHof`Q@l z;CU7l#QKC-)vjhyZn#xe>49_k&p2o*Z&KOf8+cw z>Ko7kNPLX{37P=XP|qV149xpu1sN4FT3T9WX6EtnaV{<{adGj9i3w_I>Nn?sK%lUQ z$mr;3b#*lpGwU}IiII_!^73*H4h|3qG%zqgMn*O~JPhNp(An9Uo}Rw3Q7&8l)Z5!D zAn?u6!7(~I+SS$7$jB%sCx?=ff|Qih&(BXqMWwsD+tk!FE-o%GC{R&RaVp+}o}OM- zR+fl}C_Fs;3k5}cdwXSNB@+{4ety1%g~iveG#VNj{r&x^si`3$Azofy($doU`ug9$ zOR})AI5{~bCMN#)@gpiK%EQA$NJ!`{XNrr91qB6te0-XknwFQB2L}h)*x0PBtur$- zWy=1Fh=}m=@@i>mD=8_dsj2Dc=wxlYq@<*@w6xIC(bd-0mX?;jzP`$h);2UWkWtfd zS|qV+`>w2%NEhGY;o+ zytR1B7K4boTGmowVWDX3oNQ>TQ~{Kl{hN)A&D?y!aFh!LJ0au|TTyp8Pb?UhrfdqN$A!$x#;WSRo3NWW0NEWK09T;wy0 z(h}t}mlaV{lWf&csA9EzLvBBVPtwF4bAY$4pNv zDkQ3D!fdGSl+*OhCN4YMM@~+Nm7YQ{DJUk+F?w*1CUljKg;RF8nxCKD+FEUHe%{XQ z2hR`3N^i5osWTZ9Cn|of-Q8VrF>4W0aVb_bIfGxfXshfI52P{;b80f1CM^*1FQ%lM+J$q&5J%En=toE}zG zG_)KXjE>Gao5%O4DsfhhK0a2&*19Aj{GW@912cjNZC(5$+=!}^@Wv~#v6!UPWk>)H zeI2>D%T1r!moCkVcLz&wW@cxQ42n$bbqhvLzb(+!ve4SnGSf1TGmmpI$2>^G!1&fl ziVCTCtes>_E91-J4rAMTC6$Mf*65l#V#d!3Gh851j|@^7h)PFcVRYzF)Q#~WbK2EA z?v9-&67k;pr1%8490bC0iC*+c#l8A7^ZT}&H>S-CqLz4@iN}b4{ur1il&pIsNse)i zf&Z|rPo;BYc-6Q36VhR4aKG(H^yeQ6={(RElkUN_alK`X+YDf>{V$UR;SL+)5@`Y^P4@o#!P_f?kq;og!b(s{e#_!U@Qbp*J0yf zx3pkhE59hAr!8G!EV_nrX#2Qahe4may{SFHz(d_FZ4bQ3=_gBxetwHsmDhV6Ed8Blb0TzSPc);wnZdVKho)!|KS3wuGPRxp0J`gkI;JYrQBap(4e14` z;UoE=Eplxv{kkDahRlM_25H%+rdwG@pOaqx7P*zt&wB(xyVf{oHyrS?*MN4u9e6+E zCtK8*d>nubs`it@7kQ`zMho+rwJ|uhEI$Fo_it?MfSQ&F= zXJ!+nXJ?BD_{0Gj(m^}VMjoNaYspMHs(fxwG}*#swPPe>Uo2{cCs+#fUjA~D9TjAZ2(9u zue&OsVtr~6;JOV%W?<%je_I#uac*^)NXX#p_`;~Tgv4qei?TUOrfL^=FCWqx3aFwDYjf>`qdP&re$BdDm)j{|S-p_1DeXz# zp!G3Z?X2|olXf&jird@Un^%iMs`eF469MdP(0Wi%%v$C3vsT;A*n_}tr`o8vCu{1M3N9;ewx@oF&6Vdh>Pb=X7#xlb2a&?@b8 zvGB>48+EAB#ph8^+u(z3&okSSIOQxKH3Ep+l8BvXVq9gt0(pjGsri2|R7@CH0cs-i z)*NdSe(`ozcQ^(kOT6}BN(x!9qrMhpu!F{*@*x(7!8&8s2KPmi9hbswNvODmb*=Tf zfcv!2Ill1@+OcxM^!9nLM>dr9_ZJ%80-ctPtQXQsaGRH%97JU-ofGewx1Y1jns+QX zA}#bK%LYs-b{O%TGs>~slFl4kQ^Yh+k|A>^ma1bKfpfxaH=DA2NF9u{DbbW*G^(1h z;DKJK9x#WIdd*Hv-D6V!mrm`Si@Uh-y|* zlm7dX(Gaz%JIivlyh*vVc|s3Rs1x!J1p0sFI8wy^&=AW>7>IV4;>R5Aesc|TI_0X| z7zypXt=for+Ix=_ULKw~7DoCZ=*kD=d4lFTCrnx^fIE|IzKXF&&L(?i_ThNjA)70U zKXV21Q}9DoJGOJiv$=;=iUuXx7aA_|F;8Dx!(I(-53@S-oj50{#mL#aFCeP<2)nc6 zvkwO(@R5Q}ddon$ZHFmSSKTqv*u!}R*C~HQz8a^k(q(Fj{P7Ut(D~e_V1^6ljAh=% z9z$D*0V|(9FF=ZM2r7qL=st#Vh62IY9GZJSix8#SPo{MH(OW2Z-Wr<%jirQ2)MaUl z05-pcPu5aM1=fpDj&<@&M>_)rxZKNG3a6{ZLKVv~8WO|SF<+&jz2Xm&p8H#*CeASV zd`gWaYrJyP4-FlY=tqhS8sc||c>?R*CV!%c-6x{}4zZx=C~^M1W@qS5avYY|@Z(A>XVPhw#}V}>RhchM4TZRZ~;+&Kn(6-m^Zv$Q9u5aL3$h3 z--det$!Acexnl3XhW7t=fdAh~fImIpbu$8s$!7(Kijw;0*x(*o77ekbRYFo_@=3!( zMM)omegf>bq;yFv!L%4~!GT2n^A`j`hkKhTI z${Rl!9_e}&=Wez(UXHC=$uiyCFpQ?(48OeYU%X9Vy1o$#2z^ZFer z$gOPUt`<)mYCjo_LH7)YEl^$-L??U)?!gQDp2fL?HBED$>_hGcsj8l8Z&qHn`H0_x zfBG@`bZP1?;|bt3#rgiQWF$3L;>M>)v2fANpctrP^11X%7@!y}57c!^^u3LNg98`L z{#iq+BbyCt<#2QFrSOu+mi-q)JoTzFkQn!8Tb_&10(i&Z-R*^H zA5`-93hcY*nb%d`)Ew~?S{StG@!{4lxCR5?QCFgw?Z~|yI5~(3uAs&?pE*7?TBfRn&#T7DK=|v2*&Hj`TBkH6PCLH+Xa~$5Gw|hHCUXSDZ92i z+^CnxW!HDW_d(bDzdmsl2t}X1qx)LS+gYYeZpPACNpf|(EWQxz^$B3IOPX-DkS9*? zP0fXVQY(&uSxpK&6<_T7L7ea5)9_|T*iJ-(P3M9}TGIwdo>c`c6Ch}+8CoHuyf^6x z!o=&`U=7W+$sS9##tjMzfBE(M$8%;*cB}8uQZ+RU)k&A{YX;xscu8#g)~6~PB7Fki zlJF4n^c?0&n&AOwdLY9NB-hL%BOP6T1P%dkC-(7bFpQxf)Rt9;6oP(12BzSj;ktNG zxy;Gc|15ec^Wft*$`q9-86MnTLPqTO7*sZ^{6ZyuCs&H_`4!_U-k5c z^J)~L2>u5(_>ZhyOGzpDr$V|F&2wxB6gc5b@L0aQ!yrLx|19}-yqs^2ZT*Z*_bGDD z3}E6aOlbpKwz;MLW;LLFu>|ripyUsSOa{tIanTZBvi13o!74FaF{`J!OnOU}vjlH! z!4R=8_`E0RPU+zHywfJJ2VoWblobv!TfCYR;~sf{k~rV;bS7kV#(=CW$Ip;x{6=2a zwnAU=W90oJu&()u2-SeX;T|M-di%w{a zot&IBGu|%Af7fGrO39k#ziP|3#g#G*&bg~iFJN6uCfZnOQs~~#bJ4Ws$kf6<`ZMPA zVQ$i_p;9RH_XZ?o_c%O$rGx&K*Y?M{JF8DRq-lg>21$&uohWvge`(Sp#1SNv`$JX_ zZtQ8LYY>XY0q%eW)o66L74VyQsDMA@nEX^YUrKZc1d%IBj2pIYiiQX#Y5pZEJw+lG zbO!YhGi7b~7!q|Y=eD;?cjq6K^f~C)zCc89eHcLciDJ1X3})T+KmpTk#Yv4ZS{8E# zJ&gSO2-|Ji5Cz^8r+U{j>)p58LovNpc)G-8EksGJc^8tj=GSN^t~2*tji89X+!DX) z8^0mTQ^Jn7)U-9r;w3L^Fo|xvErq}3sDEV(Rb$A3IB+Zelr(4#E1(a!74FG;)6WI2 ztqC%mLZ1kX$b|Gcc`&&EjA)w8&n(dJ{3Nw+k6;F^ec2}FVp1j@O2Va5U#S}Xw0Uv) zUhIr$0wMZ2+Ca8Fb#Q0W>Kyz8l2Qy+jzNs4R)!_vlwhHFUe6!9 z=EKl}fWiu-;99hk9*|AIu=2=82I87c9#6TcfqnL+_pj)$><((BM<_JM!wlP+5UIrv ziqWv45a|qko>HN?Sku*ZPb=3DHj^obHlcmx>18yML~V_0JU$eP7>4FisAfGFQ+3SD z4)S!tW0_|a)|sntF%YsmMz8Zo6Ev(DYjB_aKvv};l@!X*m`e4@D!);xp$Tbobk-$8 zjgHXTiB67YM`fv|8BgRkrDUD%n2FHK%dy`0+qsvymby*wot(I==Up3M^=m`YaBsZ` zSgc*`cy}T|JfYo?YLIUJ#55dd2yf^swXk;;61`Swi0%c{pzUZaW3>raDV+$7{1%NTp?JTs^xGC}EwFaS!-b*;7Ap$qs3X-qkI$X~PI8Rl__y07@)-?IFojpg{#cycr{J=^z zTxp9ODsp8)+C@?KRNxtj6wTcK%%qkgwXgRWxl-%f?B>+!JfGRAJT-e+9m_UbnSc!! zol69UCE{b-0F;yyp;5u{mY>}{F8)ZFgu=yt31`de3$o^}Uq-ojZ|^CzX?RaCHzXk9 zwmgc1`f8Sqh=`V%1>qAFNolFG^H;lv2zNstmFCdM>}MV)c|oJl$3dXHj3;{MzS4t7 z{WdVS?J{qnH`c<`mA8~;kDJ*?4=gwJ?2yA_#llC@J6|S!4OV^qO;6w6pYDrIngTXv zA;g#J)iD*!*!AlIL-QJA7vqv5A)f+oeshCo{nvI6#OTCE)R~@MDQ8CpL>7#cjpZ4m z05CaA2O559w-SvJ&&2^3SH>RU!P^#v2v+1vNS(U?LGsNm(|VXaGb4sZwsKXn&~sI% zri-)Q27DG9Q0hm`P+yd_!j=|}sL)sR5#6eZACZuQgriZd3+R3GUpo;dosoHyR`foo z#Gayp@IC=Q*A?br?={$v_1l-#328}58x?CR(T^1B=+@}@a_fMac;v#yy^sje_ppM5 zORBz&j2!sT_g-ILay+PL9qQImRX7J{V18Hm!WOnhz z%#)La9{7?3eAzu0jm04YG5}+g=%(pxe(yZ8hU&ff+z&k*nO?sueY&~3Te>{%*|tB- z_5XwhGPoyCo*NWtv{U&@A1xdePq&%r7V?(tS3H-JcxP8T$OPKVW_0Er90+1k5)em zX${Ua%xWgI&U_F+2!H}F-PMZ}zw=xJkCy&6r}mKA%1z;8C!6uJ>7OR zyApG9zS2y0Fa^DCH(%ugq(~kGj2M7U`Lm4Y3>Ua?B>0p2WFUgYVm>gYlht<>1sgCE zZ+Q8J3KBS#J~k^XmCpUu8q|Uob5?KLc|P;z)d#N79$Y*^C=uQZ3Uerjt@s^O{#)$8 zpPPli^wHhi!%C4Z$)xE;?bI(zuP$JpOuKNQEIrCWu^2g0sUK?^;R?a5b!dy!RYG6^)+Ii=ytYt&Z;QC$rRlB- z(n@3O50e@AOSidnqx#Sxj$|74R!WI0G{$!v;0#H63n>FQruj77KD8T zgCP&1qr&(#0{SDLz~{SHD4m%(eaURT_)h0{BSoE(-53w&ZyQ-XTXU6UsY(pLw9M|O z=P}T4D`t2NPy5Jay-uO1ai_MnCr}fBaH;rv--%6&dXBq>@kbuR)^e7yjlT)D@VtjI z58iz-10N+4BizF7(S(zG&l!LHfm!@i(1XJj@D+I#kKnA(*GG+SWQQ&!71Kjw%tVQd zSP)Okh}5W+$I4up&7}HkpF@FG#iCl$;Pj)nsNz%t(C;*7Nf+O_T8p8I&oAnrRGX-y z&8E%wIN`S%B0!%O#8|@yCvAKmph*`b1c)s+Ks_;7psFi#o64**INf7@$M@TyGQ9oX zr%!{PJxwD&@`|F4Ff@9&_`&N-e~sFtbUigK$I(X z?Mz=$t$8As*V?djUx)pqusrW0x05R6C>m@&>J;bO5neQBe8T$Jbqk)B3s=M=`K!FN z>7&ZErB=-jOHx@~&K_+hhsyMh!`1Ba{UJMl1QI+X_t$TrgD?p0+A7tC1~2C>hjDul-|2IV9KN*3or z(5R?^;1fseB#{9Jg#6f{h(LTWxC|*8B9jFZW}styZ$XXqSLFCzH2++CLkdB~GWxkz zb&a03hDLLiZZqBdPy+?i#?36tl{k1b0eHryNyI=2occ?omZ&~lz2+IPc=^@Mg{;qN z1O3|Mxx zW^_t?NH#dJ_<=Tdu94<~T*4J$(;vNDY)b_8i1g#>N~+9cffLa|>Tidn)4lGln^10M zKA^E}pWJ>1TjWPyW=vDOxw`ykLQ=o$MyVOOq630XTcnZ zCAq-J4(w6NJZ>0-)|>gMtaUTr;z>kl!~4eJQD6|VZrYiQ_oB?a5d|cV>0krlT7_D> zmN!019M!cUC?P~^ot^`-9+DvK{G?K0`jj}ufxlr;baXIobxJlf` za+14u+LL6L7zgknJn@LE`2EXzwX2Qo0J%=8P?Y!KIc!om27Wsn_`$Kb3k93wGkWCU{eXMAj-qHc-vm53(ghw|AbQOQM#vZ6@{PJf z^NrOR6V!h7EnU=j4<^~z@CZacMBuD8i{=Fgrgr>#N`g$Crq<+OfVVdtx_yKI{>eUO zbg=())X9*LH3+`5_h`f?$115J1RX!cM{nvIO~UGROr@>$teFWOu*7GPAAfOyTh>FA z6b1Fo#F?Kik#YVGvVSGz+6G{T1<5Q(W6|%A-64rvn5|BKke)2ksSm3_Gc&9Cb!1DA z+9OM})vm__ek2+!UM1E(RQr zF&Kdzq86D7tu*4i<({BSZu<~Bbw9BfUC_bcWy2x9`cXSvbTW7`_@eBF8y_I$!!(7A z+Ac^EHnOz)t)@i8*6HksOU0nqgEeH|2T^Vz%=`ps&QPOX@5v5|%^ZB)&-Z{XwU!qx z(HsesH+w$<5l{bE0nnVYAwwDq5;cd9Or2LG3%CA*5UUI=w@^r%4o^$Kz-1%otpm5$ znG8RsgSB=`rGe>ZbPLdIgxV2o*&ol7;FPh~T6aG|S(~@H7JY|xrKF{$@*FYzI#S5D zpT=bY3Vt^Rq#>6DPj-12=uoo0pwCViaiwJ+jEwjg_xdA&PZ!_91T2CFMk3L+t_=7- zoO^Q1-=Vd6Psh#)|D@;sieN@@Dsy+DxtS;<&|r4j)zhJ!gU$$kZt?c6o}jyy>o2V~ zhu*&5nAOd|U($`ug;*|%{5-Txregr5{?g*{3;LB=TZzOOzG6%HPT+_Z>zhu5f6)Z( zV2cARIaUO~e)%>YMj#17Z&b~_k$#&$V@^H2FoVKE^EZuywxDT=f?Ps~fm{XsnD!7X zDHdlVzcem9w#nWUB|qIbTM{b`C}I3Ktr7!~#79Vs2+gQ=dT!c#-}D7w&gPSRCDg+Q zo=k!aJ`F>z_g-ZIvGaO#;4p0uZ50d)Amag)sg_g05?Sg5B6aPA>J%whP07x zgl{2Cax4LYNvrX^g$~sXIHQ+*AT6MdOM{rJ4 zvE7h0vNsnT8eRSfMqrXV*ew^OEA0I3(&U8Jk7W1U+zLchM)PvLDfj{;IbA%&sSfy? zBe(30xMSWbja@&{Ip|5-T^Hh6x|uw50G^lA_-*y6!)sVmjCVe2-RcVa%U07^n==_a z>;}_OTTkGU>BwaxA$bw~x}Z#QM8az>s-meHpN_BI1Z7~)-I^PeyUQVX**Q}!v z|Hq3AdD$!opDuqJ9fX@fN0DP>U(~0RGnVz0?d2oreD{kbTf_j=KRCoH6#2Y3u--#B zOaM~Xz_BG2?1V8*`>;DS&b)nm`|jj+HMmU7?P42l@xr)+?wM+Q^&t7;$MT=9&?mZ> z&_u=QFs|VPH8Un(qcUWI6pZoKBpeiRfiZ`6fVeVxhxrKRF(FummWlYBT!@up_EJS= zc=IBJoiNTag{Zr6+)-c(X?GvPw>)Te#Mb zGCYGfbi`ko_G3yaDV;slG)5w!v8?o;rkT1B+>c0m|fs@09YbE)^O<`(Uvi zQUK$H$3%`%)9NnGv{@2OPWSl~G@dwIF@Z=8G;Cpc+Bpf@Gr2XauD`roIA3#EE5WM} z(}B$wQN6DD+@HCdYn}V~*F*w3PTqP5o7A7Y6P+*Xihr)l(g`y%QQ3LR%!z+hI*e=T z+foyDw9V-GexQ2%5R9r&7pSnEklb=w)knNv+-$sTje)OW9qZx}s$U%2!$5vVJZJv! z;@FC%EbX?3*S%S<^+Jl$g*mJ;8RqCAuIQ>LUa(0fEu-q$Q?{R+OgY)I&d%**Y`ZlD zyZa<^V`8Eo?zL7YS!LDS`IJ=1Pn&Ln0Y>W)GxBKoI-a2VQwh6F#dXZSf?qoxr>xPK zqrsBePQNI9`OCAz=$AyG-yYtXLX(4MoT$X^ROgREZE9v6mT-un8@+D3@2g)2<5U$% z8&(K}_Yx8<_TcT(D+x#iGOWg%v}(}=Ij?>~ ze;LBXJL|puXm0I>NxPa2fw&==|G>Zw6q>IBVI@JMfm;m<{>F_6Ugj`o&jiE(@U_MB zq~REJGz5Y9KKmrX{7$uYOP`HTB8y1-BH<1(Ss`wO=70X>;587U8#T9 zLjnjss4CN>;jf#sv$JOZwxV(C#4v|iZF$)6SU&Scz!+BsHm?Yt-XP`bdHn-(W8yq4 z!aQOCaw{wpk8^1srm(#(|6@CI3TL?RmgPqP@06NBVP5?%@z+4D4<9_kOF3d}@oiKi ztag5V@#FQ}(V8@JWq@}<;zF#zIbm5_RMpuM*9@8&wNX^eYVC!m_*|Z@J&ddn&G|=> zeA<4Pw z=_-KMwY7Z;m}aCTo_vUQC+5$9f_Dccau0Ay0vRo!CLy3*Y2BI>0d$aaNRQwJxS`0@ zgXQ%ITkP>E)SV$&kd_bc32MiNf8`3iICjU zOk2~dWK1+4Ux0dnAv5ezkUXPFh7?tCd#Vxy)HvVrdjEhp+;o;}BoUf=_UPU6f!phb zVNp_hDyiYiBwKUu-yDqD`RCxAMmKn%11OIJRYOrd+9yAw6}N%HoM{>wSYhP4m64t8 zgkbV@=+n{_)2(GE-sOCLek)?;eEV!$UIur0j;s3z{^A`Td#?rdy|X`0!Mmh@9%0<; zHhM`zd?N+~;)7*NQDu-rH5_7TZbeP^D#g!#3(wrEXO{p=@zs>)(WGYQhU z#`Q}lV9G^NwlhvDzQmq6tA^o=DAtM_VfD^lLdtvi)Y3B*6NN&gh@B-l7;o3)QnNF; zd`~ZQelsIwx9dosT9_;;F4KEzQ;*mf?;7Hz#btSn{$rP(fjDVPx_|Cw9guzZ)}tJd zaJQG2dDxfnJzq{xIPUUczW@Y4b$fv~S>#exSs6Ft{k%Je=_KM-6%e1&qm6W~1G$38 zYg@AQ;CsBjJb&mFxBkU%%K7_V`tspDPI!1|8iZ=)OS*aLfP@N2+czGVlRCg*QlE^@ z3VsI&X+^3{te^j4{7L*irPo1kL|bw>>3kod&!)^R60kg%%%n{X_H1%wAn_AtEDv{| zyGm#VPO0N&#+5?jC4y6fZ(7q|+%%bw1Q@UUzYZljp84_U$6gCh5djGA=)iAiCu1rK%WVy z#5<6|gD(@w41W{d+~&aN`{dV_`0${49i&0mfV|9FZ@ia1E{38JG|$}P#Hv!$#LHW- z13NbC#;60P_s^7PLGOddd2y$q3ns&~zB9a9dUEnwa3C|z3b2;B2ZPYZUBEK?X%42US^}dT>k415i&HO~jEG@dt+?xz78M6Bmj}9mNepv)s65 zW1UGI(|a@V%#Qx<`OK&AtEDyeA?QPcpzkyyK#E?32%uXz$@Eb>_zMAi!HnFZAjFVqJdNn6VB`b3xt-2Y7 zcJnfWK>7&D>MY4**18Ye6o2xTo0mu3W87{!*+8j&PakH%4o+vdK7@Y1MSKB0oZfe+ zk1kVwLL=wE;aBJ}AAkxE5c>6DHkbcB$iIIn*JRqCHSFGtHLEZKEhNMGvP&sE*Uxta zBz?v7q~KhEZo5QvjsU==nhfr3P=(b_ zqDBOQg8(R%R9(7d6mWKP(MnD;@4}X{C%^k#p22O-HO)og7J|7GbM9of z;+fO;m%qeWuevC1(enVx?r8_Pfv{f&;&l&VY8rbK{y-g~PA1c=aK>pFO~cH=f}f=` z8O)cqd$)zcF&LVoy)aC!@xGxE>61&JsgevQ}Pt3wF@{+oE+JydeSX9tIrIKsg3O>nU~X{3W5$SY?Vu~R8FS5%f>0XV>u;0NA%46kS;>awz4 zn=Ny=`0PFg;-MN|oDqXFW$ifP&P215+%%FGe~C=fA0aEw^aJg*evV`J0kr>`Rv0Hj zD1^AM34fAqq<|eBEN6r|9Qd;hN`mo{JdnUO3}+Nzw7}@;VUEpRXtc9^&vT#F8JA8b zN%az#l*4X|Tj*tCX=*Dw8{Ws9m5?%+b;QAw&|;{I*6X25!j>NJ+U-gjyeEmcJw z1vLFzHiDds71C^bM~}1gSSh{J)$<`}XZJ0e*X9i1RkBMNJ2REd(@cz!1w$)X(DF|YMcHRj&erlK1R5+66A~{wML~|H z&r*%0H&{h9%;1!6q(v)0C}J^YHR=*=j3vK*QyyLjM1W7SfRaNPjku&LgdrL-7}*`3 zk0=FytNqIk(<1Zw?9bhi-XpU0bZg(qGcs=TBf(UIRNU(GUSOYa5JVpN9SSg1%YH-4 z*9~<3my55b<{9qHz9WL@T34n+rpmlDSUC}K!vX2L7hfMv2~`EuFb5pvC9H;4)%T+g z4*xe^TZiv^Rgmb(2N0E7sf0@&T+{7LdKgjUaRiz#NUW>${uoQMH&wQ&NHBzF7azPk zA0w{$ha=$8W16Vd-3fmjfL8C=fpusN_VkTT&2}tv|Z3{TUGdDI+ zlYcJFF@M7scgE1+GzpIZ6?;cyAwKW9%4Mc;OCxZaTHv}|tZT@@e+HE^ue|xX?=w88 z;=}E}WsyoOtR_F_D8L@pnUn+09PFjc0q#OpF>R%ldUl1t)4W7j>-k<(x@Gi_P6J91 zgCOFaW`OB)YkSaF7s(IcpD-~Z_~1V5w#})MvWgH(WT2?1mZ$jQrk)>rCDXJjo}*CXuICXpoXOrg=pkZ6Apv`8DN3+-qwnr zgaUs97*ocMkq;}Tp$By@%w{130M4Dk!L`Hau73b|{JJ1)drJ>EH>NHY0){eHU?V@I z_%n?HVwEKj6}Wp@%g=5Vnu{@!z(LBg-y?oTIPMi}#l3&qT6~Mt1QY{PMXr_Jw_!(O znm*VB#F_6RH|?i_dj27AD>8$+is`_xl?CTcK1s5m<{dbi31~NP$Ft>>v*HapxNBmp zT`?CeWa7g(d3#HTn%V1<2!E%^LP!^%L_eG2pW3;v8}rK%$e!Y7b|j4pIpNfRSS{P1 zVNJtUj0KI`JJu0Kxf4)8q?dsQ(y&jr_?Yb>^4ljc8(dgZ2KOIvdeHXe0GvE_ZiaLei&hVFj@l#@sNWxdI83ycm798 zUANKZ>)V^jsPYb9A^4$ZB=GZ2@wr)=EgaYa`g6Lr6t`xs_Hy})Mf3ILXWdMe`H8pw zwZ-B$KVuqm4$gWR!SYvD0$HHyEIptEHerEw)}!N#D_w0!TAu@Xl;b_IsK_PRVV@)p zuPo8PaiNp)>7uFPdMbtPZXr{k`bWHeH%$`2w!=CZsk*zJ!iPKTP*G9soOVq2nn7;zI>@TYw;N{uBrqN{+5qCEW zZM6ybygW$+S55`d2IR{;8Ub^bm$%G`f65m7xpu{oCXY~Y5@T8-*8{NK^cK0}KCw#uYv&VyVjC*v_Z^fATp!RRKb;Tt)T_N54Ygz< z>-$|zE>-Nl?V-B-J+HYwSvz-~uznn7bUp7lyMK6mSQb>cJLn_X-nP8cBK~tGdw=_Z zaIoj)s_a#|zhc~B2A&S>ZDol|Z;7R9+N0`t##Z1|R~E<27f@RkCGCbr$$_`E$q+^x zHDmrUon^Fqzbm<@*MZY6{d=8wycq_29W0(q98g6M`pv8aJv;>i&7V*vF@??8rQ-Yj z5@}sLAo|mL9tJu@8e!A+t*zDZUdJh@>cPfn;_|`h?}lI$v^0i(|+b6?3acu_tVQs`R2y zyjPJl56C`mPo?A&F8(65S?f0VX>oVpH{9Y2H}-bIm`NR@?SKgOXATtl@+%rdZ!Gwo zzN;ps)nuMdA1a*{>cQ2JTS}DQf61T6C~024f2ohF0|<78$2F}x1xw{@>oMAF-dHc* zYO^0~wO|riZoj>~SIvS|IZxN&ACGCub@WFt;Xtv-pIXIP-Fe7ik>F0&kY6*%GYz-x zev7n|c%7Qj8o59^XMeP8_D)TCzh)oX?30;k>*-#--1#*Ebt5~-eeVS|as_oe0wLCo z$);ke@l_U7lk^$~$?aCt={o*x9|fWJiIK?~fA{u)^!9XJ{iC z@-tzf?|V+ijqh}nbV8=iJl|Q%d z5!QH`v-uh}$h`56jubw(sI<`#bz~bN-})N zVtN13SrML^gHjpMVb6_rA>{5hYAF(%^+5KVYl^av^=ZQ36oyg(WcbW{1Z}@SJ}k!b zTER{Xkp$+%UIBkse@P4wHWfp{mek<>$;y{U{av*uDnp|}hLCr}LK76-g#nK^MevS@ zffck1A9sQ(nUKZy%_kvhJua@l8epLHQ%+duVjLY2?QP9pi$MB>>EY$Ub5GI^y`cw2j>D*bW( zTJbTn*Vgj^8UwoB0D(3Nsz~;TOL(*+>Dgc_k-> zzjwZ`eD5!A$W5#Mg>M9c$$5e@$e{ta&sqo^pXhvZPO zg}0*eBrNUY{>)G5`e=$nU@>MBgHt97t111oU zkZJ6iK4~cMvShvgY&jxVm2i?6Fl|RW@`w58wv{3U*)hb20?P}bMR=d69`n5vUe0^| zJ%El5noA@yYw%aOlKFSK#hVgAFz#IKkrv5&%>Epo1!4rqHEz_^{00PF*U0<6eZd$} zA&N<%#qM=XxJsFV9yF#?q;cP62v=9%m}hL%KNeB&_%Qw*?M^Fb&mafi<#F1LqFpMq zzOKOBef6~dxN2>%!&f{z2&fUwy~IUjjjld>*5-1@B%9wi)vOAM# zLxEE}ML^3tusI7?n{t@*Q}|LMFqdVi4$PV5>AdbUw=XO`>rphfKKWxj1ZgIoGpVRK zKR<&5EweVimUVBr*+~lcm?ZpG+NY#~r0&!X!WjtwF!=-bL1kW1+6lL4IyZ=J)Oh>Zi9rlhelILm#%LdjEc;Le#v~>ai-rIrRXsAAbt^WGftEwyNvFk^`B+<EY`%t)K@h&&O)={7{xW_Z0=sa4&N85mSr*Q1^ zUJ}DA79Kd&OjB-P>ZP_H8Z{mI3RQ|I!^xQBoVrQIOs?bg0<-k z=VhzG5-XiIe7Ks*4Vf_ir>UF1IK|zHyBF6W z#VJtS0>#~f-_YOx-skd#lRdk$Gqdl`yPNEpLr&5~)f%f{&0jaLck;o^Q|dv%6!s&- zS$q@(^M%-Ya{I|VVbjlA`oX|}k z(D@k$shkHV9_r#obPKQ05v8r`9h7!(rHph#J3ad^cKXv&+S+0?mOX1W=I5zO7JgOy zjyt7O4_UH&=YrZ)T|4p?bIw&G@S$?#CLo$x_eql77TlZJSrYelWcq);h zkWWmFz<_FvieAil!5qYZR--%L?%#m_2O0@Ak8>%Xvx#Bj_qUTQsHSt!8#;k~Tw)E+ zn{w+P`@NF1yTG0^P_$q9euI5fo7_9i8sxc7uI{OE>^s3oz&cODAwj__QPKAch?u|z zKOcAgLvv`B9&6x8gP+N$36F~ar8tTlBFe)h?mpIPN^nHN^@X@G5` z$BIV4O@|Wf-1Bk2a_db`Zv8;X!c(V@bw>yt+lXU|AV+1da zN2j{fP7(p{3q@Cd9tm%UR0>w&tTLbM*unkRsob}poz5wHaX-j@If{v^r^goat4g2B%LwApS*N4eQdoTJMS1zKEf$- z=M)lbb{9b9TugzcZ-P6EoMH0gvL#$q`(>LQFsUn~bknhH{li{Mr@ds-3|-~V_K%VL zQKklrTXVJRk0uMH!`av~pPjAuIpXu~B3R`0B&P)v`I4B}^Y2y_Z9Nn{gq|9rI}ICj zR7;K{n|}tIxiELAG=(TQ%F_B`xAfKjtq)0UZoS^~-}0a*B~##;60|z%|cmPbnyvas;9r{OI z-CWS#!_^P4ElKjx5wvY7W|vheZWri8v4QOCMvq9h+Qjr%qM}+6WP-(^0=jf`XzZ9VGa4qMxhV)UWsssfWIywjMt5Sb}NtX#?OZ!fFFaP@u{QHdGToHVVuWcl@0!z<_`@wyL5 z{N)?@KAvO@!hNTJ5BPi4q}m*BwGJSE@M?`w&0)r(II?0?K+XG4&T<;E07oMV{K1bq zHDBEMHQtdsND;D@NA|@%T>X4gQ9K!@6hJY_SwHjRXQ9P77o6(oA&sddc+*tmIoHA@ zCpHse8mgs9gD1Ej3=3^n8ks=HB&@?32IBfYWYc02Yf|~IaL@3=fB5<$5;HPPSNl}- z_3=phMH!1t))twZlm28PctoFCMo*D)klqk{{c@QCHP%Ix@Kxpb3|?RmhG|}#aIcO> zH3%KpWbB5pvqSWj%H6SoMTf`i8?@sAo!yP6R~3|Qgl5cxqj3bnZujwzjBU~-Vop5Xa$qn8U?#=N*2?g!kPkT2S^D~QraA3_6xWEM?SWUCk- zK3pBnNrrU0&xvGFgzH=d{wnyC^r5g7im*;~jLmtZY=wuMNl6Ag%X#T$BE?(0D3Z#V0qirxA}G~M5OPgqFdzf&q|fe8bD35EU77+gZmxI^U^OUh~k|Eagp*yJsT2bzM_k%fGx4Rg0FNF+x8Jf{Dex!a3xV8%C}< zVA~N*GQRK03B$4V^e>KwXyVYW0(cIhC8gD}@$i`V7O4J{dluZ zJ1hU0iA9ea-~ECj5n5UTFf3BNXL8_2qh3O_N~#ihJqU;_Wr zV%kax7bGccNC1Et>!S>Fh9O)ZY9>l@$oELo?P;$ciB zd)WTqO~1!>!91a=%ez#pbB`$ng;7N)P0^O2N9Z{(O(|{VwlYG|oc`8r-csMzR>D9D z+kMo$XXw2A6*?lqFb~$ZH}sIY0TmYcg<&gz4>;*{z;&8)Kg2`V`%1GsZJ?<5|C)?P zGNXx$fAPyuFNf%zw9eH_2$4Qwd<;j3E4LZZJAk;dG~9Ggq1P4j_|bZhU$|_q!wGej zU%z+%gLgCWT~KB2rSA7PTx0-K57) z+FrdhUwACW2I5vfsW4W2LSR4U&Yj%a>BnDr8Zg{^8qMmYK1_+TAX}04@llwg-#o}I zI5uQ+ZQg41`t#U3HnNCi!Pk&V*BX3YR3{@>uQ;eE_;Y-03S#@{K5Ehs?k-TZfYUlW zqBk`1v6E_KjAhs<5vptT8A+e1wg?-k{zYSdUol|(2pnGo4%}bPqqea$S8vX?)|oH- z^F?L4VHHIh|1Pu_s4VE8!BZy|)8RzBVE>h)wb)#-cZ-!k*oKQ--UIUfg(#t;hM%$4ar@JA6Qd^u?cgVQg02ZTKaKdjGn&QYBzg zTvr1*Ht2`A!MWk6AHe-oh<%_=kc9_9Nk>Fy)0D4dWiH58*7C?MvCTGiUiMT#UvPal z7crE;<~2qmwagv1>o7MEvAujV>~a;-1wGSWM-9?Up@+zx)3$5VKoFO;lY9&D{@QGA z2V)HIH`wbr00U z6jkY`XDJ-UTpbT5XS0vEeAsrmA*O__F(-GJHyx9)2r)5|=-iUTUVAz5Liq3q6kw63 z0_FjB*{P5L&wD!flhFf*>`OMF2-?$T&-+0e5Us`GsVvVhwu^^FmUahTBlAAK#p8-; zt6y|#ddS{;ZUSSuPf z0i$*Vm4xo^Q!R_K<=ICP***F@_#e9G>Z%6%Rb){$ALUHwm>q?heDAmh?z7un?yTt- zH(Y!+M=xzEm+q6cV2tO2CeM>q;7mOcQ^Oma(dHH;MWaX$)xO`p{FcA00dX zc-1&-V0b+0bA80P23{dM_6+FqXj3Fx$>@W9yWYwKGi%7>BCV@c^N*fX19*Bjzfn<> zSe>g)oba3SOPxb)s6(%ezIG&`{^A6SIHOl0pZlxg!-$gtS?R*0Xe!)D_P1)I2*w*IKJ{iW(R=IHFYgD z7U`L~Jgjb8lmh2_vrn#7qdSa`v-$rYoB@O$Q%Cv8j$@N;h z5Fg(i%B7iV`JBJ`CR*G0tS3;_ya`aNr>OA4+}_rVDZkN?JMeo<-(pu#Ca??&?_d5lM5B-KGxJln`(JP(A?eQV+Dh-JtG_?3Vc zy<7+oC$EG`+K;JFdEu>#ca|`X2$wNn2y}TKzvJS}4I^rnIT5Nf&mCX$Nd-NH<(oD|I(EB)uqtG0!-Q5U=hTj^A_b4$94jYk=`eh<(v* zdIyutfb7^wg(YlPv&!J1t&onb-%v1O>E}&-Che+%>UT-(-=81smH`8bj^2h!B>uX8 zpy6Ihw$}FUpkyL~=oi@XoHl}d}h`B`03`S^2$Ch0oqly z@uNqTcVoXnT`kge;^f#!vR-14O%W(KHZ2t75ac(Fb^+zVh}pj~po^5=i;E0Aopr4D zGaWByJ;eKAQS82D1PZJ_-I@B_9|#}0oQV__47<0Vq}`g2Ba~sz9l$xIIY9t)x@76t+5nD)lV=8jynVF{L`I&?LIm8BuXuJFX&*Lu zJ`EyFjBtfO5q4us_$_*BUcbK`-Th4fd8NV<8$1~aP#oleW*hbaiLVfW-FKeyL+x`Mp&wSF3 zO?a|S#R~^m9&P%!RqJ8b7^|AF^w4o`fpE#}8{b%l7l(tPirm`j0AGV0KoM)}nqTy3 zd%FA9Uh6{odt^ww3jyE6*=8 z=`+4>2cMFEM3WlnPURh#V^^7Yepjb4`)q2$2|<|0tmeT`;Y#m%0p)-gYY8nUzg!i0 z3!378Z^;uQgb1-M)i0zTI^>4ub#x35f4ocR&{_wqdV@L{DocPJ?%lAFg2TYtWZ;EJ z5-ltHYBk4dbHE+mhVeWpbi^CaM8^I;;n0)+;gOu*&|%Kfp>AFU(7X3|mYBCVq^doh z&zY`TDA(!uq0hmsKanUa499+C=<~>F%vx1;HrXQuTU+JoCjCeFQsm}zeSIpM6pfiM zgvS!bWdS22D$Oj!wG1wOTAYU793WGZ!k@pMG4Tu#4w?6hIF!=X^FPN5Jr(ainazNb z5kL;nvK;4^SW}8PzTJZeH60Y@cQU zj`K;;HzOAmSFss|wg6971Y<$$83Wnhp|tv(W^K}=1=x&_x~8zVE_Ajx3zngOXika3 z7169aMQ!;6tYSgw-@}t+-0dP-y>r68la%xL$vBiXK#ceeJ>0(dm@_!|l{IBvEhkoL zR2()EKwMnp`91BZqU#BR*zX}mo(c{7d(glD77{^z{(E>bskg`0mBU!g;*B^4<}7U; zN-fFS!6Fn@;72QQ7Tc_k;V*5de3U7E6n)^L$R$vZW!hW+DpTJ9j_nKj+@QHZ{VQlX zZ|HDmV$X!{hu~$DcY}rf_<#1eoAL}cFL+f4NYCRuR$aV3Es!_ztlaQm&2W1H{E3MV z>u9480R>~^Pfw$aX{gEHD$|wJMNY@!ej^dK!qVmV#`t#%V%HFatX~|ZhK#4luE!u4 zGIE<=uT%GP9J7K^w-5NZnu<7H00c3d`edCBuG_AXt0m(0D2^fye#4~Fh}8@3)yRZ$ zTE6LyeRb%7l=NOCgECNyd2b#+zDd*7Y$uD7m_~JGVKQ$W+j>s9lw}D}euOSe%QqGX z5c=$p1!Vtiha;CiOv&S&i#_uviX#AJuhoHlSh zsA|{+befg$rzWEvDqQG`3=HP*{MnI~HKDDoZ#3UAP!jPD78a&L9YDIww~Q+L`bRE5 zn}O=?jPSLZbGWpX(^q1NH{fuA{AA1~GHVS$5<(9@zhtjK6mE*zY3Xc)>>H!cp|%xp zk7=&=A4S)?Gf=3i=hqbZH||?WD$btD!%1-uW47nN5%b3H5D9bK87Z^txZ(`9LLYO{ zn~9@{Qd%tht76ys7Udh1*G#0i>Q!)$)LT%a<$<7UbSPLlLTUm2-QHpd0!=r<)`w5| z)m0_DF)f^~FBV9G96YcVgs&nh_xS5)-`A}=V@)imMaH0HP9LWz47Kh3F;R)xTWtA0 ztW=@3SOx$m!oU9eEagl;xGj(#Cp#ZDw6L%QpM5+Kukr}!vEP-QyP*$BkNK!n8%HlWUDUnd=r%i}BfUr*_JZVS)!X4ZozW%!p?u$-wk%VChZ6#A z_zYq2`TTy{juf&u!k^spJXgI5vO+kI?P8Z_vkpYvf?2MIh#5XNon;kni*Xas|HfB% z{la*g9%Q*AxJKR=9Umg1>jFPhMQhHvi+Mnv>>^D)>f4z6PDIB_`jnO0)L=KiK&R#5 zb)*{Qf$4fD8p-6dYbFiG)jBmQbQg*64a9$u!d#Qw4oFuyK$L2}!T%u(2XOqDN00?q z!XjsxvAD~Dpjz{5v;eI^)&zkAZ|u~^d;)_I3Fkg_!1zSFG>`w1aS0g)xStbrt)vm} zK+)O%?t9h=Hkp9Vr|5Y0k^B|xNg9#orA{1t=~@lU`e}Ea|U0KHRa60iR=$+Jmnbccn?dw+bmzK^V2KD3HQw|ib7mo~`o}hjfFT`aN!+*+o3W&ZI zd?ob&{f$QUR)Qi;tGQ_d@k-9m&RaZByGiu{|EwXp4 zL)=`hyDarJ4`1#I+W4-zfUhCHA%y-@PKVn%1KWCyj!rzYHM_v}bJ!VKN-t~LDOZfm zlf{Fo$2DyCcXxV&!}y2g1?ocQO|4%QhAulTXD|P@&Io=-8BIn#H2u>E7Qj&4-WnEN zG`uLR=W}JKEil zE-xU*kFLb;5KIBdmW50rcbu2zp<|?C;71$rIQQ@quj;~-eO=G{4_S!2f%xwsnRm-| z&zI%!Q!>wW;8mclmKYsAxc_cr03@|!3Eo05dUW1xL0O1Fl=%J_tBx>A2)s5rK=Qfd zHN=<)0EQxgASc3X#K+b>aDO;*_J@04^!5OWbyyw2VbMXj{&k*q9QFqw>`4gZXf6`up-$5+zj7Dj_xh z;YLd@nw+p+6pDoub{SUhgn|0x4=w&`02yt!UDTBcY|iWg9Rz`^%^0beWF3&YrHZpq z98I4}AGLSRVNO6=sARhE7puOiGp|m{*Tg!%6&ISn}u}n6T21=KR zsOI;>%(FwORZF(!-T~u1#F0tn{CByMBcVTeIP!vlc34%IOvWywJHA6z0f(dyyDz6X zl?B}8k}MekCX%9cIB^OjRXVH?$E64CTI#YLJzYt4>xO!TW(v zBaHqFJ4jmPK5HMu{Vd0w%NQFz`kR+al=j+n>f|eVy`&G9UK}o=jVS_r zq&b#AhV@wvS*`sGl&P*RTZgsdY?83Z@$Id!Nd3F`@i|M$tK0DHoios?UgVWS6IJs| z=r6Q?@Q*&0C75vF(mR7q+r9k<8sjEPxC=%TFuuVj2pqmg_>ieg5Sc@n<+J9w9K^g+ zKyc{j^GSPd$WaXPAbr(SN6s1PJZ~k1!nGm! z#?%(~4)=LN#ZqoTqg2$F6Y}L7bUxQzOQ(*ku?s#o`-=|2Q?W6M#8HyAfW1TSAu0RE)QeXc|J(HELR{jvJj(2LD>kK95TRl z$e!nnBh{t;LxeySIASG(tYK=}4cC&XoPiPlS^swRgu#|>zx1K`R-BXaf7Zy?&L z8^polbb|i*Aas`nQnsfeW6v=?9hdg?x$MNJ{G~scKO?nH;+Ahof}=vI#6JwTsjfYu zYn;&BNQ|2Fd5U?>7R{nq;ao8|v7Y%!IRe*3sgjO<(ChrO_W^C z+wL&H@W_$TTze|=E&ILP?4``-Do(X6qm+l)@3Uvt%<1#}g~TRJZGBnSIrts#;UO^) z+E`wIU4N1KbNSfY(;z)gcOS~+751Q35pq>M!e8Z;y769HcHX8#_^TJZ@-G6AV;yf3 zr{T=;0C0J`Ze@~#!+x;#WT|ED0qLy5QO=} z*(CTxh6iDR2^|?R2C)Va!wXmZN`d!_@_x@RH)2LIFMc})I=KKPAis7z>b-^W<31;TB~H9*~- z=z0V9lgNL-dS*AIXR)^|!~D6W3Uz=?WW=-iNUM6mmb(P&#{zsk4;hcw*YzNmH7tk}}c1Tgj zG2oIM6`zJ49&d|MV;b)tE(7>b18$R{ynbdB=n%7E;Ff9H+41@I?vA-*T}e(y zsHoMe$#lVTxHn4>r(+sxZ~nx)ttExkl9Fi)y}U{03Zf2x)wG?6r7FP6^C zkuW&8;dRt}Qk#{bO+f*)NYe{nU%6njzOA3{xZCmkQ6AispS>u=l#v?Kgu_PkcE0TB zfR)#U8#9m5Co^4Pn6d&qs;UqZpIuhvq!;{i@!A@#(<%EYyWQtOn)vYLixsu8tOlwa z6AtQ?euU{YD@1()=Dargviyk4G-WAlkqqU!UJS}^X;*-MS4v9C0rx$_m5^_CQNdF0 z@JPz+tmhcGz;D4t>)~W$#JWcH=k=#NTdf-8jc^~YGdv5r%6>sgCLaQ5_v(Hb1}$U| z_>OI92Xe!&cURQ^4WCbmbg*}fonUO5_$#UfOcP({6UpYvRd|6P()4U&;F_(?OFS3e zt{iX&>l{`vZb3%}mR`t3DC3CG+k1VYr9;jgv>shyrJ2z*u0FfmLz@!2;X-nb1R{sO zDZ_y*&BYwM1h&<;Wp&t^rpBiEjTIhY?HZH{pm->@ndfer1tSFQZz)AHx68Tj`N{E` zISA#DOUdV$<(_f}1H0$Mzz7szSuQew|CAa<$sTeM^R8>_6Z<`->lr<}@JTgOM_)O? z6=a*)yUx)gd1yf=s@vl?ka9rpecAmd0n?a7KQ;)FWb#E6eeWQUEh7-n*@(6Zw4i*&yxrAY8nrQUG4? z{ELe;P`dfDM#nO>*xZ8HAkaly-w=D{E@0)P^N7v2p}JwIN&cT{Fh4&}ei~w0w3`T4 zG$A8kHu9ZxRYyV#X4c|~u`aj@(c(Cz;NxBz^*Xk9uXv*iB~rEkgTo@o!SjWM#j9+_ z5LarB#^MF|Al1m1H>HQjK#1&6P_f=F>6z6XAmZOynQH}n<%&>YThjYkG5#}*8WNMQ z?x?@Bh;;#Nmmm}5yN$Yq8@!%KB>41&ENcu2eD)@QZY4SH7xMO5O~-}rbpbZ&bq6AP z(Qz6W5$8pN%bT~sf-vmYe2YXF78lt!ib=Cpg+6vK98kD3EMa#5$YHp)3*ie`)W<+{ zd%7eXt`9H5TgX4%AbfZO(T;BBe@jm1FJKx*Ao!tsfydW7&JDYaq%>sZ}=iqfuji(B9OeB=>B`{e};F z^?T-Dzi`{MW1jU0_2788q&EbQMrMvf4opkGhVhtp(c*Ue&LSRs=-_$F#?TEbX)*w` z5V~I{h^9j7GhRM*%~8o_O&%7z;sgeM^5+_W|A`PiMSSq;-rk4kOVmf*k!OA$=PVlog zS9<#C2^5}hV>9=jBrdL=?oz{NTezk}lViE9#mUT`lQW9Pd2@V^1OFqeaYbfp_$uzE zB0O(!nUJovS<8C+WbYtr?}6RhbzLd1L+HTnqYz=geGy{KfIt+9i_m!l%H_1ywCxJX z?;A4hM=!|g<+b_%)pM6^4iH-P->8hydz*eY*p8UHwx(5lewRBQ{>jtyfT}ss1Y1AC zd`!H8%*+H|XOEjN(B`Wh(#dPcqccQTeaYc$4GB;|9{DiB>>!{td{XFxs)Ld&AfeTX9XAgiZRJawkXxKytbOGgx7~IcGz^ID7^n~zp!zyx%ByKm%$Lf^_1?iup@F!wW3v8$$zhX&(anx{irzRGjnve$ z7kLlKn@Yl+y?8ZJk&5=c43@wLDS?k6mj%MDRP%^;1zzQ4#DPqt>BD zlwDK`<$7=B-EMAoX~3J`42*MPt%_9?@@u77RC$tyNOUYF3FdrpR+d_1^BDWovaChb z`~(={1<~fgV%ykf+Y8sR&j{#K9fLIcvS^wnIe*-*+uxVF`b2A(Tb?;EHL{^M!%xdV zJATeR;^XCEIMyFu%Q~Q-jvrkU$!at^iRk4HB95`Pyi3L2s@LL=ub9uEU5{ZU_J+vQ z8@%M|DymYJCPS=1twy6#JPF!)XHq6Ew8*4yAme_3xzF|Ro-C9dQW{Q@6TH1;oHJFC zw)=YvCuTbOvGX^*8=y>n=hdHcGN*)DBTi*hZ3*#Y!EF#lOrw(fiv>O$tu85~-!BbE ziCvn9aUaLV!h1xDK0tr0yFW-g2QF+yTNq2dX@yslyRltOrIsm(7GvY=$j!PZ&RoFr z_lcj&m9y3#wPPZEHojP<`vbV76#ePi^z=f8mUul8HIQ(yrS9;U{2?(mwA6>hR+he zuNF5kB9+qWiZP71^X0oWQ8ckw0>MZaV!hi7%M=m}RQ2 zc5}^7&CtQfmCR%U|8Cv0+PPR$y^j2Ts?}9vbNA~iwAzJ+3`u_8jW);4hM_yOsrgJY zHe#oxcRmfM9$&yUzb8NGq(EOC(1QGzfgaQRgHm{(smfNs-;+i>#)H(E5G#7y73v|c$60`H-k?g-t?B=H-MptcQUMQN=;;-HN9qB(NY_qugNX! zoB|@Cvbe@Ez04}BJpD(Y3~RCP5Vr_|IJwZI>%0TH4pns%m^7g9^Q$w~jXLv!wb+|2 zEk`DT9Ond)DF1Pp-HXp#<<(sV5TAFE>AYLDjB0qevLH0+hxf;Y;AaL4TrUB{yo||f zMIC@dmZ$phSYR#VfU?cZZ%QYD{)RHQASW`*p6nbiLm9cLW0%;CS!--#<0H|xVxAs3B71B) zI_fBFUtN-Z82A4)^E)<;jri_g{f$+|^7$O770+9EZ?<#5C0Stzs}&Dnv>&`=AP0)i zL5wsfm%p3@A(B8y6s zGiQPG%mV`hVvWyrS@MZ*vm&MtEh=4Pq=n}9)%yn?r4N5=U|vfiBY)PTV)0GBjm;U$ zS2@2;>33j{@`G#Btu_wKM)Fti^iz+wUwk`Qa4nEHc97p`joMhjUk*h%8`uWw1@l}b zoO-1~r!d2Gf0!X%y+w*#F6d~=v25CufD}Y$XJoC2Lf{G)mVy?Iqvf2Za5AWn!gjCb zcF*SZwz@rtS74g~B;KSt=TCJb zv8=SqIdu9)cfZTt0NtVVoaujhC z;=ig;NfiqxnV^X`2%v(brnP@J0yzpBwz;ZZ{fuCUqOjuNdUdM(X<|_CJ=;z<$=8@* zjxY&RK3Ci%+K}RVwzXraUk>A<9{5>UADBux-zeMX%Bz&vO<_`?>OjtIr>#XK)_;g= zv!c1E&&%!}v2AZiJP$l!Wxg)U?gg|3J^~i~7KmFV*a`tj6H7&tUFF(n%K)|{Bm6-2>;@wW=ZAOd9W&}Tub_^=hGjMEk zcSL};XN#wlr8|;q*C`ovGapVW=d-f3>n;3;9z>9>&thiId3N9C(gPW#7#qW=Ev*KkN{JGi1ih39mk&2uzPQ_4p2?rKCAcPKEWA%F8Q^0suxc7W>54LJBqPN| z$iLFwp?1(h3JQyQDz?s49AIK zen}`Cj3gu1X33~fE_(H%ZAVjMgav}=nG%4C@*KOm)!-1Tx%|r&SlB6WbpuU2?REV8 zS*7J2d|UHd4=W**mSb3m3tKbza<5mw+gwuP9Fht;%PU)u{3uA?8jpCbGVvTGj;&Yd zX?aHnL&9ViwHY6TF$)wcFFUMFGo0`Vm)@|o|J8kqn z?;qGZMQw%-be>v6yg_8(6(PS{j~tx;f@0woz>srbGu`+c9z35%O|F7KkiHRGj)4{h ze=!u#mIoK{`M%^fJ2}m{eN!8yVA#JdiO(5`41R+<8@CsM%@~dU^)fJ>0ChSy(xeF5 zLjDhHDTHhpoU2DB2Upk6&VUE!&Pu4}H3U3bhGSX$U#uUP79(3>cdI1H0?M+r(>F2X%f?Bx0k2w3y+OG8=DpQ%GrtjfdYj1ttw@)-mkFvq9ghj z-!6Lv^e3~q&SDaSrf*cHU6KR?V)LD^X?M@|f~sUTTl8%Mh+Ee6&wBo=32s>mVDfE* zumFUSn~+KV>94EH>cf@F!GI>yeEqZXTaDaHzj!?}w=yQRWR8#E(R^ta4Ry7;!d60n zp~lDG(Z~PB5S#@TmTpd6pPSm2Alm~!Oo3?o?k=GNeeo*qiVFYp3LZ&NBIuZucre?x z%H?`aX8wdKzEi%yzFB_$BnnISz$De-px0#Hm#EW$kKUu>Gl*9A3t^7J)lw0m@NGUZ zp<^yHi~((NlUm(YaD|z$tC^RQr$+;<8(<%-?EcU zlNAwM0?x+eiB~M?M*H22yLK*c>naxf%~zXijTZ~zJ>F{o@Dg>BH}<9)bTT2)#enKa zl)#rlM?QyOwANv^r64#qQdXBw&;e+BM+FB9Y~FmcKb;}h=VMiKY>Rv~<0B^zOIzWG z(`mzg(tS)Q4fUfpb*PKV>Hu(MvG|YeFGNPh`y`HuwA((r*=vB#_0N#{`JAQ2-t6pi znuTuoixDdX*F+xT#16?NXp3?hmnlkyS2@Q%-*D|cfoIOI{0Bw+$ax2vgqz=%Nf(3~ zf8STTYR(4g79;ibI%nF&!KhgjW~7qL2=_p-g(U3LBah5;a^-RgmI}5+0?^=+j*5T{cG&=liv(KSe~dZ_B;y`?dCYLua}!nWkl8 zn5Fzm{zRFSN&N0L;c}h`RwBo=nw;s9=a836gQeeN%|4xsjnsBc{xMDT@rfM2Ml`m( z_NwQ4;2C=_uH3#Ey{OYr(bAV+!MRk-3O2ui@-^tIm3L26%)(>L^MY;GT$i#FRTizv z)-w*b;?-)DZUQf%g)|GKGoOypT%p$~#ZgCkBEP|`(SbhT{PG0DxQV~~>sCweiI+bj zb{8{R7uQ|b8_L>yOmFXR>?31REb2_zn!*d#CZKW1=VP`_F!I%*@@Up81f|Qw_)3M6R06?I!)0qYpw`CGh)Czj zvifi@n6CC!VB;82+kxt_T^wa>kF4ai(YS-e@DV&4j$W`w?>9+ zh`AGQ*?JTkst#HezF^M9y)9uHleVmKLqpJv!%a#3?4M;QqPgEvg)2PuYC%b%@Mex) zNAuLrB73+;R~0vUJL65yOMT1=gm! z8F{13mg;TF;g2g?5WbB2hh1h}wCi*3oPZ~c$M5MBf5G<1_3GOAOk^_T0^Gy2u)75^ zAjC^Nr+Ex`Q}eou`^T@d^hz0B_$x#@zdc~_&Y@1|WP;Nn?U)~J8jF#7e7w}ZHQ*rW zuL9eO!r+W@^0srvps}(#0duRzb0wu{_zW-Thj{uV6lU?0k3CTy{Ctu6r^cdxMvt{ zJpKg(e{P8jmWUk9`sw!a-yFUEM{b@$s85zO>BXdeirI#yI?d^o#zJWdk1dX}18V5c zOQDoIel++$_>Lp!nflAKk9<-HsFOvanRT2jl*aGl212?{}JT>cNp(H>=GrB*R9Q{rspnJoF=M?kd4FDwTh~;Mn2JvQwl4Jsx~Dax zx;!|FOZ6CHd7Zt5XWJLZJPM{F7%~teRs|T<&4g#B;9Jg-|E~C6!kyMib$!~1`;_4o#S3aN zlhxkut9TJN_YcvtW*X@ZDqNp)_bF4I+rFVv=nSa4c zwVJV$3;2Hd;$xNAK*uOk3d=(6D?}LnjH7R`uUcDT+Sy5W^y@wNf;aexpti50lJh?| zTETP&QHR)Sv}L6y#g_UB_ScaI3CFT0&huP(#sT9=Dy{YSgPZOV&~sr3OWNXn}=i(|&K=n~2%Lhu2>U{57xpOTeaSH3vS_TnwDs zUt=$y5-t9evx1*oebb#`TH>prd*mCXcYf&4piX&9D2NpFK#@|J4TcAdlho1I0z(SZ zG`Ry&>SuB^;(1HJcKjH_d@Fe7_r3e+KI^fC4|YBq=S8TNHt$7)2_7*FrkCP3R|Jzw z2heS-y?XrTtsKGrTh5`vXriXTFH*@1lV^b2;Z5CW>PPc8w;z@c-A=~7MWDM)9qcNN z($%Y${XATNHe%ZVxNSy^MFJUYT8p*7oO;ij^%Myr!Ewtnl+tAZc|J($s2lgE|HmQM zQwd3Nmg`#OzO+_DI?f`Bg!QD4IQ%2PvuT8db6G(4>sa2}*MdEOry;G771lLC#7M$0 zt@_tYZ3`F`|AxNBmeJSI_12LrS%lCBI)50?@}Hm4wEaCEeZahaVuMMT`j7Rm4ebR` zrd1PtU#91AUUGyCyuBe-Yv1DMcXlHExzg|n6w_Pl`E9i#k{zO&8o}NU6q^T1WQ4E2N&Y)k?C?Dk zIzKlm_hO6g&ADK0Uq4MLC>^q}_3rcyp&1M<5T)-q9=LR(f*aAiDO~&beYs`M!TxEzSi;*)!9@6ZFKWao#IwpK~z!wxmLt-u|2=#3OQf-WYEQ z5|Mg!`_FqwRHlF}U8qDAVWQ@S;r=5NV-dM$9oXY^1>Uj8vV#d9N6n>Via6{)WxCYg zY?g;}+e~*PghNTmzH<1@d&4r`YLEXmr zMgaj9*<584p$JwyyW0*4=ymKO;f&gp+7mW{nF zt9ohD?`>m%g{>Vnoj_KvPQP_CEzQ!%y0l-*|G%Bj5&=ZtS14C@Y2;rNhO>q) zs1?_bDLH~N`gtksAh^3jg6rb$?u!$2@dcJ$ zF5myY-nTmseWvTo>8kowbyaosnMh4_1zc&nPGuU=$QoiI?cll=Qo- z=Ly<_rmBwIyLa!%$jI2(*gna~$ji%*jg2ugGjo6ZI669t;xjiqJlx;kKR7tp+1aU9 z{wO3QBq1S{mX;(`Q!5*;0#u&^*KEiHF< zcSA$NmX?;}wFIWFu3lJJ2m*l?7Z>$17a}4e6O)oM*O2k?@$BquzY>12NoXkNL#3sq zqobqw1qAHv?W?M)oSmJUo12%GN@QeYf`fz0%F4vW#lC&}R$E&u=2f1RmF4K@$SH5^ z$iHeFSKM&8xiHRHzWh>dZDOp)r#ms%} zqrDYfLQSh~9DC>r`i%&Hv1BeN9#WJ&{)4i67W182g+9f`P=FUK%9H#ZM@Ut>CUa_XsD*tyGy zzvGKpaY!g0DksJ^FVb}MwKt}1n!EfG^b6=j6Xiv%uS#2;MDAL#Ti%@=746cNL%P^N z5SbC=ZB3IKLFr~eTQ&wQ7&={FUzauU_#H%@8bXy4LX|&snmc&P?GGMse)WKY;uWVP zE3M@D9@OP7EDFwj<>0)~kRj0F&egs| zT1&cd$#l!_wnKU7iO*Y$PW`gApNC=c!ztB4W?dWUM1YL^i*2QV5OFMscXco1=wjQS zyw7I~*cO8SzbRp#3b%_s2W*wN8RAsf4B6;Icww9gQnH*i3A%wzgW==yQSei>HGuvm zur6U6=>PWr=hNg9)!BMq_9%t_7Wy8VZR$MyAV+!z^KiR02G=^}m4xHl8M^$t6PT5} z%GxvqEC|YK@a}6l1|sabyY)A%PHMdWd8PfR^77qAJdwG3@KpXr2 zaqF8{y9sk8`wY&CB0~LIzghzkW|$H0)jks zrhd3>1pOzcRjJ7(+?e33+ z&kbCt`j|gLBgo{8+H|9V3>#;H%JTl?hWQTI@I|SqJFOdd_E59aIFQ)L3@;7qe@Zzf zJUZwtJzR^H7R_BaGv$p}T=e>1+)BlQt5OSiv_FU6ke_*jCV-0zzeVfst;FHsNkYj- zvemhrL6W-}1z2gCi0nkiTCpM5R?a#tL(MOeLA!91j<|BCN+1;d z3^M>3W8L~#=8!AZl(0!5odsV(EU+Eix?ANN$s3Iq|C7J*KaSX7G_G4m)qlFU0vOwZ z)p{06Ao_J#I}aiAr}Y%1x3{;1z*G6G1-`&`ct=wS9v0SkO&oQ!#OpVSTIP8bkXUf= z`}x1_#`}LfE9O33k_{~*T=*Os_{nQVh`8xg_GzX4wQa$~fz=Wv@fTT}{Cc_bD(4#c z+LJ*1&KFpcl9A=y#{XWV7V33=@X@;g2)gB-Fb}FSNxlWyN|G^kAuuOuvXEYZyq(-G;_v2rCQdDo3&KP}> zteyci1OmSvpTYd*#3ZU9 zBRznUd?LlDmj3TTGszk2*@9>nUf?fk0203OO(5*x1ojA=#WQNOV)&f&*%RjJtlkN@ zh3nf}@fnUPKXqh=712Q@7j)D2dR+`9HbdL10)LWMK!7Z^t}sm}z;@0Tzw}}xWN2bf zu8HoyJxZ_9Vt$@3Q8uBzp@Zu*Gu_Xqn~=9;+Q)1j9@XIJFp%Y*BN5mdJR@v~H&7PC z76mZX>N)a`V0MJH$vd9z8CaV=nMlXbM;cc^!ig@7>mILER$U*mQfJX-LD&f*ABv=-@HDkClm~YsS44l({zG!Dl_T$e zF$b` z?+e=A!@Nbr{y-k#SCjqWgPI873*K?{i`Fqu=WU4WEuVAbul$rX)!9nlu_y(cugu>9 zrwUK^V}RR}lK1${5YCHc;NpnS_o;hazfx+@$wr@dNQtgjpC-lyI76iD;y@okx&}zu zoTRm4=+BY-_y112a|Mu=iU?=tFH6mk$xevgGC#GX_6ZZpK} zg~jpxZsA)P+}9PnJmd!Mh=8ABuK@%;uK@ttz&12kMl2C*HKQ3)-G#7W=ttZ#Mc}PN z#aKiHJis~OqVVwnY_k`T)ZkiA@KvGD2;$7~^~3nU=%^1u+)Ea;2JLKyoc!1V`V+!d zai3o!n;|jqQ^GaCt?U|L0O9rOOwgbHOmGL-_5zk6PVmgF81i7FxFo<+^7Z8A2xiro z8eAo7H%#?i#HFp_Muu9P5g1nx?l_p`XQ9-!a78;{Mg-ZX^*VF;kiZ+aa|gA!-?0i} zrt4w|ZI2=#?naeor1p(;b9%41GdiVnoP1iWwjQchho$B>!`Bg>4WsaT)e&Q+nnNz@ zRy4n&CYp3lMMjOp2U%WI@@T=MU4=7Np=H;o4~US6T@6SiY(zGrQoWI?jfpU?nlPcB z_-%Z(*3?mhx-9O16=CucHUY-sa!ke))VjLdBqM2>FW$l`Cj)!YBN1MudgATuO9QKX z;*pKN%^188(?#dB^?-~2&YlHKBJjWbr20L?MOa0^Qu%xMXVS2b!FRjKqb8>z9qTb$ zg{;#ANupe)M3%(iOu)~2sv>KF9Wngq!Hg~@$^NWY2$zdlG7=qz7;rbGNH1jj)*rJO zk*z#=2%B)UQTgHW(9y3~@NLLI>ULB$H^N6dpSj8qQT?}7_g~=1RGAQa{+V+Ga5b?; z(V{|BS73+c*0^D`qcA@|8ztJ*!c`pkt8V!2#7~rXwl6H$? zP7Lf$WhW2QN>5?_n`l#aCJkn5$Dr%hkT@`VN7Q4F9@v@lGHoy)!sb9og1~xd0mSIQ zGby_pJ7H?we??T69dp6w=O9*nJJnHHG;bQyK3W|Q^Os}Z(NlDGVHFc^TynH|%O-|P z14#2HYu#>(M6FRbGTG-Ji+0N$5RGKqaD|@+%+5luhR9uHXMM6|FhE;s1HdEu^Gsk} zDm~f;AZYzYREf(lG}&vI>ZVOmDeG1aY(L87Txa>K16a=OMf^KrMYZ_r9|OzC6dtYQ z@n$RpGJ;Dg^#CxyQ*Mn4sW3_BO2b(4!6rf2B~3f?r;Mg~GMjcC2|~vA@YJkszL9xL z;EZogrm_5aG6Um#qFhki@k7z8Z0ZiFfjl;zGhdk{&A)`ZT6CWAL{tz1En=yQ<6k;AMQOW203l~Z3UOt%GL8p;`i zm5el5Zuk%4gFA1G0)XrV4;bwB6ZaxcBP`#^pz%B+o5l8*+RSWTV3o{h{ChXK9UErv z4Co%=KqW}*8pnw-n`rUuMzo@viG&sYxAo9t^!F#jo*Vd^1rrF6)yGyZOgPc-};s(l^qjVX^o`pYzJeK2XcyVs&tq^ zb2X-c8aluM-*XA^=$5PiJ-HtxsN)m=)JeL6Ka9UE$27j337zoF1_zm8H0o9|*Ty_h z?>oP~UvaSg+KDmw6Tgugg!|st&*=|>XT={ASXCzc`t)00sbN+j8J?nYar6*f?H5^5luQL?S1W~EF-@?f^}jBh<>EZ0{2TX-mj%@mEL^L8(glw~kgK3tdnR|r&K zh)bTKo|}|0pMy40Nr+JR1FPS1jQ_5z z+awSpb%)@MJ8r2K-9G+6yd5d<@LEmP=*1&N(2EPT*pLFC$NkaTm+ukU@K5ER&N1l6 zWg=02HD)A8y~cylJ|f~us4Ttpa44Pjeb2kHCopJ#^0aK!@_~hWbpM`U5_-j{5zmEGIw&UF%^uS75TNQYu?v=k}jV^6IkkC4bCc~dZl>5S$_ z)D!i>JO!m3J-0WVy?)EU1^g_)@K=p;m!)w0@iW+tEcnCp9i2-HA{!g;%v%$q=hr_N z&(t5dGdMt9va~1Hxb>pcfYI5rpAs4q2YwX937bbBBn?P?nsB95xK2nz690q4tF;-<2w}_0kU3itN^6~I41>ypx?mlfghGwJzdsAfGP;!X| zh8}Y?I>f`AU8otb=3bcRaCX0p%UbS&?*o#*QzIDN;HU3gz@{L`$+a;v9OGIf&}60o#zCI2&&2(5BJTCd(Ftm-xst z<4A=3Uoa>kDyIbjDOidXCUwTn%Tqf!L9$Vr(B5b1=Qir5e$qU ze0(IPxq$;*$Aj!oylrtbe#W~8NZDRYx=ku9vYEXjcx_o|3JGE~grP<3$wY4L31y#T z)PNqhSI@)$c{?87aL;Z0HqBXuN-l}E+Ku+?TsjFi976-`|lZSY|4 ziA(v|O6`;RyVY=h{HHm`K9MRHd(lI=-v5iyEF;w}->hP}x_!zR@#QgVHv2Q?TakmG z%Nn172V(vcP4<5S{4N>94p7Y6!OnmZyc<|7TbHE1SSPJ?+7s%BX-LA0xS*Fg(wc); z76xyX@;og`KU7fESVVLTC0f&j7k=K#Kv}E2d~IG~L9MViv9#17Hz>X+`CJsATV%S| z3*7eSbVKsE6At)JXZ9nt%f_0t35vcq6qe(i!Q_$)-V5(IRf@eU0s6VyPyQg^sn^Q^ z<}+k`w4+yY9UnoYAWqYJ>5yhi8%VsR<&6!b!x2uv#aVAzxL{CxV+l0T>Fc& zvxb^80BVGso|KG>dA!&xF}~aRu(_I}AP?-Sg2NQfAWt;bW?t&~;CNX!Fy^;cVx&yC z3~irRP}t25?3=%J3_&<`C-32z#Y1QIF1;~AIJ$|Z3cC+W>y%y8gIG^XkPW3WK=eZO zgYCID`rC_&`sjES7;KCNL@PdK3;Z&G_YYQQOmHL1Ux`!Y`6Vtfk-|1gqOxaZ&2w$l zMwecGFnq3BvDuhp-;iY&xeAAb-@_Mr^r2`t+Oz<$zbB=B2@qlM@HjG8V~pQ~s;U;~ zeSdWGqlSi)z1jTYW@twt9_hnPj}S+DJiqG>1q5M1V#IvTSw`AVGRZ)Lgcf?*B90QW zgbOE7n0>}TL4`YNMUv6W?^*04&`N#d?0&HDz0Ypifl+R&4 zDIH5;;ukyTO>&1w8va5Ry3@5zBzrvJnn;mvL_YncRb19Vs1-w24G^E1GJcuAOuO7>r?l4?h@$ zB*Qe23eTXxeI<(A-|wn_)oii>HPt4Q(~?rx$O*mVPdFp=G#eM6`@rO6+YHWUWjfOP z$?zpbIHT;P?K|SFSzRlkgrohaH%%6ifgF_&^q2E?eUY2KbPwTs{If3KqCNA>d*bnm z@}$X8Tm^izUVQ93D!TfrogI~p-3#Gtz+4%BY?p<-2r7WXLqC$OxtVOZvv0I)-VHT0 z-%U6C(QsXK+nU%uC4B7AV>c_umQ}g(PP~7_rjIMDEWyDx)$1!xv0EBHvxp-5i{qU! z>Idkw)6Yy7vSny3eFZK_ra#?PegC~JxRjrL&M5ywuS+?7JDo?w$%;{P%1{Lco1A3T ze4MSwZ~ltzqa3XWyYz#jw!I@7=D7^PA20Pk>o{cX^ZykZmvByZz+h|G)e-Vd&mZt! z4$64FAU=TKp_TWEGp#+_jG|bCORFQxBu@v&lXLRBStYoplh?Z0IBNB#&7@k@6th@D zWC#M&+J$1pE1XHP!r`Fa;ftnpN~$HsLU7eGgdOsM_Ucw!qu9Ak{FbYG-yxu+aX zoZ{cGdCI4phf$im!Z^y{>E{zp#DiN(P|F%0Ew_R zSWwfzv)}E~tTv+ol6L`iE??r!=}8JCnn;?GDzaZiQIx+y{``_zzQfnxULLnv8Wnyi zM_F+>B456D=oFGQSCN>Lwd@(YU7n5YDmlGTD}h(|?e{)$KFtxevu-y-jz1|CKWnQ!v?j+19J&EmE@%vag$TVQr|Y@4NTy&dtM6 zO9{p*6bIaW^J%B{^F&Z5gJSS4c`;GvzX?hEVQHD{K2}i_JO9d# zmluCEV)?_DaM~_{E&rszHP#p2-l=rpr*v2n@kzRA-uy=4M;k!?oSVRt^|Vb`w$w<2 zkON1K*>TtTr>wo%A97@|mh>+lYmU((jXl@5N;wAb8VWu z{i1{K52BLr)$1y4y#z&+()7J-q9!y!7zAYO3I27wfZ(ouTpz{_II>5^`Q(OE>P+uf zd%7`^F5f_eg8V&fV0W5&2MLe+!|t?ohQ;{c zKc^r!h9RJQ2`kKN12S!2$@Uc#M7=+=^tDc|SQrO%nx*RwpT19@9|}x(_D|c$N17RW z*~0zDQ#yzJslw&l&opc?fr9`f$Kk!qG>b@i$wYg{IB#gy^X8jpETz3ywa!0^uqAPtnVwSRl3AI6vcJL{T3@S#dSi7@ zm93SK10Uj=NI1cCMIC$1O&;SH8#jMead0dFNoN2EGx0P@ZOSf`NFkD5weLzci|TKZ ze|o8c=6kL!X7C8*z~2Ges{B3ZclB!~Qn;w&DF+mH7GXuGL&0xJkmw%iqlo`SIjY`& z*`fBKB0!etjcjA#s+o@dTdm7B7J4h^;nr9h>$mZTP*e^z^5QAEEAKk3UjS)Yij41- z&klGn?CO2?`z#taWfOWZG#_5QmUYX~LN!pb=rP*FeD$=od$*c+1uNYGINmlL8eb3X zkezp$)12q4TPM_7^qw~@j$aK~%p+W~`ddq%P-~ieB{9S_7*-U%j{WD16VvH5z zpt0e{xn>(1W_s<$Ro96Y+4AI^zxLwI+e+L5KG052eyRA zc_k%%EmYRO*FjFky6Ur>Tb@wlZqK?b-Jkm1>EcylNkd#c5Qaj#t!#{mi0$$5B#C>y z>|U+wtbHe$sd8WM956tBZWo4m2|hqMXzLSLoD%l#6)WdZ`*9X*!>Fhk;nPGuQz znKEZslRISRTyP}Gm*o-BROg}wB4G;E_tWaq6HI0JT?6;5^tn0}Vr?|jo5W?h{IJm0 zusdn&`tDXh3|+8Vh8_m4X*PG=6T$m&Ter}xH3ch@s^sfBu(%<4Ne8SlC;yvb& zEugsi&ijmwiF z7+ESKtU_Yb>jGln1yDepH#z4*Lw_K1V3dh7|d~N$$PzL8(W2n#bO(_ z^dr^#zh1dNSqYG2*cY?fp7g`vm!!w7wR~b_+MscO8uqRjsEOj8$|9EPa*-GiVWHpdi~?G2jwVB@xlq#UpZvo$D1_#$Z+uoy+n zF}|c>v_tYJp2w|v#LK*C>Xzq@*OhSKo8z}<^D^ke_peR|Yh^v}&Q!rx=>AF{)^6AT zY*n4nkr^oYr=9(f{z~HiQh2gilY-}PxurHjEN)Wy%6pHk+h-XP?oNel^w%mL`*`o~ z+fenDKO|5U+pQFAsYEu$Qy?{a#EvP-8eA}OW%f3Gklf)S8W9xVT^PU!=0Uvm$6dS$Z}C zj4H=zy^{kG*nL40cLdd^)E}A5k;HQn!rlQCsHQzvKPN}-{SM)$%a2*x%Bd$8f@l?W z^A#0rLPQ?ff>TuOW!Grzeqn3rf~=S_Z`Ta}R4*=9O0OY4+4e_v%&~>ukj-r!qykJs zQ^GH2d%9POw6>axgBRTt$}>F4-g6n9cAfo{iR8C4nGc*@3#Ujh)b?!eX(;n@!!9Rt z))d510#>;wmh~sN2B5WT?E*ZqPbTJ#<5t5u0c*`}h?hupPY$hRh{Bf7BccTV*{Gpl zEd9{linl%jAO#(&U8qV$=xyA*A61-iJoX`YNwf~~KA#ycM_c&Xh6H2yb;jSMKY8yq zgXWc)i9%JrhT7rS)vq-7^MBMWU>YdB7{;OvxSYJ1a1W-Ki!576zbD+EIDLJPoWhl; zA|#nMtbj7KS(1brRAPH5&{y44N&sVsqK%#v-BkUyuGeY~H^#KnjDoM8lHh$qHPcP^D?e{)rtS*7Hv8T6iH|~3r{WO9JRG$;3oY>NyOGH~R;l>l()zMW*)B>Ly9y-d z8n(w3w+J(~k?a*M@HzLkMhyh{f7O5NxEp~y-7XV@pp<%{1Fq-($c4n&M`}|VvkY1Z zv>N2TY_ATwKSTNiRz(b%=^q3Kg&PbV#oQ*Cq18p>&KP4zE8{=GT%e$wDOtgDHENXd zp68njt+(YK6t1!bZY6X_6ylgT2~7;)s7J45i!_r{eNo!qY$Z3+`!qLi#hyZ8CQCJ7 zi8avE9+IQEuEBG77M9Wp?)XEA#OuHgj-Pb7qde+8ZrO6b_I{+cxUok{2%qeRQA*b! zC4RP}x+bZkRT+Vpz3tu{wjoJkn=_8THpy_$LtL6%7a{qS&3Wgc65|jzF9NA()WJZ< zkZh5h6R|EQ^f}fX#p52xjxw(r3ud;DmyP4`7dKGE&#x!54 zDz>}TjW>Q(F`IRT5kSA4*Fsz`l>A&=-FiRGOP^mXQ-gYExCP0wbIzdjk1?-rO727j zoumOiuiGCelPVS;IE>K0vPB!(?~7IGe60q{F`O~Y7ub_L{RXeQY(38f&j+o(b58Mr z^bHyyp6Uv*131A+UU=A_{iQjiQ_}N1>fb$bu$uD2iG^Qf``mqfLXO&QqSAIQA>#rz z{h5rD!Ca?L*Wr(+;$Q>Uba zlf{>YS#am09%e^i>UZ*~+TbheVRP)~yPtg)-+e-qljQn@2(XcV!M0z1N6Uep`fO7k z1K&}HNTUHmb;(VR_?G8t(3)sNNi%^PENP0$=u?;sMX%+um|1S0wR4e}!hGz4h;(VM zLh_B9cL3A4R5Txd;lzO(jJLgN6;=9LyV9Ka)ct6q4C#ff^)+YIxh_N~by?YD9ftg` zmQrj_P)%so(7Ppf060Z$9>{9tSABNjo^Rq)ruK;_6^5}=tH~l}IAnEmV&b{VEJ6C7 zeK_plB`jB2;M2U^ZM1RA(DdeR)gD^H>PICISLfezkMRJZr#a{WNUjlEw0Am+R~}Dj zwt(Aazm%6M9hFOmezjymGnCd%-~nN58=ZLkiS|X}Z+G6!G!~Zrwk_!4{gnY%LN?#W zyxdQ!@&!beBVr4cX6pyP0$RtCgo$=j7?Z_=$Wqc)NQf0!uC)@C28&|$pu~+NV!{w+ zVPVw-+!QFZ<-ITH;;^XUN7(f}ap9_35Ym`gm*^HI$;=tN-jcTXtN}RI(!Z`m@;7u^t<}GkV|0Q8k-o?{FvDTN=1wfA3o?6kfQv!kISM&LM)vh9 zMJ9j^UrdkX<76njp0CpM9jo)z(kh(dJ-h$A1Gu*gaxcwDb+V8aaj#UyS+Zcx-yK9w z9FNEm&;mr$;Knb;2dne@v8&?s7Vby1Rw3jgOYs{K;`VJ||A=aEMn&qEG--zK&obQN z0iTwhP#*b3e@X%*yE&huS{)~zJTm$Io4Ry(R2xB6c3&d$%(>bDJ(C5O_7I7*L0_tfASnb~#k1l)%C!`5h zzkvyI=(~I-HB~Jm&{QES`Bo)|`XA!9zh!XJcc5l0JX6Ytzud__mKEk#B>hEj$hZbXT-rUoIgpqM3(W za6)py1qbb7b(L$uAtop2qPCMzs)_jZ052cTPDu;nJqL$}VTd}Qu3+q#+1Uc(K()bd z4=PcjLry`gupX%!131ZklcHvBL-1-XC_WJ9tT~z;%ee z{^R>I@cu;m&?9=nBdW|Xdit_8GFq+_rtG1TDO(oV`(p5-5{?H?mYi%4iHDgOEhFG8 zL}(Z#AV92l>8Vl3q7xB1h6o0OnohKd*IWNVPFYe zs0Ys$;+0(?O_8)WjUlzQ`6E|#~v3=32E{qP({CS6|oip7-5-*TxyjHl%Skn7dPNchwg*XwwQ|J87Rd5bHv;Q zj3yzl+yb4op9z&pZOQrGc!AVYDnrwHHz7JBZ*Lzp9}AQ7lIo2>Zpwr?{(P>f5Vm7S zsax#N4=|Jw*31I&DIyHc7Co7`pGAv2dx@olO&r(C>WUqHKofCXPomU_%|D|*+rT(sh{2sBTT+&1$=6`S>O{!DXQn1W)l_^ zMZIeQW9fwcap~|g!u2-8at&pnAy|hTK6dXZxr0RYTW=ZDz_XIHjX_@tqAN%Hcj;5cvaa{GOFn3SYMdP@RmL zO=zaL7il(pXyb14@y|fv=yMnPy(l+{z@vDXR|Or4Q%ZU3D=0(vSp5uIE@CM1F2%6AnwU3e42>+2md`>o$VQs9dUqZlH(;Fd=^p?W zlTqRQ>(8j0#Y}d3J^A4#?I~3V=xVQi8W`~wU2yIt)1xK&Ti`4tqLh?-idy8DmiA14 z7HQVGbm1L1Tja;yecm9&OoS zQv|^C>F1o3H12`8nZ33-M0UO|**d>Y_Bl!rK~|5V|GkX(ZaF0^jS_zw!3&@#b z_xli_&*^EP%j}GU9PmqE7F>1pBqq1Y*LwGPf}FhRzHk=P2jiDF<3jtNjPz!32e%zj zWcld0m3s>cCiw|`_=lO71rnJSoPk_b{CNxG8OR3LaS5N^!T-2rqDd@W!%QI+DYk~E z!H4JfX}d@yRZQnR0)e3sGJBF4$p={y%~)Ux;YI-iu48+Fxs1C7YKdxzIs$4}x>W*< z3uJQr3#^3;5k?r`1StXn$#bUc2XrC=e6w~RLgns)h!6Nkl&5IkMD-P>6~50OE8v=c zho^?Wx%(J2TF{nkQGxV#1?4B?EEt5}WE#Hc-X_=dnfoU(B7oo+I#@YVIE&79Y#Xc+ z#CI(H5lvB_K#8H`fW^1mf-`4ie9$j$cQA29>S^Z=Pdg>27PJj~W?6FpKtJ?+_7yPZKrnuTz&?)^2$f#J${ z6gnKocT6yb$@yG{KRZ*=PKjXeyiwX4!Mhphe^EslQy4RcDk{(8Dm1yPKTYWQiX5~6 zdF7!{f^4VXqV2*fWq!Q1I8eDAh&8CYYIIs+Bh>zwWWc}6K1R|JyQO8ax1w3Yh3D9BKO8}TXJPUvfa($HhEJ2)|{pd>K#_WgU#=c8xMxuw8rB%}#At zvc3l%8%NpIW?%*vRUIO$b~(gUV^sBK=C=Lne6^| ze^N1}i_k2K(@;|MK>D{>1O*9H)g=Ys1Ev!^#J%qh%B(|5+CqFIiFO*SGXVuR>VV-@ zA36muSNVQ>OwZ`&Ky?1I`3Va4+9{`LEIjzK;)dhvXx_c)&IG!VJ~S(Vj#0y-mF+UT_O(&J!r>D@c|yvqA$Zf9oR>XTjFTH2Thf)oD%p5_~n&P z&;dA0#dM49zi`07>MuEx`@$|7wR3@BS$wu1?ciNo4xcmQ*O3DM*5%Ob8hq)RaG{pkZfy7HbRBmw27bX%_Oyu#a@yaYl`?IfbS^3v{MJ4Rz8Q`W3>P>Ze zpETw{4Zk9Z9L3YE{G0?gw%+I!$sZe5DD(Rj=S!gLk*zQ;U?QotL(@7+T1Z_kS3~@{TWcG$yVZj6-1DZG zar_xX7?{$3Np0|tGkw0`Af6(mg1W?xUDs0oH#pJEW7gKHw%Ug^B^arkesexLru%KkpdDIq2A{J%O1$LpKDq7;ERc3_>(gT_N|A<=d|MFc8Kn7 zm9O|j^XCp^`uucLX=tyio2z@XtJ<{j(JA*8_d&@{?dxq0bLG#xWeBmUUz$J9oWvvV zKh|9ut(Y%AirE#oZ8`~K0?2KY&5kJQqCv0jZDhPkWXTs>y|TW z_0FYhGwfA{tER>+!jljc4W~MZBcJ!rt<#+5X}^p>%bVC1q>E3pugom&qL>TdZ0Wt} zJTM#CX>)9CuKq-0fEm8FtY$^q4z+2=2Vul>;cZIAmFE^j=x%H?iD9$^fTeod)Jr@Z z1iSpTCnO9;?tt%9w}Uq*9$UZp_7%pE6*@a5sG&>0vzfvp{|4HyQa@!9e3grxYe7b` zvzUkSD(lFiNi9E}(==N=s?<9ag`AE#hB>kGuUw0TiwkGVSH${?pLKZbBd#uPyy5XE zl5-!heLMEcUnMJaVC9App@tv$Q%ddXpandfm0byz8-vT}+j#6On!Pt|4PzXL9`mKa zo=iOAjo2aanlI0YWq;6XMbw?B>CW?sCEdWXezyoFHU2cmz@Nf~)BU~Fu3stkx=A-K zT@i`ATH^@lg+pd6tMnXW>-!*r2RS|&^Q{90pev0r?EKJd6A-}8!7u6ILqfI0DG5Wnk5Pf~E+wg}@X)3-ZslFah1;qr$LD(IL;7Z^2bug z&BzPlLJfICb&utrZ;4b3D46K(HJOO}zlsc$qLDq~k`aGm>)~I6uwx9J!&b3a#6lY1 z!n0QKxIy^Tfs5=k|0oxDnGLgPr7L@^i9d^!ms7b8Il0TT3z&5h z^2C9^K2)|Px(1o?oic%JXfAS?HXC#$#pXyUfjq>$TOS@wXNmgI0nNq!@_4fZm$z(y zrFI7KS>cORD8PGmsZEe)^eNT+`zKG7TinVOfkYAG%Nh<7-f2hmwkbDQ@`BzOX!B9TfE_dDy0ROW?8eCL*ycbOJpL+(ez3>V8(7 zRrdC6+Ym$s9)FwGj~*y`$00R*$#*@j^RtalxT;^NOi5KCH1~(*teL>$desnc<%O=A zQgAA}iNC5k=Cp?GL$3q3|62-83*^8@l-F!ROclViH7eDSkBa8pZ<2hU7^rWXHeVZu z%A^!yHuxM~UXyi+8NCZ~XBNgURVdKH{Z)GR5jFAT$o@^@d9T|h)q(Luxwp`w45oE8 zd@ZfTgKYz%scjz|)?f|FxXWlhIlO_*8o_!V;Gr6Rg-;Co$VMk;_ETtY0hf<|F^ik+ z_qKM3s95{pyaJMD-%L_K>_j|y@oD2vJWRueMF%UFi>HexihfP!fgW9Hspo$}4j>MiZb z|LN+j!=n1WxKTSW29_x%;)!=&;#CHaJ^kyZSg736&6(5q z07$Mi=@uo|w*oNBwpG zF<-7aEF|YPEKEi7HRwR~ol@$2SdBEKNuEJ%LzlC6=cm@Uawvtc9NZ2S@=Fp=K5STD zHSC$z!LU-{nS4F^xd6qcZas+t0t@#+LkyHQwZ%Y#uDs*J6S7)%Z^>8njA$bd`x>a& zc@t@pvMOmlURHnGnl)Y5a7iEEs?I{uVVBI@+*i7)2D{e^f$h|pi>)AZuFy4JP z2#7iVm(+iI!pq9Me!srndCcY9xg{-!^h2ovFuenMPDgS`7jshEho^7}@+=?|tuhdjNZ@L>R4+*~siop+@ z+gs@aZ3d%On;^rYY%vJHeus*QZ*`wBu|Q_# zl!P_%$RyJ7!c&V7kx=zCUIc($K6vG4Fi3?lB!VbS%Ce{Z}a* z2<-{@>_U-sO?L3qC%4o zyIOsxM+?5TB*rC@{96Q_F>qmKo!e)>0j22l*(UF4Kl%P0^Rs7kc)@Fj{s=v)Tx|&? z0*#<8M?dVtrl{y7gl=6ye>__d8BkaGOaFIG1hp=HB7tNO5pvetJ~$uoe6CzbaT}8 zpmC$MdOIl8w#xTwB0=7D)9V1WrKt=-T)tt&B#r!-$LHc)q=PZoS&xe3HRvj3D)afG zyR_UD-dsN%1-j+|8}BDg5YGJar(|5iLS7K&2?z<~>l1D1J63rR<={)_^7>-8>}_NE zFTLRh7r+uR7~M8{jyg60)>^*(evi03&^CsG5lZyS$l^c$Hu^);8%re;@4(Iaf?q$! zikJUd`8(6vlO3k zHAqWTHx99td-XER_NEIkU3H7U37#Z?z}J2#7EJmw; z_jIk*?Yvl+Gz-2*pbt+V(aNI}symD|GwEiL16`-iGM zz&n~+s0fs5Ct*Skf^U>`yA_7M+v&Jl3}UbN*p=HP`~225sT&At+tu4+cld-k8$KC`9lm9s#iGiQgrMSdZl`;fiM8$0w( zpARRFNhJ1O1cRlD70c(vC}kd-82i_0Jo5?5uSLq{HbZ|B?{<9=?&fy_zS8PbLDWss3wc#Go5V`@w!4mNx1Aw7#a!@l*Z!s?GKFbyJZd-!2;q;ZHbHADV z&jw~1s9~PEh~349L($t=>Al?UU!6rrh0;#Cxl)m>OWRz{K^9+6+*K-PF8H0<`hwm9PS!pT=QWZf6f+Zk9GT5XZ;HY zbJQmf93z}>+ywUDs~LFKzWNvp65WgV&#JSF1~3GCaC@_K0!l2=OBJ_zx20+JGemqL z?KmO@$}a8)by-tEF~OzB$*uE)w>=&^t7(pm&apB^x$`MydK-Lx4}amLj#yUs(diS> zTCo<7Jb>eu`BM^+ybB>%p4Bt@NKxk|wwg=eGwKt#yZgKaQJvAiEwZD(BUlnYWis{s zW6r{3Ay`RirLy#9S5G7E&ataZ;}-%d<8@SoGXM5y*Upfd$>`r$?~$V#5bh=ZBImxL zBtgs5u?O9#hm{+?p49vP<{9+^StQI3E&P>PZ=bzqf6}#iu4E)F!a@1PmUlm*Fa6R- zumeYyEE$W2GzvpMqxLU4{gJ=cd?D<9~{EGzh# z?!yk_d)Ql<5`VT**Kn3)&uJV#%%GSs`YyaAwd?Bi1Bwb5cYB} zOaKPLm_Ym39lw2t{{83X;xV?d;nSP<7G1QnCPj$0(iAlf#fmrYCRh)zJ)sA0VE<*$EG=+6P6zs(O zZbw-ekdrluZ;J{F5|@Fu-G#+ORU|$swSwsFb6Op3L^ zcFLTe*YYB0*4H>b!+ZC6oA_TMG<^!fY|*npORx1EQZ>{MZN6$0$ADl=zuDW~O<+yXme5+7TANUuw_^6wsP8&( z3%~c_f#BI>_Gk*dUAb(I%yFDOm4eXi>MOY{rMsr$(xTwLTg_!&If3Ql^X&uldnvMP zNgH;0G+Xr>S#SWudLC*S9XCLL1Ty}>jO9Jh^gegJqCQsMPOrk&bU$ungjWSV&e{|G zeuP4lO_5-|xla6nJY;^!%Yq9TO*t25oIK8Bmc;drWS~HX5EB*`(d#8x@_v$>JMv)J zJ!{SyZ(jN^zP%eM*G;`nalv?axD)2Vfz!E9noWk+MXfoiOufGKLuXdCDQ;8>#WC0( z{`6C?A`#C%d0#WVbaw{U;tD-px^K}uoA-y6mB)p?XC~pGK4QF@r`(DfxuCy#GS&%{r{e^+-U5e8u1c$o1;TWj^(^X(w$nk>2;0aJRnCH#@3kx(c&IH+j&c9+vfYPnWe;6T7cYZr+Zdx3yF2_ zuNspX()G}E&T!8n#2(%=G0mLo{KR{g0R@;0ye)MD3PMZQ#MO|UKXm!Z5LC=&X4fdW z19OTUQq@NnVz>FixZd$TtNAwC15067Cfk5llpyU8AbSeuMu8#J$g|Zgr0%Vc8{`inVcUVG#%q5$Y1Y z)LwerX*DXVrUv@@0V?F&4I1bMbGAYI1cwgRVr`Gh)*hV05B{K^D>z~@5&d4>&CT+` z?v!$A+$RFuV58qNJ-CsDCmy56J8rG#gs8%spc2~1mamCK$Fk3;iJ0?#0oKPN=Gbz6 zA4@FQu;AXg$mQR1uaV}e5QmBECeZ@BPBR@2r*O~O(+BegAx()sB^$%O^X+FRFGl56 zWt^n%p4z9|TP%4`Cf}aXpgf%eUoV!&>>A*ONTmgKM6AX0Z^IJlX-pEs{Qf9?wD@Um z$x_(U+SNSet5yjn0us2w6CBEyH_Hb-?kpz1m~5ohIt zrCt;X$j$+j8Db@V@C=Rj`qRKVaa6Y?*KLK=Z+>vzC_g2-Q5hF(*Iz<@`kvi~5EL*B zP+s}tu9RpC+zJ@UGYR$XdGrAHx(+YJ*;Z26O;Z0-f|s6OA7LSp(Y@pkM21&K~?YV+kU9K>y!vw4^?KmX8+s?V~@8X@^_F$=?| zw;fC-A7FB7{cng7KapKIIsaC}3}{QTaz)6UCoL&4)4ySXVo>Sar*$x>bX?bG-@m6l zo$gAJyN4IsBY}@gN9fkW@Ip9TeYdcGoo=jhMMdZuC-~sU^cb z`8R|B$qyEZ1P4KIpvJ-&7K%3=*HmDxzX|Jpqr@BVL5@Id43`(DAj^Bm4#5fi67|0c zoN$oXMhR=D0h;6%oqtWh7k48*)B`ho^cxoDZ*P5qWhu-^0r^D28c zE$b+p)i_et#wGoMq@8o^hza=QuWQoe>bsXvZQrJKKlv$SR^h{CZZdGbBWf*u@+NZa zx~llO%gABUQjsg41bE?{Z}MzF#<;fJ6o@}_QKQ9kf?oU3V5`M8d9D9<~=GPwOPz37RAI;rC;OcIs}z^4J%PU0%s<{ zK$}B0trvz}DISR%3ik)Q@)S&)No?(<7x)1Iuj-iAFY8gJ^_#iB zeNts4!k>p>q&CzK+TZy@4P)arRdB#}!haKtIz7OE!EtMm@22LT%403M=+)jk*b3*2 zDI)d4Auj)&Ab6=gU<22kX~|vORj+9sUiGm6Al$gHxvRUq?R41v$ioc2W4V37&wks9 zdvjCabPb}rMVBxj5+=p3Pbv*#ITE-0k=ap-+7vXV5HF+0G{@cK1+fG{I^}rzyw64W z_Ho)iSvU$@#9oFzYfJ_#yH zG7@mtCaU6U>=HOs`1^r!l(oRX$fTtA6{%o#q1^VAyFAoNYXc72IygLZ<)GUMgneM^ zU8Wp8sd_NSapdz+0A?ON;!|^ANV}kdDIiaj$BxL5ArvV5OXgh~FjU+-zz4c)ZT0Tj z8`iu+KiXkmCt2*jV*H&dU^j8Vl4l^0SAf&)H|)=~6oPDD{0a9h_$bskusyXEfuj2% zhetscr9TAwaN=ia@Z%!xyIXUNG!$U^zoc!f_IE*^#!npEfmH*(0*cfObuiQm?It(i zN)@s%o&!)4iNM=((^1DCOeX!I7P&WM+qD3!l)>Lz5vn-}+gF5I*>6l_H@DY}i`7)0 zfy+Ew%-OyDXSOs~-N*gX`S+WM5Udva;-gP)!QzrWR{S-@!f>na>3Ew9q$B6LHBoFZ&rUR1K)F+e|nDEze5WAIdeu8P#g(iqoNiC9H7h= z#=rA_AN$T&56-oHRgU>jlWto{B-wrwYSR6w0@Rol!D_fKo}L4gk)sm%E}1nZVTRFQ zRg4F`*nkJID`WJ+Txa+IxQ9PdfaVjU@To6@=5hgDjQ0>BIu0jc#fs2wJd~x+zMlcc zNyEWaQkS68|1a}V!CSC{8O`O%6glDybwo|ve0Ii&^7(URMr_bQ< zKY954V7^58ixcfqUe~>FL2j~WhX}ALJ%UVx1PU1c{F$TO2272`RejR!ijLD(MRp*W zKOCNpXX%}+1f*=^p6_VI@A@pbwgzoJV@)%LeRi3N0YT&rM9hU}9PSBH)<3{7Y};Q! ztu;1npTKjy4fQ6=;$Utkoqyl!L7|hy;@OXB zy1{QOzYKNEzR9=Qv+?|@-kHC5;Q!~B?qi$BA9n^9EWezQR;V!+{SjmYd6!dt0kP}x zJl-)NoGn-ev`PUtfs)4ZP)Mzxc!wIE71qE2K{lZU-7TmLXWjGK$;Y9pJbSz;dYiLsi+mPOdf4-}l`@RX--oZ1V!S8u@p@p5JI4&QHav1VhoJVcbf-*sevqnYh!uZg zc+{3nOg@hvq2T)bJ&Oo#rvjQE_4e3%zd2&pYCIT37V*eet`Jp)lvYAf*w?nUAVSQ22n4qj1OIo8PpaBGs+R zQ1>&ZLwn2Yw=P_S_Rx)2G?5k($#-7h+V^r=CaR1<9+Nx7-w6cpa$sBhDhi)k%@s&_ z1Lne@&m7*5lYN%3XX|b=7hL(K!nTdu2zJJ5dL|HsU6}BceDUiS=Q5x{8{Z~5y*t~! zs{|M;29yI! zuBY%*U#cga#`8Kgl;Z5Cmt^JS0Z?T9>2=7rp8&~P4_DE9a$kaL*nn$C(R-ZF{$0P< zM5I%%qyL~}KWupw1g4gfwdYSl;m1hHdYjVkOWM|@jRy{m( z!6YVgfWZOVI_7EE{=!2nVTMpHrf&1~h6eV2Zj z2MWXDy)g@65In@f$L~As$Fj!fO5C}B(#A10bOYBpzHL+90|a!SvFAo7@I9{uW*FoS za)CeCcQHqxy|=n%x}}QM^_!5a@M7jIRozeK=F+O&O>2T~+3y;PTb}Qe_KN|~SSX;K zx{p@-FIrNM;1P>WjhlwSRblm2{3y!-T-kKKDHJU2pQrFIz&7J>X8W=`Gx4YIxn3@x z*z9~6xOjIXa@9tJapg~FbdL4XzF#xnXX5CQAK&Z_{kRUrb=j`Wp0Q?S2VcyFJ=1|Dxvt!G&PZKck8P=g^-3?Wco)VOk2KVsTz)m+brMOu54 zx@Z{PYm2inn}k?#a<=d%Rz8JUSY$Se>0u%5l zyuRCGB!4z@v3lKpNM!$KyjK6j48JFT)c)^;aTJ99i|6Ql=0O!5sg-u~B5sA7KUDkZ zwG2)&9~1lP4}@z+8ncO6(@es%lL>|f#i zCGd+}y!>wUD^Np3@}_(od2C(@LhXX<{QP7zmEN-qKy=am({7NbV^PB4qXhQ{IM->S zb@3Flh+fnoC^eO{G_G^FZM|NniN=|Y=9zoc@UMkd4Uqux&Z??$qY8?g>f?Liza$;@ zRzm7TkCG-}w{d@(X5on|u(q-;!ix3K`ebnvKqc;-N3zJ%!xd3s`R+kbuG`^@7HsZ> zg!-BaFV@BvtZpUuT?`|xNV|6JzqF(&S5|u2;67iCWH$aZ4I_{x?(C|?5vU}*b2Z`g zV$gLPz5iHUr?b0ulk18rnA;#8six*=LmW%uPe*r1&5^G2xVBhtUBE+^w!1D}uM*LV zatxwfmwEdtmftFvMCUE*yze24mB~BJ5Az;k_o>3vv#g#JZ)aY*`01h2CMNFwGa&GC z`G}f~-Sduntb{m}Tf9tcJoKt|@e%gb{p%D7!?ow3qQ=DL!Xvk=X-k4DwfIkH1<}8E z`F@XjHoO(BE_2Yx_ukL+T$O$WO}(O}`X%-Yr{WWm>)52qCX$Z85;-uwev4%qwSRt< zl$XFC8+}S32hB|tsd7Y*#2m6)6a*A+PJiX! zGfv_su+Ccl)1O+c40znNJ^auCgsQ~O0vCl{Yary~XUtvQ^}9}dd* z7ID*dHAH=bs)|EfYW@v&rV?g|bbfAPu!FIb?)aRV6zRzi)lysov? z$y}V;MiE*+Tn&-s!qR;0LG?($3!A@+%Q^g(+5(ZVM_l5!gz79#%4yD;R=cm5M0_Pp zX&!M!TpKN@a)4h==N*0|)AfUNnS@<~80(@Ej11$i-zKG4qv77quUl2SUVd-~>9P86 z058Fx;_xQ7P;h*Qu7~C3;vYTWAUmwWA^>C_YWBJATZbn3Bkped+8jgY_Mv6@&TqI$ z%ky3y{Ar&D4#aa3@Pk(oWagM1e>!Y7-vs48I9&zdY)%hJFBy+Z=rlx5XnYDYI&^iO-_L`f4 zJu&9z(T3{s;o9Th7)-b3xa4$b%DmYr54megDmyY&s@i1^+Sv7W2xufeD&D$8)=GKV z8y!!>RCbmIy_gg^B&0Pyy$Q~f$h+KFVdN2h%J#AuiBdLa3d|z~bvGDcpR&Ex)|%Wo z@Uhz{A*6Uhg46qF(RucuN#r($u1IK7b;6fl+zyIN#Kir`-H~6+lh_l~ix&<`z>)YX zDJdr(4r6P#K;&vMt_rT&^9uF73*OiEmAEcWWcI7QFA^62VrRPfrX96m8Go9CHGw$+ zGHvLap4?UL`)|Tj6*;tMbhhMUelh6BhAU-(0a9Ed1?&4-9><2EaIB#FpJ?(TqjcG0 z#V~L~H@6jFf-nJ7�nsW#{^n#gk5k6x4}$EigTm^=oghfmkY@hJ0{uea_{VYg3dA zEtzY}E9B<^wh#hANx^mhA8xrI*VYh5JpAal%#7F`Zilc`CYSNjN`l@ceWh<+;XN`e z37hM_--7Q}{V-m!ru7~Qw_|F@wq5Sr@^~zB1dg>-)fVe%cwI0U@Uj*tio}eFS@vZc zvEx-?MSRarrpli(dhtp9+GIu5+_Vqe$Pm*(@SRl=xf2#14nruvTbw>J4ZG}5@#sSb81Dn z_;TRPM21FIQ;Nhqc*RM-GTLU5{O8lzy#L0Bq0bh_z9Vk%9}yLM^|Sgm5iIavYl-tt zAy^Px^Fps{$l;G)y;U%GR0~)uyB~P-XTs*k_BD>Zit)mkzoFkZH|rc?vZh#;-X*?JN$>GTDO|S@Wb`_wB-O61umcEsN7Ad@6raM}f+U$PZ zgyv@}3smF${F88+!qKtWcC750RqM^SzQ9)51kotErn>A{+6UebjqE5Ml}EEg#eq_g zA)fD{8DAzAVAzLBRo>WMnjD8m{*jR(qN)8`bnTJh`+lABlw=OL{o!o&I!Dj)GuU#t z_6)~Sf?&`Ie5em)uO<5idW27@%h=1pADgWoXw7`Vb3N(gO8+UL1IXvQ*Y2;~x1Xb7 zN=TNh;PN?|Q`wVtn9PwuU#&zX^<}qI!uH$Cj~de!E)+?^Zg_8Um+Odc*dKt)bk;eI z23bpIndHoQOeiS7M0jE`-)_@q!r%QQz27)u?NrDP;%piMzOeSYeVBE=J|^A-XPd9M z?{3#!nfXsHaz-aM%Vo^WsEvO0vZ`%O80cSfZ?Muh9AGDGD{0h<%h}Kp_))l6W>w)v zEM%_It)7|-mR#Z`K2j-N5iCHmt|T57wAOvn&bpZ zFcLXt4&y?w8ocv9$DrGS*)KGn#1NHvbH)zzt--RD#l*O(pgK19>|?=Ot55CCe|8_h z;k>lRqK=k!=7p`bwOy_T;W4IhzaPh&HkX%wEZxdGd}JSQ7>){+z~DljV)_VqyTvFc zfu5j@DA{%1*fYH6G}0u?IDX{?@ocEs)rmn`5W+KCEYDDM-{#QPNYoR!p7gg@8_#M1 zh~G^@`|~U6cZT;c1;Id%3G-&t;$h$dj7j)WvAH~HJ?9THu8hD<(fHp?gLn(zP)Wvz zJ^MnDFW?wWr5WLBfoDE2V<7qA;}mQ}LgN`tIcgp;l|)u)!tpcq9#0k#b(^V^uv;#unmBT?E_cl$Uo)kY#j>851?)j;gsB#D-H#lz*Om z6|>M=PS?#y_UwgW#>Pi1UAeiXM(5PDvzIHdFLB7RkAAmsfSO)=OZDZ-M93X{Pn@>r zSKdrCMe?{EtgT=Cfps~KmxhLR&Ic32{m|N;lA+=qye~cyYy&IDdH$mRi)fYi12DPQ z>L{njYn7eR<^C(~3mcfMBX|g3(PFC0GZT84L|cM~`ce8Ad02M-O#_p@9kX>+a3K^M4}P zXWRjK-0g4LLW-V#K}6>+?IzX12k7t+VHD-L%-Wl<@{VKf;P72GeOkQ3E{_?xdoZ#q zg;6;?i7hB8?iU@LUF;7sgdozdmB5%7?PmS}_a^GLV9ymM&KCARCE?FdY`lz~75nN* zugVb|6I#|2OYW$Widh8b_Su26S5iZUX@vIaaT`>QViqfk_iK5;oaqDKcZB@~+1B!0 zZ>fgB4~ZdE-(w9Iaf!=#qOFRQ;$ZNuimGxH_(sn>_m2nk!UHomA>BvlI;n*V$MDoCfGi-vS${pd4K1uJPXxdhi6w+ElALT~X%x%eK#<$2V?l3tt_ zSD8LMc%l)-vm+({)*yEVGA|!js|0-yu1Ye&1IFVa9a& z-HgqYu`kg}f1Z*)`uTjR5!s7`T_;ulIDnV!b#y?_;6fMwe3TY|u{pVe&e677+V1kQ zt81{io__bkg8>i%1EB5XCD!I6U@XEBLRGXCnx z_uSm`Wm7RlJ4r%X1IV*SNX7Gg!$};9lS#t0yc1Oinu4i@&-A1C$p${n zu!nk4u$Qj8e3UK(qRCQ|D^KnTO}yMGGPs*$ja{b_!>zBEPZBivU^hsb{T2V{#bdYC z6KX`()zX)%`K=8&#qQSsGOMPi49lwfB%I?D46GHhpl`q3q&Kwvy^{mck!|w(w+YRi z_Cq)|$CHzyKV~tlU-N(ktP`gfmdqt0#IN%JkLRR}cC)lW5Xk+k6sgg&cq!t(tuVqz z`B+O9HTn!VO^1L-%x4>>x!6DzJ4Vsi2+VqjeBfzYoW}m@C@7_NFF$7eemx z{A%p}D#Y(^Li>-5)Y5}T`BaW;7alW z9b^M`b$C{jrt#3I4ydLX5n&#Stx#Wr1r{*=D^+Ztna5Xhh))UHEt#?rv8~FH5a|TZ zpVHgx4cEw41GD!Q*Y=oFh4WvjQoX8q9q?9>_$!4v9!Eopm`)>*vGI)QV^%>>9yZvF-8D`QVVgExc_qEyFgQWIVwD%r1-sbFT&kyftrK^k)?4E z$VbG#S<{e$!r-0!SlrJbFF1z7nUVt+=V8l98_qnR!PpF6xc52F`7N*%h?N=?X^IE0 z+r*w+r@nNG)bJQH3_r&5y5Eoa5}e(jgnNuqK3}=?A%Ydlq>w*j!!gt`%HDPPO1C?iPAoy5X zsu#wHF2!;_Z~0q~(q9ge-L|Z5PT?!Z!Cfd{<`Z%La5F?lYT$n*jYx~_uuN?*urUn> z(`kkbQ<8SSfqDI=)4=W>r(yYH6$42P)paP6eZ{~PKS66dcT6I4fD8Kv@ep?bs=~QD?qpWnyXP}oLn(``-z?w%hu(p?B zI1KkI;=Vsur;vkL<4NsYMG2AU_}=vCsO|2xCJVgvK8mhA27CuohF0-Uxp&85fa|p` zk^leGBed5+K4Hjsb-o+f?+`iuUp!v*pXe$Kd>Gmdh7Vf$6m%^K6reJIj5CZ-!tzh@ha+HMe8=slVx+c|`%u5kL zLD1K$x=u!sasA}3s7hx1R*wZ3?>RC*$M0!^=F&x}ZF1&HpT*K(m|pdw8>-Kbw1*kk zY3*{2ZSOx(SAhn7+;3XnIYh{4;Y}WfvU%hww0fMcvS6p{I^Be z=z|$`728scyEOv+FhiDvJ5>~z?+a7!4^jat4m*ZIM;z*~)JM8+De3QuUk-7ra8Ro? z=j(8k%Mc|&2)y{zCdSs)>pS>$_eD+>Ij>|9xEHmM=kqJ~Bm~#vVnaXHP=4qSwfpcB z&q}cC>stRa_SM2kJ?D6p*lmaLttWYajPj+~sizOh^7Nv3RVfqx1qXwj)_+*dFUAZR z#=tb!5X1b2isxQSx-wkVf<50GQ9a*llxsU^l1@7xI7_U4nGAYGQz%Y#Id!rW<-J`={rB?|r9IXNs^%~u#aJWrPxlMmxM4v^uxjw#c&3!EM(;>kE z>pOk#OG_4}yuZUw$k+#SSEH5F3m?3F_)%hvSJl>JE9dUuZF=zd);DEnQ0)JvqCA#EvP=y3X`tB>!d= zDw6(q0%=hqY)=EO#`g#?is*R^`k+Y<13oF*Tk>uy53jo;63m3vw#LBjcrk*Q2SXb7 ze+Gq0k*u&_i#_RkL^N7zZk$BvHEXi>h@D7rw)0hDFIT<5^$CIw26J^!RCU*g+?NJ3YA{f0+q(ANs`m ze4ppxT#IBY^GXh$wWypJQ%t2m^sj5MTv5T-30(2=^>1xh5<-qo$fxB6Ijh_ds`J+| zSRdCQ8Wmu(t@ns;%egUI%?5PjS#VIFO~-D^W?jmDQ`~;jjKppZtd0SUrL9U2vCCXo21>|l{_P44p=4_v`6`#ieFR`b-} zSZvmQ>%31ZGhM`P-2}v!%;%WT!fl&c+i75;)^w7Ye#{G?KStyLe0c`;eqVfBa{;E= zMb-xLhr7Ipo=gmhGh|9^)mZ~}J31mOYP45R$MAMP+5v@6hy{5%P3`X9k5 j7|lNEZZPG(?RG%I6D`tiGJ|Q;jHRZcrCh1_HvInq4G=4I diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-2.png index a8af2a9e2ec24a39347f4a290ad78da1755b7f52..5548afc77b282b70bd22c683540eb2e10c7aadbd 100644 GIT binary patch literal 33086 zcmaI71yCH_(lCsZ00DvpTio4kad&qM?k!(rXkWyE3XW{H2jjepo`>U!uZDGHc7JF=KsIGb6rcsshhalya{ zdJDV_9W6af$-EsMoZJPxg(&{TA@DZ-XPT9Q>|ZP%_Cgf8N~&ZM&Tf`uJS=Q1Y!t#M zWMpK5ZWdMo>XOp`5r4ykC~Q1DTm)EIy}Z0wyf|5$-K<&J`T6--**I7^IGEo!nB9Gx zJWRcro!lw^t>pjck+gI-ce8czuyuAK`$w;-nX{*d5Cz3QhW_XGZ$B-)ZU1Y@$^AcJ zy#>hn4~3PTg^l%pbiauT{xd6}YU^$3peJeTXzAqsWBK`kGwcIV;B%B@JYb`aCjLiIkoBL?|5qyho#%he zz9m{1MUeG>7EKt1wpQRb3=G_}s-mV8BO~MV^fWs=dtGf^fgPNSpYmS410{{T{`1nLbM3k!jZfsQ9WowO&j*?SQ(9+UOPE3}Sl@%2gDNi(1 zS6BD;_KHf#ba!=4O-)r+Ryu)#si>*5v$Og61(=zcb@T z(=9D6qoSe`6BE%fu(hAtf;66 z0apwR40LpK*trG7#>PrZOY_;Jy1ToFgoZNn&{DNnCDUn!z<}Z;zsrZ?>*}~zWOqqtsHV?6WX13|jVyW=9?$9}^M~NJvV) zM|m$NFBl%eDUup0@}*;8VPPi8+rTeYl7o>-!dSMYz$#VUtGv&`LQN>%U)sQ0CALd| ziBeTn+~40KxOIMacQ;HvI6T~5TU(~MIIzjL76kg-I$Kd1NbivJH8sUG%~nTHMNf`X zwyy*)##_xaGOw-BWGLEA)!s)3s1<6iU#eR)+Ujj9X-$!N5*%zr7&f14pXv0O)Ynki zT2ZVfR`Oc}3z1E+gdka^w}q}a&sGB#%*mJFQ~Dc%huAg<(-?M`@Y3S1ZI+|E4{-; zRtTKtj&_V2MJ9xAWHEj053pg7sJrQt{-p84NAF7hTBqQK#t+#!8yl{Lh$*v)k{g?a zv;0_cRAsWs6hDzA6>R$Qs9v71etsg3D&*ODO=-Ozls?V0K=zHk41px4!P7y=A>t_;09y2Qc!W@o%*MWkD~p7;A!p zw>mllbsk0XH74drMXWxLE>HEEHhm1Vq6Qk109Tg`<3`AzZ#~9)a!I?P#m!hiV+@(h zPhSFitIHI?RP#{Bep3funS+!cgVF22l$El!sf;a` ze@{Sfz|GOkZTGItblbq4OvF;x7)s*Coi6@wL>1+fizfo#Kg}BQKJcUvj61xsAZKT4 zAYS9XsN%r8#SSzcBg0&;s`1Ei+1iBHN~6u zBM)dBhwu|3hGKU|R?bVWMxfrBTPa82MosWO^iQ9NU(*&|7a*`e#|l2*aavBJ$virT zI@TbGYj4XOT4{>>GRg-WOUS+?0O63;y7r7gOqtuo`0zqyCf%rjdnJBkzaXv?rRCwR z+JM^=sahBxne{SHAq$xi&Gt`rs=rNyf_K}sQH@Y+na>MUt6kn%d3`x-Aq1vm4oxkL zjM#Vtvd4K;2on?*QGOBs+h%%+=@2*3o|wcdc!vr8Hm{Td-z&JaBE zRLG9XJ^Su`!jL=CF7&{30|U`sINM^^ZS2?vF7t_`$=n)_UEuQl#n3%xs5QHnuo##& z(C6_KIh5gGSpGZkHIakXrLKS@NDV(01lubp7 zU7N;Vi6%;#P^59ip0hQ(O!b*!mmolGZ-u9=!RZolL#epu?rPDKPimE|e#mo#c3DCW zduxFHI4zSe{Fu!@d8uRBHi~1ZlgW%eSzuf^Cfl~hRu`ZkYJiCCQ|gXCl(V_C+n6tPGm=(jq%oH$Ks9QG2}P4hC=ayR+Ch#65=hcmfJkZp*?0z`-eMx z9~;fP&Ss{iR#=KSY>=U0MqeXVTIOd5O8Fz-&Q}^3ms) zFIj{%KzmpbvYY-vqGD3m(Jn_UvDGa!UxBZ765Rtbsh$;%wP899#=tkvUOLZ-Tc?pl&VeR=hRY#}IB z1h z47FWG9%f)m;>c%)NM>32KeO*^{4Lg1N9khV6iCip^l{9gS@e`33qh#~^UVR_eIjmX^!NH6r+hVrz z8f@c^In-p|2!J+pJpp)SxK;f9k>yg#j7{bqh}=^TE(n%W_6t_voExAlzr`5sYLu>o zUZtKeH}89Fk=X>L@AgZRqaiI$ekYpfK9hPjD$)sJ(#&H@9D}^RI zoK7eUG(fe=u+O|U zboV%4^;vrQFX6&Il&qyqns{VeUPo3)iKZ5QTpXpWFo7gJrARAWlboaYJgkfWI3MQG zX-=Ath0&0zL$kuhbeU^D_VkwpasZuw3j4||MuHef{e?$*m5NlrI$-Wz`q~;y?)O!t zQKFtBy9e8RSDypY-_|gii2ObJvR%8%gy=i1{DS8^Y~Al9{1!c(o7>xrBX@R7a>xkc z@_^CT{R}=}4xcaF5V&|>*+Q7hv(!YKUz5ov4`5`-6{dYFUuYGnZ>^pU=t|QLhSif7 znngdw{GF_QpZ9fK{XLCz#3G@|K=JYn7uP9*VJF3TkSZbyp8fAMe#2lurB8s5PkLYP zUteymfG~z)7P}1LIbcytko+z@{u!FZ!>&7~xnennnthR3b|@QpdR}o7Kpv*`{qz#| zyG_X_%#RW8`#N$EQ7Belz@j|&Nam|8)Rn_~z;_a-LwUK@7Zt#t@f4rDB!o+iasUr5 zC?KmCbU#FRyCeindQZ_Il2I#Ij!>TC>Lg)JMQvyNl0TUC{#7laBZT={d@Yh&!Gvnq z;Ud-p^)Y+J>IuIj2F^7(GF2nstmt7&qVK4fL@pSh zv#+Cu<}Y3;t2FQHP2jygkOBc7RKORrbEq%&k8Bu4{Nl$tL!6xPmAVlb1#;NpC>Xns zs-p7^Ro_uccw-+~=gxuq^_c35XP}$2^|MCSj2*uH?2G#ezF&KYT^~eDMqNalxb?dF?C}naHKc2&QuZ_V;fXN4AEpFeV2R0}>*f z(eZ@ItVMRDiZQaNs_3Wz6zkLB(+kFx_u}>PQAAiAz0202=kH3U;w-rpuJ&E(_1_2XD={BLltwlc5e~1I=6F3nn z^f8z)kU{|2Dd|JUEpMEM-YU*2x#}lHr)L_MIMv8wmw}cIj0W(I% zLDm6^dnaYuMsO}m=*0YYwYnbserm4+xD2Dn2wXN%~D%WA}vBkt+E< zs!WjS|4ic)0RWM<_bV1YGYZ%%@Ra z;P#!XThsFyfhU?&31oM1#Ylc+v8=v$c!Mu{cBQEHLrTdVG->Xlfc$bq>jB)|vXb3& zR$OQZ{dHU6FH8q=VRl4sPYq*6PKlhqd?u45x%A^g*(~OuGZCi_JHPy36O*?6KHv*d z_}j)ol(~JbcB(J6aa4u z#Qn2d_9PoZRRBMy=f)CF_@ry@UhD$BpVuI@H$)|`T)<90Pz_tELuLwg^I4T-!DN8D zVIV`(Po353U^?28PD=2?5x=jLW*h)QV(yLB5V}qw(nc|>v25E#iKk$$;;#;8f=+@G zoLsXAJwAg3>v7av$>A!b^8EyP+fg3+g`&_;lFnRt@R9_G&j&{fwVWp?7^4^vc;&Sd+`y*q)`W9JHVn;W94up77W`*7$O)b|P!6CQ zbQ=5U_U}8-X4gDRtjcRyqJCt?^2bNkdl_fzbg zRlpT|8mGN3sgMedg8MziF#8n;XxA`E;@xX}>q6b2)5sOALus^Q%Z_13O2a=$;h2Pz zFO8fLf?5#*n0#C6`f&zN$J;@L6o8OoAzfiBdrd^U}s)W7Rj+j8252XbLp^-(M@CzNhA^#r1+7K zOLREroCb5=c7j=*Gan}*+EHTeELrj$+{dsPe9=#qWj?Q4G) z(?!Tsd5yXv=KCul7|$xcU3N#2&FcI4C@*|ZJ%V#jPqgiz7FdVXRV4Zavq`B7>`<)F zvW_c2IZNZU-%NTHS&7YOv9}=rj7l@vkM-S2L9ZvonScA|V|^}I3>rd3&fABpu+PT7 z{3(l7z<>FZB3b!6#o~I>@mu%Cxj_yUWFf;IFOs#lg}Ul4=EDV1B1@AcxW$GA2H@APhX~F}{CakPZmCu$<4*QAi5`p96QOvS}c@#-_u}*27KA*Xwp& zo3s1cF#tw;?dpIB={o)+h}UB4z4>6=Xt@;hd1EGbEUDrSUYpc1eYJ`)S2!B|C9m`wr)P(V%kx1y+(V{TZwx(a z%E*s%@)g{linv=cowx7dJIxN&xo_#)qIJ|1``TUCNYI3o@ zx-m|K-sSVWKfjkRYm&S%o~2jWr=X~JP-HA0Gx)7$XGPF(PH7qBvA4x8XB}t)GIaGe zriENcoccTH;qB$-7Z!?)*1ox3^UK5Td1~w7l`Gv6cEe!Mw<%X^ttH@3B{SJPtE%B1 zx@^#n#Jg?B?RVVFMeI%{a@eJc?DIBXh8DSC+3mR?TwF zJUQq%H8{;qE;6JDXiRtDQ&1YuVu}1AeEb*6BN22pU@k#%{H#30ku_nq9s2pw${57Q z&X}&twf?+y7hNk{#L-xGvi%CH4E?FlkO(Ozl2ljk3ssiI0xwvWg=&61_Bzg9{GiV- zFc}krhgI>tADxYtAUvr|L+Kem8bFAy(3Oyv-dGxL5@?hL@Mursg1%-^oBP}p1lM#| z0<<@A)*Ji%TI3*Bz z5tKkXZ1~YyMokdiP7Pav+)^evxbm)RJ=s!5y9p}Gs*iX&A&O9Qw?f?N@a-$+(+$oE zK*MvG;r3crp8RuWnw5rJRFCKk=|Ea06R;`8atuVFYFe+KkJJNIoJ~kHY=VwYMkZ}j zPXt=aD2({ov~o{IBAgJSPg`fbSr88Mzw+y___1IGNlu4nASm3spMm{r)XoIFrO8+@ z$mIFV?AM{%G&+~byTb^6v#BY1Ow)sK-0yf5(i45qPCttk#NGK+W`1--}UAOp9{2s_^G=c%`--=SFv!;&f;dGJeF3A)9bs; zlETWNy^5BXhE4CqKr%DOw}g?1b>7bfZ+@6=!fZj51e~l1_wnFu9Wff3usI9Y4mYEh zD0?pX+PGQMnVM^?zgaVa!=DQ@G4Ob=YR{iEqy5iw22xBx#K}`*0|}GK`8KV;+&Lb~ zX$@GM?#l~-+X^}}wTX|qN_+AG*qc8@*J+%jZ8tYHi;JVH10=G|#~Szg@LnUD_78T4 zemzGjB%{*Tv4BBl;tU|&Rdw%)H7>{ds2+aS@coZI-9kXT9^1GpzU@SSOrY`+<5%l3 z@W%JUuULIv(=!5XQz8!oWhFOXJp}zlEW1ep)1b#&(RgEpAqk2f%5_)rvN{OYKBlSR zlNKf@QfYn$Yck}X(oYM*Wp$%!@T4LBBAZB?1Q9_lP66qTD0L8HnC=2tZ#Mpikc?6I zbh~oNZaD*~-~6vfj6tj~(X1Zqkcez}k6uQzpt1dVnHl}farC>I%$o$$ zp1Woi-Y`R^6Sv*BqGyKZO?zXxzz{ya$w?0at#O+?f?Mv78jPwgWSxWz?vnGY{tG!0FA?i=rN)=~!Rg)mT|qzf4`87OZk7 zB)gU2Fu6HL_O*kDi{CY*slK`xYeI*X5GhH_CJJZm!WuJ|lc+^FvUCnVVe z6l9j6-l_N#n}stwpXP|E$d(OnvKOdTwD8LUI-lj~3c?{E=sb+b3#VcEv@E^p1ZJ=D zFNej~*_zV*5-DXN<9hLV@f-K&c48ln<wqJl^Lji*;9de?H3^%YLYtE z8uHjYRXuRCXk~>Np%>@@C7aa!+eC# zw;UPja&&79cr@FvP*@tx-=l(E`oq%$Smfh3OpKQa&=zu)S4mxDB%s8Swv)l8rV^S< z4J@+>WQ%5TA7qAD5F$kIN019gG+%I|0gIt>-^XI{>i&j}9qvoB$n^f&T;J?eMveyL zZwj*W9!GT|c6NU40ZwMYMMUa5?ETW$1)4S#&;8^#?=4R!k4SbWHZ5Cu*z=sW4&q$g zRGD1K6aHiupO0it?XiFn$4X}|Kyc=bJM@z)RCrslv)0b6@14vCnqxjS$4PSmQG;=| zP<=X~_-VQpO5h}cQ<(N7b_6IGP&+LD!QSsae^#n zTs(K7ia4irg^K!}bSF}-`^oV4xp!5`mh@gZekv_k&A6dgwoYht%y;1B{9VoM2WoJ# zfR$_04CZY}gi&7V7*jLLM5zo20bD6)CD$;7`@^H_69kLb%{)2WH-cWa)!f@ic!-O} z%llyUT}Z7jvxwsAr@(2%jgt-_1dF{cs?RIMrzpBJ^I6k24iC6!xu60_fP z{%T=yJx51m=UH8G4XsTdhCMusQE9iUU321geTY;}9^EREVWM5!tzFir=qM*PGc?3dy6ax#3>4{d4R8w~Y~GScr$dFF*C+=l##8yIm3zCkEDd zhV$(l)vdMWZLyzID$GC=ImzB7CVUzqF2w=QB#wWzer^->qx=tq zI4UQnYv4i3P-wmynh2ynfim~43i1cW>C;K#B!ji?C^|1HJ%s$&+t4_TU*BG>KKfYk zTLfF{jevTB6y+6g7K}I{G54JjPr<`79Ae2DfV=<~CK+`K8Aji=dN)LsC{iaWgqIj0 zyd3e807?3^&@`^jD1nJ9-nP}HlAxdlu@AT+5zdGzr)6j_I-IP8iG)J?>s4?Iu6!}U3&V5>pm*yZ zFDNO1b^!FTgj>>+FEqrDX+pep=H2z(F8h!3^Oa4`n*1n5(DmkRa>@JH^ZxF|o`ved1x_0Rf0p_2b%e&q|Q)^#>_zZwa)r_Ve8Mtc0zi zQUn!9a!(mkaS9?jVVv;_J&m?8bnei;(=h7_5%hfUydX((VWm&YQ zKUT|rip9ZWj;{oxeljzlZ|QMs760^g&&|2(8npgYzOnv^5q!24?ljYc(^+38d$HN% z_Y8lV$0>3-q-*Zrcfo_PoIRb#?@p6{HQ`?1K6__Do9M+SRE~PwAh1mycJ3M4w2wS- zzGJh>05pqj;~*d5m^Dsi4N#_E(v*tiI@DQFaKt;iL|`GTxUDtOK@#Efply<1_H*bS zg2eS)m$D0xZ?V4I5H!R8=vN2SHBp#G)@+I$)h`5u!cP**@(rk+#!IKAj-&tdCeMbc z7(**sB$*)z6ZtJ)EG_d#>t{GGTxLn6OVxKkiBc*4{$zx7C_b$FD;7MV?V zbjd^}y7qVqYkcZz?JVE}ePihQY(n<>ndNjsB(zF;h@J>i(DZt58-p1CdaH3FVl8)^ z7VxzR-bty}4a4WAY?xFE19B}fruB2!JEI3OJfCgGbVmm_G+x$ejl`_6%t zQj0tB*U0Rv*5WFfW0s9mBdFdngPl1V_0iWUB?;N7;aX*Of9~jM$r_metQHoKP*UPY zom97d;gyj;0BxT!>#B3WF)-7cMsGhKlQ~b-eb-@;QD(XgJBo60w34b`z436gKlUYa z9KCl3(rg`U&9$|ll9zytQMr8q*iyq5`prXF|9}HxB8-<_^nz>OTa=})&6}-{lit%& z+;2f(8s4YXTHyO=iQHyVMtgDCwD?^PN~$fg&p{g#MLp@moU~E;_F9YwlzPw9c#a(- zLqa}!4ns&gaIVJ$)W(ygvVbk*B<%V$;exT}Vmj@q(FY$`^dN^(o}opseNkuuXZQIp z>kxW0pb3Ord!kfH-G{ew2sYqW8ZZ4AQfC*O3|@#@Ze>f`50_2U&=KwMrl~g^*8#(d z4Ils;OU0m2t`mW^FgRKS&#}vFn0D31uBEb}K$#uQRH1i1ESc44T2|>hwF)+k19Hph zyi^va>44sc0^sw}k>8`Kx}UX6AkJuOMS%I*z%_(Cx0PyyeL`6;o~8JwNRyCEK@M&o z&!r#dC6`_)or(ZMVcJ-FV5UP&^bhLK=VgfaN$E-Z^84x1ige*0!c&AKWM^s5YIude z-5|}_xVo;d#5`GI|vTz^~W!tk>z}K=`)$R><>H z+>cwGX`H1^T`&o~k_hl}MIaTW_VDGjZ)+|cu>NJ%tXH{%bA+ZxTaUf3A;%nPqUz^9 z_=~H;QU3Qd`_$1O;&3D%*&OMPT<9k|P*&JLTg8LLvpVl-gI11_+39wzN8hv|-`%@b z_doW{BbcotDsIj5SHD!QG&}kt(SWyBH)0cn=4-;Xx-Z#_i=2fmJ5<^^6cCOp8_ru) zaD4$FTKk8KD2l*K1saee!&GKexZDz)-1vVGPEfmI_K&-vb%0dI-r_Gb;CIN_xyuAN z(j58d(A;y(e7;zsi(Z&}JT>=3aKT)gx8is9xt(SrW!Lx8_vg9$p?EoiqOA;NyZj-{ z?Dyw(sDIQT7zUz72Q%G5e_b{8ajRx5%h&9|MQM~TNhnqT!1=rCzxU|A)05?x`dt+_qvQV53-Kqqt-{h?|!7 zXx;D0U(Zbo^e4sq&K*JBN@h#8s!a})Jhk}3n`QO_oHeDn6*`38o5Zg(rAa09qnilm z-I%>va!c6=ZD2>tF*~$C`B~;mteUR0nl%gSAs(q%;qoLI3B_d#OPViwXS*CLhfsVf z+ky>A%=pg3?t*p6QmlJ{hs4sXswHrJ>mmEV0p_2)2<)x{= zmdeHw?5M?vfkh$obJqBGXa6JthI$4N0{g?ev5Lv$sF~>zNvO#aNokBLCTa9z?ECl8 zb&B~Wm6Uxi;gw&7ZIDUQC+tXrpy^r};!-oE=r>x0N!)M%W_dTriNGRbd(l+gCpFO! z(c-!~MZOw3-{q3aM{;%rE$olggq}Ti2_%|&)@xdfu7)Q=f1^xgL_T76U1c^F6ugz( zk&%$vdzyxRxoVDmpgPjJGk6mPZq|| zZ*X4NX;`uftnY~%wzibQaA&O>(c+O(8dif*HHW1hW6{)V@&f>9T;mJyL55$K>`WEc zL%l{@^-mv!o&b@(86!yNTS`yNkd5WAA8izv12ylk6C8#c_K*Iou4>opv*QF&T?$We z0L_luMtcMAbByx!3@lBpK7cJElze-1xMjic&&7mCqrVM0 z-w#d)91dDQ8}Qg5MvBN~)9BEf?-WGy(SIs4&asoFEF-DPc4;14Uaij`&2!{0`IaL7 zSQZA%XTDH?U>SP`HTad(z%a;&@gXHr!|P>E?~`4|NR7ip-W^_Jq}okCn||O|PMvyj zl~glhyTw|hF+QcXmvwE9p;CYhFH>F^!bJzS6TWn3`-lv{wKfrTobvW&^Kx!K%;s8e zM`rtMKXkL~eoYw6AvZ`vJV|pyt7lM{Lp>Ko>LW48u+kM^nO={~c~W z;V4~KM;yH{MBYNx7@bt>F~X9>l!Ib4-g)+vEi8CuL%W~Q1;hIebd8C_@6|T9bk+fL zDkLPNL_e+P;4y2q24Y_!mD^OX;Km*oEvU<_`-T#~ zeNt2OhdUKC7nf5!7ZsTCX=%grKikAR;$(@yxZkcaJC={kQ|0=M%&V&ctp<+Y-a0b0 z^4|d&T1S)}i|O^Cj=Lj}H#!qXz00rd#qGz;l0lW;c zjoG_`1PC9=L)l(-o>X80|MX0-J>#gRp}%WifL49^jIRS1~t5V?rxI6L{-2QHB?tX4fe<=vZ=l z>5-`Z4B!i|z3t$s{PjH23r?R~v~jn}D1gXA6!@1vA|;Aa6$|V$Dvn(P6D*K!1xzit zxWkuzH;SW7g578iXCA4`M^`jTCIf5B{hA>9_-j)VoZQLfyh$cOxX@Fk+^!k#TSbLs zYXOy;MXa)c;2T?9?Zj#Wuq|TTs{z@QEAN=2<4C%_pE5+sQbuYl0>lMtNxfB83!1@D z(sP~3CNs$nOK-}#SSNcXL@x7n>+|ip;boH?*W4V}X}-Ekm_wTNj7@>QAP(u@I+HA< zpg+N1UQWBN_n#R1(R+(H0;*Hfk%fq20DV#Z__Pp)IP*!1h;fUzwtdA$`3U;2Ql&;i z6Q2jDy0&Hz{RHG zz0>Ar!UjraTd3?5(v)q$k{@{BcNTLs3MHcbv40wy7#32akFWTgERLpT2-?t&LyFW* zSxFJTDz>6ata{=5$%t_2th>ju-?)_D=$^~Ig>7bBYewKGNo&p4)U?((vWM#F75qU* zOjqXoJ*%*(x!L1c8-Ox+3{D(IPm6Py=hVnU<`2s)_3pVtn&RhY!jf|BSkXr@DKY+? z%^ecUXNpVDKvVtXchw-hZ|sYV?pROeXcI$Jt@J0bwCk3UJVS_^ds#}VO36<9M;f*@ z{nEhDO&=P_A~n*Tn>~SJ+Nr^EeN}a>NBX%HmEdp+^Sy-Uy~%}~7w?P^wtCK!c@&e2 z|AfaY!O^}M7WVsyKVRd`q{wJy-{EGTah9l&Q%dG+FK*S@T{wnGcgkXt9xy%PAt$T( zV#P^Q@DapIHX@90e6`|=QILX{-(9aXNf-#Ha@M0RZfr}oykljcqE=X_bV^?*>h`L? z+Twa^EAX55P?;`#$uaHbYxK*pEYHQaT8nb;3mkKRdymu%nc+NZ$er4y;xN~94og56 z4{bVmE|XYh<<|Kz^nUVHEdhuJ=xU2=M8<8sic{Ud*EM;R6!?PHkDB(*I#+&n5%Di0h?yRWKHT6FN7E@-ND4=xQ zSE~9c%O=M~kLD?!h$XZR-{5yD8MhbS(Tvg0&nH3*nA49LLjW|(E;w4E$tP^fr9Cb% zxDpCtACa=*8Hu?0#;y3tTkK$`pZbqyk-y!FxeMu{5rPw|if{noggRF0oAxV(UC;$T zdNyzU_@16j1EByH<880A!4E;r_er2*+ClU^-(+3kwyW7M8&-O>;8)*BBcnC2CaNB& zsxT}xG{@jY2FmyvG=TtZ|1xY*mCB{~GT;<=PY*o)!nN}y&eQq*1HnrL)6;U{0Q!^b z?{pD_kRH__!u<9K4He`_xx=p4?~Keyd#Gybf<)2l;1RwF-JBsYe|ip5jE2~ch7IGh zBS++qz&wD#JGwh-+j1usl2kOh@J7UppZlo69o}I^QH{_+wBFy|{(2&|lu&=->OH)} z3z3w#XdN6iTkVdnwBalC^Xq4Hq9>&>3H)3uNGyOgj;imQd7R~#K<{1Px~T<_q{(3n zHScNPUVq}$O2ic+c>WoeBQ~#|$kSsHHurL$hR>Z}F>% z%!=vOd{i>5^*NV@c5((1?Lfk_Y;ziS@0=~M=c=We{$&# z^Zb-K=-RPo$VZ$wMg^}PJXlIe2^A$O*AObZbO|L8YL3+os3H~@cqose=g$9{vv06K@0O_)9h1AkN#g7(K4 z0EJ9Hi6*l{*%bC7Go8+6CE1{~!Ab?iX@YpicQV{or|S2|tNLx!-_C9p=eAJ6#m+r- z6@%EL>ZKLu0^z8xkuPtJs|Pxh>y9uY*r2GCo!r*$9WnWa%)rF&uV0|~pA|LqNXGog z%V~v!3>^p1)YpsQq%ycR06!X}W6g>6E+`V>qB-fZBlNJMhJ@Qw`9_oEXg{zzR#{jL zrM{!fo=@XVnJCheZ3c&7Vd;{{daIMtWRFdZRy;q?cC@{=i=t|uoShSiPd&TO_M~0y zdd&(QJrTLjI$Y_3*7piOe2wEz7o8L9Zl>aWzC3Bk8hO!l@DSwAYI9mxZ#RZfVE1Yf zY;_7CXW5zU<2l6>`5URhz&}p&HNGR9Tf_K@Fi@S~SKy32{hg%`^E(JVfELuvZratY zyXA9>ntYSqMQrz-D2HD<1<*ZLVqnGP#{mf@M}9&`I2hi6Vv@ijPqJPng*Gk`KYdB5 zE7P)@PROXrDH(={pYqJ%qF$MdyLRwauP-fbebHN;S!4TtkEMFay9@ezb=tMztZGnP zNC|9OCNhZ(HjW`EdyhRZ56*oG1q)idOx5cve78WPRH#e6F%n4QVGLD29pzEc)9s3t zYpHoCi3VSkTZ~+c2ek8){cSNp{xUt}$jjv(hXy*%AgCx)1TD+6P<3fx!b8Xf;d0Q$ z8pw)NgI~Ch1i>HWzHy}jnD6gkA^lvrh+ANKPEVn&g z4MDg+w(bo37{Lpn86w-CE!R+<@1g-T?4evAlN6bcuAC3HRerq}ZX6OVu!=&Of9*c> z4gsWhmSXab(beHBNSf7X>RSC>$e2iI##bY$TZo2*@BrM7fsc++wJiCo#e_Re*K5h=%=Bm7)sdZ_2Gf3D0LERd zOsFEpUX5LC$*k?-uK{Mr(O@;0!7qC<_8W)$gDtVm63v_Q)9eWfwCIL-P(IdtwqF?p zYx7blK*RLYCqlsrZk>;B-{K);F?>zjJoD9dd@B0(@trCwz^!YO_gcO-o|d<9pYnK- zIKytYVHk3@1rNQFIEu;nYIS_+uf1kaaH?ML{fxu|-(kr?pffeB{W%^zi=|ZS`!G6I zqd71j$cj*FUV*>#1I-0Hy;E0lwmD9#f_kG#WUG-tt$|e(6#W~tUyo$*h-F5r>>W6m z1h(Q{k_Se~y2HXALG_}L@mhW}=a=cIw@h-@tCdn-{5s1J0r<1+jV$*Eh}VwaWM`Z& zrwA8LF7A}Fwuj$X^+hf`tT5Z1;D7J|m zq^}-c&QDh<{cbRx{E64q%hQDP^vkJgpm6}@UukTttL=y$Q@PF<%|dWTo{BQwZ&n%wknYuV z!cD_1jo=fW(^``aSHksEtYbllG%ru);&X{(n~v(`@5mlpQ79R%z*|)dkOi4|na|b% z(Ft%^rPpGtML{pDZY)}tnv%Iy*ETea*iQ$|k{#y8<=4>WH$VL&#s~a;+K(Rj+<3Jc z+BSrKwYG}vIF?>hMqBMUQY$?JvFRTNk{crrA?;2z7jKS!s5d@ugfT<@)&Ma*twaV9 zH@0P+u2ZLPzyohfsXIgI{j-s{v|41W8I9}r00_F?t_w)0L+seo(?49Oy0`+h(9s&` zKV#=!GdE->)jWR05Y{tN+%S~QfOoYiRj7i-o=n(5D(526!($oF3{}T|_EY`6Uq{{Y z2@yCnjH?w}Ved6YNEMRoF;+}m$K3_$P<*5gVX`Ii&FD^Tq^9#pR|*etbLpR>B)%un zsnCSXjTYI}@K;Wj^7VZ=_6tnV?vIR|#RQ`0Zq} ze6=u1i_?BBaQ{(GhMjDH0F>oOks3x9O~MNUYM*&u67cq&e?6MEHX zN+tud)Ylytp4|WVxF+ytvdr6>_YiEN87)PQ#UVpEZ|ypgcEb7!D6djhil3kn4I*q1#Re4SsAqz+@`SfKV8+-EQNP~l-FuH!34S25iuft_osPEi zPqr|iOT0*Kgi0>?W zO9Trs&qhcFN~fEjala>-s2O`IHCUtAGn|kQUbrZ`ZVZ^eXfG{Y%g$^cY8qX)al_@e zmYK*4ajpRe|B>GHL*N?t|H}I6ur`{gU!=uaf;+*BLvaf(#c6>;@e+boaDqD&C=j5y zTPf~NfdT=7Tan;yC3taYZ~A`U{pa3il704>**SA|cjo-g*_m_3%wZEKOL0EA64Z(H zhxP5&yu$-8wZ?(#&Gajbg}Qd@E|?1iB<=>>s>Zvq>w@dtO^2zh#YwXX93Y^A=CQ0; zw=IztwkYxbeM9B%YUYRqbymI7l_U;3c&hLQC(#`JrNsoZ7uNH7c^zujX?4C9HZ~p! zG_J$8K1K%i%J$%#3$N7X#<^P8U~d2-W_=1Ro-a;Z7sMsEMf0rr$`4Oq`2%wCO@4T} z3Vr*QB3oqQO~3Ypwg&zjgsf{9-~~MfU3*1fZ!qC`=9M*$qPq4X5kM&ry;aM`^F9e| zCOorOWGHIFvTog$G;f+fCt=sDU3hN`cHB<{r~!-L!-54$UbZwf&m(qC{E@N1?d2Vq zsFt<-6tIVi+U4aVI{Tf~cMxkbTbYRzB)RNQ^Il${jFSJsP6{2tlIt1bg$d6FgnM&5 zoVg*o$TJO9*Q3*?*J2>v)Rr}`MdFQ|zH_Jc`%icwwo_AXyjYAYEfF>C?yMzJq^PxV zW3!p1mYQYrzyiJF;lW_bB?Y;HaY0tio?8w9xU%D~7Tlp) zCw5%s_opw&Lr7Qbg1cB}grl=JP|lViEyQ#N#lcw7OQu>m)*qti;`Sj$n8pCb&FmL) zb>82emCw*4yaE<&QUn;t68Q{k#;Ap~bcw0xoc$#VhI5-M*87{Rm-4m8iBU!;gYSfn zB8P{y_l(&$02LBpsELYkWPQU8P_+os3&ToQ`BGNqT$x_kG;7OUWz`G&FrWW`H5#)W z0gNH6`j{~$x$AKfTXm9GvwRY}SvO5g2E#EW~Xc^rPZ@>y~ zPGc2>C;#A5mwT2~w>B}AEy!xkepvi_8$+eYN=vy}mh4=k5$o3nTPxMzU+u3akw|_~ zOi;x(LYgWPC|L)=J^bisgugff8{zBsUTHF^tXCOZSZZ*KZQZ@mG0AlSynAfK|94gU z*eeh@8U4b-cAUZz_fDePLz84cBC7)bkr;{sW;jv* zS9iM~uuk{l9|LNVwV@6xa_n{pNOAao&A37k*r1Z6|IX`dRSo}R;(u8Ce;A4c{>%Q4 zAe8tY8|e1XjCDYuMnI=bVDoL$%GDgm^r&riZZ59+%E`um=b^I`SiLhQIve=$%~gJK zXDP;9V?b#6F$XmMj~z0&6I=v@-bD&Kq3z82@aBV1F23Tw-!Ln0|K>MtWtyhU{N2mF zI%(Yg1{M~PI$x;_<-j}Mocvs}azqZ0x80vY$wQ|e~jVFi!E{RvP zt^D%4W^+Pa!cis>I}nWQ7ME5HbX-h|826Tw1Ks-HKRo0>Tn!6jV||7+2tl+V z`!cASW+LM`-)!tw5)P3=>>qt0TuA1MMr3y`-HSuH!1t7(x-gZPZ#d64%HaIPVzo>Q zhao1@E<^mJi=T*$#WoeIN_OsQt#)4z=e_S8!$BrI3;ru*C}@z}6M5CZ+lWyP=&jQ+ z^>%l|{iE}nMX*r-r1$uQbrb8*VX#g6^{ z?+h>0$joXBwe~oT6V({sn3qmoFBvJX@`j=)cUGiC#5wYa{0VVJiUM4~j#CncITc8N zuND(h#0j|cDU+zd-L(lN7HlXCX_@~jPfv!Dun`ZTcR)rc)~g{XlzQ}+~;J4HBb zigTj7{N30@E&gVRKV6$u*NOD8l;>L8a2ZTTtC~Z5R_{?u(U!K@S$l$qB5PNZ&7OdC z*By1CR88*iQH3$u9O6Cw;zm!*Af+1n zeNxUVr+)9(pVCGGD7`cEdYtfX9ZA%JUf6#A+Wh&qU+%ccEFyZ5aQ>!7RNkC*M9qW< zUW;y}G+c#s853W5vb0WVaufrEes+>;pxQ%eqmuhPk|(sKX*CkW)T{*D4<+l{#tnMd zp`x!B8!Fr0X*Bj=BMvXzKeue8|30e9e={HaoF-YsBXU$1|jjjZU;Nk*+S1$cM zY_0~rv+?-Wq2*W5aql}LKei(#VDcMw-i|V|7Lg4U7W9?3)$IzreWYH-OXf~JCHL{C zAVre7xUQ2|_S>8)%dyPRAdYP65MT(f^40O$_@A2%WZ=szd%dxZu_}rD`>rh&Epy>$ zA@-)7lj|`Gid< z+fn!+lUR;k@P-PH3xpd z@&muZGE#)_1^S2>k=8QuN3M;OG+w}NS`RKi?gRyU=P30 z#@MrP95DJCvr4k3IPnqa5y&JM2&yBp!_75Mh?N45PhnmKJpJ;~Yg6eXBycoCAM~b_ zi?I9Ik5x=m+hj+>gNFZwV!uY{`rra(1mF8oKA$1KxqOmo21odM5jhQ`0My+qS&IKt z>4d*(&F1FeG!t@5jInKDt`6ml&C+O)2mV6wR)lpFvo5=CQ_+kzE}}I4=t*(WZI4s8Um6-Pe5&70Sm7o6gWU0TTjYIgWZ_E9|v0WO-}?*L?# z=M&oNoaUKPFNb0KB8n$-KWmAVYKOnL3&&1*N`hWkm3W3U_UdS8;`MQfQ4$wwFlLaV zkh2r+sc+z@!{}$uyNAjj$Tw?6KELhGJ_X0z-ExAgI7!@0AA`aUsi05as$5kSG#yOLS& z7rpaC<#6iJFNRNzn^8A6-Xa?FlWx8Nf5Lunun0%Pfnym0<0(6)2gWkE?p(GfTKAw2Kq17%xO74pl%xcefujF?Z zNN778lxSIs@f7d)q5Ltn&f&UcOr~ z890~V*)R2CvQNjIU~^G3*o5oj0|wN+QF9c6$P@*@8k?&Ce*A|?rg%&-$PC;)| zG(<;3d3aW%?HyI1YW2cXC>M3wmw=qs5GM6>n$FC2wRyo1oL$w8=BmOY)7^=@X<#m? zTf_HyO!q%0l}O%8qzk7kNG|m=Akq zA8fn%DR6lBN7dm|n&>!l+mTA#%)qafMt)6gCaVw%6tHi2=qibRZ(WJ}E25lA(X#>F zJ;aN)2#uPUlO(v*cfatms(aQivALLhq5L8emGEt2ugwy1gmT5|F*%zLMtmavbr>Xq zlVA9dr}nB27n#t1{f=e5@#quKvkDWm@H~rJ=ecM!@O?Fxl*RMvLlHaU7{lw#SSAb! zsy`jKRV1LC zrKw^=ro5g$DU+Dp-5C;bNspE-;Pt-!yv}x3K>`|blsdojboAd$wdjWV_W@3QQ)cTc z=LHvK#*i*&e;OxuYBn!uA&7;{?MBhJp7*Cgf6t$$=~~1k4byGgOV;T|rSRmjXi#Xx z$L=Mb6-t^6Unl72FG<*WBN~Q&Qmhc)6_LN@{eh3}u6T?3(4|<-ETBx(b8)svWfCPl#zFxE4z>Mp1UbCj1l3lSHa0&Z*E04qI}|1|eJ8rXqrczoWTAs7I3 zqZ8P75VrO3gmsVqfmH9~;P@aQBMXC_L8i(MK|jNg%;%xXPB!@3P`s=S!U^O}YR^k1 zB^j;k2Y~M~fu~+reZ_l=3e$h~k&~Wcq}~A3z;9Wu8`QunN0A92O%=$i13m}bcIA`f zF5iCF0Xa7wZAu>ghdn))O)J5IqsES~+%%oH2e?LObxcDtioRFCBam!sl)a-U)Q_uT zyMhZv{G*$y2{C?bPc`ex{?7xMF=v&T<>F;GEK(qWNx8 zyShBOUGSSoQMTs=zo+y9DiW6l#J~uM24<{R8jQ{mK?n4j3FAyb*`J!~Rb4-8YuO{m zi7NKOfi}UiKE%2MZl)pen~&HRA;U0{R-dXS9=z{c!uW#;wupOh7J8lBemqiFFyO&7 zpw}bzO$N+-*L$bPL%TUNbdG$=WYSCf*?2>E7+yv{F&me1@iMGTP|Kj4_OMXNAr~BE zvMZ`S>t*qiyXgsd_qC{1sgA`pH?W*G;Y%M)_yVTk?;e2QXq3#2y7bE%-8DSWmwk61 zyO?=h0gSp~mr@ct#P2%!V}xdUT2o7H1?dwP`3HUSnN`K*?(<7 zT00RIF{xU4Ucr!WFzu5G%!qsSh^xKo=e?R9SECj-n_HP?+pjO~7IopYbwjR{$#cIy zAL%81R(x5ISsP_-`EoNDC{w$c_NV8IDpBbRJu}u9y_{eK?URQ-_m8St{camC^q4pY zKesl-(~?1_!|Z*YB2Ramqw269GZIAs%g_s~Tk`DNEVj2_$b?yiZWL5C?eJtMT9IZa z1TpoT*i$}v9kZZb4&)iknEqMTK}Nf5Bjuzq7e(q<{nafRi(h4z1|6YWG!z!hj%KMgZ8}QpH{axj+gS#E;INT%;5?Y7 z3lRN2*R65KHKWvNn&XOYkyxM;-Kn)wVW+TvJv9aM6WXe-4arY34&D zGW>4-_`_d0_Z?c$z8X8L*8ERq3c8>KE(w(suA+lyH2x!vcvJ^RipT8mzOk1_O*}vT z*R~}htQNi`{$YQA^LqUvZ^u5c_1^sPf2^^82JUo%e;*>?RH5Jq_nUDLjUPT*6sPe* zsqa3~sQhHaF*pu-;0ppSBWuY#EF%JVT90J?T&}BSZd1pb^x7ZR6p#r+f`bK*6M$4i zwjZf-7gUxMDD!PrHOXUF5&lIp>5!(GX#Z>Jlxixi~x@W0FN%?ow_YmN5)`p7<&7J?19fwOzj?w(4>@X zq{0Vi0`ix**bkFEanMG$<%vJ_tY^^EV4$7XcofiG;VcWH_~&%P97rbl^9SZJ)-kVC z86>0X_k_poF=F$+`uC5&UdCj?*AUwa2k(tV3v#LDQQIg;de-kYJNlR1=;z0Aqyz&w(s z1gy(fQAg)kXW2RDu=ZR{k5<=P{hGa!}3s-jp`u=vfOR7(V^ibC##cex7fVV~C zZj~257s>q9TyRfk*`Q?5-czi(_JCiz+w$ksPOf3k?71o7Ts@)MSkef7PHQJYOJ zL$Bpxt>L_r&iWSQCnk8i#Am6znIwTjWx+lfwhy~_mB@MUp3$gsqv2=4SgaKqyA|VIxciU*X_wG5#$&`XVP0CoUHF2{w~;I-#otNlAMQ4Z8Q<1YE$g zrYR%*X!VvRt#K7^^!>I*U^NCp7v3kd;E2cxfQ}&anzB;i)2+rdNE=D=jZB0q>m3AF zafzKDjU6Mm-}ZgK?8Y};u!AaWUq&g};liyEADYL$GRMiwXPl*`6y|Ke-pYNSUIg7* zO@of`1Y}!}9BpPr+I>_*f%60X)0!h51I8LTJ(K&GJ~V57xJSg7>}Q>knY9oy)mH7} zgi;H%dM_Q_u%i39V%MKxdI*+0P@e38O`Y^8Wj@zgL{^*Wlx#)jOne?Js(RUCl{W}` z?8GfypGpIS-fKNZVos?-2gIODX2f4UOs4ir4-ZlqUgc?vGn&C+pq`)9xV<_TFycWK z=|%4>HpxC$yyssEfxXD!9FmTPqMS%e6sQ1|M_Vfz3XG0zQDPfJ(3HE&o{NsKTygb3 z8|V3bi?OMn2vkPAgIS^YfC8~|VL*_D84@vE2!}DEwLqDgP0-xe+@y$(&dvAuZp%W! zr8~a_Hx|K*CPL!7O{L>iA|i@9(3YA+9l}PRxm15aUjN2~ilB(0lwV!eQL%H!J^i=^Jg+;f8(@9n0HU+P@yd~ZYRvV z$F5J?MwLy*tT?9Br_C%KFk0fN55|4-K78Qsx?0$!=3R{&lWeM9T@3;{R%bbYwyNAi&33= z?ENsOL}2d3whJOr{ZjhL&&K)gm(Qzm0`nben?i?x9rmJe0M*qCoytx787Ywe`-5#} z_HdofInIM3&33zQgfglt#V>rh4%)vnlc^?rc$)A1m*3>VY`3duH^K&Ydbf{&|83Eo zY;CBF>ae>%^rQ?G(bY=j_u84Hu`y+N^+RmuffTexsp5ThXQLN&c*cVIc)?OvUvvjY zh4)m#>iaq+kGjp;AeMJei@LrCTi#0H@~2Yw11|KSC5x<3xl19afWIgTnas)w$lSff z7j=G4-9i8|8SS(!zHxxs-*k38&NXktc1j7jjfjPZz4PN6-r5~D_4KGwwM7IR<V(R z^S2{+5&idRPm098MRrB3Q})LSEli3oHJCZ5KKOCP_P`!^OSs7O@wgumZ?NOnbMjV> z3^R?gIt=a++_4Q(jd2bS@Qr9|;41)P@>@2N$?S)Wnnso#jG@|7Es!3L!F{}pq$Y}a z1fA?xiiY^dgE8t&KQYzP9o0iWC^4;HFpIDsdVH*K40xO3=4h3WQg0eLme}c%i|p=o zPxQeBx~$QBsn1$B35I39`>tFQTw^Hrp^0Q_@luS?tbDF4Ot|G$_aVHELQmv2G0AU+ z*I~`JR4Ffr=)C21saQhQHc|Oue)j-|2EQe4`{#0Q4J=nBcQHIy(s;F^^Ce}( zxoX*^5Q9)@)+r7c-GUW4c4tocMsd?_H}2&lA*MzW^H~3y0xuRXg^q zaK|H=;-i(tm?7!MJhdLIlf>I^@QN(siXSJMEnJp9$}wgLeK-EmGB?JB1EfXwJu|Iy zu#}VYRUF+Fza7}BjRYjNjk`w*%~}H%t|*um7=n7157-Hp(H6);V;hN*2rdJ`9N`n7 zz9=3@xvnIeJhrJjnV{;*l-${_!3XiB8_-Z5RO5#Ul5VIYctjzH$I=6%22KweIcmcUAh-n>9_#~&r z24#7hfvjaF;*uJB+6xr1%v)D3{#BB(fRaE#5cq@&^xT`$Ko?Psc#ZU$LNgLgLi%qm zTD8ixbw4L>t2f0Kw|Q!@^JB_0p@cO`VFqs9&j)<1F~$=DpVEW^|KxQfIE+W_-?Lm@2!!3n{k!y-c zOGJD7c225viuX|$kR+sGB|%@0=10)&ykJ%PnjX6VC;o?KU89Q@HCNJb34F7*_S)~s z4Iut2>Ld7ZDGWG*3%U}_Bqy^Qhd>$wZGKU7g%9$LQ75Qi!#Z0l&cS8pxH&kfJs%- zNJ+b~I+P{uOAe9MtngyCVzm?EBn6~A4k$i#i>&&?Ifc~AHe8!#l3eUpS2)Pv9ktIJ z!j1*Pw_43=?vwbFjI6Rx)_(N?p;u*EyXxY+oFFkawTGusrr-!kC+cU%SBMy(*4uA} zx9Su=%`k)ap*+zbY;>IM_YEaKYtHkkGP6T&W-24490>~_u#Lxy8yQ;NpI#m@utI#7 zU7n{?lK^-8JWF&=;P=YCU`NUKrUC7Ne8)>lo)Okm2hEA~Y3H9vItaA|paRSKQ1@h~ zFY;FGPQMBkr{DW~`fQ6n{0yM`7*VhIgi3A>EVvQ!Hu^=nc#PuKc;r8TtKa;pUWczM zZt%mhu;8d2-@qvrBgFORdd1X0U=y6h@$@Y|sKOhr7DMhcjO=zlo)>hpd!bc0O805P zMa>#z*>;8gi=*Ucm*n;yUZP1xp{bUkyhwd|&|(l>g8~}Eh87{FcDRV&Jb{dS5L~pu z^8f!JxaeGT_P_Kq)fQnb)OK%s!uID?l|SO4v5;ykdnM6E=GeaRm#1_)WeOpm%Zhnn z_J~i``{tHf6e&XG;e6>g%HzJ6Oi79`muk2fn(X*ba)ko@FkTxEKF#TSX0}#l^8W1p zW_jWk8BBDX0@OVKKFRtYbc2|#^-oJQW370@4F=j=`j~Cd#(J7tETs! z4D-GQxBHA@fWm%mN5X;ei2d)k3as^;OwO68yz@`_o5xNkvL?S%BZwIPQ06lR*fsuz zzVmyyio+2NxQVMzjH)fn1(q6|F=x?5P*lpV)(XS`IUZ1Zeq2y`YXzhA4FZL5jGmO* zce2B$dc2rS&m_1Ua18m?T~D73(TcO9+KNgrf{h(DPZg6isfSZqIS9`>GoL7zhG)@j zE=?7%{D4u*ex+_sf4m>Q?jlGPMDdf)f%7Cop5;1Y)3!)!uK(91{QxobCgo4b0UfvB zz$c}q5cEi-rt)F42wbU2U%i*Thr=1aqli}@hS5=F?Hb0k!u-4tSVaA>{Kl!#ZS4Jd z%Z@_jU99rth^*D?lIr=XV_M)QCCHM$lwe77P5Q(O&Vfd>b1qoKH4=iP-)tI{+x}wF znPlNcv{j4kA%u12s%OyZfX8MxXZddMIdVsqxsh%3rzQAp#siP+|$#6G|XZ%i!T@82sdH@KOv zVt`N-9@m=N{0!*2V6>O-Z1&c{ywXB{DcJ6Sx zQ#dBJFnq0>;f#L{OKWfEnT?bp8KL-kAIr#qz_3eq`?@~94z=j3{6n#pQI|wpsJ+-H z+RT95IK60@?}sd)-<@FAYMi;b?eZPoA2eMg!-;Z*cSJe&vP)GT+5^k3-ro}OcnLtW z#$no|NfBYg{XlV@X*$ZjoHh^tM!jqxeJZ~~cMg!G(3+Om5~m&#x|sqFsbigB`DQCC z$txuYVzCak#bVc~4c#>3LW&^4Erb$-zFE7L%VwFtPbLH3TOwM~@hgwfFL7mW>7kev z)Cu&;?*n2JF|2vA7H_~ZO_tVeTyP-~K#-WF5iGjsd=uu0P^mKe3j@un_Z(YU(z|}Y zz%w{}YuZuR2XlC~PmMb#DXD2;#GB;0)UrjewImdI>Mrl15B+M1OeTHO<}JJFf*+uF zJiz0&AJk<$FIZZkGv?66#3rz`61tv7rnJFOK_2oEO8xHHrpcED)JYUsLZ?;%4{GA} zQ-_J_UbzmRG=GKXNTLrSw2|Y7lHD&L*znjAwbuo>;-i0Uw*_!fE$sJ4{9t}w=|Slc zu?WYGeD`-@*4P9UDS`Pl_WT!6$eX%Hk+$DiN02*|k&(|W32275s7UOwIg45_F=C$&C3}7g4bWK|LB!A`P z7j#@#1ViJEQ)wGlHJ#&vfRTePz1V;ra2g1P{rZ;(FNSk)U)l z>$eVT$J9mZqx28P1JD375>RtLQZ;e5zV3$1gfS9VrG>u^yTgLf&-FJ-X(lmy zXnt}#v0(6biT%8rQB}l8Siqvk_%-*BvPu+bj40;JsogRUKu)Y+!G(7DT30W_{9xp~ANe%~K zd%vE|c=|0v(DZqmbg<&pRON90TKNv8{|*E4b1^Mwd4*jUEIZGXeLOPng(V0%MTr1z zUfw%)(%;b4WJZ*7`llzK{CHmJR~7B=08KhGheWK1$I$s*j1KEOfNJjDolnw6@z`Z7 zRb>S{Qh>)Z1pA4O2pD8|J;23V@CV&bRg@$s-|B{n1H&p%io^h~`!QtS;L z-ziUOfi*JnJf5EPv9>J=Qkx9Gxw&nKx#dS{1gAZd_ro?2l;uynAN%JLY5n$$2AZr2 z(1y7Gl8l_FHlFVO%7Jo@EF8!IMg~F>hsa-!-peFo+5RxBJUUb90W=!%SFc~q{7TT! zsXUz4NtU~8U$#VuDeABFp`5$<^qb!bjsHklKnU;;7m^aF7V1%+TjF8k5U6+6DhNCu zj*g!h)zt9IVW+ilAj`Mmlu+wt%N6wF?xtCWa4taUc-JKzZ6j@*rdERhkON-ySb@cNUBsyu2NJ4|K@j{u?0|bS8o8o5YQXx!skNJ(JBZIn zB8z$UYU8bhEJd4H$BLl#e6ScfvF$iGBI30nW+4lJSxdu@^yRN2w)p+HakZL)Oy4u6 zk5^!*mt}&Nu}c?yr?djxPMToDoS@@X-k~8)A3=97V6^`g;&Hru0VM#{go`p_q`%j{ z4spd@T1>dKnq>(9=J%eOl4X65pe4W)t$BL#HO@I^E==*S~(Q z4aHB)K1D+x^dI=4u`CQ9f(T3kqVhxjA>xM|;2ob4!9cDtucykTso>2Ql;!vQ`|>Nh z`9Qt(*z?60jP=ipjpwmoV_ah&raoa((P*+Jbf zEc+er&UY#t0Xv)RdBehKL5~z((t}#)G#cr$ppBmfV*8P&AHKeK2cZU{P_-B_`=lUx z4e0b<@Ph8sA+V2V5aQ2ge@`72sAc9sWTAaxpXk0i1d-NfMI$_swQtlfM+rSBYEJC>_J!!D^9qN|HD=}T#n5xJBQDF{D{O(Bf00CtITgvFmHCQ z_)OBreh7!-5=uvU~k-$=E@IFrj*qGtqK=@~r0U zgG-LR)g`s1{k+~(hc-kARXwC;SiI-LzOC(rk90kWsmqvJ+BtjQaZp4#y^k|Ph=^AW zOK9=>Oq7!R>oSPg-bUI6m-U%G$a$Z=5f3=agrTNc3xTmJ|B79? zl#^yRtxBsSodiV4unavMP^8eU?sh+pikC^pYqX?Gzv&EP?j7Ua4uyolWvhZ~;6FF7 z-us)ql#t$IHb`SXWp4??pW(X$dNnY7q8)*KNUMSwB)SB2(}N;(L~Ze3Nzw~2o_9rI zVrw1>5Slud&u~}ovP{VJz z2d|K(+8#3u6Ro;YE8MLs-8~y>i0wyQmtc!-fVwI_|F^jOVp<0zF9bKyycgih(7Kx; zcHn7mCv!SK!9es3&Y3RVx{g4dgg5@Qjti%gkjgjsV=1uWbYgbN4nK~p#SZ#x>%}h! zQkJxNHx1WA2m1jV!2N~*kWWi$de3Xlxzd0v>3M?@H#|tppauNr1E}~>TKxfE`rWm< zGiuP5Rfj2|$*+GeM+4d=G^4v`hB&5nz*spFkW{;YL7&FZfN zxySzJE2u=i`Qg^M%Jg!h!#jVRLC=<~$>dD6Y z%AuE$0Zfi;0sCovCtf=mXTHdsxZM3oovW)C>#3%lybemWGUE}sJcxNV?;9I034I5D zAkSv7Jcs|BWYAkhY}da1;GlIUYNPB#)7JyH5HF+ert`Hb_%Lq6FYj#0wq*J!x+Y!y z!F^}2$*Sx-INrq*=xE@{pc|Z^pLd?_cR2H0WjJ9*d*FAMRFf7ehw{P*#_9m=xLbN3 zFXNV`o$6{*a*MRg%tEJ}zoc}V=^Y^xak}w0V6W<_TPe~sVm6DXc-KX>ta{R1zpvQ; z2FR_j;hmdKd;j?nIG>Xf$Ou}vBj-`?TdS~zB=6^8i4*#FX47SDOh$hX2Tr-cgKU(b zW|RIuz@F)CjV`IT#>Li%oVYg$uI}#xOij;6e?AI7VJeHPVKqc@hOvVz*2FXIa1}|Q zSpcqi5_^q5c|#fG7FjtTmI{0??*B&CDv^|au)D7NG0YwT{O$O0BCr0SezQ$;*Hz|) zKC-^$ih-}C#u7J#zG_%|rPaMin`+@@JsS!7G~{7?qc@ z&Z7wyhSQGogF2Fy#UtUY{5OQBd#Jm9AC zvx(=wUzq1avFEP_?O;prJNSg)+&-=del@v7qQ_%?SHSe~mv~U-rve;ypUg1)(0dAj z&aiLs8)u*X{C}Rfl zPH*FDj1HCv@jVY_TUF+%&VYs6TTvJzDmCWwf$Mm-Zq25t^w&G8)3jWpubf7iKt%M; z&b#3^wX8hTY7k1W6~-pB@NXqm&LoxcFc%S;p2p1<5fOgg0v+(i;3F5!N9z%%{b|GJ zY}5Ag(ZEOY#wD97yArjFeo+>|?uQ+E?IDCQSDwm*emo*LC%A)e74Y0~$Whk<_h@^5 zP%a9Xu>0xb2*6!c^^YAL7`O8WfKWHiX2`?EU<7MrwB?8l8qaBmFKnd|LFs;FXKUsJ z5ggVF1HLUZxPjq@`>F?>l@aH?sT2a)kJRBZYFs7v$<_vpfmbqD+e3hf=OGg$CZRx4 z73DG#Zs^+(igGJTv`%EL;Sx>Wu8dUpbjNZ!_4MH!XK82raxAYgis>o5R3%NH2V38n zoG99$EhN>D_-m?VX&zXm!xN4&T?_u%Yc&%!&uT=O# z^c0AFPN=T2?`>_x=a;`ags3b?9NV-BgX-&x&bP9i*!AH8B}C6`$g}xx!dCYR&B#bh zC=@1dqO03hhA&i7kM@ej_>5B5J#)qtSk3x5GE~Wd zMFwGC6{_Vv-hm;%{E9C2yJ`*geVC@OI`k`FMBG{#K)FPZ>{077Ow1Njo#OBJv~?t|GmJL;{`#28FVw^aZE-O|F&ISpf})qKvcc$EMXcJ*qlIy&Rw@ z543|v6O>YpDft=i9byDiA<7FeJwTss(neLsTE0t2?eZbJug(XdK}WPhijFX!BnGPU zE?=^WfcO|#;*Pu`565^>$9w7^mMAEM4{Z@6$FLS>wr?Ep3PPn@>!zt`(h26l zyCnd|g%2BD#RM{bh*oQu)1;7m=-}|LHluA~6lc#pW{_oF9WT=(YnB`#R#J#6nUME& z!N^EB?iaYU4DKaFQ_lXw5)&X;?+5dLb sPD=W}$7wkm#N!*^q%WxJ)!(><9|~9#u!LWuH@U}9SJ6?fQnU>DKec!Fp8x;= literal 29554 zcmZsCWmH_jvMz4HT?Th|7@Xkl?(R0YyUXANcZcBa?m-eDxC|N~B)EsiIrq=IYu){) z_o~&stE;N}+f`lFacU~EXeh)eP*6~4@^VrdP*89{C@5$VB-jtix)4E~5p#zMBq~zS(90w;CCnqN*6;;F622ub31_ow&dKw84VPaxJx%L$Z zUF9-_{6A%z^@ea$%$`ThB zi;9Y>udnax>t$tS<>uys@?Ea1tSl=l>+bG0Gc%*7r%g^y*3;9|*47pk6+=VEk(ZZ` zi;GiIQYtJgw6?Ym2ncX@cXxGleSd%V^71k=GHP#ccQlmt_4N%74z{zi)6mdRs=Q~Q zXJ~G2mXwqXvlf(*k;&isS6ouOzE)*vX{oBJ%FD;6G+L`rdg%QJJVV69okVqqIC#lp`oxGLL zY_#icD@BC?JT4aE+I%cL4C3Jf={8zX;oP;gk!FtWQIQUy3>8v((*6B?R$gIYH6E`N zIp3;5!+^xRTz}D^_Mjl^Cck>q807)W-m>!0(6$9{Z&OQ4HCYn}A!WUk>Erm}UGv!d zaQTqRAolk8DwiyEr<97UEU&4qKzVLCHSkETQ(8~4bBLKPFB9irDZWZvN1U%lef;N4 z5a+zZjJA+gpq`(LDfwPMI&tJest#D)DL_huqS~N>Cg)FkzP_upGl_kvZ+t45VM18~ zF?re%v3pyVtGlJVxrLCqnY55e&P+jPXX|8vOIVm)WFmWle=QW08@IgFXD#22i@Z&j z4LLwe2ph_{p)}t2_&Fw0TW5nc?>MxPj8XBi&v4Rs6wZ5NC|*4pFfgQjj&3|Nrxbl;8t) zQ}$id<^mek`v+zr&a2$Up!@OW>$S=cHpn_uja<;%cW4Ht;55b~Qw`^>bR)dUS=ZLO z^L5iNOj#u$q&`hyaBTwSdJpHzpJwDgJS)Jt-y>rItYDBpFijl|v1=c~*Gx$zBOaV}=mUyO@v# z3Oqi)+(Bmn^Ck8Q%|z}=)yoMbtj=Mb>y!>seBm%sebI`qnX^v8l&2zfaSyFysp;I9 z(6#cO1?|iY7qfrg)29kNUxg{@5+GfymkJf zMt0jMJkZtxVuuNUq-~oW{R9p}-5+tNNAsuWxR~_A@(IsXuo2+ACIwxMw&G7*nLKf* zG?N5?c^I+Dc~40-$P{25j#oc`BL3Sj6)1t4myX;R!|1P0r*IOUOz$^-$*f>ng(DeT z_SF^-nn!`89FrPZx`tmG`JGZ)qr$p(=7$v~zB3)TEHAHa{qD}`{%A8P@$Gk$JzflW zG9M!}0L3R{rjmHEkjon;!{|64!fJUTa(q}h=l9L3b{uuDvu1aLl=HYSuIN`56rA&o zU>7LH4==cv8{kidfeZrp^-YG3W>Y`Q8b5YX$Akgrc^*#vz8;PJOdDORW9HbyC`fn-~@5FreVvmvn|vC=5E!=VLG24>(jNc{rV*w z7z;1XvTzX%dX(z$B<45`h*Or6#p^vJZtsPe_GeD(Ab;x%cV*0IxmJOk(%13XA_*Gf zrLW;U8Pm3+7bL{m-N1SK&&Z3X#nnGdqHUh^G_Tv5zkJVxZck|D(thL}Dg8Efb$9md z?&8_q8?QINKQy%EN6%zSj8jn&m_sCT^k2Qd6V&8vh}l~MxAVUl&jbEd_NkLIC1!G> zQQ;M9SLhS|L9em7Hg0(HLB1+$60hT+<&fZ(c zH<`bnwM~bxH~aCN_)rU@YcfTpzUE(eg+Ga(Y~w6d4HcB{J>@zZ?2Xa#1qefamIuJtktv0x_A*<8~?q+ zR>43MSZe11+Vl6malZfZ?8O&3bQg-siB7a=jz@`3_N(Q=Z3`jPW0fEEr=gLD);iQ4 z8W(Tw^?qn)ZQmzY(gsIDUYqHP_<9e>&@!wr0mz%eg*A(*nfoVl7SqKt$3LsRSP1s! zpZ%;`Q5YV9lx$7c*EznQ1MJ{r@~8bD^dW6MURh(t%L16FQ@&($)_aKnZLdO3Wi5HC zREiT=cQ}=-LxM3ZgbJXNP%1;3M1<9=8)6Mlpp!*zq^DJn(le)cyd;~plqWK;?w`7a zizj5VhqcR1Ku{x6B!{3Pgu*%Xm-6m zHW0KgMB2Kph?MWMPll-Y2?RjM!^mW`Y+O;Do7Bghqz|d)p3=&@gJ}L;#jYEPLDtX! zw9F4?3c<**z4`}Zc7h0HW6Q?i);9-#8pa6lU{7MiQq$W~z!6zY>n2mViPw9ggxXL^ z2Qu9R##sH2G_gYtm~I*diJmYZqvhOk)Ephd$n5c62vTV(5P!&_o0wzaVyU6DtsD6I zRgGyZ)#2)qP{aY#kZ(yCW631ZaX5rpenpxGQ#QtchGjzw!2X`Qy|vZn=W+M*LLq91 z6#C5XV`q^iH+4cKYRa6m`1yQkoxTtCLFIx!aXq0PBS93S-E^PT?3nJ625~?Yp6Cji zV3gHh#>^-oNtEbQ>loq5wrQmb)1dR>FG`0NBFHk=(I66*tNo#-))$0vJOi@i%_Yq%^03Xzq2*X=Vc3d3cJ{K{yOV z1>~N~bCev)5e>yi@&x0{MV)Zci|W?9DqOV6JggTK-?k&2*4@wkhVC@=;(rC%Gd}4W-wK> zQHyF%|LCIv@-cq(px4X5*3`@pWN*&s2IlhAS=s61J2Rl)J)fPm`1*O>;iUyltigo= z+xC)1%@bk%TK)17E8K-P8nfsxiuKVS$g@l|SW{euT&)XGM*WfWmj`l`VzN~J{eWF?&Pg09_t`ZMSy%W zRftk#g)f?O5ex;7ipSNiWP?Pm-9{E0+f&JQX|a|0@TcalKPj=wrU; z?I*Kc%D5OJdaQpTunsWL$WKb?$fcB4jMX;Kv8^a^&Qw;6+dGG)iGuy&+9M%)3yWyL;be;OX7O9&7(D#Jy6=I3hS*|J5eG35 zX;+b`r6&)t!a9KM?`1Ozh>m$*_Z60c#+n4a3IFqO=VifG?kkeQeiw>s!4erHH&+}W z?fvv$muMHf{l9#o|Lt*;;RnKu;RpZc0Gtd_@<(vS0P7=m#sCom!(+%3 zu`U1}9^MakSY1u+@4F_P?B~y)vHnA%{}1V}HSplYonZKC+}D5t;~ic$G4O)(5<-sY z@)ufgG=y%u?F+fr*S729PKk5LnWs-VjhP{)mn!8oFS&0b_>^4ks^9q4;3hjqmz&Fs zOeqk5PGEH;h}5~_1E2HV5 za*8Dxde|qVssA3Fkefp{xmq{uNkCN?s&XOqQ$tcg(0cnT<$fHFYst7*E@OafLr7hP z7rZq8pKpz$B;()NDygDJ(@g6hGD#?}pv_1qyAxu4NmxZOA?;Z#<*ZZNp*UAoccZrX zTHkuveH<7mG?7dtfuY8oR{hKJ20;om6LR{}W4-0*@FUQ3a)kz)C@AdO#B+DVqM4n<}s-sx>0Ch+@ViUtqG8SS`*T5|*NF9;~-`HDwFP26_w*9@4eGgPS9nS>&HG$|h zjbtr6|HV?9dCG3w`}pTs{BK43Q3+Tg710{@R@2aNlE+ExZK6@> zG7f*%?p)iSd45TG0TzlDU!en065;bzY$;iUJq3e^_eG9~lQ%4LN0SpgxcCc6&U=RQ z1G`gjh})^bnTxu2D~Q&TQwD-BOUTVU3`Hphoc`l*>0{mFq;&42*<+uF3HOY z-^HrhE;V@MUz?nLGywf&HK^2&!c+TTDs+P$yXdyK&2j%V+%otrHe(Zt-13+zX4;r4 zh^%^VZ(kvZJjHpQjHU#hr6`~1=i$M&X3J;TNlxTS061;W*JRReI+TDiXZH-sz(YDc zP53yYn$*qbUj$iZ?l~+)fk|kN8z83AU2dsdv^abe66U>JYBNwR1zFwX^{n~4J(iL- zZzu1}xE`c5&osC$lpxQ8&WjEJ0TNg%ORbL7CAQB;vpvmu=>$YM@ z=>l8N1ED+&BXr6wAO217Yp#ds<+6r2|JnARPu*L0%W<`$Gz|E+sB0O#_~tkm-5oNL zdwvbiK)$^*aVzMo5(fa0+KUv`_6+{~wP9xeo*8u@>H)C;s{Vh)Ml!1a?Bk=_yUVhmr6>h*!MJH}`HsGAJ&Cjb_i?xKnAy+zE z!UEjTcjJ*L?P=XDwE?F>Qqu?4tHNV@W>PYC7LsVOEAt;eJ(pjQ_RcTWK1nSdoBgwQ zLzRN%jIQc$6sAIsA%~_zG(igb9?HvV4I?X6zT<;@o?h$saCB^QPZaZ0Ieb(xOUSFV z)^@l#07zdgDdN9OJ=9LpCZ2e9uomhFQ-aYK?aGUeRviRG0m|!e3m(S$K(mQh2dE@y zAgq5FUg71pDVR3p=|j1l!6oM6)UWE~*oNpa@@^C)u~alSy2+|MOEb$OVEr+}PwIcD zv=t*HF`{6(wSnkh1o-J)t08wb6YGSk?j^c`?cb-eT#9?f)(ojT3uxmQ32ZMJ|FL6T zMY~9Fn*tNi$&4;E6lN^D_BPHvFE<4MH<^SA=uR;l7|G}PON9B90?_@~)txPE{N<>>y7-ZL%e-zFRf1EW)y=y2}szc}id+%7Kq)gR+@h zk{^7wX|n@?S=r z$~K`UKH!&lB$*cpdmEYhU%P(z$@uC@WC!XG1(mHFnm9`yA4D#whQn%wm}rv9Z2KJs zua?@V@LqK7ZS%D+()6wu>-#BeFRL*X98c&R$>cRUYPvsvsLTB=;A_r{qrMM_!xUb2 zN{E#0FUy=wYaFj~?lobK{hX!dXHwd(OHyCufSRy*JD(8|6*DYVOXQ?0bw(roEFvc}yn}** z?Xee?-UR)P3Z*;FMsAE?`bc3s7nn;S9T_T}tD!j@X4*C$i}PzE z*v)7WW+){#z^hF_-7}|sEnpU{?>fLq8b>th6x+{*pSQf6R=GbC*E#Q1yhJsp-}2|+ zN>5^}?~B_23b>Gh3r;DGqCERF=%`Q;S8&?Uo-RVNSk+(HlaknkOwL0{|ttpa+dB_mQ*EoLtTo(M4g>9j$Md~bgsj0K4LKXAFglj5TN z$rcmP83I)ivFH2MZpaS$xS0qOHDiKIK3>>20# zL_3_38(p}e!_O+NK>k#(ga**p{bN($3V2;;Q&8@cbXn50=1~L|t1@JQ@g;gyH-4zp z9`Am6SxzG_G1_!g(>BezC1pRG0$HBj=>*wr^de{_X@2|)?E)M<@yWqDEKn|)WztK=X5dP-E#b`q} z*@yadW=<@z^rU@WvgbrhqXDXI>o|=OYD0Cd<4r=XHSL(V)$7AH5e}Jz#rVGFH5nA| znO?7rkl8-Me8o3q2AZrt%5cDTuH2WV!O7-HV{r4qk!05Wd_Zi4G^%3w)N9th8nHI? z^8h;%GdVG{ISxwlf+j$^$b!1s7x0tty@ua>ia@tQKA8}o8$8^6M>o5%HSHDg-jTHh z8X!k3c{CJB$>i8R%Smptm_FifCdF>_g{7*C)d1_92{mM?MZ+Xyn7U2BJxf0a4Z=B|6&e7Re%{^+XvPu99u(|_rPX;LZk0MP`7>s_H=V>X`sL}lIlpD@3rPX-S~ zZyAS%6b|6kYpjRbfkhI}E$s*?qhp$mZs!&n%|=asC+||=50VPqbEn|SrU6qg1NoTA zo2)oh_i~L){(0k`%d6WSv#cdPXi1r?(_?+(pKQXSU0za8WMBgfGi?ZCqFRXD6s%>( znHwdTqt$iwlS~4{3L=m=*BD27*${YGIhJ};e^nwPj7LewJdHMg!BPws6KrnZ@-n1( zM*{)uJ_EFl)|;Z*wgbdg)zWg8P<9~6Mq|hpmKSZB@+tK8p#6L zuHNW(oG5ye2>% zpVlzq;>#LkBYlif;a+swo|HFEJ|*1MiQFqIfnE{zDhXu0Ss|f)Xw{zPj&^EO%GYG| zX)^Ij`JciAk<=yIFcP&ZwZz?1B@m%zxp6}ZfpDKYJ@_9-8+1$X8 z{p;%}w-xxo+UGa?xqR44x+`#z03%D2Y zJQy)T*y9CJc(Q#&qc#%rLiHg}55iqG@`-)dFv%0nmN_F6cJR}BG5!T?G-BHjN;GUP zKGNSGzs8I4PxX;u3VsYN)>kT7_N3|Kf*hx_0qFWF@ZL)<}}zTIqbrLLx^zT6`vrsb0CN)(HGBHUB)FtEpdTpM z9=9(}kC}Z+LMHP^&CSeC4#uW^&&@V@=PN$q9x5toGHYoF0|zG$oZaXvA&!?$+dSuG z!P^EzK^(T+fuQ>wN=u7UDJt)}mX<^8U#yp0Ky_IMra6903|-rR8{EdNn;FcrqmM<9 zuVsPcXqf%BJ}fh{ct zsc{D0SknR=n3LTF_-P4HxQrQ{q!?4bp7rh7pmzFYRKRV3oWj(UPR)`H_b8(W>L?~P zeJu@LCf&1jp+h5bF780_hP?4qCd~wC*W`FK5UyrKzC&7%PB3`^Nj1 z(u?E$JwfOt&VA)if6!~YcfiZi*!X_m&8pC!0KiWR&u)UD&M#p{l1Ml6xKNbn#fooG zB}seAc)+iawCCsP^nVzChjG7{U^@cv@3c8eF?Z|nWY2b#km7~HH zH8UANKu*%ga^+ho6>S?>GYJUcYBW_9lQ{@(F8AgJC)Y#zz=Kz7s>PPSbp0gtsHZ&v zu=zlU3-!`Zx{UPseI~HW3%!w`0Q#oAY$Sq*PfVy-_Y8K_A!pCFdc)AJ?{LT8BT16v z^n~f=#=n(?%&Y(?bwG9RmV!Zk6J~EmX>IDe&ckEV!#KWQ91(?LP0+jbw@Zo*oq2lY zg!xjjFxtUcS? z5^>wnn%}xLkL&ihx+S-|A#7p&XoSq-&(MK*gORp%qVQ#d(uu)Q`9)(Tez3yb*B&6v zID!E0t+PodqWCMsw;owg_QDptv6*btB*xm_DJJs$mQ7`i9bg~AV-6w|1{LAP0NJ3v zn6AkI25JP5Ka_rp>ZV~Gl5a6!<;c=^7K1q%zK^L+$P0-bJB~8!@D`qg0GETDK}h_e zF`r;9u|zxsB>*?XrQ?)ma4?@Mi+bx#{y=pz1;$o(k4Q^9$^w#HA~Yzt^8`__EDR2& zf4Bj|q1Fuh9mgqACVjnmfOa|-_=pv!D~Vz2`^Br1UlDT56Mu2HtU)lF8%aSNjEL5? z$QZz2o)b>~Dj+U}F@k&SIHfyCZyoA*pcCG`@F{wb6v$APp^!KO1KOfgoN%L9$ji}} z?5$&j$F7i&Kk**=o%1AcNW~xot@~*a5;Y3j4P(z$yIowW^e=D8xG|+ObsWUrlmO*Q zrU&rn(UAmf#baeMg5UBNEy?)~D!flUH!;ZD$q_b^i<*-Y!DOx@aX3R!m4gi6`pEJ9 z5S&jvz^qsJ&^0NRqJf5y{2UI=#v3Q;*fMczLvh^rxJLq2=%O=-Z}ARsH(Snn$znC; zBo`tMEjW}7Y`>3SrOsj{tia{`=T3=~^4E|z8J$4M0T?42}_HX^iTGGU* z?sgiFD)Gn5?0_(7O{G#0*2@Mjdd>IQgR8(u(9W16!2e-ZC)D2oJtATkZ%P$02$B+E1IErpVLvNr;? z-VCJ=W#(>Mg6V7J_5c@Cs<&G70zJW#Cl2(?j@qG%epYKU@(7yh<^oy!1MDQZh!g)% z++=8KWn|x#*=oeolv6rc;5`}*6S!NGu}U96zoLkrK*LAbv&>IWsipT?)ss)Ia!pj* zgNcu5Q^_VzA5<@}quH*gBJz;ti zdLY5102byjO8Hx*Z4Ao|D1YClwx4=U`70zy2my3D<4ZMYia|G9j=Iq>22*e@_0s!z z;H1l1T+iiI3e-;SRq{k!S=-&Aw$n|=(F3>q(OgVK?mE!7Q(koAKuH5z)jxskI=ACS z^kR=Dv!#AfB9IZO3&+b^y=k3%BR~=@dTPSx>8U+R=!SvFD^)Ffxe^7h{}?4$$f~tt z7Mhe2tW;b2n^Tl) z2_{qKz7#B`ueJ{=wYA7PN6q%(4iEh}EVO;K(gu8Qv%$T#QHzMfb8I#_@Bn=8nb}e) z2f{$Ja=_UM;$ZE^DP|{OPNK+;udOD)hS|^EJcW_XT`%~B{+Wb>Nid`95&@Z0>7Z*S z{sQ)$E`Xrq;zw!SL4>6J+28#JgY)uj7%LqTE?Ai}oGXE~c7yPAkgf>f3V(+ss#+z+ zG{q?3UZ(K}Z1FB{UbF{5GvlDQ3*TUjg(!&Vf`f{s+kjNlEYeiqH=+ zQ%7TDqN-QJUuv-acK@PK8Uw{_N*_Y+QI?`2f&Qw|%#pNZlt`jJ)Cn zPF7b8RsB*8d>qHbh?eyriUK(o%$bBQH^04K%2Xr9hlNi3Hmy2~fXrhc>gICdxxM#^ zHXDx6knj?FXR>!V)qfXoE(#zdi(`l#EYAG0`5k3q#h9fAq2T;>*Eg0gUH@}AEzEbF70sQD1;q+$FsU8CjMZ_e=7bFh~#MkKB5u%`2WNtc^+l) zWpkOYSFOIVRz9Pu>ja&l=<@A1I$4ja82OFv0U<_6_v0)(U$qywjPvuy;5%U9w} zZjA)!Lp*Bigi&Kcl|*&p$*n=rAp@Tq2jXNU9|0vP#ng+9PX!yLUIZzt6qGJfig6w# zq?8viDIDMVkPXKlOotE8ccJwfOpcWMlnN!o1OI)>ei)o2-U&IPr;!g0kp}cS^%^>_ z$Ceh_af4z*EHtDdIeML?{~j8I`QA7Ri?>Mpg3_k^aIJC~2X+UN@P7-7762__XTtuq7-WTb9TYD--v9n|B;bnfj7r@7$b9xQ3ll$1Ofu83ulG;&ax^D&#oVvZd6tJi#oxS(!#l$684foP zwU}v6inHVzu;MsTkVWfdkBRrNWc{64yP5aXKS|%CUo&Ls8jf%!?vn)&wwg*Y7k9M{a4zx2wI z2W5t-?;>-7$QOTAVFq8}A|Aw4;}2vYf@A7d ziq7pv2G}^VCDlzbfT?D@%nc{!HC*aJgcQ>pra$npXS3TajiJKhWHU~8Jqj#ToHC@{ zaw?++#MY|R!fZf>{zc|d*`tyRQVPEicmXMIu*}TS1)vhR^{cc8%zBGwWW#$k+230Y z!&e(D4x)_E_+)4&gj-v!VKBlfkTKydfCn-UA@F6?08IKdzNGy4SACiE@83T%BmOM< z!UYG|8#5hl>_dq5D8@H}$;N-RiidS|2X&A~|Bn@=JMlA?TJR{^`g%D()%x%Ekvf&g zQ;jcdtWTW$4`I)R?=)KP0ae;{ZGXW%O=_V(t3okevHu#&5e~j$|7tPak^Qgr_nWn| zHod7hK~~JMwBR>BRgZ?RSb3TXw8u>K8t`g@e>6BL@Gi>Un*6X-5>pjwdJ`BB#jWsB zyOE-SxW$pg`hXAVi;cw-6s=CCvS^2B$0%!IONJ+)iIjj>vX(YBCSOwr4lYs3!jm5| zjrJ%$w=GkBQH)J)?IDv<0_Ag#Ed_7k#vAJ@;DjW=|NQpV)vDhd`Ua99m%*&dayGNu}ojXhx6JajlrDO<&(ML+hG17ME?78eRXRruRqMkq2Jn?yYe(%gw~YA^kW zC5jUL3AS8I~}&cA4v5%kv|e;}PBjCc}?Pl!p@VDic5HluOS&CJ4JDDr7ewcsKT zcSX|*6Vk=eSQsJ28Kw}X58H5IB8Vmuz6;mHv2hZY$&kMl1O#l%XNgHJdEKUO2V4rA z?0BH-U(#1q^$+I#vm!CGk{#NR9{x94AKe)_MhR=FWhIgPn>vmitab}d0a|&2of6!P zgh2qa8m$b3Fx1z5nBn#+hlKqpoNX%wkdy(J7K8m7w(i-ydbUS?hlwCaCpH4Cl4N3! zmr!PFDAa6>0G@d?-7G(vBM=L8Kd#aP#U93R1DdBOOz-UNX*B>a1j>S#7BWW^Baklm z>aZptOf8Z^*ADTd?KCf#)U0YOtdd7pc_Z}^!Z0KQuwn&`?JF=J(*Hm=uY>Fit>#of}rVu%HcC1E%4TRtLV_35C-8hp>&9n>y z(PWyEjEH&&WlbXtQ?{Pvji9L^!hGzkVGujMF+lZL5j1s5+Vf!?bSsTsZ4JP+r*RU> zr(bd=21*grt{?ezV@*ZYQ_0qgm47np--DxMv|H|M&vxr@o@M{>sF$J29RPt%>1?52O#8zFbh-sVPi}z8d)qD4{f;mO2=(EF0 zoOgwsRQU5w`i^Yx*lban{Q)b{N(s8=Y|DRV*)v_j((M-9vw<`fC~xAb*a)rPZZXD( zJ7E5i*5;*{uQ?3;n{V)jbrXB( zVn9B!6!g~Rk*orGs8S=@UhXJF`W_zc!-(JCk;hUWF?s|#+1zN}<8I`9%TK#2es^$ux``b&ZRw&+%<@OwXi!NW)0V%vXGMSlpBc`{qW7Q7793)X z%y=@TTUD!Ve_CUL;pHy&G{2{$DvcdIzC2YHpIl|gV7Nw-_0=SMvMBEr0;$jUdn`Qg zS!PnwF=9@YhEg2&0fQR2ET1tFnq;(4x*IkP#V@!)Lp@=1&cZz4_K~8SWp)G%jlbm3 zaeq2EI|5)SiV(_hbZA+2Ti$A~F%pmVV*^b2=;`t^d^VjVde>dq+8A zgC=k(zHun<&71kf{MC!!0Qz_5(|n@JenQ4C&=r?M zw|%RprFLtoUy*}FZ4)@Wes8olI=PxCmQd&Y&fOEp8|Zwiq3<{u6M$?rHY^DUYSsKy z+18X7l3;#KcVAeNsfmj(Ejf>61R2Ngq#9mGz_x5sEqDBhvs(P|!=s9R+{U0H0-34U zbJ{zci>jdPt>v4HEMF@4pG^x^-&^_b&vfG%;t&Q+;7kj}nh~HI6?^_(4iu|IrZ$x* zfvr|Z_xTW3!S8YDUFmp?Qzwqg8|n9j-_&bADY?ay1P_>}OOL31KXg-LT%JlsU8j*} zsM<>Ec_ZKCJj&zbYZWD#NALIKIQw=ma;AAV z9ql;%SRlQZfB;oPRih5~;&#&zf_4t1Gak?d)C*t37F}yCcrF>$67lI;^@8P+5#05+ z21e?jdPM9%ZUvTngda3k0)XOb!L?zGDGtXY-K>gPDn77m2Q%?#L08mgjHMQSi#NR0 z0Aa|ET_Fh}0IUM615;pVVcB%X^&&op1n{O#D;%~qaIp)4#UYD+1HyTkmdP5`{a6}q zG`A+NZl-x2C3xZmY~Y(Wc0*p1eij8)Lm@*~D4_LkiW-_MAgU;74hD+_VmDtD4M~&X z_%Kr_Q$-(NGVeLW?Q`_f+9((o>I44E;u$jeTW}Ep3N8&Jxe`~OeFq>C+_R2swrI;6 z=@brnbVKfU0^qq>u;n;tZ6w|y^;^rmt_>rA%ONJ)duo91q@^9F%whthpv2jgsdRN+ zp`r{RU7cOUfodc8*-4iLOcU;-Nd#_P0RP6~gt}`GAX1Flb#W7V0A7265*5|4_%WOd z7L1zrrysl{z9TLFgkiAE|HNC8#w*XRmuqF>9oPs2#tdm&eXhJmB4ft4UP**Knj^h* z^f=xBx%7z!+;dY_RsYtd;bVWRP{4+MYq$V8>QwbyEf53EO3dL&34^gac@nqHXAT@chL^u;?Y~22WR5`g7{{Uaz`pGS;fUh zFiST;SP*|gB5+$q$H&LrS}K=q6f^HnLl|4t)JYuH3U3j{8E#q*o?*YKm-z{%pOL%T zd+H6bg43{LMx=>+tVFI+g@`Uc8HN=V^P;mZof1YJ;yEIEs<;^(q|l6~9uBOvL#AdC z6Q2y$P#MvQWXiskM4h-Nl%E(sQe7f3X-?_7k zF{f;lYLHK?C&%l7ROm?#OC~jBjAI&~l4Jy3KJxJ$C~?$TU)Yz8rL)UFEKWfK20CP8 zi7T?o=5r9&upt@Mq!9X6FHhgg#=*X(aMOt*H9E)n-46c4q?!U_FvkwtN6P%7M*3kF zdEt1z1&q-XTrmADmHnft$@t7i4^W4*n3Fv^KWb|nTk)U^_R{Z3Ae0HY81jDl_eBl1 zH+>8X@w&B{G&jCDeHLI%GKR=#qv9mv4T}xN@VF3{SD6=r7h*zBz8%j;JRkm|^LHVo z(T}_OpYOxlTmdHGtk@qv3M?6x@AFO3We3RoT zoT3D+d6=;Kp1i%w0BUAqt+{Kq{y6SDb_wnD3&-pA1QajvhUv{4Uu<1Q9(20F_NKvM z%ceQ2h1|vggw`Xfjt`gr!~#W4u6$iK_w|tw{y?3gd&72l^ltvxhM)5a2(KHuc2;dd ztQjt*C(Mtq+Nnc-!aVgbuXhCuV6F7hZ7o*$+hUDyl-5cHhwfh21|3}Ux@KRLeG1ig zFasRy5P8|54zUl0>s6>Uc$~Fv9_SC<6;D#jwBe$%okmnB5bwm>O2?MpKm;O*3M;dI zViFQ*AqL%~Q`r4^KXnN>*gxJ5W5b?2m%aMe zE0BB{3)BhsLBL1-3wMGq4A48fg6g`|&&Kg_a5I0p1o-+qY?Cd(k)K|nq6Pw_MzH-s_1#@u>pP1m+WF({fkufEEq0fD3+;H87!s^BaEx|fS!)`Aw`E~U{#u?? zf(11g)EH;!<+sv`BH0vhdFkbe21kI96}DWFxw&Dc8&KUMi`s}dHf|bvYC4AT&CGz* z^bZXK2iDWU#-FgL4%9dh7GLsiT&{=fP>`g zYOZ$_Ym+|@{Va1Rn>j^{xIQKhFFGhFgB>5}f0|u3P+dp+q)zLQBsoaQ z@DY1d#!2@GigLr;(V?+GeSW?m_Tu3xFZvm9WliyY=;}h@f(=^+P!YAVvOvi2l`XWm z62T8W=94@hdk!m=)hg9nJ;3pfc#lQRu2+6(*ujfA2O(N7hN{lF9?1$(V!!<+p3boBD z3i*6iM0GW_~I7L>E>w$|Ln+9NfgE=-PngWxY_ZbzF zToi89L<;L~52q^Rlq3-^MyI(N{IUYmW6%Iv6A`f}l{99ZjE^{$eomD9xJsd3E&^-j zhW%Fo6uXi*EYB_na6$U~v`+vb#6B6X2LWn;7C3Vm;kDQX8ejEz-MkliV(r=wFFVNQB8u8PZIY#KDCAcqBLV{#3FjL z+7zxEmmwdeBn1Uk?8-29yr3MVq&THvK7iPQK5kXz4f_pWRMlU8ktSO=H;w0gcX5`q zzn3ut+{^z*Aaay!rZSobJX&ai%Wtsno6Cdf6%cx@IoL06IAyOcrl$=~_YQL(Bm!6W zn^~)hy87jYHnt2_)V)ycdVv^9#`2z?NZ*eAg?jE}A9MNNe9HJ)?p!5*UieptR70dx zYrdtq`p+L6)2g;qkIU881Aa}IlKggCBP(#rxb*{@fB=P2WjwptKRlxLn{fW<0}Fpy z7TVWk;Fo!X=KTv-%DO_CG=kF{B@uW&WJnoYZe2Q_C^pKfY-#Ym zxx32n!bio@rXK>&|Rz@nj~Kn~eF3Z>wnV+{@|XO-_^Q zk_`9_pn#}OTM-qxJahQ`aI%SiSq0EC45c6o7F=p$jnnBb0p^Yc2GkuYdX^sWV{ z4&yjeS^x#WEeCooAtZj6?tk7{veR()q4q<6pqf!d!bZZPbBAJ~6OKTi5Dg(AA|dA6 zLQ(&xW6{*4Vz~(|%n0-dbc~x8#39cu)Gai%?1Nz_CBRJrX!g+;^FIUWBVnW6hLHac z^1CIq|I)s%Vdj9h$9L6AgKx35BILdc2JKAmX)jb!iCrkkJ1bEkNbI!uD`49kN5s8Eqx02{MCQr>OEh0%sY&TCgH%Edh@SDj_N9D?6gVC5` zh>=Ut=52mH`jd#WyK4cxj<<#cI)voq>sa#C`e4q`vny$$Sef$U;My4IMES@He z2>=1q8K#5*=(KN=0V+-2X>d7e@e%9QPVho9xlG9MBTxn@iQzEGQ9RA)@nRIH?uP%$&BNF_7ry%QE%A;8FlM*19>1UJ31hjVV-rG@{IsQNUxk zZXD|8omzKHrrn1LsI*c;7j5kJH{6=s?nc!YKS%d_?DMc;_SA_|UG2gHH!M@#q3OGR zIXR0A2bVc|G1@T(^jCT(2+%HzKGe9^7cBrg=7G@O@@@q$2InS&@os1j1w<&6Yfbzm zH&iAk`p~BV_$Xd#IzF8KdHH|1Q|6NL4iwY1ZrVemj^TsW)-D#G?q>{#fOfQfgag#* z`=Jx;sm_417N9qpsqW&B#~SHkwzvwA=#w;{o&M;rX;a)m@$|=X^S=Vz(}2OiYeJS2 zAh!16au@*f#ah{F#~-#Udz>>jdI8dO4wzK1)6$MD!xQIDD3ei15#mJH4aKH2;8oQ_ zMb^aPRf_a3NY1cdQLS}QvD;`!*~OaAaCRIiQTiaOH*!V zp~r}M2A(hJom;vq<4Jp0Jy+w{ZhsmCZ?2*@!r!NJXp$_@trX;r*6{c!1j_3Fk9c4>iW~kWZp#9B zwt+a?ZW2A79=R*BDTGaN#Oi@UoD* zIliu5MT!lJ^u=3aSmuHQzkD{!+y%k1tY#65-lMIU8s3K(f|G|B$)ELNlQGr0PG4n< z9|@af9Xng$sta)GGCi@+E&29w205B{y+%r!CChC1HJNi8d+66%HSU7Av$0fHRSj5@ z`_%0bCI5IPAObG|%fMzgo|YYMr!>CF#$#8D>k>v+&BpF1b*e9p;*7s3<^vKbz0fEk zgb+eV-wY!u3*xuAQibG`lG~CVv!6DFvZbQ)<2Mp@o!GTn^oO$IztVQO3ygm2N=~h! zCq@7=tEL-VU+=_hhe?y`s=?m6vE6~_2(@{PK}5&15>*I%BM|4;CttUI{NsRwm?{6K z%(((SY?t^oR`?N=Tb>}3dKz3~P|G*d1F`tA?h(s~w`L9H5~;cu;IK?ALmp!7XCMO= zmGu0=-(!T=ZmCdiV58~qemVG9;3~PwPORCu)xsm{bHK{j>PjZw9I}!ZJd|HP7RV}r=&?rSmX~fdr(ldr-UK-M4H?_sZumaO-0o2wS~JP( z6qSl+a$Gz&;6z>=2QWim+3lNG0BORuoPU7cNP_nR9_N^ko&C)^ z`&KDL>iBuWbTL4Gsjgx2sqNb_=pUn<+4n~hS0ZcAsvE&=Ci4(Kb5R@WD5VJ};Z*_Q zU}A0evG+jHNmCsjVIk;KM)b`qDCgc~17?0B`c%m?;1k&IU1H4n3(c_#&pf1Y?>^)( zuy2YM{lDG?<_gSzO;Zu}B{c-e{*smbWxYH)b&w05qegbvNb(9n_Wi7W#yDh3L?bVR6wyTsT$ertkM?# z7Xs2bK^1k+i#WZ#B$j_!);;Id?1cy$z=1G|qz&^(3)eFGpVR!M+Zwo0%hKWBKREIM znD~<`2|^C3s_`WP#L{UXb3Ao12#w7!58`U-PS>50XYaf$Ad5;D_$uWIy5w`pU-xN= zvkfJgWMNy+UpUpjW(655Zg)~`M9x>aSi~Td?<~-kH^Eby~IzLO_A^JAz>s-LydqKyi3 z(*F!#!KR(Lt&`zaj0KND$Cl9uWweKENnrP}0&3U)`imRFQQ3()&dJM(%3NjCo;*Fc zzp97!iLO<_XMNPa44ULP#C(v9SI4Rl;_Sld8G4*lHP!i_3P{{7CWpZJ!*jWI7gwcq z8CNQl8&Ygj%~s~u*|F0{3e@FsBBDY$_aSl>WHW`$zdhzy^exm&X_rb-E>2JE$k*^d zC|i2h7&!DDUez&TJO&DgEf27Uq2Y=UXCTbLunjTc55; zLT{~>s7#UyZO}lPKD(nBgR5VYOwEBY|3>`9VwAEpKPD`jaf+Yx` zh~Dd?@3fe9!79;$-Myv-$)hs@G&@nT+aqR~`rOG?xnMPfdf8Wpfc-cqmhc~Anxk{` zh4ZMSGq26fwYX_I6mpN=zQNicmTQIsGQE`d3xS?nqiHknrHiomlr zeKB-A5XNNZL2AyFPecRivWRv?X^%LtoMl6Z0+eZ|60z(Mo-NqORY*ZC(`36^B_mg@FK#2-5Y%-X!PL~t_u!^0) z8t48{vk%j%@mJ(Q5TUh(vVKr$60)7u6%KrK#ZuCvNV*zT7Lh|KXH~sNiXD)|Sm5WJ zyBLE;?M~v>X^G}X4`qkHOj3)a?=Ff%UY>rM7oCQ_MPi$L$}xP2_+2AJjbfiMp&6%e za9#I(PI~diucP1�fE_M-A$0IJ>QAZ$zfI0 z2CWh#SGk(r;EU3rP$eaM7Tn6p!~ zgFB-AYTv8ggYypwm1de_J+`G8sC3w%1Y$&c`hdY$XG?+YEn(6%n<&+!s`zOQG#lg{ zhDJvgWP3dy4#KVag@$qsK`r0*z30ibc>EFB-?ksrZ`{P0&^bdJM?XWO@nR7ro;c~fs`5FGuY$~(PtZ3 zVH*e#;w%IZ8&AYZ;DGW{{is~j7&(Y_4AzU|y9gmRm$K*$Vfve@+|WfiJsL{H2nM_%H@(hBcZ2>W`oNRfVal;Uz+K_ zn>&`LO8d24&EBc~MW?&j?8jTh7rMEI6F&=niA zZb8GAgUxH;s!FxL$$&qC^^U2Q6GEX`qDnzvZ!KZ`-Hln}!*1xR%o0)zyRGhYuke!t zLqHeUK@3+0Lb`iko#VLFbo^+9p?&o|#kc{$mGZ`(kG)qu%~;9}@GgDeqlezc7_OpQ z`|1(6K+`RjKMw2?EuFgW2v~i~H^Wf-YXCg~89DOe|*Tmd#YS*gCF zxYbqudoOG#xh`HGft5uyAuJ3(h=OQ>sK+yu6|l-fu@Y6H%@$r2%BqeN z>9LWxkfMzMPWfL)AJ|>Ef@@?m(IF^y2!$;LYNf%snZ4~tvlp#D1aQ;Q@R9>K)~zl# zi_92p#~!xb9T<=m;FxDo3ylq;TywI9pZ#3L2t*Sp+=-M|X_HujHd961Xf$ue zlby2>$^izTRUf3d>`_Q>=V#yShKdFAjDJuj+WBnZWM@72pJ#69ah*<_EHJQvE^X`6 zG8g{vn`f^Ev!BE2u&Tf<4qEm}uTJt|@h2 zJ^BeW(}WtuJ@sqT@eSDsrck?!I1FV}G|@u}%Ph_>>m2(cJSqZ5VfbjoPQ;q4N5G{# z(4RPO2xQ-KwMB4>3fdMQ;ua+hZ`*lkl=Mbi-=Q_|&EE@BnX$H2vhdpT7)DH9WSH2l zHlsFS;OZ_t28x*>F9n%^PhpKOvHX_jJ_-AE{Yf*yv{*t!b zA|8}6S!N`OYY}R`jf>deFKwc-!vDof#lsSPtpGCy)W48Z&lcZqO@?=?pHp+6pi^&S z?5p<6L(SBtYAUcxK5LoO@zkiN;)?5i=BTENO;Mr8W7nqa@>rZu{}tr@;@O3=IwhXB z?4I3mK*tctnJ2TV!?%#x?rZrI%gX0B=H#Q8VIz zSqpX~>t;ktsIPK+Ls{ZgAVO%5Nb(lI2+)j7i^gzM$0f-r>>#!F2u4(F`X9EHzvPZQjjqy905D!wOk{ zyIOJ&uwg!_BxIOxwZntK_PyW!djC?YfVv4T~FrktzLHEPm{$h>v9 z^&XKD<^YCH++rsNc=*c{M5b5c&o>3vKrh7h8MQL;8B;`|qGOEw z&t{&f;ujbKY%3k)o&Mm+;Nck1ZFsTa?_J=E^CXC;@1!cLvtuBKt> z>mliQCHh^KM49vb6<(mXNtz<@6B)W1F6-)Ty-vrO>t|H>WNB1y$c;hT2W3)ZxZ@1O zi>g6%fT%dY&ng@onnTis!|YcuwGmP>z~Um|0!|4L^Q*2B^bZK^X2KSi8>p`Ty${S% z!BfluJau)SbfOLAhetY;xLbs_2*Npx=unaysW1NuvJLuxT_w*$y>!7&1t;DoumkJc z2)OQ3&&kSyJoM%Y9%7zcugK3X$&&-0o*yW|wP9lDpAm(jr6cg1vwIq_=)y&%KfDi^ z@-*g;@!+6htcn3}$EZ!%THi3?deB%_YH_LDJ4@h@h9Ml4asx-BmlTv3eYzj3mjbRd zQsVg`d=EH~)OpYhg(m;eA;vdZ`2ORJ#RMjV0ntukNkDPRahH7qyZ6yHhN{Yb{s3`__clUt?qwLM;o!mmj>678-+V6o)bJP&ir@4uPeA1c zYz&vs(ZwOmu;60h0cfXz^~y`ezMq;h5z+PUw2)rowk7>KI8X>N{PACT^h^kRXP8mK z_CdMSsGp-kT{Q4$`N;ut%AYOZ+*_W$?NEa_t?WO`Qz_!#^u4QwEN;cxK5)ibN`Ell z+-XZ6Oa%j)pSYM(6Nt_!_0Q!|R4mCbz`-*0%-F5qDK@Sgv@cUv+_g;qEV^sP^%T)-vNFoc%Nt@Q@sf&bLfzcVk67Oh#L*s4@s|UhLZ*Ik zPV0Y$8om3NmrGaZ0mKSp8@l*>Sj~71t4c{^>b9w+853K?hn*yw-^^VKxmX(1kd z$WsbY<#=h1#eAIDY^5}18gIdrDj_UHGT-4E1Z)-E8uJ87R8ps^TFXbt#imzXw73sl z!8BZZU7t(DPONEQ?$-e9{EboaFS~UkyG#9kEk~7lVdT8awlQVRCOOyOjz=K#jv3dZ zi?3?tH$1|cwz3UX>cx{ZqF)F#g{Muh+b8tMBwv|-!KZYuGxnG53K@+7800Sgx4Kx* zg!(akvdRySvK0Pp%eL1RxA?8oZ>`LdyI7a~h(GrS+RMmh8&`DW4V`|nD&!Xu(uL!} zorF_7^W1aty!qYx6#q}G$5m5qVg$%;ux`$^oy7@+?^QpT<|BbMh(w4)2Sm&bOo$8f zH-(60gK4O^fylQ;Xd^Am_0zNUfBgcmf4E=_GzlkAp_mDP|AE&E1OycmN0o#&;e&jK zY?LD^x@dGj!Jz;1*i-S#R>WBo{zd}*kLT+VM4!k9ahC60@iJ!z6VS)L5C}peH`A~! z%jNpm@q{%;p^<@N9`u-cRmMR|cQ$^SQ*h-I7iWdt>^`USOP*{;67LH3+(T!Jn3qN+ zw;u0Lx$A%8iuRp_Ooq>X7KG=W^qvd^$MBXVjnbE?W=4f0mry>hj3B{Xn8r(A|R=Y z(wixg&6r}A{06T?3;^MW^}D<$;U5IyyJ`Poy;Bw0zeR-8#1!qzP{)I+77 zjw5W(_0j24AQ9Ex6K#HYj+8ytz}?Mbt+llnm&+r4EroyBFxk-rhTu3MH-9eR(q1_xR4T0i(b9sTSh&)R4!TJFvuNRRU#d`tm`7Gm?O;ENd>nn*plMK zy%fzUp9_(m%EbS9|KR6tv`FNzQp-AUw)U&e7*zKCBevWXi~==r?jwma_?q<7@oFd- z`<6MgEGiK_-}u_O$byUbQBOZ^L=x!kVm4_8r{<9@vRLk}o2ZhD2FCD~a6ZZou;hj=(n2r}9pZ z1Xae+s-Jz_#bR2O<1btc$?=j__UD7-vqPa!GNUw6a~PiIX-53acVCgffFPs(L7TuA zGFW=yRXb-WueGg^YX!29ho^G4%jdICac@1cs|y z8p#BzvrH%{63@XQG`W3w$7%1)8)y{XA;{>W|<@fw(yNS9~BY$%< zX;zy{Jrpl@JdBB%FtZCd0Uw7Sw$s+h0+Ft)DB%9^IdXIC`aZ@|X8IMyKNggY*32)Z z^zp+c4&c(;EXrJTn_?!$6N{ZZoJzou@CU-z3-AXN3FL(oAh&evE(O)OUrWu zsNfJq!|le{M|QS!>M25P{g975cu25HY9IR zMoP@7lXn=sYfXC|-pe<`A;IAJ^;ud_l1v}kvhs`|@51UoDu(CuX&Zs;&$R+a`EI3T zP5NYpD${ko9OP!=Xm&wCjiY_HFHWP1H+tw7S|0wlbweK5ZWB6u&Vp(POWSJkbA)_G zCiBrstAfmvy;IVXJg@6v%rYBgpC+dj&FX1TsoE~2p~y3X*lxrl=ys4+J`|a(@*B$} zz4GN0+pW=9*H_x4I$bsL?qJNGn4#4nMi<8tK1&n}CHIO}PhP+xC5l?&B$26#BRMg0 zXQi&h4C{SGd(`!=#}hfd$iqng&)+zaQc=nnSVORA+S*5(ZQY^Tf68C2cb?)l8oV6q zhDxul{ffuN;*Ze?itQ`Qpq5cwGtjP(7d;zMILSZd1%sM?>{bh zfr=>L7lvcN+}uABy{vHY-5Eiw8K?(Q#wdV~%$K#!|J;X^F`9)x8+;5l;(LXq1N!%* z+~_;@XZy7BbUD%l6-;9HHTd+tab2|nqdAJ@unt*@k-Du9xc^Bzn0zl*c4)(118Ex#8ujrdw@K$k8DbxJrPz*>jfs-O4%$c&xP5X-%r;Qx!|f^wbw z5`fKs+b{HJWH7&M#xBO71IfvV1O@k1#`_*{9Wvz?PkS!yc2#eW<1JrTrx z^Ld5-^LuUi2fnF&%lyoj8JSO}6Q$P;wHYMjbR-niAYAoPYZ4S}&U||0->d+4WZ2bd zKvJW&Ct97)dibe`o=5=n3^}#P19$?uHiKZnD1Nk1@FhB=@9oZL5`=EO{u+!KRPg9E z*dh{ZAeH#t4)x;e^$8hS*4sPDS#5}A_m9Jdo8nm?D~hJh>bR7)x)k zb!n2->Y`HJqLtIYq~jg080J<8__i=Yd9=G-?$)6PDKzIC$gdYa-=cjnt05KA;U%8J z->A{cLVm(NGB01gKlQ$`-1}wm4kgBrdEO(fFY+HIhtt#44Q6T5u%AEoZ646coM0DBh5a!{AYFx33E| z@?s{{1eJUS##n&dC^B^*U1Z;f!%OVWX(-Ex`YYL~Tp?YXT(0l%2EjD2)tLn3nS;H( z{o_k{8(UB}S<{hw`*8%$`Uln3ztg{Corp4VO08G7LfPS?0YOr>Ht&gVn*#Tb6DI;b z&VAsEeEa|0e!zg1n=l5>rNco>l)odG|0jY^B;!JqHyNm!5#2eRWewHRhI{Rv5IYyW{Evw(cz=F*K71eZkWeQ{K^^F^Ps1IH8=oBD|A^Vx8uSWGmy?&;YLi}r5y7eDB*)+D_Tn0B-ucQSc)Gi3 zh=IiymCt>Fabn?$trc&Ksu1Lv>vN}<34^|m5Udc|}>twLATQ9mx zyf!;GcsocBH(Y-X_mvnRKx%zSta{4(MkH2DGUsN{*&Ua)P!vdT&gZmpm7rC$`<9zw z%U6_~gFvB7gpZ}jeaY2AbZpb1bcFISQY=nkar*}`b?k{*f&P|{*#JKBTg<*)0oE`> zlCxxTJMMz6yW8`Kem(n3U@z7Oa7VrRJ`ThOHBl2%m zyj|{JWRImp1W9FDzxuZNt&HKC+?HZHiB!0Zdfu5VkG#5}_$xBfnqh_9{!Y&Dj-E;E zFo$7wb;!8_H!`+8iUJF$3&HzNPS6)WM(Pj^ zdFi>`^fIrl4B{ktPgi=H1Xc7yj{FvxhDoPfymOHTX?SFv!%N~2pk{KeXe#-fEJNi! zi_k}n#HwbgO`|Vj1tAR4#Heyh&_opjU?njwB5~m9%81snRaVkyKPV|qpLceXk78GJ zU-zu1iQZ7G&N60kkLe-+7S>%eGH?Es)26DqMUzm;v&YNtA!($dMN?}_Yvg&ZOLqBo zt{AWV9(0?Qwl2*v^;s+|PC)1-WV! z{TJ)p&uT24>=~Hkeenl9%N%YtnvpPJ<;|nNjxG|Jtt`T|zToB0zd>+0My@iaar3wJ z_V2{BT1V<%6ThuoFP6ISk_BD*H8*^W*ztS+tgqYpF(Bzf6=znws#_J!2oJj|lQt&- zcTbG8j39UFwnAyHgYIIM6uT$4s~jHZhwI`>U8ZdNqQ%q^?464FD@o%AC>pw;GCbF& zwKDG?_N54K=ssFKv%nOl(rRzyshvn(M(y~V8uKX+QSq#I7Z2bhsvW z&$nq#=Kx2Dl!)Mh82`rLP^$Pj^6Kc5W~bGnp(z+v5+rN1C_C-ePgqn!bxjpEsj`l{ zX$c4-eMxo5FjZxkfFnzE(Y)~cxV3qr@4n-sSBSRupki(`9d;^n-H9mG>whe7>G;W) zPwK2-zpzrWu}U-6Pik}IpW`esZ_Y&v>0BjYt@qNnp5$&d6aN*#41*qAHu`fq;M29( zl)&(%&|vvkX86|HB_VA;!3UCl{5;rS)k$1;km9QBdKu3QI67)Hiy1_OM0*Mm+iQvvY2)-iILmpIrUI)gq5Fl~v3^o}21%C+2#K>7?S+FF(Ye#;TPh z--Hk3pG`+>kyKfA(Ela5iaZWEhA({>I#vG>N%bdtZ{WJWmwq;B4+RPCD0u(t(bZM# z2M#n__(A-i=0xymqXQJjcBqc`(#N@TO#CK^pB_N4O*i#|b~(x+z4qUs$_8#T+*gnnA0o`f{a{90_^t z_p@=PB8ALSzKY4&Eg*Zj{@|T?sFXU$qqS=KG6B5-k`*p?K<`r(&ZLL&z$J@UezHSt zLDp+rq>XQxggbykQUlFVNE+LC38Lj%=@e-_$mv1zi1Jqjnk0E<6ea2(A)`R@`xI5M zk-yeWM?82}IFq~h=w{cta?#hWwXkp736Jr9jiFs)O33y_z8b{lxb){QmgZwnVe!wt zDRyC52B)O?TX)9`q@g}%;y+mPUOmd(hQ_kTaWUkWT?{*;n$YDQM0rEh-eXoNMocOaa&bGJlNOUm1@xL_=CAw+lv-QA`*WyB+@QT zw6?V&ptFKlde$y&4rO5$0_G97Fq6~=*&ZI@v92P|sA0b z0=3XDSL#Jl(-Z6>$B+6@j%w_?SY2RIdSK{U6Njc45=eteI=sY?V1&g#>+3O&k{{u1 zTsWe5u1zU

    Q-aqG?ATW!8)!Q~RplSa9+osZiW8uB*24w9sLz2ci-wWvsMW=TU) zpj77<64Mqa!jvLX(Hq}%v*3$RM+zA0nkd7K=Q!`E8@1WlokQgJyT*>vmxJaIw&o;j zZLtXvRFFLf{+B0x4Xv|$xl^v$1ATwNl0{GCtHCY8RUSy)A0IjL9`VFzWNMnx)AOYX z1Vu}w>I(_K#)bEXtx9H=&8WlLD|n+bf?tQ#GV3fnzEqLssVNtfsy0K1{AOM*3i=|? zH_`mp2s($0GDl$X*frdaLI8Xsz!X{tu0$``PvE73@*|RqaK}iwdnN&x#r2?o>W}s1 z!WEz81U}8c(H(6kKS*5>_|6>yeJoWRW%nG!39IH?6oue9Tv2{EPA3AGr=F&-!s5k* zL=!7WI2s%yR5EKed#a~+jO3nW{wA~`p7bB3LUpW6p?gf5aj2qwGAur-&ZGLY?{s zd^Q?9qbkdkZMF#*gOY^asPP9~8NEok6p)3dR=mrj`|=kQM8@B790uE%qszi`ClYf+ zO`lLBA_d;0+)>ThntlO6`rZ%_}Vi=)Q{b%Mp8 ziY9!}5(F@^3Ch8P&8>23mdc|Ok*iesl_WN2tovl8`=QSCrO)1NB$x@39g!J{7wbO4L3a9y! z>X}bN<^UhU72Gz_4&L%4PzD_sLzY3UmCzd;r)1U7I8_ugv0Bcr9YAv5+)Bd72~s7< zHs)jHl*Qu}#frc#q8Vi~it!U8l$r_c8NAWnN+4>TDlumHyJ0MIyD;NKv_`pp-_nP&~4i(H(!Xs6q(gAeNPQG6-Hqw4aRgi=Or2xyuK>uK}Y0FUzfs*g^-NP`M}zWe3yvIQX&NSavF5WrtFW zC3-(2x0aR&D!%r3oyD#3$wycDpuVKm1{zw_#?+7yh1GCFl;IC*b{}|^6X^+_L{U~lq6YK0_pj?K`GJq#EPw`ag@|82{rlVyE@LWsN93UR>)Jn? zUeis@BpWY;i+zg^3qN1NK-)wlRXbCB1R0aSrOyxWAlGL7I;FF~Ku2wYVR$;chLH9! z>h2nG?-=~Rqk;Zaphhi3ehlX^1n~xi$;Hl1AuAH(3_PX(g&xCwZ`K4iFuj%`8ltYh+ru=k|a|PFEHn3@G+=mn#Nsbq~;jkmC*+N zs^bJEi9`GGdpF+-8VFviSjl`)RSIP~pDh{##1H*(*i2wiq From b02c19b5bf0767982e99a4653366478681206af3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 1 Oct 2025 11:59:08 +0100 Subject: [PATCH 133/307] Rust: Slightly cleaner screenshots. --- .../basic-rust-query-results-1.png | Bin 33505 -> 33251 bytes .../basic-rust-query-results-2.png | Bin 33086 -> 33057 bytes 2 files changed, 0 insertions(+), 0 deletions(-) diff --git a/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png b/docs/codeql/images/codeql-for-visual-studio-code/basic-rust-query-results-1.png index d4e34655a96e070d059fe9582f6c42249d08c907..8bbd3f6fa9980c969e9121d7e96f081a11cbce26 100644 GIT binary patch literal 33251 zcmZU)bwHcVvnWgjw^ArtptwVEcPsAh?gV#2Tio4Ui_;bfp5hM0ofIz`oCE@Vyzlwl zbIx~f^3Oh_JM-+$%s#stt*$DMjX{cmgoK2x@JU7!2?-gDg!DoT?bS0R2bTZ*fb`l< zQbiI8=|>_a!UFmE`Gu#ZycAOXHEg@h#H zC-mHOvGKC_;OFA(>M7(WO8qZ|&~y7AFbDOAe@VQYM5*;v)IUfAJZwJjv43R$NG*o( z;ll?J4{KW?O&PiWus=VEQrmlZxe0M_`1<;?`*O1bJnT3)1qB5;K5}tzaj`v9uzC8s zdRh3fxq8z4myrJ>N5;m}%EQ6U%K_l};UBpcmH=-rQEKXc6#e(_zxrw8=kPz8Ts{9| z*0X^e|6n*c**|jpx9n$Dk$<2<>JEN3&IU3LE;g>7&pO1oIR!-irT>30|D*ALaq9mM zCnpa-=l^E?U#S0^RmaoDLmJ@ntkX+O%gV#%S+_mF>p#r@8~Gnb5srUM|6i{7FF*ea zeRi}Mh6u-hzceunRBD_)B&3&j>dM-(EG#UXoSb80W1}OZa&mIxXmXMZ@h=@o`OdJ{-5)+f4rl!u$&Q_^L)YQ}<`OU4ZRnyVY zg@%Rx`t{4r&8@Suv#hL4Lqj7aC1qe>AU!>um6er>ib_dI$=uwWgM&jyN2kBPzq`A8 zGTARTH`m+S+tSifMMZ_2oV=x_rLwZJx3@PSAV5z~ub`lyt*tFOI)<57!(v_V`F1vWaQ!DF*Y{N!^2}>VBqKHCn_rHEiJ93rJc9-_~XZq$EPRdN_bIGk#63CmzS4|i;L>W_mYwlJ3BiP5)x8U(xs(u zU%!5p&xCNQyHL|J@tKB7MGhzyp9(r>`}_NU{`~n0uUOwAoI!<9*TU&NnLs8#4?X2Izo)tw!!6qgq(y?PojXGI4RPN)XX!`6ZU=_ncPdhz3 z+t?J>6Xo6!=Bk-GoV|2sXrvTBup`9DCJ^i@o))U4Bv$He!O24Jsq=}Ng;`o!@c8)H z&)Iwn73{@TDVsxHt@%r=_K+K|`X#x<+K(NR}J zQ${%4C%{mdMMYLEq1VwpNOib@OG+)#PEVNc!`1aoM8~R`sft%|+veuxdrrBFag?;_ z^Zh=o{FVk;2iKQZzouz(7GYwrjNJow_`w zj-jQyw^@u2d3Nag#b&%uDq8Ie7Y%77sLtKhJq30Z+tIn7+X{$#O5b6amscf{z7H5J z9X?^<9OE1tHO|i;LqZBFQ;?C=_FFk#U)3a4B118MkxPND&1vA(h7tC9nRE=BSy*1; zr9PTFwM}L-tDYuB1le%1d<}DEGB@B0=J~ICcp%@$&(Z{?AyR&j&}A>sU`hc);RF)q zH%zpzABI^6Sya-I(fy-Y5f7`#xYr^RU~!tu+twZ^WZS(6Y;vYPr6F>qhK7iMoRIvOA>_zf(c2@|}@&yMmMIQ4~0 zN{!c<}_{!K|5r z-(wy;46EiYpDFbv9z=6$Kzm=nrevsVkNjz-3_CiiDQkFA##;?7Hd1-XY26Gv5-IHY z{r*e}b)v@pQ()kQ2=HFFnOUs$FciYQ2}(1B+M51`1~$fdGh#QMC;&nF(rFv4!dswu z*k=et#=k+E;r=0g9UxZk^cnSV=qxY=;&kr*>m)=v+*@sLEjt+_&~Z?0p=_7`6x1ZWjnnTa$f<9jB5#^5NDanj!pI3LOwX#cLa#{Mpkpx_Be=PE}=pa2_U>@ic{5!zQf%H9S57|h8lj>)yCBD5FR0PO$W3eR8*%SX=xjL4Ggwqg>I(8s z6vy^S5BE&ROY4`ybT@B#fE?j6ilMW?8)JKd-!hH!&P)P2njQ0vU}E<=CS13ng9xC?JU7W3KdEP?P^hE-EfH90_EA?os> z8`5JxeR#?`B74Z8X=v-R=^K!mUoo+u@k<^i_aM3lDu{gO_T%luJt1+u9{_R`PGznM z9WkR%f*|nDr93BaHe%OmLG7(=T;sQ?4VOJRnth~~f6&&bW zO}aP4MdUs9R{VEPeE9$fD)4u}lJNpgYO=nktj4d@vq+BP9BgO#QsM}c(^wOJ3*vbg$? zTe2=?#5H4#3tR%gk8u6ooxPikTZg_u2C8j?44;Kp+W0kSZ5y|Cl*(a&pSFKs zY&vFi;I`F-D4~mYE@ZU8*L{*9)7+*yQ+@+ys}pc$w)J_G&@;rY@_j!1rzv>x()iiU z;)Zr?iQmRlW$QYZGOTz;__`vME8h8NA2MR+Sn@WHEoGc_cn1VHu3-wy!6s6zAb*jC zRm~Vx`k+YM1q8eZU4vE#c|vpOBQbWPYNI18--;Zx9J9|+2!YOExVMXa(iEY-LEU=@ z^*(y+G5MC7^m%SZ^|JMjV%L|hde_pe+kXr$zj-D<85jY%dbcl94GH<#^X~HJkvova zzMH^gP{eFK_B^M!EtoR?| z*mttwopdWsC2?YL4o;Mko_PIUKEGi)JR?9wr>!Q}1xVA_N(N+$)zv4{no~$&TVqfv z0`i3sGqnO-))3|Oi`LSWK*bAy6-^gjP zF_yw;(69&hdD0QI1qs&|4%C5B)}tj^Ou?53APol;RH+3kHI*HAG5eU@v0I0Vx(Od6 zIbR*xY7u37$X7ExSml^Hx}|xGCDx*$jWzv4@73mmTEQPVeBe|9#POW7^rg;3Fo< zA~QnHwCvH8I;<7r+ZLn3r%_mzrBsfl&i!voCfbC2XlRLVWUalaQ=wxJT*1R36fu*& zB)4^TzcJby0q|eW1Q8OqzmoG5!#u8qf=wVlyE-TEjle8qR(ei|L9`!*G|$?Ds~9G^ zpQ3-@!XjUYLy7NGccjHbo{pZ&Cqyme{$VzF7NFO!po={1FXdA%S1gei-rLdXS$YO)a{c@I|X(HGuPQ(6mjKWd(X9N zxbK^q$XemSR&+YS9mGxWgE06n36pYN!wQV7lSCP~&iRCDS8b7zwQ~L1GQKc(v7t(- z1ZZCaEtnP}bn!veC3-MoW;w^@>2!x1D*?w~w?lC9EumjDeSg9r1uxyya0${yoKhj^ zOE{squoLy55zoYLSocDDJB;syQsDwkZtMK4a~%PDSSYx%h^AZpz{O;K^Om52R5OYe~~ zBHlTPM3btvm8-~|rMVdxG~riNEykH zI`nsS%DJ=}F|)jSLB#XGwFRLHM-n5p7106?9ay0~-WC}kHa-hPisC(qDF{^;@CcYF zoCSz1YM}l?O~ij*ekX`@`Ko@7*|`-puwy|P1h^3Ep!=Q1`b5Kd@j=JqzhK?r)64+S zsv&ARQpq36RVUC8sl|6|+#kku?Bo3_Dx8T;QQrakzUi}VYj{6}XrOJ&_B_Ue1NM*p z5gO;)1(jc|&X>VMP|Q@w13H)=yKrr$;6k`m19d8Ky5TBaq#$)uYH;Q!%*BWE1H~xb zJ=O3OZK4?`*p~qjF>KdTeEK-E%nkcmVTJ-0mE7GbNu(eH>lL56|HaG%U;#M}QEfzl z7bqFm-pZdpGpt^9q9bu{Gc+5o%$7B#KpKCVhvnotk3?vQ@ohum%CUK66Mu$9RnyDq zR5*~oq_ zzvpIBh9I&CnTz|&OVm)4>j|DGYZ~vDlb7_)1hE>eA7S}lEq+A$DIo_(c15;Drn-dP(Qb?E}mgndmN=fPtt}#y2lv8W>ZgC&KuHf*)T?bM!^U zAzn+Ryk_h}CtZd%_J`M1 z7*F@b7S4??I|$?hsvNg{-8w~^14ABWW>oQFVuiq=mh4HBZ^60FagBy}KjLa!j7;X> z@h^CFk_CV|h>eTpG!LY{tB1nVtziaB#_vJjq;HlMv*%-`^V|P=ZQ8V@mt~u4E40X| zwy$gDN>!zX**gzy`9=wo3!5qngMx5eUlVNSCTSysb!J$*O`if)AI%qL-yP6X4mU5r zyIw?6Q`yw+5av^ek?oh{r;oU=cjJ{amP4La6S!4aFNB1LL24!~@H>8SMR%w%7|5M%x)JDoH%`1LMh|AazD_I4lh1@C=Z1Zk)W1xh%@<~U>S^YEx; zA4fiuleu5i|MtLZ6_{;ljpF>MJ5|KR2g}zb(b`%no#}=r-AzFaJQ%{(R1$C_DNCtF z^uY*8W3W;~;cs@krlbh|bihBh$LEcR!W&{B)4n{C&dc!pi)p?0(KP)7g;x^6Ho15Xicg|%=J23$DxUlN%trxl(mEpb?K8ZL# zqau{{Kfc>1JB|9_rLH~Fbp67-KI|>$7ij9W!;|s}!b`s5-a=q?#$(^E-F`g!A!YEn z*J5}#N-OY*5?ch>XIIUE1FsAQLwYcvXx>rsZ7Ow^?$>mnzP29&GczHWx*l@3h08dT&*Vs!gYur5HdOrc% z3*i?@Ls|)-qWWXCZHSE-Q%74IAMhKw&EluT5MfezoBc04ptQ^p08Qo*#0VL7ae?Q^Ld>n6cU4% zI>HtjiV0-F(FZ=Bf_9$&1WZ%HPpiRE9brzjDxe~NZpwKfo<$|XiX(d2HyrkFnz?!7 zTviT6uv+|8XnKf}-*PN+(1FW8`JaBD89}reR?|2N|Gc~(h`j}6X{NDKznSndev{zYXXe3oUqL)0&fVxHALn*u3-WW&q>LAv@W2%rMuah-C9oK5!P zzGL6l=Qwd^gHQEg$aMs2*9$Fwdi1)A8Z~=*v}XyqyWGxryyS;Pu&hByeWeZs=m(W@rLD45jdFD8^nj znI*i#0OD51jbO`05DI$PSNPA|=fNz$2R!}gdI&Wkzk8M1brWk7*f02li~pjBtIPn4 zO@+LJf}GQp)Sj?Tb=+;_e5*Bt2JF%d8`_6=egEN3>CT%uCOR?xXZ#+N4a(cc^~?rY z%0aT0heb@rZMfRj*mupkU=P!!zDG`(XA`7bcd;iYkaPG->G8_S*xOA-#3R^w{me;n zc!#Wsm^R4%QfZQ0>Ami6`Y~BV3zLdJP@XpDjbaqr-|5LBYF_dT$Rc@Sa1=i|cStm3 z-m|O2_^4j+{2jvQmDNXMYqZ`?_{quYem~JyexJ~n>KqxgGlMrr}2#4_Q9A;B%6J|yG|B$Ke$U-4Vicm$~%|cA6 zjiVv*CCI(Zj6jlF$zu$%6-cvJT(!WsmI=3IC?=ztAB&EPkPBIn#GMdNk?^R9zi?ve z0xeasvj$Jw+o5u#lxEy;+i0J%x{y9 zJQMD&!X|kT^y>0~U?-{*Auy_il)dvvaMZj0xPyRw3wW@%0ho9H+u4FzV?tGj2$h-7 zIQ!Q1@{k?*(;0aZgl%stN8uyk9p!moh(rkAlEU9CYa*2LVTQ+7zXyZZv#%w@g=IS_ zhpLcpt%67EsVvL$Aekd&7L~}{9UsQv0CW^$CA{p@!Sx0@r*2H}6CapxrCVyJFuwKM$!Oe<~)57*%=UGPh(~XTI+~^T=*5HyLT3`gP*XjeN0j zk?-rT*FiC7U*Fcg;Ab|x$g99sN!ni8>}AwIAK1q8(gfwkh#-`?s_6v5>6@Ok6Oo3s z#%HS)+6Sc3DX`23U8-7td*IZ@Oa~bbByD@}>X>z7Z(V0-ro`&;MrG*g1zgk=%hZ-@ z2zLl7WZ-Pk11DFPI9-;sN2NP(9IS8q#oN>Q(#LUbmA3uI*B@V3>S$+1^tGw+1gS0n zfdb0LuH6{w(J72u?o|3xRE{x2o5$&c{_k~Nyfc%j_zLVD_@>?add_ZRjQx=v)uP7R z=G&|qRPakOezYzHEYqAIvQf|!$yp^o(`V&NS-pylZ5uzBnX0~%PvW@9l3PQpZi&(? z>c0ZFsD*80>uXrBmo=}D~g{8 z+EYi|7?|`B<00r>Br|!fKj>wFKe*2y4 z4T>m+C0LS2VPo^TJO_Dgl>wX zzAIUnt|$6Q)n=7w*l?|=I+&oefwWxZ9Z8xWcPV^I$99hXmMlruw!i~5$|#Tg-GMK6 z9v*@{fyMF22NP49i?H%?Su{i9_Vao{7UB^xx#Y$YY1C;newMCp8^8es#4KJP;|FET zCsH_H&To#LyxmYlh;bn@1gix5taASGyU}9aOyU&3WeCgf%99fF8Zt-mJ&;8r8v5CG zUSB(p-%k>l`gw_b&w_+l0biK?_1_#lse~5A0k2;}oF>vgy06HBYncmn~_T+ys|p7@C-j=9O$#dm2rl)Pt<`ixbw_DG2f;fb7TjJ$t_LN=!~#Y z`<@8gO>W+1y{W-i0g*+j2@TE34GN*ri8wXv=^ZCrIuvW2<>u4gEvjcA;cSitoz`*B zKvfTIzCvW(k-@L>_WXg1$j-IFVa;^ivJYjAkBLunt2jN-x^mDh-0f%tAh?PHrrbNd z6Wap;?ypl-CZT$2K~ogVzi(;pXLMiw6O@x7$R~h&kjYw%#kq3K$V*P}?^D&FoDi}b zw28nmc)TGtF!$F4{#7t+oz5!tP`4>#Aq@M14C}6xu|?qYG*Yr(P~|U0%wGI%AW0u0 zAko3oOiR3N^Nkv*v0xzPx4mmbV1chdmzMw#gd8j1yf;@26J>DYr-cP4Q2rX>J2x_8 zM9VKxb=Lgy=B3qm$#>mJ-`MoFl3Md)0wxz3TV0Nj(v*D=Ys};c=ep$buCEyJ-#zyV zAz|cb9Xn)szZJ0&RL``Ds@gy1u*UZ9J3{E|aq}!H-RlC9$Y^gCrnEc=!?n`4VnWwx z2{EQ+KJEJ|9xtO4T|uRFt~7jrZ;<>L}93{i2l!=#Z(+bA5Gn)#qlw1`V_?A`2`YOslXl>w_v? zj)9=6Q|yodrlIj(#Bs>7Fu0JXg)L!`geVZhkK+Rl`pcJJ)zP$p+Ds);F{Ln?w^}n1 zj*c!aDyl}5S9ya?BFcc&)GQvswvk}recIr5=q=>0`1InX$5VL6?YQ%MAYk^Vg>63(7Z@x@j-V;DL zsM7oe`l<(sFmDijd6Vwfn6w3>@~C{zbddXJVKF%2)-%X9 zR<-Ez-eOL4jPAAF`%&PN+-xGv`fbuB8ve(&rUDd~HZB+Q?Z^xQAg;hdEa%e3=PE{@ z`ed`L9&Wj|c!KMi?OScCcM5TErBm$>On%>b7kdDMjJ6OYu&{E&L!C*Y~%=1CK zd0Q(TUB|M2tENU=niU+2;ImK8b2K%1ACe7qaQC`;Os5oC2J={&-1CPy6a1+%SnVHx z7D8v$GY*~5$1e>JWz4)D3b?(obh%V5@^(tDGlnjYc?T*~^Ig~udIY|OT}>)P**LD) zGUOLcsKM7=^f2Ls{7S{#QwqYr%7Z|9!UznbL;vvfqr|$o`60-7R`4Ril|Kaj^w+$Q zB(A%C5Q5p_zuK!PW^<^vQf;OUW=1VF!5H>uM-%hi$8>TSKxw}}yiHP3F1KDML-Wf9 zvU1zTK_D&O+qYpSi*pV4e3p$195s|3Aswss!@|ZJ-QODyFY^ku?6e7=Q$|Lgtav)*j|RESGKR9)3O=C;qk-zTB0cFPifvEABBJgi!77_5i; zHkHm+d7jpoJ_19+5iP*GvrW%5_sHe>%MNB-!NnbRPq~N`QTPeX?f8dGo^RXyr0EQZ zi=^ULI#->Io)&3IYbSHw7Gjz}A}Yx4dO~Br{N$dm(G@Pxdbc8Jm2+Q4S`$LFbK4<$ zo|(^3c}`sX4O|Rrn4V^Fhi0AK%V^Obr;AIDNPRL#Jd(m)*mFt>AI;Y+e0C9hHaqFT z%L~`d1EvTcrC5xEp@Jj0ONI%Y%75XPJ9EHBr5k>+@EfU*B(F>Ovar6|5Kp`~vtjNh zPgdVYu12QCOvY9#n@zF9YlEZdU`9TF-q5W^Nnl=r+HyZGRIoS^Z3cah82v~*DLkQA zKbVuz`sIzz>ml|JWRlwPYy2tcGmjPWcJY}(vNR#dnOn1=G1NF-HoIPr8H& zC@J|>Nrj&{--ZAhaBly~Pr-uo;m{|b<-fge87l{lua2Dyzcd_P=>=G)o`n8%J_*i? zDd3l)0z@}h94dw*Ck}{C%xB8~S}Tmz1E^D-Vi2Krimu7Q1b00z^DjPDBkT)V;X0D%&A1FF#3vNLX4x9)vbzLJGyXPd|2e z02g-$D0g|i1c5BnU-A*A=|}XL$NX+ZF$L(%DCHj#!W3{i(eTm2zYSTWe^TZRZ&gw! z1%(EryH&TV2%WwGZkM(q1A75FZ0~yl!}zwfv4dhhMGrlHdskgdks++iou=)l-mR5Y zPy`qfqABvqx|O^uDCF1Ty(q#gMvAN)vS1`$s|;?Bd}{l)eJgw}vwJ6cjwXsfz)t?& z@REUBl%i_zz@-`_x7C}3=KdT@OQJMQfaDlEk%8CQ{kM~ir6S<*5H4if*YA2K zzK+nnK*i+&)<~`C&fEv9viS(=tXCjzk|)z`{^_RiNQhcMC24DlkbC}xQNAi}F(jpD z?A4(EJ69%%2~L>`x6W%&WueUca5O?kR%)(Pm_{|$7(O5qa56I&r`)7F@<|1^%TT|&UrZZmqp@Maq-9`Z}{t5!anzQkcaEqU~ z2NI1kR&IG=j~M)^2qc}?47>50(QkBU7Gc4M(&vVihRbXO%lY*OJ15r{h?r=70gNyN>-< zx1(h`(>p==oh5&5?&iGTl_B?M>uKCK)-2}edzbLk?0t=a-C#tgP;=25o=}UQ%X8p> z2|tIcqd)xBBeRVj#j7l)0#7+^FKbO;qHK$OFP5{EDK~wWQdYk&SdhN}sgIw-U$Ty4 z@xbda+!>0uZWM1!5esv@OkiH#GyWvvPRwT?gQAuL&+7cV(x2@$Q$87T z*8U_;6eiPR(|WSVEz)ApNuN|8XpHq$!3O1^oVpyu`LyXMq6trF`#-aOp!r9^qy1Ap&k#>^EjTF9lp;@p4j;?fg9Ug>~ZTo2SZVP7{b-0P8Pe^DBpu%Rn z4XQv%P<)R_>}tGs*jDWG%R1i_{dkTM^@Gj|_vQ_ml@n4fht=B{sy}B;zh3r6meSG& zF)6ftSXFmvTT-E=m6?nAOh7=V(Ga8VkxCYT_x6Ndv$^9$b}p7#QRhTf+W~N6w&Xb( zwA5<)!RQl#4MjAG^HiRd(b?tLSoVIhR5t8{gmx%0XjF?)-Egb?rIh8jQ#7$*s%~Rn z8a;Sj{1S=86$w-+gKp)iLRdv9@U=yk6Hp5sjyeP&Gn2&lOInYzEduu7pNL&7*-^=3 zd;`4nhSf?dM<&H{X~1o|nqF@sKu~ zog9(?T*TwkyB6}_65Vp??xR}k8l#nRYso){yCWRe&W+02zXU$+8~qv45SHJ_+o60j z%29iWR-fPDDH!hqJx>LkbD{2S9GZ;$rM$m~<#UEm_`;Hx$cNs&WS7VbvjJ!0Pi`6? z&aa!ux~>QmOHxwXZ?~Ok5K>awt0Yub{9fIDUpNHP0v2us{8S@IPtPbpb49aSL9*~a zH%tq1Qjkh(^$e3yeIXgMiX`-RhK14GwVE|q184C z&6Cq}@gW&3FpO(tUJ-58J#`eBdjwHQQ<8#3jbqPs!SSaP-Q-~0&d13-akGf(70l$Q zjyE?KrKYTaO2vtull161>OlU* z&Cj$R6HAbYnrh6X9qo%Pt&$x&IwA(6%HDvWAO^kJ=lxR#T3xQjm4LLGiM+^?I*Wdo zN@&bPlPzW0b#MygIvksqp6iB_pBm#S z(zHhC-Z6;8=hXg&PZ$iF-V@n;WucBcDJs4Y7=GtKQ_XaR?wV8K%mq|Zq4#Bp;Ry6>ybT11pleSRJ`k_K`7-D!}0OHjRNM>sO>GYB+Oh_E+p+MQH1ub z($|%IB{@2`ZLBLAIpbZ9i;H@x&nmZ2Bey?l$ z_pmq>c>Y_uDVWQ)14t$|5yaGXZg_>e?MtVZ$LE>EQr1wBAsQ$=h~tR@Wa0Ju&Z_3h z19KVv11j#DM?OmL+x6W;z*&on6t@U~dXb*IK&$#TPhwsxl4a7Vq9B(z+wKM0J9mQS z-301XzLE?nO2WI&c?|G6P)Vy9JYkk3A7kBP!y(B&2u)-3AB9TJZF=ZfvWbb+fIy&^ z@v@q*^;p`>F>meM<@gm+m!^=n=FM=2$-P*v6zGnxjH^ms>W@Y`cbOZ@w%+GHC5A!l z#f6H#3Gt$}&8>D=HO%V?H+ZtTYJo`z2Xc{axV^gk6FS1#^uN{b#FKmVeA@URD8+6G zm2k1Z&+pUITC|9Ss0!&Ouf0ugTX#n9@Zr*m>;qRKH>%4^1~J@8P!pyIy1<3%Q9Ur^;D*=1cpBWw%-AR zE&gou&K&nzeU6U(?zJK0=KsFCmFFWTC+f!z362eoH5=SQ2+8HX$)2h6e$CvyC{sq{ z%FDrR3TM5GT~w!!EtT+#?tB`#v{-r?A6(6t^|g--I6jL^iFch$Ba+#rJKRG<-xTwg zQ+)m~WNWdd1^GMMC8FS?fU!vsV&>~RqHeR`262o$b%I%dL90VL zRr@N_wXe=;5TBh|8I|9}PDn(fp}KP~H0qN-KdK$1DoTAQa(QKo)Q!W6gV)rUA4Ex@ zWT5^rz>{Rt0A*l;r4oM9mI~J(**|?h(=FwIWaVVz}619b-2) zbtjZqrz8mABF4}QjK21^+wbb{J!@LltJ{1ysXTB1)QI{-DlxUjH5^_BxXH?&0{J4_y};T>a1O=sv$)F&!21)0j^ik(*p9$$|#Lrb^%1+wm); z|DMN?2sV)6^5n||K{Ndd-UMjw-`XvV)aZfrKWAT-9k#G1a9`rjo7{+=lc7H8^JE0O zbt+-qi*Y?w&w_3yA#mHr$@%p}eR8S*)o%Z$#~neDGSI?p-rYf>^X=^59-;FMz6&Xg z8}=~SzyE6Kd4FdZ^*jq2qbt7u7x*fDZQD)rV+Icyvg9y2xFa@^<^GyFd3c zye)+rSo7FoQ)%q`rYxq!sw$QFCvu8Wc{7dnfgOuuj?e3#Uku*r5<&0j*o`ZYTY3RU zYqBh<3k#yvNDVQ*+?sWOFgcZFM`efwiIjH*2B|#(Crs zi%g*ELk{-6^pn%i^`Ps!>m#~XAt+!-HY1sIkWnGF4l_awJ;w#)Sf9Vce^h9nvC3e1 zfT$?vpG%=3X(j=`d(~?d6qUY#A&i=y5nk(rW(r6j zLSxe)i{^O?OGHS7b`}xp*c2JZJ%0<*sjD;K3jDFi{_OsbjeH-H;M_x)FAJhV zS^W;Ma53{!% z_Nw+<16mfGNN5WAQ?OXQT);U^z%BtR6XPZz@Z_hrYmoWg;a0C62AIgfxzB7*!aI`} z_Rw>2pBe&L;gtuR_x_$AaQ|!;Nin|B`jhW!u^GPVw!cUwO|-W-1AEvVy~Wi#?dwaP zpP%P9hu@5BU-Ki;9EAk(NVPs#TVH2Fd4Pc#z>T7Z)Q;5$Bi|>aT(akjRjXyhAwTAy zuv+dy0&WhOk{$+Q?N(6;uz{3cE!oPL>9J6YW%fY@7(L_76EDiE7oI|@^j(SE4-h^Y zYCRf~-gMs(uH}y{V&G81WBB`Jq46@+E&Ubs(Xs?3(d(KHPKI}ak!9HR5`Z0*4%i{bf1XqZ#X$S$4zYUD&OM4R)%iZJSTY{*CY1} zE)g0GC2@A$ZHD&>ev)U~b5bLW=Jb7A8*R0bjN;){R%V0+>&-`~925hcKRR&8@o_}Q zf-Z?{Hm|=mAO92rgIK}f&fpG?Z5;VQ-0i(we3;*X-Wkf32P zy^Mvix(}X1KxMcJzayiUP6OOA?gjIZJ#Og>lYB_5%ZP&V?X4S&A0_@@W@ zQrNezXTgUdA$iE)Cjsx^0^R&O!#5knSl}P6FTkA4VgYc9i~F4K63f9Zb4B5b=L60kT$$m1@4=E7N^_ha<)NipZg z5!6efzqq@%2)L0J5&xfCB1}w77J}#FJCvg*femXNtbY*;@O*jvhumsDLhZt=UyCW@ zkAAuyxJ>}R_aRpyT#EkO=@&(iA|q4S`j<=aYGX_YH<0qtHVDzrf&u0jc!0tX0N%%V z+pdpKFT8sI=vs^4D&DM*AO_JPrAqF=?V2gvr&EgdKP-!K;*r!BKOeoPT%MaSHv0YGnh$9gRYmyt zPV(|0d+dUE4YRL=Qi1M;{JA1Ej2KgChm_$4W4|mnohRp0qLA^!2MDkO2fqF;Z^B}1 z;>IRSz{Q)H7~-yb!@iVXPfd#dkCI)#0*;4Mcz#WAu-GE0Z>IHwaM`612pR`*+Jc;h zz6#Q_BPVvEGPo2Lme%mAn7c$%&Tz&PYO-~mXAt`k9)%h3_M^xPzCkD&gC=lH zR^#o~(FkkW0DL{tlA!8ccJbffp#B)Q)%KQ#d(Pckde)+la4+EgI=z0H&{}C&t=;Nv zREfdU>sdHth^016JA1`*+jmU=>rjDiNcZf__<8E}dvM}w7*J)et4TEsFUWLJ&T>M8 z0mmulQkkHDX@00`XcW71y*E0!m9WdN=u3?!X$ZZbv= zzIK@kNsuj7R0Xcfe8I`@wJ$+@Sb(kfzamnp`g`>P zEIcR!-KL31)@R*-wj>m9_lMfeODNu%xX%0l^}<8?0PFu4v+|A(?XQg{MyPsQBZ{8F zVa6y_F6})Fr_OFabd=rcYh$i%h#1yj1^eHNxlk&JFO{R6xV>3p<~uAMU8e0rUUf_5 z4wKx^-qmi%F{F4|k8-=v^q0=nM}jNGoG8_d?6qg&Yn;S7svnZQzC;%#{rNawIzE#f zH|&4Z4e6ZUOO3`wJcz$qQS2fxN7R3@*x|>Qq(EZnHQWU?lhH?LGT(iDsQYe)*QF3KAx8@L4tPP-6^X=*T&%S3y8=@n z*0I4*8F#_K@@}%(0jUr2ycOy0kCg~`fPXY!vWUWxe76gtzZ7FEUP8RTR4HAGc0NNbESw(QB|qw!hu?4 zrLCof?=J2Q*-&$Tlo~DV;A-}`$c1pfFxo|K^h9D2egZ;wP#ul+F~vAJ;Pk|}u{Y4W zUzO2Q)k7m50u*8mhp2|2JCIV}D3tui7#`a`F9u_dJ>R;1mZC28|ziRVVC{*(k77hUMQ(G0Jy-$zlXc#4HX9R1PS z51vpzRyj`NM-wi(5lr5r3a|(lNL#*jM90RF{3Qut6jF(){#sk`wqxU!#g??fhiT$V z(pO*X^Oe`#oPPC>%wZSyFajkuL0l;55QTRNn7Hrl5xR1$+whO>huKFmgDePkcbHK? z)a1XT%A7{MIkEA1_panls_%Somp>`{2;8s2I;@IVr`9X|q@REEmEn@`+dKM~I);Z?H3)>$7Vz zpQl+iBxhXsB4f@#4nqd>MrnVe@LHqCXn!@#PPDx!ICMn2D^BQ6hv^ z|NrajtK*vdzW6~Jj}df%`ZJ;PGn{Xm(h4 z=it#F8}T|h(C6HxtRB0;Q)K+>0F$NQT5h2lo^-Mn%qn{46NgELr2NJH>0Z6OqR9>r z3()$8z0!R_rUGqwV@G`tp!-dq6Wgr-aZV=+#15M?zcZlL2UWMDDOy8hVoCrGNyk$@ zo{E2er0@f(X5oL;mjyzjCR@>Pk7fA)0o!(oQ&ZYiW3?u2aR}K;ZX$49IP% z>fw^}OFvfB#_tFssFxZj1MlO5t?0E&86VD~hdXFHD7IJr!=ON_16`H1x2bby===!G zmaM4$>MU&lZRWDf1b!~l=^)R4?{1I3>036n)hwfs;9hn?s^1($MxHjY%Q{HKaCxnJ zkJy|t-bmX!MmRHOuSW;`Bz^%W|Dj%cWuzKxTi?XHS@~T8n`83gAgG`0#he)k_bMo0@)zLHm` zH@hpEY)U2jOrUbdYz9TZITng2{_1bU`Z0l90-rzWu}%z^yI!r$nk?b%8XChN+@{Ho zZIipKdS3|fa9pkzD8hn(mvXgZT4nLviz(EoWjIKoGx2i)YI%K|Bk-USK0P^p7P1@_rNs87>BJA&qXhQ1JVUM?ceka81z3|W^jOKCBas8uB^s{ z=*9{gf@5ifA_Isa^_H$M5p*yq^ps`r*z#%~v;8uw5iBn#(_7!)53#SJc{TUQN9T%l z(4Xh5j?|^o=jc$XTxJX0Y};Y@J=xe%!2K^FSZLq~;Ou6q?DVwJMxGD6M&Pn3DZL;n zFW6MBY*<@!1%*y;Hl^(Fx^5>;mC7IJz4@WAQV*5;G|rwYtdGKTZ+8NA=2^9XL+L?w zJN5IA+rpsqTQB9uir^?wyeWCl2)t=Q+YV_+fN!ifrH&(uC8toTkmib5pW4IMzb^0+ zUeFNV+Yl#un2dgKNoN|F9OzmsMASH)b4T_ox9fAQ= zj<=Ohk58A=2Ao$EPq`u3gp5AN^m@GDfn${EBz51_S>7)|eV%2{eRMt@SP$|^2EebF z2~XWO$EbQ~VOcMnV8ic~OzofBw*F{#b(>WV*d#N{fU**NOs{$D8QRtZB4qtZ#nQH{ zubxW)Yp7wJg)-Nak`|(opD5NEdh23TtaQaD)b_eA{i=?%GoN?)ZGJj@pjxn?E^4EB zYE6H1A{&Ozg^UC|ACF#|F#H5X%f1*8I$dWYf6>kMkuAo*f_Uk|-otl4@N|4}Ve#z5 zB@O!e>DaTnB8q$2)wYj`&|dqyy~|>`I^3p zsnAplRKT+K5%l0>f-|g0B5MLTGxmY!*Ei-M$M#|tLeL6l7l8b4UoGdsmOlg0PFhzk z`-hs16xp)SXT7!o&a7I`)SlaYx^uBahanE|=J^B9-OgulcupPpkaV4sA=kkLw#Oa# zWswXaLY^cHW)yRja32p|k9oVpM8a`R>@_!bJhFv2+3G%@7= zjrU7dA}1jpq3ei*7I>%{ggG%@JN(}N5N1q+Q@{j#k1$@EYK9jNe<{Rt1Iib=Kbk!Q z6&|C8TyME#K}%UO44c*^u4>Yjhuaqx#+?S{*>)nXP%VpZV>5L~=|$KOd$g|md?wg? zh%aW!13U8V4+W2Nw%hHLznD%KL=mbC0sd&*VkGw9x&MhQsDtewg2_@W9B#ucov1f@LKRROeptGO3O6yoFDEjpZkM7A^ z-q*zVdLTvwu1J`;WevzxA5xNI>m~J46$ua|^p0$6Pq0Fu?XTYCV-EVqhO#F~EGIy! z)jG9RI3d6M@-ffee#!+v!^6WGXNg;FCg;<@&;1YX-A%mJr9@RtIxLA${4*q!wriO* z09R1ZXA<$*@XgmfmB-_3j)J}yBt_rRhIX69S7>nO6_AI&&E+_V<`~r* z&&=nwBPFKf4p3fRef=C6f=N&iVz{mBs+=s2eHH_D0X6w1B)^Oyj7zybEqeF&r>_SE z$(y2IMPW>WE%!H{acG@Dv=OWkc#QmS9-#BTasuXBd2F%yZ)~`}0-3`Rgk^7YBM{at zq4P`Q8Fh+@6`}iW(T2GSMUnaV{gy~R6_Phu?V(u%z!z{*+R(G?2s|*2=q+&gwKoOW z0meqDR+G#cewC5X`e_}zI0;C**VOABupy^66wtR#TQZUg$^sq)~^=aGa zJm_!mj;1>3DLUljV7|`tRSoz>4Vaea^|qU`;|Hi&6lbVVE;YxkI*uzt4&7>4kUT_?3^Vbe)zuU^}vsq&KWP+!2M~jx^E3Fhh^*Z)EIZ*I*$+b^!~VlMi7Uk z(D+-?1Ac+?x2_Mo7_yDS$XAb<){y2W{=px*05i6K0%c<#XUzk(&eiaW*$$NGP6dcK z(FqPKO&s*d2DIM?e-a7@^ZaS+s#EJV{oYsH`pC-td8@;wyB7AI$CpN;4nm@C;OBl)66QlLF;pS;qFA;J;R*aGMwYw>FPAmDAvl9#d` zLXYd0lfH$n-&mWfWG8dViA-%Q0|&xxN$w*pMjEo?E(|W~%=i!yURitY>lm0No*36&b9o8A= z3&Nc6yI`^t2C~DqcLXxajgWc6*mPv&cD`ET893zB<^6$6ZZq%4d%iHGi~Ekw$gNOj zX;DxHyO1y=?=VQ}(W8s+#T&{I&JJ@c@TqOMLgf(#ICY-ZD>t*Jf8H39@3u(G3tS#Q zYSyRQG!#3WO69WWO6E(>SH;8#2zy|}3(Aby+UgF2)Puf+#&7tIv5<}+-`%}4#cbz% zzLZP^prwZNmP_OooI7Q08aq&yP(;_uEnXcRjy@h}{Uf={cO^ZYEG6^qrRV!OKR_(cH{Wd(`;)jS$_eWn8%1%JWR$}KdGOuvH= z2rnwe7qkS!Nok(jkb@u0%D}r;;65Ah#*$qpY+iWX?h zSb1V!x!|{}^xJ}rH0+ZQ3YRv`-_IOPd8d|HtEVJ{Ouyxn>6HK`R!zP^e&*#!QLG7G za%arJGDhw%t2GL1>j?_)P=J_Sk0CWZe_-vCYl<-XDJmHG%*>3E5mIpsmGO4ZzMX6S zmcP2>N=sHdGQ9yQx>0>a6VRFxUQ}h(;^U%JH&&k)5FU`!o+5@+c9qWbOQs|re(VbY zW;QTqb?;4H`wpwC{~&p#mCme7Y0Wrk0J8V7@>BsFL&R{)aKgNxoYPB|>w&XwpBXs7 zm}I3JO8}apg_3Q{ETJE5eZ!OxOqVxi>sp_M4)jZkZknfye=G4Eb~Wx!?R3}}sdj-4 zUyKhanqKpN`(zWWZ3yMEqTQzb#pv*rEIuoSHn}P5BZ)EH-urQCO%c5m%1DugDlgSr zGm&Z$Nq?Hf)ER)AlZV!w(5z75xd%2p1|etGVwdPq^r*?m%T9FQWBc?*p`Ej5-EO$W zPg%6zTIg?pt$*?u@>-t_i&Pm6X{WjV>zDl3>YjIdm0lTNZ#nEV!xtbVtnacdm=kW1W^Jr+7G{UNnytcpe)w@X3n?6m|yYkRy z!F`Ghp$Jk0rf+9w#8%fj#BmtZYSo#s_Zu(a_Ca40Z}LnPx#ftsT)O^itwAj&Cl!6r zk+m-G>9%9IEj_i5od{)c7ed|iE!Y6p(O?R66k-f|eI2ZX4SenD%)4pCZR*=^XK!`ynqLJ&EFgxSShAb}y^10P$N!eWi-5 zhn4tZp^9<_fDUzp&W4mh;KFNA##`U0VprZ%w!i)-Ce{-*F&BI3qoc+M%rWM3tLOu<#Zn#YMA5pm}xWLJLd(9{$3hbX+m-H%Nn>VpeB`( z4tsAxFm_TukA)b(r7xTGvuD}A)Rrl`zj50>{@PcMIzZ8@dp^EU|G6iK)(mhN6(QNX)h;UcsxU!6;wWU!I8-PH3g)v9iu{X2}b! zbrl^pi6byFIRls|Ym`=E^I-$hmME9EQa6;!>{d|th2Hl&iNiGs?@&nmH9^52Atvv( zsM{Lpitims71v@UB&}Uzv-3~4#N>K6&gH7}W|XB}WauNHdeY#rpgobh2khW|<=Sod zNyS5bCj|)#qM0!{ zhl#IHi^V`oiW0z?NBX?X@sT#qcQ$h4`(q}bb!eU585Q1V!JV{j7iDZulkzisQ7e?h zrl;XXsbi){Ui6w&^|ZO8l5+#gI`7_!JqUkOCX@My=srv&FAa7VtQB@1$s zprQG>DkG6QUMaVib~a|lL_MqnwLHG{0J`uA0f2R2!qk45Rs*~s-p1TIx(C3%JrlIF z$&vCok*H#7=|dH*Pjm-+ z6i>Ou?DhAycm7a>;-iZU0AGh)r>$+icb29+_7kiY3y$#w7MZR;py{?SW**7q666P)SHjHsb zRQ?E4Wl1vD9T)gAkX8ZX@1>vlE}g4mDPW<8#&eT!rezNFmb>tH28xp6y`RMnHd8N<2 z1GH?BrsLJKh^T#Ou#OdJR5Lj^RDC<)7=p-KKR33qxAz?=dK~3Gxw!G4Xzu&sJ{Kq;;Nf^}nDo8b0R#G5g zwP!vTLsy6G=jZ1?i`TzNNTXa8~RRH1TBaPkKBnjWDRcNMh9f^OdC@;}&ay8x5tr0D`aqs)N*JTd`WVqYXVI z-PSDayElMT(f)vM;??N`^FM!=46}7av?h#s2Qr27)Jd#2ae`Na+3O6P&W4?5|59HrzOtyIxMcj%?Xs)fP5%b)Ixh?r`v)$wKTWNZ63fV~}Hb5T?)DDBT ze}obuFpkk`dLU+UDVjXui18&laEjFJB-hQk7>AYDn%(aUf&6QMMm;~(Ris~*NrK37 zXs1@n>{81hi1??eB|oKq7?xzynMC+_vwV1PA_UsM{h;EGn9bJ-`ijD5;>&+K4M6f3 zx@c$%7Z}^_CTsU*of@{dN#kiN?4ClCP^UP zyof@ZKLgao8qC*IE03s>700o%-eLjs$LUFA4EL$pVLBv~m9dP~SKC=>-GbPw*jZ6Y z^yQaJ+f!?bJ=QeE;~;(Q9vgh7(&Cn8spxK#G!;RzJ7AZxXAgFXAxD)@CabE>n3H2t zHwFg)oZr_X=@)tdEa}cdL~pE;O-aq4rDdkC0&QaX@c?db^#`_qHaa!n#)qai4py|q01_Eva_=TL9a`hU~1lI&R)38vx)JQsX~AD&t2sw^8U{F2~LdAth;JK z*a7*FK6qIr*s@}{E_|~g$y`V0`Wr9~8daw%xOYttHoo$DLp}U=M+!h9nUw;yNaOgy z8{SXDPZ{~mB-Y}Jc|-i0(JhbE!{@bSLsv6rVb>C2O()h9DI|A6uVN0-cWjJT-aH_^ z=nCw369qLiOQvrurXN|8*(T zpwrbo2y=2>8?z=nC>S~Za_op0Wvs!*SIH`8WrL?T*+N4d*v!!DvDIS+Blekgp-YW{ zRX~t!g}8Hg!K*+R?qH(i-a4+tZopp+a8u)o%zG#?2r>qv zkV#?yaUtU0peMaR1~F|Sv*Kv=hzm%{rtN&J1fcx5O*u`v;l1rqs@@AMabYmU#^Q#TnqF(?hO|an9vjyY7>&#r6N@E!*sX{rR zF#&qnX|obH-2OWrTHn?X=l=XJ6o@6`)cjW%3s%jC@6W}!9u_6jXYqQg-)A^WPSxB2 zeNOr!W!{E7Y+(-~$DOEy3sh=3_~6Qa0)9%d;5mL~5`U!D?kJ+S+?wI{4jdw76)zC{ z!H-O*o}FAb+O}jdW=j&W^i=LsO3mma4gR4%W9@eiSw_jUKtyET{T^<&5L>wX!{wMq zxH?#!D~7uPvB;1o?et$6adOKoc%9@F&vsf`pEp~jN4gN=W&)Q_^p;I{sJJ_Ng5K(# zM?Y(78<0UC*~PWj{;cu3%1bPkx@}wa#Kwo{y!!kti201}Z9^NB%2=p_7%aTm6rJv~ zEIw>7&Vk7{dG#!4VO?XXSWM|@Afy%A%cFgGXJH%qctx*s6$tm*EzK7q>m^pRoQ6*l zs&J?Y@Mzg&H}5pHEG)r#dPwDMBB1Gyu{kvS@Ku@n#Zbvx!fpl*hmOt}syc)7Cqv(7 zo8OI98VsCmqqpctaziIQ*8&n=*2V}I(>7I%{ns- zY8HszG&$^$!RZwisfA`^FW5kq1x-mlO`u&Gg0b|w!bfziLyYhB)f5DpF48=6^Z`hY&7MXO`r zLBnHh@Bk$lRqpQ!V~fvXSd=?FhqWT<@|DNU*iO*3nqt;fv3wU=E>k>tvISbnfrF&vA{$b`^O5EX*SD?>wb))J|6z)QPXVV zK#|~u5oO6X*I^UhndRk^nR#~rXy_+b(3>kBbYmjQ%Ykl;fD(uNL6Y1&i#!75Uo{;s$lnxd)FaZt*)TNJuczS-aRSF4?4pddZx>|1N4R5O0YhrO6as0^=yj`1t zODbADK}k9fh~$M1sWdi}Y?BS1n!Nl+kN9-8iO%w;4jkOT3OIYSiSLvlN8rAS!-@Vt zkVe_CEX;WVNdF#J>~DaxCm6EDM>X6x7;T|{L(+^(D!>5bMn1I*ovAhA<0OpBrVc8# zlCEy!`$mX6G!$!YZG%)M%Aojy2*YFYI3D?0Loy&X=8wbHJIngW*!J zg~DHDz6GLMOQ9o6H_&8+}ar=>C_cb z9r=wM%r326^e;B7wj$rRuJ&Ek(e+yN%z)VCf#(2Kw^B(Q1LVy!Z51$A_oK&E4x=%F zWhqTRkRk5moF-=F--nQefuWWzZZB1YB_27_fn{=e8r%^b|3qwd88mg?=G}qRs`*;h zS?1>ewyT~!EwgedgYHU7S8ibz>QY!C2v!AOt3NQJf8xjFBL_;dq2|@m+)1E6YE=&2bG` z5R&HX2dW`)X%t)4sBdpDdo!Z1K4Ka-*F~+BO>vBz;E9^6j^|VhBd|9epug=FWwQ)7 zPUV#>=EfYj2yr^_Z_sZDJpc1HxYpe{gaZ_ssU{Ic)q-JyD9{}*QY{Y{_wt9^OL#e&ijD2 zi%f_?!do`L>8tk4wyrIY0o7>JkerN+*b?OzO#g(m4kv%kr|yM~2ns}55`n?sr7bw1 zfN}vA$3acfC8QD5dodslE*g^qyB-R~&+MHa3xGoH4r}&8tD$TH=gqlp=bqQX@uD}R zrcnz3(H{9L#XfI)#r=2P_7L*|kS~E`)JEfV`z|mjJo3bm`15VvtBPYc&&t!1;h)kDib znkX;cm$szyK4^L_s!^{>TwQw}&AV#)y~T3$E}yr0#N&bbAnq}{(gvHD!svA7fn#?~bK=i+b6`+%p**)zeTsiu9WugV&{wgO27zn)73Wf(n~1_O!Ro zBLx&pxBE)Su0o7b<*rzJ&f{M}SV{-Jm`io?Je0C>_ezhAjouWeaECwa`>{5^U!PtS zPFoapc|Ts!B||3`l2krs@IdI*mU1FmDdV7>SoWXRU<*3x_O+b$*AVY|r!fyRKThi1 z`Y3A@o@_<+#Yor!nq1V-+Z!hr(_v`huWi`!OZ($+&uZ?UVwugY#XP%n0>y&e`Jm+& z)WL2eCycY$uB;B%YU~#V<$E45nhtD-`Tn>W|3t*h$?NoMUjW*UI>n4*ML9_}GzfE3Q^%aY|yi_8PT%uWd?SiK4Zsv&dz6T)YoN)0^ z=pHR`;13dlP@@OR&dfj_a%P#PYiBiF{a{Ir6FwB*1pd17w9LU!jg$PZBxpZ?{Ess{hhU5~wYnu{0;-k{o5Yas(q83p?+6i^#ob9zUgJi3P# z@^nMrGdc|zONVL#AKN|d7VAOer5lBw$@zi6zPitBuF{|BJ55Qi5No8wLGc58rze~{ zY4W36IL&o1dE~=nf+zU})nMP(0K`n~wK}MXO&pw2wF=kLr%rv!2{_k6T+`iqTtu{x zHrR2X%v5_8BzZ>+(UJzm=z+)tC7!(KCwjh0*Pi{Jkokfn1`nV|gtuYtdUXrW|3MtI zOJL|@=?AR4P`;$XQ!oK;gC%w&%SG@t0^e_?=#5A%%fO&`w>%!mE>w96JFbLxDUc4U zz;+~H02?xU;%BJzvgxBxEHJuqCab*4HM=~gLdmbO!nY*aYD%Wk%#e5TH}B8+327&V ztroX2@h&%1gfh*&c=S7L5S)SXctkpw3!DUfxB)jMHBAj3I;OffcEAKB@%uMpvBe*t zSO+|N&pzB3BjZ&;_CKl{)c224dV9Lp;9CHy80g`CM#lL)WIS4(6a1X&>vh83{mU#q zf__}vNRjb@7MPSq;{Wm%CE_ZP*@KP({(|lQcOQ)t<-cUyvuO3N|9;}MNfo3_3Szbg z*R^`&>i*X{nLYetd4D95mHno)z(42&-I0m_(dhENjqic}u5o)8){AX6^6r$BpBQj+ zsybGQOF?Kh0Z!2(o5m4DU0vB=V@L#U=2LyluU3JI8FjY8^zy|fcbUPv z_U6dG3s?b=hH(bT3h20hoYzip*>O1m*Pi?S2!y%ZCV2d`aEV z5BTe}27jN)x&H>lKl-tAwnn{a6=+#Yu|If$u6p#k+vXzMnj45Ph=BTiTlOF_2upM$ z#ykx@#BEd-|8yfYL*O4+gEGlU*JhcRxpJ{~cmXSHLbXcWJzBfUTeBZDdhl(-z-JJc zHoee7P-te-3M`90ybVm>!?EUlGFse5R|!b<2^_R*zvWp!{7reGy6K8uW{M0;8SaS* zvZi%93k;WkswCh4Ago@3$PyYf<4Gj7M}GKl3t>dtm+1R1qjq zJ;t0gWjS@nAI7_%kWuKQd-fvV*^PR`x1-;nztBNPHMVfW@ylhXqhzvK0uyEL6GyY~ zq+&*@WEE_*`mpW&b>cTVf#M@C=Lg7evu2;BWN1nSKOPLqsy zP55Wyc{O`RVPqkl@)_mZ^Kq&t@3+S8e`?bgoTpRMxX#am#;=Va4lV3y>74o0d0!|p zPC*{(>^n1R8VFpfXnuZ0Q_T`|ald5oI&;N;tfUhm+w+sQrjF%Qv%5RFPd8&-QRyUt zA-yBwdXwKfvS)pjX=jypc#6bnokS~0C$VRCJ4)Cx6=cos{KZd*T7tt;&QIH?Rl}3!G4RNA)4?j)~{%4;Qs$%U2St-?RA_4hZLHFa(;+l=M!MT*WFooZkD;f^_xporRz z<;mR+cT(@Th_3G|aEh4WP7$;@bOk2`1{RPli-DrU?=Fzti`6qw?M1ET4FI}lMrJ9y za-pK}*|tOC-AtKeG{|TqM({sS15PXSPrN#}1%hCLLH2_t+cFNOZ{L=(Z^Lg_=HK%~ z^QI}Pj+S{PkGV%n;${Wa^a-MW@6^eaATbh(LsO^EKjiO{rIRCj&jYgEvBMOGO6HT?vVbrq@%b}XU#h==1xlOY-8=zR%69A4sm zBrwDNso@C$g)tGQxW#NrAw8p-knk}XBu1TnzFbxVbkjI_OK`hc=}2GDrw^C08l|4$ zKi!#Uez-VE_bxGHuXZ+QTh=iw&K_YqD-5s7$_;SNF0T4(dc&yYOOL?bE46}m{@iKJ zlB}Ku!^w>YGsng_Uw2fxupIagVy-lBEZpq{8ScTtKl5izjwITifg37bxRUK%$b3f^ zbhM$gxPsR4Kz<1Z1}?`8%Ph1XXo$*oif2v>-&KD9klmy9)aljhSIoX@u_`BBW#W4u zyi$0Bi~*PWqE|$R&~tgo_Wr-M4TCd36`*7zxmjl>o~NrP4v7a=d2hC@B(VTB*ykJ` zS*$u(d>PLTB6|`*K58%yAismTxqDNd4DRO_XlBVp&I{1s3YzfdY6l+r3vd9Q z0FYnBgNmSx=gbixr*Q!8OXViVRs8QSPz0I>chkvg7#22L@X_AYIW!}9L4L6{crA3h zr?sf#%s}~m^8jw6(*yW^pA%>IJi)2J8n+qHxi5iSm;^Ui78fz-7TJ||>2JVArhiKVsOF_z_o5z} zO*f|^5WLrPm$$lwMG)6?nLAS);OG~TvLB)|7)hvqnn;{&{%y9hX^mid>THIxIDs(A zRfO&(lE~rhQ(XmC!J2k7ZhBgx0xFF{5b*$GlBQFhYFWvgd`p#K$*+dyK@}+z^Q^F} z{m%`@&W*paXvK09K4GVL^29znQDv7$`XsJ+_snfVl$cdT;(p3kWq;jW@0wOj0O1ZJ z$t3q~iV8W7bV63(qf;P-T?#$R7u^hY?nP3QL0TQ+SEA969oNmDxd)XE@!x$Y$}^_U zk^X=Z@Al2mWU4EM1|(*dzT`bi37yeti2k-sU0qQ1jR0dv~>H5~^wVE59O@hx5v7;rG{jhmpDy3;BCL1^7G-SL8{_1{IjT z))6$Fqh#!Pz+Z84F4@FT#)`?ml*ZaUmRfbuu@Ywy#jRszL5(Aa%d?@EEn={Es zi^Cdrqr*d=xbxp%Bt}E@Xe88QtoI|nHg$B+l|j@j>(Wq5R3VXwN3q+QPioBFFI7a0 z`F}KfxDXtN1Gg_g`$6tQ?Q{iUEYA}H)V|W3rL3x1%PHNcbA3BBl05dv10@_H2OHHX zIC^u9ktjs6z9aaKF-Le#L041WDw2|Pg;2bDiuG>N?vDiB5lTDUB_7YfKWd^l7nu2e zX}Mc5Qy=?9C>;Z`5QGqEsc!9IX5fF*4^!>arhwdE#Lr+o44>J-H7(19H=XXm95uQL zH?J>%LetYJ`r0O~Rz@+r+{cgCn!8}LhMkI&TCCcMs6cg1Q5YCmh4-v{Y$m;F?4s)d zJc!7@$g|qgrc&!8fNh}+WIlN3>l00*vmg`Lz93Ekn0D&j4Me5>0+s_%uRnWV-&ofY zjE}nEU_7B3(Q(Sh=@FVz+3_Oax}#b&WC5k2To?MT6kd>uVKcUiQ#P(T4$6&+(ok@q zJ(K;w0yn)l91mCm&>B-NY$>K4nw@-YU@u&RdEb|xsuI6a}o{-mv5TT|L#M&K>&;Wb@n zylC&kDAV0vwZ<@D-v{VM%PkK1Hit0!mFM(b=zi6%pVHas_^BGxhsJ2W zRZ1VQ)+ZQodpZ4$VF3mO)LH%mL6B4S5X@W>a0CryzPQl}9E3`xLA|Zj zQBn@EMgL1kflgVWMwpL*Q#Xj|W(pQp4%J--|F-l3H;^>b{Rh5VFE3C=Sd8oUMbO!u zU|0PAQcK)$G^Vd()8<~ky~&FMUA;9p1o*VmDk^IEAI4#N(Yc^dIjr=eFKu-~*FWKa zoIt17DDSQ}vrWJ)ihtk?0n8@CPuH$_A#-CeJEfDp<$$G$Wn`2$L?b11rF!kM=eHLK z=?As)Q6CdaF}|wBX009&=bT$Gkpx{;O2WMim5#KsE8HJdk1Ec?S%+lcL34;Qo!Cl> zn}${%0!7D%Vkb!jT@Ccm%VYWW0e_nEGSLJ&8U>=1(iz3^)*&8WPf=qKrc`!6^w+Dp zpE-K!6&2>0pWxkkAlOH$>?>AeHWc6g-N>fln)F%9S9AMz`nSY4g$o}7+rDHY4%ZIy zvu#1IY=lKZAh4oGPYFa1moM95H|jsXIQ1Zi9oZ{blyKsrMyMzs?xTb+mrJmq>5f;L zII-c(2Lj7n@LYrMY1s`{<=EH>+^2*K%nDU&Ye2H0Ro$=sFkGmj%#rlvj4>DUxL#42 zepoJnvmi5>_^gh=ce>3xz|_N!2TXV&O5`FTZX&!7{miKO<|tV;V>{lDPxP=wIWzA1 z81EgGd9fek9lF@o7c}${de8Jsu02&b-+$zBhPU4pZ-dl| z8%tXcjKfcjd<>ouBQpsIH>J;DBn6ywpKr!-Y7jK`>siw-dSgA%ZR$0n<1y;@rF+1i zJVjfjZ804_$oyty5v`zWlY!Z+Ue0Mz${nO|37u-@rinD6TY(i@5%=UUS%q*(C&#+t zm3BsW}6YWz}hslb}sqIS7XP*TYS)WcYdhh zlwkvyc$L)xea#Q>!FbJlhncnHEN3)I%Y4><1pd~s1ZNfsYHn%absKYSZTtrB)d-tZ z#}Q=ynrkmZE>RfltMe>c&CryyCWMVSCOsA6A{T%+S1a|RQ$I8)F&^BDwg2wL;4)%% z1SDNx+MgC`6w44Z{V`7|x}KJ--E20)^X}}ZeHjp9;F$$nd)xKUc(J|k4FpN@pFy`q z-krQqX$E?NzfBUXtJ;M=mJoFbNUuj~i3_q;wr8AwaIr-^T2BBMJ9ckDi`YhBRW*3- zdpOPj6>7p2o6lY3>z%Fjf*^{axDmIph+Bk$kQACPMIuM=H7um9twbvM5#5%YZEd>jACReh2V8hce5#?HZ7Aa&3YOnaVdj>uq`Y^F-#XjqXmoN8G8j=&NCv zSWWn4u}kfIsSv!Wn|TUQ1kul28_R-<#)-Fm7tiVA_%=v-BV{ox5qKN-C$+{^Cwv*G zkYknfGs~9t^6ESH{M4o{kCJ5TtS3rMUmZE6Q`GOOC>bw|x;&1}I_Ps$`-LGBw$7+a z$j*>tJ#I7DWyhGd{DD2^zpmj!=q3;;R=I3>d{-6{CIN32OPrP{zDg}WqGt+M*@Ayh z4Q5PV$U*1(0hP1I{kF;gt;(5tmpZUxr zy+s)afuYBuiB$G$O$xuj50{Hnbo1Y5sbo57&@91-vDZkZy7und)c#%Q^dR~-JsLUa zBXYdv#}!DrBI_1m;$zaT(~p1L_dq!#Lul0YKFC9a0f$&s`!ZGbg}6yJu5ct#xXe9{QbX~ zJwyxK^fq1w_j1*SU>)AGbfw~U*sYB0iu3(9?|*CXFCLJ&^Zx>X8;rV1{4Xj1IfF^I zqT>#+J7BEp|36~bkui$B2_tYp1w?n&)g<|c+ep>T3hh)u`x0CD%;0~QW6q^ zpGyAI!UV)2eg?PJlD(L!a*D9k>s7c&12S*^XGUcchg;?8SCFAyQG+!yZv&dO?sGw7 zLDOf8TZ%EA9H}@YfUU`Af@7d#(8gDXos$46U7I?&mY5qk#XSWTsO+nh4bBNSKK6D5 zELovip=s@&cm_I6c}|+cCk0W^%gCrdPlG-tDjo-y%6;BP9UeWs5lAm57>XZL@94b# zqF_=rmaZrF@Yn{dKH@b#$O)J4+860xw~4A^-JNw-g2XHP_QPH(5hIZZYuhxAKwkYG z^8ss_7y?aEq9=Ft);SFWwW3jR?P;!dZ77?nOX7euaur#lv|{%^LIql3sSjw}vd^P` zDHbQs9+`^(wax$Y0q zmw(fW^*E@p$em%bNyqDrLPMdZ<8Lnt#0CH#qq(exy~Hzj1M~A;1=W&=SgHW@R+NK+ z`;^GTqvdzE`)yLmpTb|86sXT1@CrV09N4MYj&J_-EOqA(_bYd?J#VU7odRstZ)%cX zi_ff0tt^vnxwa%LpqO3Re?dNq%KolqirOf3`FNslQ2^T6Bhg$FR>6nWPYB28gmzqt ze_ygw<>e{weVq_hBL5=A^mWxk9p`7+%uoKwmkHdl!n*Te!0Zf)3k6C{wf*8W>aJb| zM!ODe4w4jICFW-&d?r!k&p1o1b}frOpHpJBtB_llK~-kp=EIc!3uekg6+Ajx`(osE zpV>Yn7qjOJx^3+Xaq`CyB4il@*%kM0)h)8FHA;ZH#|<>uoBZ>?i&Rg%RIbP#YS;d? zXZ8U+ztcVec<%J5E(sx9LHlhm@ZBmJ=X!q2?lcupiLQU$ztY>WGJdKrq_OpI?0$i= zgMnbd=N|EqpT?H0kb2e+UUJgdj@%WH#x1;wV;&F?k81tut}e}%AhQaU>SJmiXPew` z=_0h}tzwrn={~hIR-0x4a7hE0d)#H>Qj$6d1{Fe|kAI42!J@wE995sIPgLI%Ow6rqDR{ zg<+5qHF5_DqwUl|gNU52V0h&DMIx;_XI`O@nPj=CffoAb^nb}+3DzlT|8Ai zEiJAus(y>}55}I`s=4!(J8i9QM~Kv|9yG8qedv47@UC}lVYi;n%w`4Gazi($G!;4t z7RbP@z^v6Ktx#*-!Bm-E!s0K3lhY%i+&>N!ZAkBLvcbs=7^AYFZu|kg)wL+aRkk?) z3*i_Wr#eWYyh7p&P;~0NC2%RYD1gNX1n5S{)7bp6@c9DZSg)6`bA`K1g${u`Yn>#N)^YAQnlEuEvBsSG`X5e}FWPC*f_D{P) z%3EjbfMgpq_BkH3R2>Z22cnBuhfy<*Z#_^Ps?@!!qI7AS%}ptA^L@A<+#oBfn(p2!amE z>YOg7^`w<9rErTpnE1`u8PuFbxn5dQPx?{P1Q=2|qY=f>pwx%2VUjTNL4xRo`5Z{6e=Kj6DYTE?rF2?+W>T~9|+vo&S zC)v>VH{NF0_AJMHL^+arR`lQdtQIHGK8lC|B&{4r{a>`Tm4Fx_{OpF7ESIABUvcab aSb}W6DitWp)dC*wqot<*tV;F8`~L%{f= literal 33505 zcmZU)1ymf}(k@H_gaCsC9Xvp=;O-DSxVyW%J3$6_cY?dS!{F{N86XgRa0qsJ&-woI zo%`SEwWfEM?ArBI^|tN~SCErHLBdCZfq_Ah{4S~l0|O6+fq5tN5%!G|^&rvpc7ih( zk`;o1sf$H^GK7D-e&?(tAq-PJMR@pDUba-xaM6&J;W4(iWiT|cH!@}LuyuHof`Q@l z;CU7l#QKC-)vjhyZn#xe>49_k&p2o*Z&KOf8+cw z>Ko7kNPLX{37P=XP|qV149xpu1sN4FT3T9WX6EtnaV{<{adGj9i3w_I>Nn?sK%lUQ z$mr;3b#*lpGwU}IiII_!^73*H4h|3qG%zqgMn*O~JPhNp(An9Uo}Rw3Q7&8l)Z5!D zAn?u6!7(~I+SS$7$jB%sCx?=ff|Qih&(BXqMWwsD+tk!FE-o%GC{R&RaVp+}o}OM- zR+fl}C_Fs;3k5}cdwXSNB@+{4ety1%g~iveG#VNj{r&x^si`3$Azofy($doU`ug9$ zOR})AI5{~bCMN#)@gpiK%EQA$NJ!`{XNrr91qB6te0-XknwFQB2L}h)*x0PBtur$- zWy=1Fh=}m=@@i>mD=8_dsj2Dc=wxlYq@<*@w6xIC(bd-0mX?;jzP`$h);2UWkWtfd zS|qV+`>w2%NEhGY;o+ zytR1B7K4boTGmowVWDX3oNQ>TQ~{Kl{hN)A&D?y!aFh!LJ0au|TTyp8Pb?UhrfdqN$A!$x#;WSRo3NWW0NEWK09T;wy0 z(h}t}mlaV{lWf&csA9EzLvBBVPtwF4bAY$4pNv zDkQ3D!fdGSl+*OhCN4YMM@~+Nm7YQ{DJUk+F?w*1CUljKg;RF8nxCKD+FEUHe%{XQ z2hR`3N^i5osWTZ9Cn|of-Q8VrF>4W0aVb_bIfGxfXshfI52P{;b80f1CM^*1FQ%lM+J$q&5J%En=toE}zG zG_)KXjE>Gao5%O4DsfhhK0a2&*19Aj{GW@912cjNZC(5$+=!}^@Wv~#v6!UPWk>)H zeI2>D%T1r!moCkVcLz&wW@cxQ42n$bbqhvLzb(+!ve4SnGSf1TGmmpI$2>^G!1&fl ziVCTCtes>_E91-J4rAMTC6$Mf*65l#V#d!3Gh851j|@^7h)PFcVRYzF)Q#~WbK2EA z?v9-&67k;pr1%8490bC0iC*+c#l8A7^ZT}&H>S-CqLz4@iN}b4{ur1il&pIsNse)i zf&Z|rPo;BYc-6Q36VhR4aKG(H^yeQ6={(RElkUN_alK`X+YDf>{V$UR;SL+)5@`Y^P4@o#!P_f?kq;og!b(s{e#_!U@Qbp*J0yf zx3pkhE59hAr!8G!EV_nrX#2Qahe4may{SFHz(d_FZ4bQ3=_gBxetwHsmDhV6Ed8Blb0TzSPc);wnZdVKho)!|KS3wuGPRxp0J`gkI;JYrQBap(4e14` z;UoE=Eplxv{kkDahRlM_25H%+rdwG@pOaqx7P*zt&wB(xyVf{oHyrS?*MN4u9e6+E zCtK8*d>nubs`it@7kQ`zMho+rwJ|uhEI$Fo_it?MfSQ&F= zXJ!+nXJ?BD_{0Gj(m^}VMjoNaYspMHs(fxwG}*#swPPe>Uo2{cCs+#fUjA~D9TjAZ2(9u zue&OsVtr~6;JOV%W?<%je_I#uac*^)NXX#p_`;~Tgv4qei?TUOrfL^=FCWqx3aFwDYjf>`qdP&re$BdDm)j{|S-p_1DeXz# zp!G3Z?X2|olXf&jird@Un^%iMs`eF469MdP(0Wi%%v$C3vsT;A*n_}tr`o8vCu{1M3N9;ewx@oF&6Vdh>Pb=X7#xlb2a&?@b8 zvGB>48+EAB#ph8^+u(z3&okSSIOQxKH3Ep+l8BvXVq9gt0(pjGsri2|R7@CH0cs-i z)*NdSe(`ozcQ^(kOT6}BN(x!9qrMhpu!F{*@*x(7!8&8s2KPmi9hbswNvODmb*=Tf zfcv!2Ill1@+OcxM^!9nLM>dr9_ZJ%80-ctPtQXQsaGRH%97JU-ofGewx1Y1jns+QX zA}#bK%LYs-b{O%TGs>~slFl4kQ^Yh+k|A>^ma1bKfpfxaH=DA2NF9u{DbbW*G^(1h z;DKJK9x#WIdd*Hv-D6V!mrm`Si@Uh-y|* zlm7dX(Gaz%JIivlyh*vVc|s3Rs1x!J1p0sFI8wy^&=AW>7>IV4;>R5Aesc|TI_0X| z7zypXt=for+Ix=_ULKw~7DoCZ=*kD=d4lFTCrnx^fIE|IzKXF&&L(?i_ThNjA)70U zKXV21Q}9DoJGOJiv$=;=iUuXx7aA_|F;8Dx!(I(-53@S-oj50{#mL#aFCeP<2)nc6 zvkwO(@R5Q}ddon$ZHFmSSKTqv*u!}R*C~HQz8a^k(q(Fj{P7Ut(D~e_V1^6ljAh=% z9z$D*0V|(9FF=ZM2r7qL=st#Vh62IY9GZJSix8#SPo{MH(OW2Z-Wr<%jirQ2)MaUl z05-pcPu5aM1=fpDj&<@&M>_)rxZKNG3a6{ZLKVv~8WO|SF<+&jz2Xm&p8H#*CeASV zd`gWaYrJyP4-FlY=tqhS8sc||c>?R*CV!%c-6x{}4zZx=C~^M1W@qS5avYY|@Z(A>XVPhw#}V}>RhchM4TZRZ~;+&Kn(6-m^Zv$Q9u5aL3$h3 z--det$!Acexnl3XhW7t=fdAh~fImIpbu$8s$!7(Kijw;0*x(*o77ekbRYFo_@=3!( zMM)omegf>bq;yFv!L%4~!GT2n^A`j`hkKhTI z${Rl!9_e}&=Wez(UXHC=$uiyCFpQ?(48OeYU%X9Vy1o$#2z^ZFer z$gOPUt`<)mYCjo_LH7)YEl^$-L??U)?!gQDp2fL?HBED$>_hGcsj8l8Z&qHn`H0_x zfBG@`bZP1?;|bt3#rgiQWF$3L;>M>)v2fANpctrP^11X%7@!y}57c!^^u3LNg98`L z{#iq+BbyCt<#2QFrSOu+mi-q)JoTzFkQn!8Tb_&10(i&Z-R*^H zA5`-93hcY*nb%d`)Ew~?S{StG@!{4lxCR5?QCFgw?Z~|yI5~(3uAs&?pE*7?TBfRn&#T7DK=|v2*&Hj`TBkH6PCLH+Xa~$5Gw|hHCUXSDZ92i z+^CnxW!HDW_d(bDzdmsl2t}X1qx)LS+gYYeZpPACNpf|(EWQxz^$B3IOPX-DkS9*? zP0fXVQY(&uSxpK&6<_T7L7ea5)9_|T*iJ-(P3M9}TGIwdo>c`c6Ch}+8CoHuyf^6x z!o=&`U=7W+$sS9##tjMzfBE(M$8%;*cB}8uQZ+RU)k&A{YX;xscu8#g)~6~PB7Fki zlJF4n^c?0&n&AOwdLY9NB-hL%BOP6T1P%dkC-(7bFpQxf)Rt9;6oP(12BzSj;ktNG zxy;Gc|15ec^Wft*$`q9-86MnTLPqTO7*sZ^{6ZyuCs&H_`4!_U-k5c z^J)~L2>u5(_>ZhyOGzpDr$V|F&2wxB6gc5b@L0aQ!yrLx|19}-yqs^2ZT*Z*_bGDD z3}E6aOlbpKwz;MLW;LLFu>|ripyUsSOa{tIanTZBvi13o!74FaF{`J!OnOU}vjlH! z!4R=8_`E0RPU+zHywfJJ2VoWblobv!TfCYR;~sf{k~rV;bS7kV#(=CW$Ip;x{6=2a zwnAU=W90oJu&()u2-SeX;T|M-di%w{a zot&IBGu|%Af7fGrO39k#ziP|3#g#G*&bg~iFJN6uCfZnOQs~~#bJ4Ws$kf6<`ZMPA zVQ$i_p;9RH_XZ?o_c%O$rGx&K*Y?M{JF8DRq-lg>21$&uohWvge`(Sp#1SNv`$JX_ zZtQ8LYY>XY0q%eW)o66L74VyQsDMA@nEX^YUrKZc1d%IBj2pIYiiQX#Y5pZEJw+lG zbO!YhGi7b~7!q|Y=eD;?cjq6K^f~C)zCc89eHcLciDJ1X3})T+KmpTk#Yv4ZS{8E# zJ&gSO2-|Ji5Cz^8r+U{j>)p58LovNpc)G-8EksGJc^8tj=GSN^t~2*tji89X+!DX) z8^0mTQ^Jn7)U-9r;w3L^Fo|xvErq}3sDEV(Rb$A3IB+Zelr(4#E1(a!74FG;)6WI2 ztqC%mLZ1kX$b|Gcc`&&EjA)w8&n(dJ{3Nw+k6;F^ec2}FVp1j@O2Va5U#S}Xw0Uv) zUhIr$0wMZ2+Ca8Fb#Q0W>Kyz8l2Qy+jzNs4R)!_vlwhHFUe6!9 z=EKl}fWiu-;99hk9*|AIu=2=82I87c9#6TcfqnL+_pj)$><((BM<_JM!wlP+5UIrv ziqWv45a|qko>HN?Sku*ZPb=3DHj^obHlcmx>18yML~V_0JU$eP7>4FisAfGFQ+3SD z4)S!tW0_|a)|sntF%YsmMz8Zo6Ev(DYjB_aKvv};l@!X*m`e4@D!);xp$Tbobk-$8 zjgHXTiB67YM`fv|8BgRkrDUD%n2FHK%dy`0+qsvymby*wot(I==Up3M^=m`YaBsZ` zSgc*`cy}T|JfYo?YLIUJ#55dd2yf^swXk;;61`Swi0%c{pzUZaW3>raDV+$7{1%NTp?JTs^xGC}EwFaS!-b*;7Ap$qs3X-qkI$X~PI8Rl__y07@)-?IFojpg{#cycr{J=^z zTxp9ODsp8)+C@?KRNxtj6wTcK%%qkgwXgRWxl-%f?B>+!JfGRAJT-e+9m_UbnSc!! zol69UCE{b-0F;yyp;5u{mY>}{F8)ZFgu=yt31`de3$o^}Uq-ojZ|^CzX?RaCHzXk9 zwmgc1`f8Sqh=`V%1>qAFNolFG^H;lv2zNstmFCdM>}MV)c|oJl$3dXHj3;{MzS4t7 z{WdVS?J{qnH`c<`mA8~;kDJ*?4=gwJ?2yA_#llC@J6|S!4OV^qO;6w6pYDrIngTXv zA;g#J)iD*!*!AlIL-QJA7vqv5A)f+oeshCo{nvI6#OTCE)R~@MDQ8CpL>7#cjpZ4m z05CaA2O559w-SvJ&&2^3SH>RU!P^#v2v+1vNS(U?LGsNm(|VXaGb4sZwsKXn&~sI% zri-)Q27DG9Q0hm`P+yd_!j=|}sL)sR5#6eZACZuQgriZd3+R3GUpo;dosoHyR`foo z#Gayp@IC=Q*A?br?={$v_1l-#328}58x?CR(T^1B=+@}@a_fMac;v#yy^sje_ppM5 zORBz&j2!sT_g-ILay+PL9qQImRX7J{V18Hm!WOnhz z%#)La9{7?3eAzu0jm04YG5}+g=%(pxe(yZ8hU&ff+z&k*nO?sueY&~3Te>{%*|tB- z_5XwhGPoyCo*NWtv{U&@A1xdePq&%r7V?(tS3H-JcxP8T$OPKVW_0Er90+1k5)em zX${Ua%xWgI&U_F+2!H}F-PMZ}zw=xJkCy&6r}mKA%1z;8C!6uJ>7OR zyApG9zS2y0Fa^DCH(%ugq(~kGj2M7U`Lm4Y3>Ua?B>0p2WFUgYVm>gYlht<>1sgCE zZ+Q8J3KBS#J~k^XmCpUu8q|Uob5?KLc|P;z)d#N79$Y*^C=uQZ3Uerjt@s^O{#)$8 zpPPli^wHhi!%C4Z$)xE;?bI(zuP$JpOuKNQEIrCWu^2g0sUK?^;R?a5b!dy!RYG6^)+Ii=ytYt&Z;QC$rRlB- z(n@3O50e@AOSidnqx#Sxj$|74R!WI0G{$!v;0#H63n>FQruj77KD8T zgCP&1qr&(#0{SDLz~{SHD4m%(eaURT_)h0{BSoE(-53w&ZyQ-XTXU6UsY(pLw9M|O z=P}T4D`t2NPy5Jay-uO1ai_MnCr}fBaH;rv--%6&dXBq>@kbuR)^e7yjlT)D@VtjI z58iz-10N+4BizF7(S(zG&l!LHfm!@i(1XJj@D+I#kKnA(*GG+SWQQ&!71Kjw%tVQd zSP)Okh}5W+$I4up&7}HkpF@FG#iCl$;Pj)nsNz%t(C;*7Nf+O_T8p8I&oAnrRGX-y z&8E%wIN`S%B0!%O#8|@yCvAKmph*`b1c)s+Ks_;7psFi#o64**INf7@$M@TyGQ9oX zr%!{PJxwD&@`|F4Ff@9&_`&N-e~sFtbUigK$I(X z?Mz=$t$8As*V?djUx)pqusrW0x05R6C>m@&>J;bO5neQBe8T$Jbqk)B3s=M=`K!FN z>7&ZErB=-jOHx@~&K_+hhsyMh!`1Ba{UJMl1QI+X_t$TrgD?p0+A7tC1~2C>hjDul-|2IV9KN*3or z(5R?^;1fseB#{9Jg#6f{h(LTWxC|*8B9jFZW}styZ$XXqSLFCzH2++CLkdB~GWxkz zb&a03hDLLiZZqBdPy+?i#?36tl{k1b0eHryNyI=2occ?omZ&~lz2+IPc=^@Mg{;qN z1O3|Mxx zW^_t?NH#dJ_<=Tdu94<~T*4J$(;vNDY)b_8i1g#>N~+9cffLa|>Tidn)4lGln^10M zKA^E}pWJ>1TjWPyW=vDOxw`ykLQ=o$MyVOOq630XTcnZ zCAq-J4(w6NJZ>0-)|>gMtaUTr;z>kl!~4eJQD6|VZrYiQ_oB?a5d|cV>0krlT7_D> zmN!019M!cUC?P~^ot^`-9+DvK{G?K0`jj}ufxlr;baXIobxJlf` za+14u+LL6L7zgknJn@LE`2EXzwX2Qo0J%=8P?Y!KIc!om27Wsn_`$Kb3k93wGkWCU{eXMAj-qHc-vm53(ghw|AbQOQM#vZ6@{PJf z^NrOR6V!h7EnU=j4<^~z@CZacMBuD8i{=Fgrgr>#N`g$Crq<+OfVVdtx_yKI{>eUO zbg=())X9*LH3+`5_h`f?$115J1RX!cM{nvIO~UGROr@>$teFWOu*7GPAAfOyTh>FA z6b1Fo#F?Kik#YVGvVSGz+6G{T1<5Q(W6|%A-64rvn5|BKke)2ksSm3_Gc&9Cb!1DA z+9OM})vm__ek2+!UM1E(RQr zF&Kdzq86D7tu*4i<({BSZu<~Bbw9BfUC_bcWy2x9`cXSvbTW7`_@eBF8y_I$!!(7A z+Ac^EHnOz)t)@i8*6HksOU0nqgEeH|2T^Vz%=`ps&QPOX@5v5|%^ZB)&-Z{XwU!qx z(HsesH+w$<5l{bE0nnVYAwwDq5;cd9Or2LG3%CA*5UUI=w@^r%4o^$Kz-1%otpm5$ znG8RsgSB=`rGe>ZbPLdIgxV2o*&ol7;FPh~T6aG|S(~@H7JY|xrKF{$@*FYzI#S5D zpT=bY3Vt^Rq#>6DPj-12=uoo0pwCViaiwJ+jEwjg_xdA&PZ!_91T2CFMk3L+t_=7- zoO^Q1-=Vd6Psh#)|D@;sieN@@Dsy+DxtS;<&|r4j)zhJ!gU$$kZt?c6o}jyy>o2V~ zhu*&5nAOd|U($`ug;*|%{5-Txregr5{?g*{3;LB=TZzOOzG6%HPT+_Z>zhu5f6)Z( zV2cARIaUO~e)%>YMj#17Z&b~_k$#&$V@^H2FoVKE^EZuywxDT=f?Ps~fm{XsnD!7X zDHdlVzcem9w#nWUB|qIbTM{b`C}I3Ktr7!~#79Vs2+gQ=dT!c#-}D7w&gPSRCDg+Q zo=k!aJ`F>z_g-ZIvGaO#;4p0uZ50d)Amag)sg_g05?Sg5B6aPA>J%whP07x zgl{2Cax4LYNvrX^g$~sXIHQ+*AT6MdOM{rJ4 zvE7h0vNsnT8eRSfMqrXV*ew^OEA0I3(&U8Jk7W1U+zLchM)PvLDfj{;IbA%&sSfy? zBe(30xMSWbja@&{Ip|5-T^Hh6x|uw50G^lA_-*y6!)sVmjCVe2-RcVa%U07^n==_a z>;}_OTTkGU>BwaxA$bw~x}Z#QM8az>s-meHpN_BI1Z7~)-I^PeyUQVX**Q}!v z|Hq3AdD$!opDuqJ9fX@fN0DP>U(~0RGnVz0?d2oreD{kbTf_j=KRCoH6#2Y3u--#B zOaM~Xz_BG2?1V8*`>;DS&b)nm`|jj+HMmU7?P42l@xr)+?wM+Q^&t7;$MT=9&?mZ> z&_u=QFs|VPH8Un(qcUWI6pZoKBpeiRfiZ`6fVeVxhxrKRF(FummWlYBT!@up_EJS= zc=IBJoiNTag{Zr6+)-c(X?GvPw>)Te#Mb zGCYGfbi`ko_G3yaDV;slG)5w!v8?o;rkT1B+>c0m|fs@09YbE)^O<`(Uvi zQUK$H$3%`%)9NnGv{@2OPWSl~G@dwIF@Z=8G;Cpc+Bpf@Gr2XauD`roIA3#EE5WM} z(}B$wQN6DD+@HCdYn}V~*F*w3PTqP5o7A7Y6P+*Xihr)l(g`y%QQ3LR%!z+hI*e=T z+foyDw9V-GexQ2%5R9r&7pSnEklb=w)knNv+-$sTje)OW9qZx}s$U%2!$5vVJZJv! z;@FC%EbX?3*S%S<^+Jl$g*mJ;8RqCAuIQ>LUa(0fEu-q$Q?{R+OgY)I&d%**Y`ZlD zyZa<^V`8Eo?zL7YS!LDS`IJ=1Pn&Ln0Y>W)GxBKoI-a2VQwh6F#dXZSf?qoxr>xPK zqrsBePQNI9`OCAz=$AyG-yYtXLX(4MoT$X^ROgREZE9v6mT-un8@+D3@2g)2<5U$% z8&(K}_Yx8<_TcT(D+x#iGOWg%v}(}=Ij?>~ ze;LBXJL|puXm0I>NxPa2fw&==|G>Zw6q>IBVI@JMfm;m<{>F_6Ugj`o&jiE(@U_MB zq~REJGz5Y9KKmrX{7$uYOP`HTB8y1-BH<1(Ss`wO=70X>;587U8#T9 zLjnjss4CN>;jf#sv$JOZwxV(C#4v|iZF$)6SU&Scz!+BsHm?Yt-XP`bdHn-(W8yq4 z!aQOCaw{wpk8^1srm(#(|6@CI3TL?RmgPqP@06NBVP5?%@z+4D4<9_kOF3d}@oiKi ztag5V@#FQ}(V8@JWq@}<;zF#zIbm5_RMpuM*9@8&wNX^eYVC!m_*|Z@J&ddn&G|=> zeA<4Pw z=_-KMwY7Z;m}aCTo_vUQC+5$9f_Dccau0Ay0vRo!CLy3*Y2BI>0d$aaNRQwJxS`0@ zgXQ%ITkP>E)SV$&kd_bc32MiNf8`3iICjU zOk2~dWK1+4Ux0dnAv5ezkUXPFh7?tCd#Vxy)HvVrdjEhp+;o;}BoUf=_UPU6f!phb zVNp_hDyiYiBwKUu-yDqD`RCxAMmKn%11OIJRYOrd+9yAw6}N%HoM{>wSYhP4m64t8 zgkbV@=+n{_)2(GE-sOCLek)?;eEV!$UIur0j;s3z{^A`Td#?rdy|X`0!Mmh@9%0<; zHhM`zd?N+~;)7*NQDu-rH5_7TZbeP^D#g!#3(wrEXO{p=@zs>)(WGYQhU z#`Q}lV9G^NwlhvDzQmq6tA^o=DAtM_VfD^lLdtvi)Y3B*6NN&gh@B-l7;o3)QnNF; zd`~ZQelsIwx9dosT9_;;F4KEzQ;*mf?;7Hz#btSn{$rP(fjDVPx_|Cw9guzZ)}tJd zaJQG2dDxfnJzq{xIPUUczW@Y4b$fv~S>#exSs6Ft{k%Je=_KM-6%e1&qm6W~1G$38 zYg@AQ;CsBjJb&mFxBkU%%K7_V`tspDPI!1|8iZ=)OS*aLfP@N2+czGVlRCg*QlE^@ z3VsI&X+^3{te^j4{7L*irPo1kL|bw>>3kod&!)^R60kg%%%n{X_H1%wAn_AtEDv{| zyGm#VPO0N&#+5?jC4y6fZ(7q|+%%bw1Q@UUzYZljp84_U$6gCh5djGA=)iAiCu1rK%WVy z#5<6|gD(@w41W{d+~&aN`{dV_`0${49i&0mfV|9FZ@ia1E{38JG|$}P#Hv!$#LHW- z13NbC#;60P_s^7PLGOddd2y$q3ns&~zB9a9dUEnwa3C|z3b2;B2ZPYZUBEK?X%42US^}dT>k415i&HO~jEG@dt+?xz78M6Bmj}9mNepv)s65 zW1UGI(|a@V%#Qx<`OK&AtEDyeA?QPcpzkyyK#E?32%uXz$@Eb>_zMAi!HnFZAjFVqJdNn6VB`b3xt-2Y7 zcJnfWK>7&D>MY4**18Ye6o2xTo0mu3W87{!*+8j&PakH%4o+vdK7@Y1MSKB0oZfe+ zk1kVwLL=wE;aBJ}AAkxE5c>6DHkbcB$iIIn*JRqCHSFGtHLEZKEhNMGvP&sE*Uxta zBz?v7q~KhEZo5QvjsU==nhfr3P=(b_ zqDBOQg8(R%R9(7d6mWKP(MnD;@4}X{C%^k#p22O-HO)og7J|7GbM9of z;+fO;m%qeWuevC1(enVx?r8_Pfv{f&;&l&VY8rbK{y-g~PA1c=aK>pFO~cH=f}f=` z8O)cqd$)zcF&LVoy)aC!@xGxE>61&JsgevQ}Pt3wF@{+oE+JydeSX9tIrIKsg3O>nU~X{3W5$SY?Vu~R8FS5%f>0XV>u;0NA%46kS;>awz4 zn=Ny=`0PFg;-MN|oDqXFW$ifP&P215+%%FGe~C=fA0aEw^aJg*evV`J0kr>`Rv0Hj zD1^AM34fAqq<|eBEN6r|9Qd;hN`mo{JdnUO3}+Nzw7}@;VUEpRXtc9^&vT#F8JA8b zN%az#l*4X|Tj*tCX=*Dw8{Ws9m5?%+b;QAw&|;{I*6X25!j>NJ+U-gjyeEmcJw z1vLFzHiDds71C^bM~}1gSSh{J)$<`}XZJ0e*X9i1RkBMNJ2REd(@cz!1w$)X(DF|YMcHRj&erlK1R5+66A~{wML~|H z&r*%0H&{h9%;1!6q(v)0C}J^YHR=*=j3vK*QyyLjM1W7SfRaNPjku&LgdrL-7}*`3 zk0=FytNqIk(<1Zw?9bhi-XpU0bZg(qGcs=TBf(UIRNU(GUSOYa5JVpN9SSg1%YH-4 z*9~<3my55b<{9qHz9WL@T34n+rpmlDSUC}K!vX2L7hfMv2~`EuFb5pvC9H;4)%T+g z4*xe^TZiv^Rgmb(2N0E7sf0@&T+{7LdKgjUaRiz#NUW>${uoQMH&wQ&NHBzF7azPk zA0w{$ha=$8W16Vd-3fmjfL8C=fpusN_VkTT&2}tv|Z3{TUGdDI+ zlYcJFF@M7scgE1+GzpIZ6?;cyAwKW9%4Mc;OCxZaTHv}|tZT@@e+HE^ue|xX?=w88 z;=}E}WsyoOtR_F_D8L@pnUn+09PFjc0q#OpF>R%ldUl1t)4W7j>-k<(x@Gi_P6J91 zgCOFaW`OB)YkSaF7s(IcpD-~Z_~1V5w#})MvWgH(WT2?1mZ$jQrk)>rCDXJjo}*CXuICXpoXOrg=pkZ6Apv`8DN3+-qwnr zgaUs97*ocMkq;}Tp$By@%w{130M4Dk!L`Hau73b|{JJ1)drJ>EH>NHY0){eHU?V@I z_%n?HVwEKj6}Wp@%g=5Vnu{@!z(LBg-y?oTIPMi}#l3&qT6~Mt1QY{PMXr_Jw_!(O znm*VB#F_6RH|?i_dj27AD>8$+is`_xl?CTcK1s5m<{dbi31~NP$Ft>>v*HapxNBmp zT`?CeWa7g(d3#HTn%V1<2!E%^LP!^%L_eG2pW3;v8}rK%$e!Y7b|j4pIpNfRSS{P1 zVNJtUj0KI`JJu0Kxf4)8q?dsQ(y&jr_?Yb>^4ljc8(dgZ2KOIvdeHXe0GvE_ZiaLei&hVFj@l#@sNWxdI83ycm798 zUANKZ>)V^jsPYb9A^4$ZB=GZ2@wr)=EgaYa`g6Lr6t`xs_Hy})Mf3ILXWdMe`H8pw zwZ-B$KVuqm4$gWR!SYvD0$HHyEIptEHerEw)}!N#D_w0!TAu@Xl;b_IsK_PRVV@)p zuPo8PaiNp)>7uFPdMbtPZXr{k`bWHeH%$`2w!=CZsk*zJ!iPKTP*G9soOVq2nn7;zI>@TYw;N{uBrqN{+5qCEW zZM6ybygW$+S55`d2IR{;8Ub^bm$%G`f65m7xpu{oCXY~Y5@T8-*8{NK^cK0}KCw#uYv&VyVjC*v_Z^fATp!RRKb;Tt)T_N54Ygz< z>-$|zE>-Nl?V-B-J+HYwSvz-~uznn7bUp7lyMK6mSQb>cJLn_X-nP8cBK~tGdw=_Z zaIoj)s_a#|zhc~B2A&S>ZDol|Z;7R9+N0`t##Z1|R~E<27f@RkCGCbr$$_`E$q+^x zHDmrUon^Fqzbm<@*MZY6{d=8wycq_29W0(q98g6M`pv8aJv;>i&7V*vF@??8rQ-Yj z5@}sLAo|mL9tJu@8e!A+t*zDZUdJh@>cPfn;_|`h?}lI$v^0i(|+b6?3acu_tVQs`R2y zyjPJl56C`mPo?A&F8(65S?f0VX>oVpH{9Y2H}-bIm`NR@?SKgOXATtl@+%rdZ!Gwo zzN;ps)nuMdA1a*{>cQ2JTS}DQf61T6C~024f2ohF0|<78$2F}x1xw{@>oMAF-dHc* zYO^0~wO|riZoj>~SIvS|IZxN&ACGCub@WFt;Xtv-pIXIP-Fe7ik>F0&kY6*%GYz-x zev7n|c%7Qj8o59^XMeP8_D)TCzh)oX?30;k>*-#--1#*Ebt5~-eeVS|as_oe0wLCo z$);ke@l_U7lk^$~$?aCt={o*x9|fWJiIK?~fA{u)^!9XJ{iC z@-tzf?|V+ijqh}nbV8=iJl|Q%d z5!QH`v-uh}$h`56jubw(sI<`#bz~bN-})N zVtN13SrML^gHjpMVb6_rA>{5hYAF(%^+5KVYl^av^=ZQ36oyg(WcbW{1Z}@SJ}k!b zTER{Xkp$+%UIBkse@P4wHWfp{mek<>$;y{U{av*uDnp|}hLCr}LK76-g#nK^MevS@ zffck1A9sQ(nUKZy%_kvhJua@l8epLHQ%+duVjLY2?QP9pi$MB>>EY$Ub5GI^y`cw2j>D*bW( zTJbTn*Vgj^8UwoB0D(3Nsz~;TOL(*+>Dgc_k-> zzjwZ`eD5!A$W5#Mg>M9c$$5e@$e{ta&sqo^pXhvZPO zg}0*eBrNUY{>)G5`e=$nU@>MBgHt97t111oU zkZJ6iK4~cMvShvgY&jxVm2i?6Fl|RW@`w58wv{3U*)hb20?P}bMR=d69`n5vUe0^| zJ%El5noA@yYw%aOlKFSK#hVgAFz#IKkrv5&%>Epo1!4rqHEz_^{00PF*U0<6eZd$} zA&N<%#qM=XxJsFV9yF#?q;cP62v=9%m}hL%KNeB&_%Qw*?M^Fb&mafi<#F1LqFpMq zzOKOBef6~dxN2>%!&f{z2&fUwy~IUjjjld>*5-1@B%9wi)vOAM# zLxEE}ML^3tusI7?n{t@*Q}|LMFqdVi4$PV5>AdbUw=XO`>rphfKKWxj1ZgIoGpVRK zKR<&5EweVimUVBr*+~lcm?ZpG+NY#~r0&!X!WjtwF!=-bL1kW1+6lL4IyZ=J)Oh>Zi9rlhelILm#%LdjEc;Le#v~>ai-rIrRXsAAbt^WGftEwyNvFk^`B+<EY`%t)K@h&&O)={7{xW_Z0=sa4&N85mSr*Q1^ zUJ}DA79Kd&OjB-P>ZP_H8Z{mI3RQ|I!^xQBoVrQIOs?bg0<-k z=VhzG5-XiIe7Ks*4Vf_ir>UF1IK|zHyBF6W z#VJtS0>#~f-_YOx-skd#lRdk$Gqdl`yPNEpLr&5~)f%f{&0jaLck;o^Q|dv%6!s&- zS$q@(^M%-Ya{I|VVbjlA`oX|}k z(D@k$shkHV9_r#obPKQ05v8r`9h7!(rHph#J3ad^cKXv&+S+0?mOX1W=I5zO7JgOy zjyt7O4_UH&=YrZ)T|4p?bIw&G@S$?#CLo$x_eql77TlZJSrYelWcq);h zkWWmFz<_FvieAil!5qYZR--%L?%#m_2O0@Ak8>%Xvx#Bj_qUTQsHSt!8#;k~Tw)E+ zn{w+P`@NF1yTG0^P_$q9euI5fo7_9i8sxc7uI{OE>^s3oz&cODAwj__QPKAch?u|z zKOcAgLvv`B9&6x8gP+N$36F~ar8tTlBFe)h?mpIPN^nHN^@X@G5` z$BIV4O@|Wf-1Bk2a_db`Zv8;X!c(V@bw>yt+lXU|AV+1da zN2j{fP7(p{3q@Cd9tm%UR0>w&tTLbM*unkRsob}poz5wHaX-j@If{v^r^goat4g2B%LwApS*N4eQdoTJMS1zKEf$- z=M)lbb{9b9TugzcZ-P6EoMH0gvL#$q`(>LQFsUn~bknhH{li{Mr@ds-3|-~V_K%VL zQKklrTXVJRk0uMH!`av~pPjAuIpXu~B3R`0B&P)v`I4B}^Y2y_Z9Nn{gq|9rI}ICj zR7;K{n|}tIxiELAG=(TQ%F_B`xAfKjtq)0UZoS^~-}0a*B~##;60|z%|cmPbnyvas;9r{OI z-CWS#!_^P4ElKjx5wvY7W|vheZWri8v4QOCMvq9h+Qjr%qM}+6WP-(^0=jf`XzZ9VGa4qMxhV)UWsssfWIywjMt5Sb}NtX#?OZ!fFFaP@u{QHdGToHVVuWcl@0!z<_`@wyL5 z{N)?@KAvO@!hNTJ5BPi4q}m*BwGJSE@M?`w&0)r(II?0?K+XG4&T<;E07oMV{K1bq zHDBEMHQtdsND;D@NA|@%T>X4gQ9K!@6hJY_SwHjRXQ9P77o6(oA&sddc+*tmIoHA@ zCpHse8mgs9gD1Ej3=3^n8ks=HB&@?32IBfYWYc02Yf|~IaL@3=fB5<$5;HPPSNl}- z_3=phMH!1t))twZlm28PctoFCMo*D)klqk{{c@QCHP%Ix@Kxpb3|?RmhG|}#aIcO> zH3%KpWbB5pvqSWj%H6SoMTf`i8?@sAo!yP6R~3|Qgl5cxqj3bnZujwzjBU~-Vop5Xa$qn8U?#=N*2?g!kPkT2S^D~QraA3_6xWEM?SWUCk- zK3pBnNrrU0&xvGFgzH=d{wnyC^r5g7im*;~jLmtZY=wuMNl6Ag%X#T$BE?(0D3Z#V0qirxA}G~M5OPgqFdzf&q|fe8bD35EU77+gZmxI^U^OUh~k|Eagp*yJsT2bzM_k%fGx4Rg0FNF+x8Jf{Dex!a3xV8%C}< zVA~N*GQRK03B$4V^e>KwXyVYW0(cIhC8gD}@$i`V7O4J{dluZ zJ1hU0iA9ea-~ECj5n5UTFf3BNXL8_2qh3O_N~#ihJqU;_Wr zV%kax7bGccNC1Et>!S>Fh9O)ZY9>l@$oELo?P;$ciB zd)WTqO~1!>!91a=%ez#pbB`$ng;7N)P0^O2N9Z{(O(|{VwlYG|oc`8r-csMzR>D9D z+kMo$XXw2A6*?lqFb~$ZH}sIY0TmYcg<&gz4>;*{z;&8)Kg2`V`%1GsZJ?<5|C)?P zGNXx$fAPyuFNf%zw9eH_2$4Qwd<;j3E4LZZJAk;dG~9Ggq1P4j_|bZhU$|_q!wGej zU%z+%gLgCWT~KB2rSA7PTx0-K57) z+FrdhUwACW2I5vfsW4W2LSR4U&Yj%a>BnDr8Zg{^8qMmYK1_+TAX}04@llwg-#o}I zI5uQ+ZQg41`t#U3HnNCi!Pk&V*BX3YR3{@>uQ;eE_;Y-03S#@{K5Ehs?k-TZfYUlW zqBk`1v6E_KjAhs<5vptT8A+e1wg?-k{zYSdUol|(2pnGo4%}bPqqea$S8vX?)|oH- z^F?L4VHHIh|1Pu_s4VE8!BZy|)8RzBVE>h)wb)#-cZ-!k*oKQ--UIUfg(#t;hM%$4ar@JA6Qd^u?cgVQg02ZTKaKdjGn&QYBzg zTvr1*Ht2`A!MWk6AHe-oh<%_=kc9_9Nk>Fy)0D4dWiH58*7C?MvCTGiUiMT#UvPal z7crE;<~2qmwagv1>o7MEvAujV>~a;-1wGSWM-9?Up@+zx)3$5VKoFO;lY9&D{@QGA z2V)HIH`wbr00U z6jkY`XDJ-UTpbT5XS0vEeAsrmA*O__F(-GJHyx9)2r)5|=-iUTUVAz5Liq3q6kw63 z0_FjB*{P5L&wD!flhFf*>`OMF2-?$T&-+0e5Us`GsVvVhwu^^FmUahTBlAAK#p8-; zt6y|#ddS{;ZUSSuPf z0i$*Vm4xo^Q!R_K<=ICP***F@_#e9G>Z%6%Rb){$ALUHwm>q?heDAmh?z7un?yTt- zH(Y!+M=xzEm+q6cV2tO2CeM>q;7mOcQ^Oma(dHH;MWaX$)xO`p{FcA00dX zc-1&-V0b+0bA80P23{dM_6+FqXj3Fx$>@W9yWYwKGi%7>BCV@c^N*fX19*Bjzfn<> zSe>g)oba3SOPxb)s6(%ezIG&`{^A6SIHOl0pZlxg!-$gtS?R*0Xe!)D_P1)I2*w*IKJ{iW(R=IHFYgD z7U`L~Jgjb8lmh2_vrn#7qdSa`v-$rYoB@O$Q%Cv8j$@N;h z5Fg(i%B7iV`JBJ`CR*G0tS3;_ya`aNr>OA4+}_rVDZkN?JMeo<-(pu#Ca??&?_d5lM5B-KGxJln`(JP(A?eQV+Dh-JtG_?3Vc zy<7+oC$EG`+K;JFdEu>#ca|`X2$wNn2y}TKzvJS}4I^rnIT5Nf&mCX$Nd-NH<(oD|I(EB)uqtG0!-Q5U=hTj^A_b4$94jYk=`eh<(v* zdIyutfb7^wg(YlPv&!J1t&onb-%v1O>E}&-Che+%>UT-(-=81smH`8bj^2h!B>uX8 zpy6Ihw$}FUpkyL~=oi@XoHl}d}h`B`03`S^2$Ch0oqly z@uNqTcVoXnT`kge;^f#!vR-14O%W(KHZ2t75ac(Fb^+zVh}pj~po^5=i;E0Aopr4D zGaWByJ;eKAQS82D1PZJ_-I@B_9|#}0oQV__47<0Vq}`g2Ba~sz9l$xIIY9t)x@76t+5nD)lV=8jynVF{L`I&?LIm8BuXuJFX&*Lu zJ`EyFjBtfO5q4us_$_*BUcbK`-Th4fd8NV<8$1~aP#oleW*hbaiLVfW-FKeyL+x`Mp&wSF3 zO?a|S#R~^m9&P%!RqJ8b7^|AF^w4o`fpE#}8{b%l7l(tPirm`j0AGV0KoM)}nqTy3 zd%FA9Uh6{odt^ww3jyE6*=8 z=`+4>2cMFEM3WlnPURh#V^^7Yepjb4`)q2$2|<|0tmeT`;Y#m%0p)-gYY8nUzg!i0 z3!378Z^;uQgb1-M)i0zTI^>4ub#x35f4ocR&{_wqdV@L{DocPJ?%lAFg2TYtWZ;EJ z5-ltHYBk4dbHE+mhVeWpbi^CaM8^I;;n0)+;gOu*&|%Kfp>AFU(7X3|mYBCVq^doh z&zY`TDA(!uq0hmsKanUa499+C=<~>F%vx1;HrXQuTU+JoCjCeFQsm}zeSIpM6pfiM zgvS!bWdS22D$Oj!wG1wOTAYU793WGZ!k@pMG4Tu#4w?6hIF!=X^FPN5Jr(ainazNb z5kL;nvK;4^SW}8PzTJZeH60Y@cQU zj`K;;HzOAmSFss|wg6971Y<$$83Wnhp|tv(W^K}=1=x&_x~8zVE_Ajx3zngOXika3 z7169aMQ!;6tYSgw-@}t+-0dP-y>r68la%xL$vBiXK#ceeJ>0(dm@_!|l{IBvEhkoL zR2()EKwMnp`91BZqU#BR*zX}mo(c{7d(glD77{^z{(E>bskg`0mBU!g;*B^4<}7U; zN-fFS!6Fn@;72QQ7Tc_k;V*5de3U7E6n)^L$R$vZW!hW+DpTJ9j_nKj+@QHZ{VQlX zZ|HDmV$X!{hu~$DcY}rf_<#1eoAL}cFL+f4NYCRuR$aV3Es!_ztlaQm&2W1H{E3MV z>u9480R>~^Pfw$aX{gEHD$|wJMNY@!ej^dK!qVmV#`t#%V%HFatX~|ZhK#4luE!u4 zGIE<=uT%GP9J7K^w-5NZnu<7H00c3d`edCBuG_AXt0m(0D2^fye#4~Fh}8@3)yRZ$ zTE6LyeRb%7l=NOCgECNyd2b#+zDd*7Y$uD7m_~JGVKQ$W+j>s9lw}D}euOSe%QqGX z5c=$p1!Vtiha;CiOv&S&i#_uviX#AJuhoHlSh zsA|{+befg$rzWEvDqQG`3=HP*{MnI~HKDDoZ#3UAP!jPD78a&L9YDIww~Q+L`bRE5 zn}O=?jPSLZbGWpX(^q1NH{fuA{AA1~GHVS$5<(9@zhtjK6mE*zY3Xc)>>H!cp|%xp zk7=&=A4S)?Gf=3i=hqbZH||?WD$btD!%1-uW47nN5%b3H5D9bK87Z^txZ(`9LLYO{ zn~9@{Qd%tht76ys7Udh1*G#0i>Q!)$)LT%a<$<7UbSPLlLTUm2-QHpd0!=r<)`w5| z)m0_DF)f^~FBV9G96YcVgs&nh_xS5)-`A}=V@)imMaH0HP9LWz47Kh3F;R)xTWtA0 ztW=@3SOx$m!oU9eEagl;xGj(#Cp#ZDw6L%QpM5+Kukr}!vEP-QyP*$BkNK!n8%HlWUDUnd=r%i}BfUr*_JZVS)!X4ZozW%!p?u$-wk%VChZ6#A z_zYq2`TTy{juf&u!k^spJXgI5vO+kI?P8Z_vkpYvf?2MIh#5XNon;kni*Xas|HfB% z{la*g9%Q*AxJKR=9Umg1>jFPhMQhHvi+Mnv>>^D)>f4z6PDIB_`jnO0)L=KiK&R#5 zb)*{Qf$4fD8p-6dYbFiG)jBmQbQg*64a9$u!d#Qw4oFuyK$L2}!T%u(2XOqDN00?q z!XjsxvAD~Dpjz{5v;eI^)&zkAZ|u~^d;)_I3Fkg_!1zSFG>`w1aS0g)xStbrt)vm} zK+)O%?t9h=Hkp9Vr|5Y0k^B|xNg9#orA{1t=~@lU`e}Ea|U0KHRa60iR=$+Jmnbccn?dw+bmzK^V2KD3HQw|ib7mo~`o}hjfFT`aN!+*+o3W&ZI zd?ob&{f$QUR)Qi;tGQ_d@k-9m&RaZByGiu{|EwXp4 zL)=`hyDarJ4`1#I+W4-zfUhCHA%y-@PKVn%1KWCyj!rzYHM_v}bJ!VKN-t~LDOZfm zlf{Fo$2DyCcXxV&!}y2g1?ocQO|4%QhAulTXD|P@&Io=-8BIn#H2u>E7Qj&4-WnEN zG`uLR=W}JKEil zE-xU*kFLb;5KIBdmW50rcbu2zp<|?C;71$rIQQ@quj;~-eO=G{4_S!2f%xwsnRm-| z&zI%!Q!>wW;8mclmKYsAxc_cr03@|!3Eo05dUW1xL0O1Fl=%J_tBx>A2)s5rK=Qfd zHN=<)0EQxgASc3X#K+b>aDO;*_J@04^!5OWbyyw2VbMXj{&k*q9QFqw>`4gZXf6`up-$5+zj7Dj_xh z;YLd@nw+p+6pDoub{SUhgn|0x4=w&`02yt!UDTBcY|iWg9Rz`^%^0beWF3&YrHZpq z98I4}AGLSRVNO6=sARhE7puOiGp|m{*Tg!%6&ISn}u}n6T21=KR zsOI;>%(FwORZF(!-T~u1#F0tn{CByMBcVTeIP!vlc34%IOvWywJHA6z0f(dyyDz6X zl?B}8k}MekCX%9cIB^OjRXVH?$E64CTI#YLJzYt4>xO!TW(v zBaHqFJ4jmPK5HMu{Vd0w%NQFz`kR+al=j+n>f|eVy`&G9UK}o=jVS_r zq&b#AhV@wvS*`sGl&P*RTZgsdY?83Z@$Id!Nd3F`@i|M$tK0DHoios?UgVWS6IJs| z=r6Q?@Q*&0C75vF(mR7q+r9k<8sjEPxC=%TFuuVj2pqmg_>ieg5Sc@n<+J9w9K^g+ zKyc{j^GSPd$WaXPAbr(SN6s1PJZ~k1!nGm! z#?%(~4)=LN#ZqoTqg2$F6Y}L7bUxQzOQ(*ku?s#o`-=|2Q?W6M#8HyAfW1TSAu0RE)QeXc|J(HELR{jvJj(2LD>kK95TRl z$e!nnBh{t;LxeySIASG(tYK=}4cC&XoPiPlS^swRgu#|>zx1K`R-BXaf7Zy?&L z8^polbb|i*Aas`nQnsfeW6v=?9hdg?x$MNJ{G~scKO?nH;+Ahof}=vI#6JwTsjfYu zYn;&BNQ|2Fd5U?>7R{nq;ao8|v7Y%!IRe*3sgjO<(ChrO_W^C z+wL&H@W_$TTze|=E&ILP?4``-Do(X6qm+l)@3Uvt%<1#}g~TRJZGBnSIrts#;UO^) z+E`wIU4N1KbNSfY(;z)gcOS~+751Q35pq>M!e8Z;y769HcHX8#_^TJZ@-G6AV;yf3 zr{T=;0C0J`Ze@~#!+x;#WT|ED0qLy5QO=} z*(CTxh6iDR2^|?R2C)Va!wXmZN`d!_@_x@RH)2LIFMc})I=KKPAis7z>b-^W<31;TB~H9*~- z=z0V9lgNL-dS*AIXR)^|!~D6W3Uz=?WW=-iNUM6mmb(P&#{zsk4;hcw*YzNmH7tk}}c1Tgj zG2oIM6`zJ49&d|MV;b)tE(7>b18$R{ynbdB=n%7E;Ff9H+41@I?vA-*T}e(y zsHoMe$#lVTxHn4>r(+sxZ~nx)ttExkl9Fi)y}U{03Zf2x)wG?6r7FP6^C zkuW&8;dRt}Qk#{bO+f*)NYe{nU%6njzOA3{xZCmkQ6AispS>u=l#v?Kgu_PkcE0TB zfR)#U8#9m5Co^4Pn6d&qs;UqZpIuhvq!;{i@!A@#(<%EYyWQtOn)vYLixsu8tOlwa z6AtQ?euU{YD@1()=Dargviyk4G-WAlkqqU!UJS}^X;*-MS4v9C0rx$_m5^_CQNdF0 z@JPz+tmhcGz;D4t>)~W$#JWcH=k=#NTdf-8jc^~YGdv5r%6>sgCLaQ5_v(Hb1}$U| z_>OI92Xe!&cURQ^4WCbmbg*}fonUO5_$#UfOcP({6UpYvRd|6P()4U&;F_(?OFS3e zt{iX&>l{`vZb3%}mR`t3DC3CG+k1VYr9;jgv>shyrJ2z*u0FfmLz@!2;X-nb1R{sO zDZ_y*&BYwM1h&<;Wp&t^rpBiEjTIhY?HZH{pm->@ndfer1tSFQZz)AHx68Tj`N{E` zISA#DOUdV$<(_f}1H0$Mzz7szSuQew|CAa<$sTeM^R8>_6Z<`->lr<}@JTgOM_)O? z6=a*)yUx)gd1yf=s@vl?ka9rpecAmd0n?a7KQ;)FWb#E6eeWQUEh7-n*@(6Zw4i*&yxrAY8nrQUG4? z{ELe;P`dfDM#nO>*xZ8HAkaly-w=D{E@0)P^N7v2p}JwIN&cT{Fh4&}ei~w0w3`T4 zG$A8kHu9ZxRYyV#X4c|~u`aj@(c(Cz;NxBz^*Xk9uXv*iB~rEkgTo@o!SjWM#j9+_ z5LarB#^MF|Al1m1H>HQjK#1&6P_f=F>6z6XAmZOynQH}n<%&>YThjYkG5#}*8WNMQ z?x?@Bh;;#Nmmm}5yN$Yq8@!%KB>41&ENcu2eD)@QZY4SH7xMO5O~-}rbpbZ&bq6AP z(Qz6W5$8pN%bT~sf-vmYe2YXF78lt!ib=Cpg+6vK98kD3EMa#5$YHp)3*ie`)W<+{ zd%7eXt`9H5TgX4%AbfZO(T;BBe@jm1FJKx*Ao!tsfydW7&JDYaq%>sZ}=iqfuji(B9OeB=>B`{e};F z^?T-Dzi`{MW1jU0_2788q&EbQMrMvf4opkGhVhtp(c*Ue&LSRs=-_$F#?TEbX)*w` z5V~I{h^9j7GhRM*%~8o_O&%7z;sgeM^5+_W|A`PiMSSq;-rk4kOVmf*k!OA$=PVlog zS9<#C2^5}hV>9=jBrdL=?oz{NTezk}lViE9#mUT`lQW9Pd2@V^1OFqeaYbfp_$uzE zB0O(!nUJovS<8C+WbYtr?}6RhbzLd1L+HTnqYz=geGy{KfIt+9i_m!l%H_1ywCxJX z?;A4hM=!|g<+b_%)pM6^4iH-P->8hydz*eY*p8UHwx(5lewRBQ{>jtyfT}ss1Y1AC zd`!H8%*+H|XOEjN(B`Wh(#dPcqccQTeaYc$4GB;|9{DiB>>!{td{XFxs)Ld&AfeTX9XAgiZRJawkXxKytbOGgx7~IcGz^ID7^n~zp!zyx%ByKm%$Lf^_1?iup@F!wW3v8$$zhX&(anx{irzRGjnve$ z7kLlKn@Yl+y?8ZJk&5=c43@wLDS?k6mj%MDRP%^;1zzQ4#DPqt>BD zlwDK`<$7=B-EMAoX~3J`42*MPt%_9?@@u77RC$tyNOUYF3FdrpR+d_1^BDWovaChb z`~(={1<~fgV%ykf+Y8sR&j{#K9fLIcvS^wnIe*-*+uxVF`b2A(Tb?;EHL{^M!%xdV zJATeR;^XCEIMyFu%Q~Q-jvrkU$!at^iRk4HB95`Pyi3L2s@LL=ub9uEU5{ZU_J+vQ z8@%M|DymYJCPS=1twy6#JPF!)XHq6Ew8*4yAme_3xzF|Ro-C9dQW{Q@6TH1;oHJFC zw)=YvCuTbOvGX^*8=y>n=hdHcGN*)DBTi*hZ3*#Y!EF#lOrw(fiv>O$tu85~-!BbE ziCvn9aUaLV!h1xDK0tr0yFW-g2QF+yTNq2dX@yslyRltOrIsm(7GvY=$j!PZ&RoFr z_lcj&m9y3#wPPZEHojP<`vbV76#ePi^z=f8mUul8HIQ(yrS9;U{2?(mwA6>hR+he zuNF5kB9+qWiZP71^X0oWQ8ckw0>MZaV!hi7%M=m}RQ2 zc5}^7&CtQfmCR%U|8Cv0+PPR$y^j2Ts?}9vbNA~iwAzJ+3`u_8jW);4hM_yOsrgJY zHe#oxcRmfM9$&yUzb8NGq(EOC(1QGzfgaQRgHm{(smfNs-;+i>#)H(E5G#7y73v|c$60`H-k?g-t?B=H-MptcQUMQN=;;-HN9qB(NY_qugNX! zoB|@Cvbe@Ez04}BJpD(Y3~RCP5Vr_|IJwZI>%0TH4pns%m^7g9^Q$w~jXLv!wb+|2 zEk`DT9Ond)DF1Pp-HXp#<<(sV5TAFE>AYLDjB0qevLH0+hxf;Y;AaL4TrUB{yo||f zMIC@dmZ$phSYR#VfU?cZZ%QYD{)RHQASW`*p6nbiLm9cLW0%;CS!--#<0H|xVxAs3B71B) zI_fBFUtN-Z82A4)^E)<;jri_g{f$+|^7$O770+9EZ?<#5C0Stzs}&Dnv>&`=AP0)i zL5wsfm%p3@A(B8y6s zGiQPG%mV`hVvWyrS@MZ*vm&MtEh=4Pq=n}9)%yn?r4N5=U|vfiBY)PTV)0GBjm;U$ zS2@2;>33j{@`G#Btu_wKM)Fti^iz+wUwk`Qa4nEHc97p`joMhjUk*h%8`uWw1@l}b zoO-1~r!d2Gf0!X%y+w*#F6d~=v25CufD}Y$XJoC2Lf{G)mVy?Iqvf2Za5AWn!gjCb zcF*SZwz@rtS74g~B;KSt=TCJb zv8=SqIdu9)cfZTt0NtVVoaujhC z;=ig;NfiqxnV^X`2%v(brnP@J0yzpBwz;ZZ{fuCUqOjuNdUdM(X<|_CJ=;z<$=8@* zjxY&RK3Ci%+K}RVwzXraUk>A<9{5>UADBux-zeMX%Bz&vO<_`?>OjtIr>#XK)_;g= zv!c1E&&%!}v2AZiJP$l!Wxg)U?gg|3J^~i~7KmFV*a`tj6H7&tUFF(n%K)|{Bm6-2>;@wW=ZAOd9W&}Tub_^=hGjMEk zcSL};XN#wlr8|;q*C`ovGapVW=d-f3>n;3;9z>9>&thiId3N9C(gPW#7#qW=Ev*KkN{JGi1ih39mk&2uzPQ_4p2?rKCAcPKEWA%F8Q^0suxc7W>54LJBqPN| z$iLFwp?1(h3JQyQDz?s49AIK zen}`Cj3gu1X33~fE_(H%ZAVjMgav}=nG%4C@*KOm)!-1Tx%|r&SlB6WbpuU2?REV8 zS*7J2d|UHd4=W**mSb3m3tKbza<5mw+gwuP9Fht;%PU)u{3uA?8jpCbGVvTGj;&Yd zX?aHnL&9ViwHY6TF$)wcFFUMFGo0`Vm)@|o|J8kqn z?;qGZMQw%-be>v6yg_8(6(PS{j~tx;f@0woz>srbGu`+c9z35%O|F7KkiHRGj)4{h ze=!u#mIoK{`M%^fJ2}m{eN!8yVA#JdiO(5`41R+<8@CsM%@~dU^)fJ>0ChSy(xeF5 zLjDhHDTHhpoU2DB2Upk6&VUE!&Pu4}H3U3bhGSX$U#uUP79(3>cdI1H0?M+r(>F2X%f?Bx0k2w3y+OG8=DpQ%GrtjfdYj1ttw@)-mkFvq9ghj z-!6Lv^e3~q&SDaSrf*cHU6KR?V)LD^X?M@|f~sUTTl8%Mh+Ee6&wBo=32s>mVDfE* zumFUSn~+KV>94EH>cf@F!GI>yeEqZXTaDaHzj!?}w=yQRWR8#E(R^ta4Ry7;!d60n zp~lDG(Z~PB5S#@TmTpd6pPSm2Alm~!Oo3?o?k=GNeeo*qiVFYp3LZ&NBIuZucre?x z%H?`aX8wdKzEi%yzFB_$BnnISz$De-px0#Hm#EW$kKUu>Gl*9A3t^7J)lw0m@NGUZ zp<^yHi~((NlUm(YaD|z$tC^RQr$+;<8(<%-?EcU zlNAwM0?x+eiB~M?M*H22yLK*c>naxf%~zXijTZ~zJ>F{o@Dg>BH}<9)bTT2)#enKa zl)#rlM?QyOwANv^r64#qQdXBw&;e+BM+FB9Y~FmcKb;}h=VMiKY>Rv~<0B^zOIzWG z(`mzg(tS)Q4fUfpb*PKV>Hu(MvG|YeFGNPh`y`HuwA((r*=vB#_0N#{`JAQ2-t6pi znuTuoixDdX*F+xT#16?NXp3?hmnlkyS2@Q%-*D|cfoIOI{0Bw+$ax2vgqz=%Nf(3~ zf8STTYR(4g79;ibI%nF&!KhgjW~7qL2=_p-g(U3LBah5;a^-RgmI}5+0?^=+j*5T{cG&=liv(KSe~dZ_B;y`?dCYLua}!nWkl8 zn5Fzm{zRFSN&N0L;c}h`RwBo=nw;s9=a836gQeeN%|4xsjnsBc{xMDT@rfM2Ml`m( z_NwQ4;2C=_uH3#Ey{OYr(bAV+!MRk-3O2ui@-^tIm3L26%)(>L^MY;GT$i#FRTizv z)-w*b;?-)DZUQf%g)|GKGoOypT%p$~#ZgCkBEP|`(SbhT{PG0DxQV~~>sCweiI+bj zb{8{R7uQ|b8_L>yOmFXR>?31REb2_zn!*d#CZKW1=VP`_F!I%*@@Up81f|Qw_)3M6R06?I!)0qYpw`CGh)Czj zvifi@n6CC!VB;82+kxt_T^wa>kF4ai(YS-e@DV&4j$W`w?>9+ zh`AGQ*?JTkst#HezF^M9y)9uHleVmKLqpJv!%a#3?4M;QqPgEvg)2PuYC%b%@Mex) zNAuLrB73+;R~0vUJL65yOMT1=gm! z8F{13mg;TF;g2g?5WbB2hh1h}wCi*3oPZ~c$M5MBf5G<1_3GOAOk^_T0^Gy2u)75^ zAjC^Nr+Ex`Q}eou`^T@d^hz0B_$x#@zdc~_&Y@1|WP;Nn?U)~J8jF#7e7w}ZHQ*rW zuL9eO!r+W@^0srvps}(#0duRzb0wu{_zW-Thj{uV6lU?0k3CTy{Ctu6r^cdxMvt{ zJpKg(e{P8jmWUk9`sw!a-yFUEM{b@$s85zO>BXdeirI#yI?d^o#zJWdk1dX}18V5c zOQDoIel++$_>Lp!nflAKk9<-HsFOvanRT2jl*aGl212?{}JT>cNp(H>=GrB*R9Q{rspnJoF=M?kd4FDwTh~;Mn2JvQwl4Jsx~Dax zx;!|FOZ6CHd7Zt5XWJLZJPM{F7%~teRs|T<&4g#B;9Jg-|E~C6!kyMib$!~1`;_4o#S3aN zlhxkut9TJN_YcvtW*X@ZDqNp)_bF4I+rFVv=nSa4c zwVJV$3;2Hd;$xNAK*uOk3d=(6D?}LnjH7R`uUcDT+Sy5W^y@wNf;aexpti50lJh?| zTETP&QHR)Sv}L6y#g_UB_ScaI3CFT0&huP(#sT9=Dy{YSgPZOV&~sr3OWNXn}=i(|&K=n~2%Lhu2>U{57xpOTeaSH3vS_TnwDs zUt=$y5-t9evx1*oebb#`TH>prd*mCXcYf&4piX&9D2NpFK#@|J4TcAdlho1I0z(SZ zG`Ry&>SuB^;(1HJcKjH_d@Fe7_r3e+KI^fC4|YBq=S8TNHt$7)2_7*FrkCP3R|Jzw z2heS-y?XrTtsKGrTh5`vXriXTFH*@1lV^b2;Z5CW>PPc8w;z@c-A=~7MWDM)9qcNN z($%Y${XATNHe%ZVxNSy^MFJUYT8p*7oO;ij^%Myr!Ewtnl+tAZc|J($s2lgE|HmQM zQwd3Nmg`#OzO+_DI?f`Bg!QD4IQ%2PvuT8db6G(4>sa2}*MdEOry;G771lLC#7M$0 zt@_tYZ3`F`|AxNBmeJSI_12LrS%lCBI)50?@}Hm4wEaCEeZahaVuMMT`j7Rm4ebR` zrd1PtU#91AUUGyCyuBe-Yv1DMcXlHExzg|n6w_Pl`E9i#k{zO&8o}NU6q^T1WQ4E2N&Y)k?C?Dk zIzKlm_hO6g&ADK0Uq4MLC>^q}_3rcyp&1M<5T)-q9=LR(f*aAiDO~&beYs`M!TxEzSi;*)!9@6ZFKWao#IwpK~z!wxmLt-u|2=#3OQf-WYEQ z5|Mg!`_FqwRHlF}U8qDAVWQ@S;r=5NV-dM$9oXY^1>Uj8vV#d9N6n>Via6{)WxCYg zY?g;}+e~*PghNTmzH<1@d&4r`YLEXmr zMgaj9*<584p$JwyyW0*4=ymKO;f&gp+7mW{nF zt9ohD?`>m%g{>Vnoj_KvPQP_CEzQ!%y0l-*|G%Bj5&=ZtS14C@Y2;rNhO>q) zs1?_bDLH~N`gtksL14el1)f(Cbj!{C}AL4t;$m-qe7 zJ?C5Z_WsekYVT)TRrRXXT^+5iDhEI(L5G8b11QK#Yr?@Hf#BfaCD9OHdqf~LSg$uE z8wnK&IJkxcj7M|i*EYPnrko^P?RV0nSAN+}ThBvJMOo0&*^%Ac%Gtu2-N(`8RSOPI z*hlb{b+q;{r}S|IJGl$`h*1BlA^6Jw)6GFm`LBwHg9x>riaMo~vzs*~h@F$2lUfv= zl9E!`&FZ6|rnKz;z+YP;)V3ZTE`l5!-rnBq-aPEiZZ;fT0s;aYoZKAT+-$EJZ0^2J z9_Bu5PVO}SG4lV~k+ycXbhC5uuyb~z{Ku}jg|nxJ2sQOTj{f)hPn_01cK_$e$^C!Q zdQFhy9|;E+J158g+J1!!|I;g|Zs%hS)|a+(w03fT^&!f`%`N<|{{K(%e;)q}srP?K zE>1rF|AzjT=>H4-;BM_ENiHs~+M3!tdjv@-DNZhK78aJ*{E3K& zkdcumCMNm$`Co?}A0MBSi-(Mi3<`ygjg8UL(XFpnQBzZoj11dneGn59tFEqAse0`1 z?-!SntEi};q@pS*Dap#pijI!%?d@e_V{`HfH8(eRc5((_;aOW-GceG1c6P$~EEE)PAf1;gA;OiT<7jqKb46pMdT z&{GHqi_27}XJlmXe@v84oR>}Cq~YKZ77|=sT$GWKq301(>M3IqQWg*GR&|u17X&%y ze$4^DVUiW^3+t+{ulIpUGqKU-tUo7tQwoB!TvJt`P-lgsgsUBSR&t zL=7nefzZ&8df5xQCe{rNF>;MLYzh`#oym|8E>=}XJOa`zCmb;j8b?Q6sY2+*#YII$ zsCkSkI5>R8c~M%39qb;={lSyZ*FjOw{Li01`S}5~68c$LKI{e|Mjst{oh`MsWyG^0 z4-XH6)B*-S_91m;-V$ zF(0lqk*OLgB}>ME{i5Frf+;5+;b`lQRR~P1(yR$CYQG)iHH;83{-xCQJNM5Pz^I>& z%;n^HdqDaY$VDX?j;5~!vY6XawRj1NzT_i~`es!h{MOgJ__l2j#V`6&vY~+vMa@jg zOlnd%6z~smT_J%6x8H!HvKZ>A{v$Gz!p!T1{6j?lD*dDK4-HP@!La`!o>vS1sAT#g z04;u-aD%)=O^tX>Uh-8dZ%2H(em_ii^#kc$&s!+#FLvu2a<64f$!3+2WqF^* zE%nLn-lTc@+2xurDxtXTed|0>Bi)E^`r_+$m@~Ll_oGKwt%5=|=ppORu>VFEMnZlh zp!;;?``el|9ypxZvp%!dTZi-XQWIUcHMs2OvMvuQnz89H$AAb|tIww|fe1pere5*%XCGhrp(ouDy;N2|oJ6}YO z2yZ2au<75?y~CFWX}j|rX6};1Wzla5a^2kSN{hHUbHvdIU)>S_bU8sIfAn057x&-A z{T3)5e05I~j05U1($`fc3Dy(SwcIoDRihXfPU$}zfjm9U##;Y@5$=r0SdVF}WFIjj z02Acl-%_d!t~}Ih^wWfof2|LJs{cg;@rt)qZX`e_W6mQCAkfdrm2be4(N&?e16Qre zm&B|smoDH`IzS^-JCCR;5?bWD?_VfL9A8f|fTO^i);mP&lH^n>#Z4lP@S(AA-Vb&c z;O}p5Y+|s~R=p4v{_ny*Drm9KHE+~pv+xqm$nAhr))U0~}yr9TYAXnQy_w>*)IivcS-ay%>lanAr| zQ-ifS1s;Bl?5*4K#^Bq>zG!bo)bS5|kZEn`Vr1YRon2qOSqf^2^g5eV8E zP*6Z2jA@^yqmjXrsgCK2`^RXdRQ4EYQ>3aBW(!jWApmVYME4@~zDwBE7IzyQP-Ijl z#z+W{E=}{1Fchjj?3t+EZJbnWEm^XPt@=CKs-%=#;U=3F9(D-$aHd1?v6DWU{*76Q z32H`4MNWo+w8J3xfRLTI`e8ExsFg!C*u)@1?8`3>u`htlg@UcOMt;pod%r=l^Tv9; zrb6tFRBL2i<-{9#>6;o_PvSg%{c$Vv{Zyq<*&g=UkEs9Dpb@(D&e3pG;k5$?7(!OsAkP2g3+`zPIpi1Uk zZxB{{U54yW^zyV|#ytWtdma0*0CE}ECc}PiP1kP2kv))-EM@t?o&Y#}oDDPIwIxRL zYi8P&ZTJrfA!CK!zZq~qAzwD$w?&PRssgemjPwL0{?GfXGES`OQf7$z@fd2NXjbIi z$Y5K~f-&)gWZsozbpq)OdFTf=90SjOa%lxXdmCI{E@n?`7?gNNOQiGKNb z#7&krtxN50~Q3UV8f|4YsAD-%-q2L0!^x*?P*C~Fnijj;5 zM=kG1ZiAx8$ls0A2G)@eYK)q=MvqMdKl3#aY$)IL?Zv+#kb-p3;YM$pEVWU))IXdKwtQp*}E z7T)rwe-p*=buA5k#>%dMlNo2Q&gX78XlR(mQi(y(N|H5|xbtXJ63PoJFE=F=}Ea#`NZ=mzYHuS@5+D_ehJ@ zdKb#*>!Q7K?l818c#yD-5zw~=z5VZynp|SKS_V=4SN%#$R=)Ixz7_=FTZ=u_3uI)d znsIUr(s;b1JmDjlX2hNtpN@Iy6Qw4~yXav!bXH)JQr_x_tb^XbmFh2RV4Ygc+S;1z z-u*(yPg9BS#F)nCKIFheY{oCY#g7HZ$Y*MPY<`TE#HyFmFq6D(4~*&pBW|wB@OJCl zMxz8>!OV2syTJoq#pE(42`;)cCyDp`)w#37mN0CYaS@n$&t1`#`}{Aw_dIWMKJ^V9 zhmH~S#9>{oo5&~#%zt6M27Oel8&0BHtMK=u0Mg`e;WedKd}IzKcKiIryof%r62~IU zK_=Mh2w;5kY4BHWLYMreKmc1g#`%GMWCX)y)Fu zPs=?g`8nJwwU4R}<}|M6#?N@0B)UxuOfLl=y;G{LU&sS(}7 zRb5mgJm4}vDW!}JPH+EAUDW|NFhU(hj>eM`0LZA*dPE@Y9IVOQt}5Lt^%u-|D+-{s z@Jzc-voyt^?3URa#SHhjaGzQ)90lqoxrfuz=SG6#^u)2A?ZLik3Dp zl%N(^{6*j^6cv#o2T^0;({T2Is5~fIDEl$?f-q#zwZ*?I;>e-g32H56msU*e&Z9{+ z4CJIW{XO8D@>$7HG!hO8#08P~(jTcOfw(?Si&$_Eqo@}~x|)OqP$J)x(gI{s-Vq7b z@!nnLG4Wu7wQ>xJ43UXfMM+PRJuxxk&*klm^ajz@^Fw|>T`|hn7g;Vr1^?h#J zV_TZQVx0;4>c@BExzE)~S|0^Qa#EVHKr`Q`wI&*Ce|kGI9v5M-!g_-7Z*(ozoQD}` zTutGam`#gMN9S%*9A7@0RJ4_{R(|>2={mzNpZhK-o9uRkzFUEREw+_s8Q1X~MNRXw zMdxx#eS_q%<8$AA?wB+udy<*>T9V>ZhRBl3T%H=( zSqlNEgwnxB`ix3)FmqW95eU8-ZWANV(eJ9R-zB7q=b(6bpder8-?ah!Q925~&rT(K zs#GjUY-sj95j)A?Ko;Q`!DVX=w|xCVCUT5{E;(y^Ul(!1xAd4-yUx8%uGK z`nvV)MdY-3fRppM|NFCtG6G3$x<6CGF2c;Lr!g_oVKVaS;<6aWQ?T=Ihcq3h9k*vvmfqh=}P zoi_|2_ay;#T>VGrabO3w{a-pvDsL$KhvZ(>&bkm`cOggTgTq@{9tVNL9@pOAHF8B2 znGfmj!WAr~7@&Y$UXaHeZ05fjudJn1`Bt{*#o{UnFc=^7v6%3e%EzOe;qPJwogP8M z=)u?IYvtZz3>_d3Qng!Goy}!Q=2y zs2CivehE=RmONcrH}yOxZnJHG+pSWJT-G<#g$&efV=io3yUx+mNJOV{eO4fk&P zJUwSNF?PkF5$Szn?GhH{_}89M^$%({ns{?`SUOMEsJx(OPVkrA8~QeqKxHskr5REg zJg*D6B9!?S3T#-e8&k}9YknOxMhsBkFiD9Ro9Z$!G^gR&=yQPaX9jJ&Ml~G|*c|Z+ zQ+DhXHGx<6Zf&E+Mo$*&a;vvO15}o_d$7 zuaAL{X9Uv&@_KR-cL}>{S`s(;K5`tCUg=*C4#|aSiQ|RUEi@SjMC$fBQNf{rZwN8> zB@9Wo?4Tc|RiA3PQ5T9sAhr=B)fQr5Vme;GyVd64H}zxT7NM48OsEU|R7q_Ib4XCA z8Wa$eLX1V;%DC0%aq2(sBT?H@bhHxURfjGI%#1^sq0P9vAc0s({_+&0(z2a;*mi6v zCvkdu_k!&3lIhHRW1%fhYUJ0ZUwb;@Y1#F6z6{A z7i!TrD~;08?RW_GXMM<1&7Pr*q|L}&{v{bn+4>U`g=S5*-D?Iug>N61L?j^zXzw(N z+3^?%(NRXNT}o$1-k$aat_3bM;X2c(mE5|ZX?gmFD4iC-i|-fX{t3tOT_kX1&niFJ zmPx_lv<1Nn!oUBgIQ#rKT#WpE(cnq7Na*(!z3wNHF0J8^?rV>~*BC{?Z$TB`RyN?b zXN+WWf9-ub`rZ#;6ZL18#sYEGoF9(5Q6v=V*|hRSR~zC}vv*j#0Q&tHGW~hy%_QQu z;0UMA9Fdq9V#;(a1_^}9qnI@UN?#j{3uGbDW5TQHQ@)65***Mg1&DWJ#O)rEr3GTd z$<&O%x|^4?8qW%n)>kSokwxFpg1)AKY}PdTGswmcH~~_@p^W=1Jm{sin5~N;vX3qO zAZ_WmbK}Szw0NH8K z`BG!GuZp_HgFF&1+PFg^Er`2P)+-x^`hzZs>mrrW`%@t&>%^nJcvqp_t)Vf25?&-N zBkI9n3-%%Hw2D3FmPPS4qEUnbUX28)ypM1Jj#jry1pbjat)CKrxWa>}UbZ=-T!`;# z(8Ok(ISX#nw(gM~w5mOLg|Q~c+D;WY%M#VG>A}JGBh9J2P_NL$h+ff;5kW69^*vhA zi)85EEIuX@AVYv{G$(mRq^yPNlFsolPTdg4bRf}XX_3J@3N|7GVeD;F@NckKg8~jQ z^=j|(ln=_Z4%R|$9%2HUT=OwD9a}%-XwSrN^fulQ8H64Znmvu^(H2%1yesc9^TFA_ zch5{TZ-mo_a#90Jrs&;!`Zb!_Jpz0rP>H`?ooS-=4Y+k#5eIbF5}K-}hvR_NR;88f zuO6EaZwXEnaPpB-Jwz#Y2?wYRv7o*#*MDa_T|=LcrAAsFffb!W7K3=;(yX~Rc9x;!ZWkfm~1M4BOrxl8bFmxy;VU}9-q0EYvJ9N3f-h2 z|p=PCN8JKIak|fMnaAB>8+>3%Sd- z&Hnl!esX0Q9tMb4N*2ncHlqP=NSc&rh~hGun<4=Si=Jdv`yHQwmdd2rQ48vSuE;dX zBL(ee>fV_p{`yo*8Y5j^Ia_?ANhlc#I5JuNrL2$Wbz;)c{gh5G`lfOk^|Ix0{LVUqG(36nUlHlHQZeF4xV;Z#%6!%jn}KN<% zy)ee4Vk+Gf9_;IYW4tb%d%(%NR(e%S`$PhF*NEz!(VJ*QGs|#FvgD#6usiuKzcqD_ zbX1Q^>RD;`_vH7(a5+SILqg_ z&Gd_4h!qdch5QPF=;S@Gd@~Sov$IM0bmNL$?G)df0gn1Mf5?RiQ_l^MmfZf<4f)`U z+6c5pHGhsr>}o;+)&A!(tY6HG<0y|ODhld(79ahQ0<(SRI{038upR(z+dez1CC^BP zp~d+Y{=NaW|A?}&LBkC4>fU{K{tm=U`cB01D$0jSZTItRscW1eQ9Klx5RbI*q_ZD& z7{#@iF*@7=P)CYjEHk`%3EN0>{gSPv<{hje^^T!1bGfB>pu_z^zmQZ_g+Wm>kC3LfLv7*VBX%}H9leR)~F`e>x~ej zt|AFzOD98PDbR3!9#Z)ne^Sq^j|KKDA&nxL6@$=K1|a5??fMOR z0WnGnU`%L$sB=#88cR@|WokE%iG;QlI&ceW15SNu@b(gOw9rQ%JbMD){J&@U*F|^7X4aEg zdz$>Tm5j3p8y4NyWO-`8g6zdXl}C5{yiYl9rW!GWB+vWb!j_r4Pp;-yA;#YdF7I+% zyV{;1G$KeNL_jRE#&|#AA>0Bt`1*nuStM!`l0~tu!MrTNHET}oCN)qG-|F>DJrQhM z`KQQCYWug-aw5q)kaBpL1S9AWLt@VTBrG*fn`a%M@2l2se;<<8X7cwpp-ag$|1hkA z4%+5XLOi*8=9Fi?CtS(ih%J;jPFmAo?_X))Ry-;r=yd5gpc_}}3U0=mlX2e{DQT}@ z&02H0U?am~tEhL4aR=~?wnN=(*q?uvheE$t{jhb5YcL25`hY^bhBaE zsU)gx-P-XjZq(9ZK)jS1UIj%MZ z<>WnE(l=ZtK8ks)j#choxkbLoPs!h zw?l5Hs}t9@inn>=XEBxF?6Z<16{?hkb;A7WAA7yBr-KrTA3nSD{4LZ~5%Lqtf@{CKn_3&xWrPepgx+*PT+9^6MhPcy2mMBqmn)dlXs@5E?E@ zaK9&oyROrOw;TuvGxd(l%7dFzj*c|kZ0UxtyG>1&r>zixd>9kf;2iFg1BU|E-jhik zA9@Xsp{iNEnsW1F9vMYAGGa5ry04-haI{D)u!Z z5<~kP-xBfigthJPh$yF=)=j?1ZBazhw4>nD4$moo@uXb?&4opM_oq#GD-scM7$-Ty zq@c>+#9r%9Yh!~CFdx+&4F(o#9q~xXF_x;=TETtN>?s7EbGwXfC`#i z9M|TpOwW{BZ9~>}P_2s6>|7(pM%42k{56y-v~cAwGZw}h?XyJ7)EpnvFKqHbD-K%p zC2n?@J;eV&<0w(LMDRg4xjE)qLYY+-AIwNtcKFPG_OWXN>2Qu1{8SCrH7ondm8bFJk zUvCP6Rj%oHu?fReo89yCncJnh6W6A(I)=n~Nzixosr-H(Vn0+ybWlac0mMG_Gq6Jl zaz|rA#H2Y$r_sN#z|`55XN`MWC}&Dt(huAg-Rr-tv6OlwH@J3A$$&+$ir#ZMOXWEf z=hXc)c0mN*#uB|JdXvy5Iz4nz+Aoslf@e*dBv+`O^v6=9m{bkboX}Rlom~5}O+fe; z!c(Ks;*S8H>D=z9KSprwmC)wgdE7n9eRoeYj>B4(-BS-QEE8SizZuwsf;1MzAqVso z8?Ekam_W9YP>X@MB<*+JIP@JJkwe27-6!UO*Jx*(r;A&1#l)Sp=f)vof4-a8NDF8y zrkWT3o~$$YVA(kDMx#u23;?eTFq^Qc&AzyT3zQ1=KkZ9mSZ zYYjMc!iAkh`+W0Xs2nmWTR%%T@&@i-zA-BfZ_aKmsT4+>T)E$NXJCij69i3u1A$K`6n+$arY^3gV)X^V*KV>emyDYzXmWWct zH4Xb`x@+|s?{6}fa7;(J`G#gLl&_GGi}9z%SsbY8I{ML)`M=JusVmiD#Qd!-T#kZ1 zCxy4cLmb-yO!0s$Ol;2>-aC2Nk0Nv+&YL-lu(S(75k|xXvj!tJ*M(AlF@0;-86T}v zM>tCT zZw-UUW90v|Qp&8D_G3)G6*jthSCs)b%IGjRxaa&}xB$5Z4Lb$M_7FQ!oL%%M=oqJG;P32>V_l}B z5}2N{S(xn06?3PNbD`0}v)O zo=P*3sBL>-`jQ9yWo#4DTeTSt@NyyN6W$CzeHiqN-n=8gP`bj`S9VLJ_7SQ0oap0E z{ca8;@^!2F%;8w#OZvx^F~}?&l#*qJ%Y7jfKX~Y=@J*pefyDYf31OeJUAK`#_E&?9 zkR)Tpv>1GUYr;CT)>dlpL@3zbW36du&a^h-q440@uQ{sYmHBr1^yZK7^dxOcroFPG zv*T5$7d?+!-a(dYp04P$P2R!NH8yyC86v&d;a~~0!1J0?;$0>0KOkAF-yY^O>#a$% zkeXdBXwo_AnL_>WagYp;k%?Kugc-E3M?l?fJ~WlD=*mkbdsl1@_ZeVzmV9N|U}|q$ z*7UI&dadj7MQME*-za9YSgMEgBhG1mL(JFa;X z6O7ZHlrQn96f!-rDT~$*J162|gD4Mvbjo%KF7?cSF$!q~m0|W=qnnEQw>wsHv|fPd z>--M5K7&-%y9D4USv)x%f0F8S$%*y6C43zxXb){hfvW%={nb2@zT^$~GnV`5l8T ze(C$~vWUFOzAV((6m*xgp-`>c3CU|wr>2Qw!U|n#{>RGkMp3#(sxse{#ck#l;3)>gmW4a571z&GGtHX)TPlC==)hr@~|ZAuq0xCxvK?Szo0l*2|c zOQ}I!qA1f$1Mk!9)PVHL=?Lkzf9pT>$Qa$*xv{_{)uPQJ)wZ~%o?yr?&|Z(nV_kuJ6j?+Z*RKjz$g(x;|=8+CeL3m8*e~AeV&bB(@S;^3amdLh-f~RtRoVBdpV0dw+7Sliqh^~9ZXM6zf_tbnrwW%IOhA* zwB@uO#n7>2*_QBHZKV5?YZXN4@3*rdw2sZYZ2nt!{Jvr4ZFptag!!1$_4z7hQePd) z87_W)TFp`*b0B!h`M3_rOeQ)g9+Fi{=#C6Gccr>zU|Jl=nDJH$gIa5{JZ6?!NS(CD z3aNYftHGs|CVbT|COi>YSPKcBdECc{UH-u1B(=`XcQySoWO_(B%vcFXEbYs zjIBa0-i!UPYMY1{m{y_UsCn#)(YU(+n3)9aoS7!Y0MOimdz3W3YKi znJg6hB4WCwf)H;(iVnx^l=vM+wag3YrjR!FS_kYNaX^HYQ4k1*rraz_VuIO%B?Y^- zwW3BMR5_sLDa&u_hgjSuj&sfdx5VKHHj>Rr<467}^0ZmBcR672Bpe zHkSEiyQyDm=TmX>5>Dya>}eI{*6MY!bVN5fU59ghXmIy0D=_S_Y6)d=G{m4Qp%ZDu z^`MVYqWo>cnHLc)EOD|ze@a}yiRp$Wojqujx>e!=bR4y|gCrpK4u~jyLE3gt`8+bT zJbhdtI~qc!jT)I)hio|jNi>b`#G;}Lkgx#G3{mULyDY;(@Q2yuh`iM#X($6M zxy_B%K{AcQ!<%aeHw<@2Y;h}>qi1#vMZXID+B!$3zHaIM&+1T??Uh(!0REIYjSa<$ zs1P{dQ~H4HcQ@FmJ{C~mfwg{icUq)_Vz{;#9X>e)tOnC=%>RowK|;*;@Wy^fVw=sBl3sAlN$xtW zcc8U3&lSh?=2+u`6pQoN&m+If*>WXkw;J!@*S%6DvBg|ml2_wNJnS%eO`o~snp;j8#=HZ8?E;_Ap`ibawmDOqMYLpUOTY9(K}>B{Sy z=T06rYj%BRKh>Lnlw;-ilQ0DXcc!lq)Z>n zt@VUiAtIjc@g31)GUV|+TqGdMA%rRXYtVf;eW z%R?@L)A`wlD&o%h7rS7M2jjQSQJipK%D`~YAS9lNxPMAm2wV}%FNF)*<}YTkAUgkk zQ*uvy$5*Z}vNF2*rR76ujz@CKlA*?q`plMo0lF!_p4hG?S*GmwCHbH$wu)-%(a`WJ zd`~QKBSSU^jYU4eq>F1VnZfA*Nfq`roDrgfPblBVi!|Gx3^8**8JG;3iQJ{n;B*SG9_cx7RNG#zw6g$KU6EMqx*E=-oia-Ev84FSiH+*wZvk?e-H2mQ>GDtuQE77-5TW zd;%akJy#@|N$DKGX(NQ>!pj6&hRA#0;lUD9STd%m9H?@{d*+`$#-or9e`TKg^bR@x znCql#nV{;JLX-yQ5#jv^ind|;ifKv4Ag6&fIQ$LhEDK_t)4ZD-OP^xr$_L}WYkZ{p zF*Nnf<|z^UrDbG^i)N`lMFOXhSjh*-l1ay6;B8rjKgW16$pV|rk%AY+x5yl#wJ3RSG_zK*Eh-wwCCcaH%a z*Xdg|gqYYCgZPW*$XX~G>6fD73h{Hl9CRx}wE5TH2sKWkUW>pEC>&ns>U z-bPvd$Z|-~{Z40hD_2d2iD(U@F2ljXpuXh%ugj_>_)zk6y6H{B}O&aNqSO$QP9xy6?WR?!A_ZqoL- zih$mnah_?`pa!IB$i^?G$kr@|08|5J#Wzsv7p&Bry5NC1xl)mUz8+WnN+J97Pf&vW zG%uk79Pjoe9C$dosVW(p?cRfd+6@`OhsY3UoQ$JV8clw@s?fA-2P61SRj!sF2ZZ%k zHUDp)@09_Xlb~9ShZCapr31;rQ}aFQ+h4^A`Etc-E2)hAD4E^R0}Vi%-A6~?nKxZs z1WNiSpu^Lg9o|qzJTET=6tMahLZOs$^zF(>=J=dDQ2(tC`sGeP%7Vcv2^*Wz!0;ve zozq+g61Z7^z4j^n@#8Tz$jIK?)qza_bMSuUymRq8!KFUTq8Ejs$CiF-6YCeGtq)>$ zFk>!N?@US~H^DrnS>G_fN-ExgHMPURa&;x4_~*w`eX*p?HcY%VqkYV;@40XQ;^b=R zZ+!6Mw#(0N{0LJc;Onl(y{h+4>S4w7k=%_DC2#)|J6ud}A>cj@gPe`T?KsKB;+ZD#xfzM|lKbf0?!6z~bg z?aBbZaC<_q%E4)lx;mV+#*V_c!Rw%rSyv0NqVa1%T=bReHI{H7VZODw7LUaKt8X-f z4)4M{9^);yE2&EQGuO5U3E4@KVopwjuwrOhf@D`4;{Ac2a;179W?LbEg|kge@bBYH zx5c@8|4OBn5s9cUHE*znU92?`B%l z5kJiKroTFcJ(n5s1>a+BC68$I>Z|QIuE!T`zYM0>HbWUyGQ^*;h!N_FoQXmSX^__B zo-jH$nwc$8c-AmsMA#9Qq@2SileV>U1Q7_nxAVP%U zQ}&oa7?iZj3=eg(@*;YtEub8o;!#dao=F}agsvF^{q$%`=QgGD%HW$7Q?evc3X?T^sQt*% zwZa&T;wT)w+2AN<=vU;RrN3PNLdopY78JA}i~uZM)O2#4nyssu(6Kix`|fr>L8v&V zD}fod5TM@2$I3JmM%;4M$DdYLVrG=gK5G$|g>+OpHH#^p`*jpxf-B46I$(Q{k{4Au zl)*(X#`T%RU&)!s6i}I6M6CQ^?Zsg&C1*Q4nIW0tR{Ovs zWEd&HUilM zB7gPyL|xKVx+R90+0rmpEoh{5gX1NU&=NWWNTk5*@1n|o@F}zcQ&r3 z6oJs+gfZOj(tq5gQg3}Os!S5in^2rRe9DT8J|Zk5*o)2}8p3tIjyV50&nrJe848#x z#pCh~GSU8M-BB;7(h;g`j#m?yXP-8Qex*V!M$YHml)92mMLxioTk!EW$=pv#s@0@j zXfN-8mB%Xvmi|*KFBf}3HHzlOz14@F&@-*Q!4CZfF-i#>lXd4XR zo5ox79jm+60pC6mz};ZXRN0F!Z&s1Rw^@>bsSFE}7y3XBuA9cfKe}9a_Js#H`@F~B zp>K3;cfu3q^07Z2QHv9jA2GHr+Vr6?w(lp6EczXE6g7W3pjb{@$JNm>tPnR9leM&T z#6x_WniOhYN0^F;7-&*grh9RlfZTFnI1cL#+X=-n@cwk*jkT_sYKVA{hKk7hevZP5 z?C959KYU(6&$Keg$gmwh-_v=Xatd8#L}rabbU9d2FoL+!7gMvLELBcn#7@E>ORbb@ zM!E?PqwFE&^YTxvH>D}SQG9v=d>JLS)XDPQaY;!Hf(i*|=9Y?LChY>iTvc;K8NX6F zUKfKl2hB(oyAAGJRGMW}R7b`0?djj(^dQ=>IwNIk7flU%)EDA*p$ew3I(+Nj#8Xc< z$XZoZnxbafR z9ljOh_aTM*GpkF$2%WKL6lSS|f+ zv+FNMtMzC0utfrrgTXVNe7v>D*$>6&dGMXir1z*NxA4b5ZknFJyE!m(|2J`aqNzGn zu~wox)wh9@he%F}#5)d?JIjP+^z(HoW5`hq-HECQv>F7IS^e0!tnl@eyB^GcSJiXW z=uOLUJK(#qtLe2Cbhri7w3&ei6%&?-cTh8_s6SKo>^eIE*w z;E+uBdmw0L){K25ctz-2CMaGw-anRE)~y7|UxiU2o!qOK2$_x+eR-aVR$mhPjptmV z*#`}&@XyV>QPM#bdbzBLZ;ek;v-hOmBIhom(lV!|$QbQs?1Pn%0@#JAVr`Vl8Q+Rr ztS)D7O`hGq#UQG1FMA4%;M^2z>I7Y_Y)yU-2%ba^HxE-gscSMa4@F6ku{|ZUN5`^{ z0~q2d;Y|JcY0sPO01ihc`7^B8Gl-LJmSz0Yp9s?l8l3nce&qJEcfM4m|8Ul z8IbOnuon_qcITtM@nf2=`v8yiyOIs(<@46d%KJDk2B=*2P2f)A;xNnbNV1o3g_UJ? zPP--)c1O1#u3&TCKPsujFoNQrH~{9>=82^S+Y%5Sgj;}{(QuVlJ>B%+K;Vy=Pn#x6 zQb^y!P=0@IcZQ_PZA!#8^z~TUO(Kv}9B&$g{p@myU$~tU6I5(td(nC_g~%R9LXKYq z?@FF`rhqilkxs(9Fd_u+ykOCVvPFv5W8YU71%BZ>xl9M&M!)qiFb>KVni)*!b7HpU zEH=#6WW8|m#8x?xOC1^)t?%y6mD%ob4KZ3F|)c&ld$f z&sP%h0B$!a>I8Dz`Qx`}AkZ7Ra2n8N?e2EtbBHkJpu8oHL?Y>n-PX`sYwzPPP3sp2V`Qm{@ z!~fn%DmgeL^mtF}k^QZ@eXil@Cnj+<66F23GBvrJ9X8GMdfFsdC^Kvz?3>;D1hr}g zR9qnA;PBcztM@+T(I6#uTryyl3dH{7g=#USwkw!F;Z5%6AsKHeDiC83xi?zBZt^jL zTbjjdDEXF_^YODkV`U1IsTg1nD5nKgcxJ9!!)&4@QXmke$p1|Lq?wHo zh`u6W=yfGOS&6meawa&|yUk!qWI?m#{nge$!~!t_22)h&_Fp}1{w$OHC=t^459oXhQkFLe2Mv!upfD!)Y8>i;xkGQB;TO>wIWXMy;k4|X?ePG=SP{bJ5U z2OQ38P$FgMoC-a^GH5|+SS(74RqK=2RC#kVhuWJ z9B0;lGx8CFak4pg&w9x-DHwdxWBSR91{#JsJu$rvJ~ibAr3BJ zCIHs9gJPh2SlMGcF6qd?$UQ1LTe?DN?sk+GUS#i^7BlrXwOXo3X;zTLA7)XtymTpw z+*u9-($=#F^d>JKxM@bB)=&k^-smUE_$scItTMzr6FI7XpD*QNlVE)_!OahS{WY1J zemW+INd9)-VacEfRbgg$T$&SK5nE034c!s3jAkVgFY_*yUe=poDc9a8&qv=g#j*pt zF^%0DVg;S@Vp5DL~nBY?TeR38X}N>XaFT;M#%pg?kov4 z`4I9OGRHzBQr>D>ZsLlvde!{Qos{lPJJ-ympcUuh7WdU(rFWSh+gII;vzL!R&7cQ# zAd^?GtoD~OjP=BZXtsk>6br>V4U5t=d2^bG8%NI6p`#-Kg`AtFuIDj0pel(rDQ?{~ zO0R0*yRvQa!Zb@}=6+g}p4?5!UF4jT?u6HvJ<(Ysi?URBJl}B2Sz|UdAcF3xji=&+ z9IlK^GrC!4A-siFH$4DrsUgTzN=fichk_wyCF>ZYYgJ284?rJ6T94T5+RGz5(8>7b z?lRVUyz&2O>n)?=c%C-U;JUak!3plLcnIzq++7#fU?Dh!#ogUy7nk4`++oq+!28_dSu4lTcpV~RaI+)1Zx29^irCDim#tv7bMtsNPbP$be zfJ}{u9o#q;JQgiCOrXSHQ&lZ#P2&2vo*&|vH!|WE5BSB&&AHev8Lh1{!>hcoto1v`aYd-cy!)^2w;fx7mCQ{6tZ$YA z#W^(A^;zywVbs91{pWY@+Rxw=;n5N4YS|Jh;XYCOpDS^F98mwbih=fPjsTOQuYqR~ z1beF4wIV!gALL&H&G{~(E>dxUpbim%fl`2{ypPzan+jb*K8!JGNsFY4r%WiY|0v6Ax8 z`!qqxH$E1&5h|&#vkS3}qN5tALCaR;)WEep(V2RCPBLPHjS`axMWBaeG$03Jhc9SW3QTi;|v z>n*Sq(dS)F6AjbOpReeWfVthDUBLEcxXSm=pWff-Ver<0-r0NzS;8YSx|npgB8A*p z&e9R_3Ep%C#y)(kMzpW;msoel2)h5$T~Qb&1=B+T9>n%=s|ulkk_p|Uz>M&2A|y?X53Ur)MbwtZC)>Mp>6T?#}SB!ND;KxNFX|5DD;5c94M{#7+rpzu5RY z>+o3u_V42n?j)1)@0q_-uSvl0sBbmb#qdYN#{@bMyV%C#{YF5EG^OZC#1uk<#sf&K z%Vd0OHxu9pOdtUEEDW@{NIn7>Kw7bgECdw3qyKMrd2k5b`@z}5qxFA>x@_>>D|7Dg z7SaEJ_Y*r7aBF+Yo+0Fa*XR*}I(x`T6%d~Q=(SAX>ML_y3Rgtg)v3^u?jWmH1a=my zjG_BK3_1Q+K0=1ljl0eZZ(={-|0>K#fS_UMiT~ezI3zXlKN$#s{~vk&U!wg_g8!2q zQQ?2m5Q9utJ0K8oRg)&*-@qw7|Ex@fz5A6S)t%dw#l=L2+j}$qK!44(lFYuYu%0q> z2Pwqd(-$fz(v|sT2;O*jFBl%+n+GwWeVc3Gq~Hz=bG}P7j&pZ6T0L2EFC417Z?^&n zZrqL*lz}25NKQ_0enJL+R$2Ubys52l=iaT+{^0-Xk(vADHSAL@1=z#CsS#B5a@5jn zbVX1)VJBy{x_-j7RPmS;~*gE z%nyTvBIO?|J=|&Oji6PDQ&3tPj_+U4r{qKvJ$6%-KfK(pUCoi-$OB2_NUqU0hmIHq zUz4La|Z3;TQPl{w!1@W->9J9eiAwM#QYKeuGD-e5|_83zEMCc-JIwXD%SiI z^8E6WSl_t=9FA`MaVxte>@EW86ru%QoSKjPy?Pb=R_e*q&(v2PuzrT-#AvlBbKroF z2c+TvRjV#A!kAB-m5#|9_UsN5@o0DeMZef~Pwd3{{ZaXtd{u8-eu=pt3gGTIzh09= zCayCdh8eZkuX;w4rwziBO6zsQj@?Vv>>Z7VeSoSqrz%Fr{3LAfvKY1}wT<)d*}D#E z)hse+G}vTjR5mqQfADVFXgwb{5=yEbu`rNJC*OWcP?QU%VnX(g&SZS{TtRPj`NS$D z1WBhb)MTz=A7BScyjLGW-t^rqWa8M2Hqw(oL-~%CR}Ur&tK?`$qRhb4u5+?YPo^U5 zSDA&v*vWr-xDBu3)?qWReX84QRvAPe>XcOWBg<%^Q`61x(}I9Y{7@5};Jgy0)5R;> zr{=-B@Ar`3!}W1zG(5o`;)Y<|qN|Lz+qE0fgZtu*Br=f0p!QdUimjNzdN!rZL{U$>E_gt*^F#xDq?zu~SGlrMbq%Ro3t~Mv<^RQA-xShTu@`nh^c4(&O7o;XFUn5G5lQ0N1L~{8jPxuQ&gMGYq=97bCy9K)?^=_c;xC^a zl;az|0Gag?ArC;{-=*HS;xCkLgdp9@?Mtl${x)e;Oe`YNIcz$5aI*V;IIcEjR5r43 zd<~J#@_Qhhx8~vjTCy@6{XMK;1f~nk)sgK7%P`LP9abkn{oVLkNuPW0n66H|V#X(L^sfoM2};z?7B=v{e

    eh|_fZEAQ0Qra&UD|`^EjzsxVm|Oz&|5O9WY=}~{3?T9G z64d0|7UqcrT-#2ekE4%|A+3SnHi3!%?uy=58K;+b-m*MhM{+FT=7P^_GlrVWzALYm zPOYaW0aCw4%s;@aPINgfHyQ5nsdJSl9)|a7sK8+~3nYQ*){5`@Q2dC1nZMiri0Y0H z7?aKBti>XS51#v^FF4YlSr5Ml)>6)~Cw}i8(==beHEQ^!OFF7)zUzEZUD!Y=ZK{2* ztIwFF{%Zf~4u*uMtT|J~JC5EFF{Y4vqeQsu)QX84_ zLXwF#{Aiki#3G16mx9tm0it{4BC;R+K>1$39{E>bH++EZbiKoG5E=6k??hP#n%*(v zeDac>-WPz&9%5Zo4rZ?S zK?qiA`GH^$zL3KBHX;a~XEY(qTKiwrK6h%YIU?&zE_{gs>&(v-s?s6@nW9Eg`Dn+WNeI{9nobGL=u z&9}&=o>V-GQ*a`Nz;@?;u_6M6g%_Nn;=Y?tg(j}J6w3aCu!S)7GAyRX;N4>m7I%5# z+g_Fh(O^3U$v5T}?;IuLJs@oB6E@?2&VDe4Z@9zCCT#hLbEeBgWxi1788+^)L zpBMcXgsiB2=LT1?_zE=2jKU#Ld8c=jf?navlF{yel(D6wRRM{RURMHNyxCX|T%dA- z;zEGQ<^XCY`YQ^NFhFiOR6h}MMnp3{aCj^ZRSf&%_b4MQW^OEDLYP}P;5T-GNe=!R z2vgY9*#msx`eI9TRIYTJ&OvJ<5iO@JhZS6jqfCC#2DfaO85>I}Xt2o&i9rKODI|IX zx%`rKbYTHc$Dc4f-w#ct{BgXp9^#3c^3!Rd|U6PKBJ&C zH+zZ3xV0LN=Jk}#7NN&9sMxD9YV|V1`r3d?$-8?=oMO48STN?ygvHdW-aD zV>OzahEh$<5+7KkLX2}Dxvf~9Bt;=VY-lRF8bblISFhgZh-h83(8 zl7FLG{brT1?x8bHb;Mp=QcokiDW^+NW^y5PQ?AakIk zJt1J45dfQ#$v3r0gIhm`L0rf+Dth#dqX2I}tC_1*>N=A!q9AQfjM1^PEa-FSi@YRQ zf}MXN+gncZA0e;dFVCKlHV4;M!yTuBCRJ6>Z#wKgHC+AN?EPhPbCdfKg9l1m zxLpya`s{W;5Zd2H5B7<@bQ@dZYC{LkWmaz(GWhL$K1ec`XP7Wp=`7sJPvBCtBt!|h zA+3*{h3DsQB_!*CQ!Ni~yj4=C%L3umoljG%ud^ij@jSp^1mL^<%A&#T9H2Mde^@~q z;-l-UmNu>sYn#jU#f{u55P!kH&vJjC+o{&VK2Ivxdbe~^ZYGeZ!c?$YWnpr=+6i0+ zZ&>!StNvMraNMV*lk1j9nA-v3EIvyY{KP>haP$s)D;tI1;=^NKSnm;m&tUB&*~(8X zWWXskMqNQ;p9;hCe^X)l99p1}8(TdYWnEz!2s8g>ufvcMLl3@A zWko!oV;dVXdckjNxlBi{TsJMT#7w^)S29e)qD& zolw|B2LAneSfU$RP*fhAw)bDw zrP=tHi7?G{3>J{qOFVrQ48EqF^>*361tog^kqY{LyExX4;h{O>flX+ukgNT^jxUY} zpt4-tL4Oz{ce#`oE8hv!{>I^^;*T!IJKekvP|A__CH{Ivw%2%7yZo`(pZscHlE&=I zXw=ncN9Z?i`!{b+%U4FSX+!(VHIDOdU+i&1rEXtB=W>=BNk-7E%RWDBzQgFnhkKM* zV*BJNV~ep`qoBb)Ax0r|{~M`{C|FnzYZcfVH#HSo*bo^CZlFxh7-%G>YU%~)@48_A+d1OVW4#- z{ue(-mVv(FHg34uh&UWA5~tibEG;x0E7;D>{t&wVPsn?(O8#F?vNB-gRX@1nBbl%1uyM@SiV7e54cCgM zSb9ZUNBKcLv#mC1VTM?CNvI1GqmzKbCHp1?LJ_qttt7(C+E*N8PLse31{VPQF@c%qE2zNu%5yYP3nWxV^qwwq$OfwX`+-g0u&^^7 z>`Z}M%y&YN)eTq+_81->iuooK;27_nYHbx^@f!C%B?vrXGz#d=Rs;)vhA?0IUq8ul zd^~%HgL!Tv8X!OnQHUznoE{zV{Th<(YT<=`wbNHnIH(}TvzMzuY%oJ|YalFL&^_ovnzy;V8MfaQlt5sHklZ?JlzEi|!W_uPs^8!;- z=cD08Ywl5qsP0IDa9u#9_CrH5aZ{En@pX>F^Qvt&0j=6yH+h+zo9FtiR#}`lQ96wO z)#oVdKNkJk^!i+gO-DMR*1C0p6J+Q&7#@DYWyMH^i#{{CPcuA*8VVBX=&#OwstY6|$?MhKwABI7G`=R}>Ov(|5!R(X@Ta&@Xp&bWj zwdDc3G7LaMhp!EB|Nf~CibSZLY!z~5aCWYa<-Za?57}U2HhP*N1hdFNqEZ1Ss66o6o?hPp5 z(5T5d^p{>vR2~N$9#)cDAKK!EqFTzu#OCDbq+#lKso9GSgz2)A#-veyF?3}_TbO=h zT{fp5XZ%^HUKxJ2LjFYCI1e?@rKlKF6+F9Kz96)nLojTpAPr_DL)unIiY-4G(OiJ) zHjM1iGS+t>D9mOJ6n?(zPCtMq2TcBliZ-H9WX0$n=-hX=UF%fhaZ6e*WzM5BpB^oE zpdEd&{O>Y@BK{NnWODR~Emi~+G{VXK{tXg+%LQDE9E zt)G0{7xH#+x)!d?1(PW$D4d8vWC*k1f2B!T4R39KMn^AfZD9IM^FJkeM+%zW?qxk> z?RRg(0{*_CMVyDI;v>}R@=EAufXIjIMl)h)Kh3|2QjY&jLoeX~7k{3=QZ&>OPWT{| z@qc1-W&g_vi2!)}^ZWu)1}xKnpFI=)Xw!kHtQh-tBOyP#rdVkU#J3_Q74;mBnmyOx zu?n4>OCHHZw2itJp*~5o0g6uc(?BYSgyWDan)_@?#yXf2zj;d7u`gpIx=Vdd;do)J zYEC3A+-nV<%`$=oJiuC8c#K1^C=P_+k54C!Fxa^t@xI^O`{u86RnE|q*N5DpN^|{qYlHm;1A=R3emVm0tU3KiC69$xWsc35M`&6b&IUy z?W;l8-(X?2@Xd%+)E`{;Av`H~r|l%xREv>CjjD57^FyfM#mJa|Rdo>LL#$mUUIW3Y z==C5lf^a83ahrP1>;0ZG&pPBiK7FCdr~xgo1`W0VZ6|a}EoTQ$It44_hLyMo5b`5wuiCmf zY8jiRkAZ#X+%^>V@s->*1rQCF?5mq&<}@FprFXho#W<6c_$>jSZB7Np;!ronBVAnj z?{b7(`G6Q}CM2pj`8ktrPIc}F?EkfU1!8!0636uXJ++wg+&6z*;BK{h3oei^m8$y; zjl9a;kE2SOh&=L|yMWQ95My`MQw5({Z0zdyVHcemp@|u`Ko&X}b>dCMEiMvI^|zO; z<}T$oXjA15_11o2k91@;W9Vx&g0fpMW&0Wj0?uxCDP?JJ@!czs>A`(lLYZe-L>t72 zXL#%v1^v1u3U~yQxOhYW5s;#R-rIq3T^Rjnx`SfojAm31fEg5`4z;2U- zd0#mP{#aq{mlnwyq74BwzIO`c9;{Yw9PD!(L7xm6Q7Gl^7NPB*_NNA>|1LAvL;=f9 zaD-B4NVsh7t~z1&sZoNSM+$@5mo28#NGuuUP|>lBV*n~k?n;Ye(RQo&l$ZcMu*89O zLWPYmjxD>aq#j)4iwQU(v}wswd_7Y*&mj~{6q+T^K^`HX(*@na4 zIiY|wxJ?_2l1#Jo`G<^4;#NcqHCY^V*x>;MQ9ks`uYf+^WR(I0%`gC!1*5Iqip+p!rusiRdNwf<5{^`#t3TxeMAAT#`|~ zJNQTlWJP?6w)L#_44ht{Rv}^o9v#H|EAA*Z1p-;Ox!2&^F5J+2M3CXU@v*fe3%Tb? zZ35r}3h?;KJc)jv0`DdK&Mj#^i~u+@KRIrqo0Nv7`%;6K0d}01$ciz?%z!T49;Lh99P9cRDJkBec6W( zzxaXyiG^ z?;tR*fVowwD7246s7+GIrume+ECxR@f|hlPzPl(SS(N;~vW)mPIVMB_>Qjmn)0ung zB)c9HukUDFA=CaZ>8%#F8C(S9+`ejD5u}ZT$tu zVqSA@b|FTb^?G})K-&bHI@LBy$3F_ucarF3R;;6DEgMi#FweT?t*Byzi70ymB*in>dZ#th_Ww z@P;t{VV~|fZMN1Ph?O?#7AdNYNGp^E`$Gpug-*86Q&74Bnb?k~rnK`FE~`szODY9x z^_Wrq92V6?r@B%vq-J8sPtls>C~PM}num1ACU_HTjUz0}>UHzb)W!6vV&rGk9OC`J zBMAT&Fs%-ex-Mj0=n!E-+)II{JxpqZlaIX7fikM*9i}$fOlm^BycA zQ_`4`Y8yMO)M%Da@(9n)4I{T!DWo43!y_2mRoBK(guz^4c8Pjokf=5>a&X_7#!E)fdn%2k=|K# ztkK%MoHhXAo>sD{=)O%PWP|{3!_?s*TRq zz@B97ZkT8Bil#j9BJhG9U_8k(GBZmk$T2Am(a5L1%(WGR=IFK!*I7jbs|@fIML=Fr z*^e`2zSrQdH&E7BCWd^)B7Cw}y$3q-A z<6&Uq73Nk+R4;PSkZ?5QW3#wr4Qe8wadUKxJ+*AX@iZ80+iES^WC*8NOP}>&9#t@^ z`JoGjhoMi{=lZhf;;)xD&AQsQ8n@Jw#^zP(%p7Le>rMPvCcVXWha``kg{EViM>K^& zJe=J^czp3dtDgJvTR$QqrIhz;F&B$auT`S~UnjKJV!!dz4&g^p7&E~Q$GcWu(TGMt z=nDNbve$grP>tR6sPk?Kz|}ty+PZkG*0024ae>q|K$l#OxbfTu@eMvDDkv!U2)Q*i zMX?^9DkM4-rv=V4oyu`+ghlJLTcNPW>$EVlU8tyJKxOKn!*SNpEEv(HB>vTT(Uk;` zN+UXTe#h?`uF%SgIM`bJ!09Ke2cNv5NDCw~&is+bbdl{0Ulmn=yL!q~=-XYvb#{Gf zL}VRlmMHsdOm9}XP$RjDQu7W4r!JXBy>M(oBQr5UrA$EO-FEf5Kr;G|wGj|fZKiM5 zx4+@M{tuD)1T2Z<*ac!{xAj$5 zY0OQ#-O9!ZfPK}zodQ-W(f3+wcc+2Pn_rgyCgF((y)darZsVB*#bjN4KCVBb{3FKa z6x|Tl1^RCo65Cg3{2jjA?F~O!RL<0Jr!mO+soxsx%>3xUqQbajrz7qk*kZHp81))# zDdc$avvH*K6TWQ7#g+WijlnMB!YQ~T+39toL(Z(3=>n@C8r{?W;8Cc5cUGLrX#Cw( zC~w7S5;Ac0%ACnG_c!@C`kL9;*keHd>nEOFv;W=;j^))H5hA%D5!88w4I0>}#OV8n zhw#rL*2XZ%;j&~RfE&@=-oh5L5J_$%K;*TU7hJ>tr6Mx^e^x}&e@mmuz}TUWh^|=B zuhowPS3=D!4!|oRcC!kFqaD|zx+sG8x>_jpUkadYZrDpSS;;;@;f?dxudWm&Pifkg zzduo}mKjtZBRb$b3|7LB6#IQPzgNY)nl&ndMgr0IwAa`XZutDCfe2_AL;Z6X0Qegd zxWD<8uRAPM028ERFs?wvb!Svy(&YrMx4;2@o3A+i_-He=wn@8wL*7lhdG*oHaPLwx zSi}>YKQzV=kIj9vp3~y5L=YckUgbMzZo<|V^KR#$tceVCq0@W8TZ%pOMrCL5;gl9A z5^Mu6?g<*~urNEIgkGObVc`EozJ7ktfBNCRUhFv4^8e1SAHJXXN0km;#oOX>CR<>b8#4aYneo7b+jd;aK@D-IYzp$n*{Ozt$F6^Jj6lCkXQIm;dZ{{5~g};iuzo_Rt%t z-v|=Aa?*sb#1_J-CcxZHxiNf0qdY0)JW3mwzbX`@uOqZW3%b6GKOqb5=1p3)?#`*J zug4-}nm)QST(leVkX*Y|kpzV^5?;9FOm#h?#skXkqAxU; z-rlm3=gV_`Vti|Ma@z^iTue=%mY!-z9=LTu;Furg5ULvjk$r_a6ZB(8RpfSvOX1|b zl;G^1pqD`B*H;!k_!m*|fcsriC5yLJ@UPFO?ysc!_#R#dy1E^m1-rVfKmKxfTljZw zXZ=fih8fbG|!|k z*x$n>!<*;ZAg-zE5C`h#$AVvyBnBV<=8O}MD{z2N=@W}O9Y&)UH>Oxw4Y*+)gg{HU z;m=ox!>^%y4F#F;>DfbDuZFv0gnaBJKGd7Ha_kCDe}^f>p%DU?ia$&w!VI3ePg{z@ z^A};B-@L>z2&FqWV*xW`I&(UHx^?z^$iJ+HMYgBN@g;*leE%XpS>$e6`14Tn@Ek)k z^t&_I^`uwpr+aVL4bKju)j19-IOj4`|IC4D>*SK#{i_7un~EW14Dfz;6$Z&GZsO@d zP-ljqW8q-37CGIkLZrFkW96L4lmoZS1@R?;8b+7{p(@4D2QPOWOA!jl8(2nqcA^{_Kj}zu+ zxZ!XvtfAEuj{t(@AmE?eTEFWuKf8ZKK|nH)+tJm`h0o9!?#u`aig^iz$LCPo^I$O< ze?c&&{0Gr4O5W*~yHG#MF#@1KYqtGEIVDi|bVR4WuX2jcvKz8^G=VgtpsT@j!sd+Y zOSHQ60$3k=C&*TBn@T<&9ooIt5)&CrI%(e8abtNi(S-HG)k9PO6lk3-=a6p()mGrG zMzd0_agwc+UrCy5^gH4=(BTA2*ncx5I1K|>$)m@1zvpG!ioT`@@H`~>f(z966@_87 z6io0V(g6!b&*T-LX^)G##UG6R=hcYxjLlW|k$xxeRV+Oy6Gk^or*N)#c;=`MP*_^gq+^A$WVBm*d-IDXXRNR|D?AGD zGb^iPZEbdQ({Zcg<{sky)Q52Y;ycBKCR10NKpODcu0KfrEU`nem=|E{!?`57f2pkD zX}<1lS6v?Wi~H>y=%BmbBPR;tPJmc8%y+7{YBhc|hkGR4Dy~y??YT6$&a0-59K_ii zgs&?kOO^i~l|nkdy=kgPfG7T}H`rru=s%AaZ19K(I(YQa>|y|&oSPbm7!7rLfIXhR z!YPg)QvP%DDYSfX_!fO<{{zsUW-0;_0r|i*9)8zy2p3+x47f9s{|9;2g;%7wAuZQu zdcrJ8<`*w9-&DANAU8}kqK)6W4HNs89bnFAY&@fo`abw*HL;$P2f9$c9R4&y7Q0;K zhZx+_@Jl5#msx)l!u>wcT-)Ubw|v`!DiS$YJ(~cJ1ibh(9jeNtmRK4H2mRaK8yNKi zi;M&V!AcaDM}A89!L?rd)9~V! zUzUj8??Qifk+-%zyZP?P&iw})J|;KFrYu{tZE);NTUxtgQ;kQsiX3As|2u*~XASot z)%68(=#Q#9C62cNp-2G z1=x8N&c<68ecqarqu=|fb>^9KoQ70fHX@%DSH`N-FL!(zLMUW>8PVY=hyKAFDBs)c z*vUNjI^`E5EpmtFSeTtn?a~L!#?rq?d}(j^W1G3)yc!P-YoUQpoXZ)Bi+R0OJOS@K zVB|pJWVJRfowLnLXA&K!q3EX8+TPXWpPPWgPhL7YNq7bvhI{E6`harQnQh$rkvHJ^ zC&C5Q=MVgNx2Ips>k_8Z=;@L^KLrgX6b5u21_uy~mA^AD4$aT)5slV2zg7&V5fhY? zto*>8rWW@QO~0RtlERlVGZR_0%jX^bwgn3MUO^S-wZGfEmw7RN^MUf|9U=YFax>q` z)5%ZQ{0w5n=tK3?%D;Auz%lB9--+r1#e7=Mmmb#Qnf|M%e?f-hJ&eNWC z4flB&HZ^5Zg3==nHpH}X?tf zs^lei8i}^Isp0$K@%cT|cj=_k5P59A#M3TDvkxyZZY>Bsl9dz&XyU}hj~{jzi`H@a zP}yC~=`5v}j%_Wwp+)NJZ?-@(Cj=F21ASfTZniRUw_zWE?){8U*7O-rz?RcStp|jn z5u*+pTMLkVK_Hc(3#sJZ(^oA&LZKw@I-7yIAT<#gw-XSTSe8c;HC{(`J! zTVTsCByzD%WW=;cKz!K}gT{we&|@Ef+s{UJ75~LTlmq0KaV)>y-8|}bh(fyOX{ZQZ z#;^FkS*t2aXZsRMXs6w?3V*%cxS0S@a~eYGLIDlU*Y(=h#gsKJ@V!}78x4c7rOh%3d?IfR6&DN+ z&SL%Vx%l(vm=dQABjS~avlBMo=TrYU|0mt?fF-^1JG7uTIi$D4v!29RFUk*TP7^!U*NZ3#H~FbWa!Z zgHIfBR6Yrkang`mN0fWh*^}X-CQ!X)#$Od&(oeDOWS)IBKw@n}RF{I=23GUMrArnc z9dp$l>9>AbvN~8`q`@_Piw%0KggsO7xy^mpKtO7R?A~{6)Yn_XI}lb)z40$JD6q%u zQqncs+VDZJRg=6Ka;$eA(bZvg#iO^`eJNDn%yINA9(3Tj`lg)lWZOd?b=HF> zMoh+{-A?uy!8ihFil~4HEcp*<_TaliQ8owvuz=6YQV0Mt{X4bO)z_NgiX>s;`3pVD zG)Z|r?RRw?BHS;z?_GS;2!@Sy8?J7eBgZ}ACSN>JBm;XUgX^fZJVC>4jZShc?kL9l z_)Av9K*fICESW!cS5Z&AwB@u{79MMFlMdw$Tyi&7*Ks6R94>n^Sz>xWIyCh9&x(?P zW+|oXBfo?=2U}TY#ZNd{Mf9c|x`b*@cDb-;sHj>e-~)Ivjl3O(po36PYOv#Iv1}bb zl~Lgkg0g3IV5mH~RDqi63E|WPuGIGmSivpfB1FKm^Rt+-^TWN*=RD9G@ztFiUNA41 zIu5`-wZwFA+V%sNbHnm~1*(D7cw`&-)f-!2fHzf%kPEeB+FxxuH(d3F9v4^ct7ma; zqYH8!V#Pkz0!o_ji>n9PX)&_5jTT4t*r_q=6HCD#0UGm>@fdnpiI+Nzt zP#1KHFjTW8f1sWvC%95r&r;4U^Jmw@S21}OO+B2bROEw`vCs8mo0zt?nRmg zqMf%^Ups<`%2_&HUH?XK34eRihI_>ENPHb)RTR;{9*CASJ=t$y6=NVb`^y2Z77+#2 zvp!@y8)!R1`CJ95st|0@6QOpuhzTc~GLj4o*IxFM%gaIR4V1R+t1_6?IXwR~;9k z=9Z0Boseah)^nBV<}@A1keOIf;pX7y|AP0uM~$_DJO5y}#WqwgsZ-x{yh0m?dnb&e z>se`D3#q76DaI#*A#dMD$?J33B!K~1@I3iDK<}J_KKTZkL8Y9e7pe7YneJqWD=#8I z7&L_v>+&}?UTQfQud5?m@VsQ8zP#TE?t62Ivps+kT3%!UclEQ0X+Q)cWOc-}24WF{ zI+shoisUtg0(DvP@;qZ5a)W#U_h21{^q5*dYhFcS;imH`<~y0`*QTUBrcrP8e>?b zzo%_w3op{~fW^K?jPF}t+sfP$l8zqm8>z_h!VV=B_?=>}O%AU87i<`oW$yw6#kCk{tx--^lep_FVw}d!xZ@yg)u}lJJ4f zR(#Sac=8q%9m=2+3GhjVgmL}r8D_fes2Cc^m=ctoj|48BhJLO-L(E2Pwc6?rb6~;U zhmUm@pXI|zRK`YO5Tl)iwt)v68(@!fjQUYKmrob7`75Wxvt8Cl@RXv}!DjrAsUOsl z5U)l~Mjla`o>Ut~;=Ml`s!N^X$RMcdn(kH>XO2l1$LgDO0G#!^saBOcKFF)L8eoqfz;Djp$W@CsauS%% z%7f|@S2dY#-u#nOoJ86pK3kk@wz8*eDt~xSbU@#SL1A=ugAP#{k+l8cG5k9SniGa4 zip2`OZ9JFshfd52+p++W_@NsTp!Qu923zyfhd}1DSHMmva!Ion7ScDBw}3rN`S^%; zq{?qQ9=-TwPQxH?zA8+L6hZ2vr}A(Y(A$dPtkRgX3=pdWcP2gu0-(p{7vs=W?sJc? z=LpurCOlma!GJiu14ObL1TFXidx|WNMj*o~?vEI1B_<}M!&OHxm0Qe+IReKlMuGO`Ft#bUYn|C26K)BS-XZN6~*|N>Z4tI@UAg|Hv^EH6twjBycnQVeiy@)z0RIP<^lQXy+H99(t%)x4i2=)|C}Z z@hACT`{;mS$jGAFE`rv@SE&V~`ts*lK?~pEgo^Vut#C+Y)HCZYIwZtMfL7J)oD?7l8Y*-_5bmPK=;p4Vu;6m)pf)Q78rN6s5p23w z71~LZ=~~Svd>xO-1zqU3#hDVw?013z6W7I*oR|~eSW7DQyMBnY4fPD`7uT+Rw`{B! z6s^kWM^2vF+SSY7dH#V5RO`!Uih8?^a~SJrGP^fz8)}<+CvKuh(hESIYx_>Gt-MrS!&A+v9VB_gHmvf^~IAe;p702BCq7 zG6S7b7lY1^VhnnrCLeFln2owC7--!H?-zf=7m1i~*M%?RZ@pY~IiL&3y&pU+^`+!3VRTNzskN^^t(ix}9FG5jFv`Q5@F_CbWNImLFtb+C1{4 z0#wZnIg|vgI;jkbz=wZ|zaXx6JKgVA*R1^G?)oxe(y{5~>6H$@|JmFr$R9@i`18xM z%x3=LE&zXEOzO6Vgh=P0J5J?+nQb2)-KDRlI|7y;LcjC*o;Z*{sAyc>(%G!kHY+-6 zhYWT^V@e>J!&?wr8-dL&-@Wa6#aYpcUhqB zLM%-&9!Ha(x3c{yp0`+D8vkG-0#imffNf>;eI|2&5k9OnhAT)34*=GLltjstz<1f0 z>4>l@_)esAF$1f+Vlj6v{I5|Sr>FXC(<*DQ+dcng&0I~-&PGf0zsw0NaZz%BSqpq1 z*M3c9+X_TL69r>i_O}m5paHvdpXxPU5fyzA2GBi`BSuL`9OTTae-jgWgGB+0Cws8$ z_h1}Ar%B&bGE?^F-tJ?CN!w1haS@A;%0l^qGET*wbBlb$)>7eg$iQ8O;Mg-%(6vky zhWivUMJpHsm3eCoby9TMO+c_!LID+o$HpSgwT%u`>B<-X@(FvO%nTR$X(L^1&j;sk z=(U%MmFy|1)xp!%iCftS5mg%jx%*u~Kmk`YG9b|^5kgAR1*z>@NFxF)=WU*hDoER$ z81e+mT6At29_hVtAGPlFMv~0#2>|&32?F)Aq-I-4@PXyYn=RfoI5%493q0HC3cegZ zKz-uEzXablGbe7#w?16s%1>8DzHbN9MdbRaPG_W(Q!riausVynjc7Jk5>1R3@%V4aB@=+EuYFE=&Fk5 zV9MJc1#HXJq1?l(bG>El8KBZC@FKE@l%G###duEEAq#$|jbr$#b6zk(qGwiE&?VPb z;1l3m1hPo+Itg#N5bRiFVhg=Ud7>HJD=|tI3_s#8R^16VP^erN`>(_@nA;SpdGdQUj}hQH?x&4yCu>-T$u7 zu|mml)Nc3a?3$ntRBy?!ae9@tI9pa5CtnghbZ>JR2`o}ypLhmF;jG?FH&zDw)NtvLZh}a1w4&zP^C31UPuANC zSvsMOBV)+af)OUydsL&Q^?Uvp*gzE)yJVs-+b*^@E5M;F0w+y3%qUUu2LC9GHw@oX zCUBtwhK)q8dDmc%$_KxYXNs~eanI&*6oUnBH0p_bkCZ;iQ@;)Pkl+i9tLxErz#4RG zC6-Mhf4v%s$uH^2Aj}clc{Ol6x>w9?P~kf1TU&}!NGWBte;Lp~q$hUS1(DJ-Ca=Zg zHs1*xth7m*4;!$rEaTCQiM`WiL!G%nkdK5|!tq7fNy?>Ou{8*i^{g!(rXkWyE3XW{H2jjepo`>U!uZDGHc7JF=KsIGb6rcsshhalya{ zdJDV_9W6af$-EsMoZJPxg(&{TA@DZ-XPT9Q>|ZP%_Cgf8N~&ZM&Tf`uJS=Q1Y!t#M zWMpK5ZWdMo>XOp`5r4ykC~Q1DTm)EIy}Z0wyf|5$-K<&J`T6--**I7^IGEo!nB9Gx zJWRcro!lw^t>pjck+gI-ce8czuyuAK`$w;-nX{*d5Cz3QhW_XGZ$B-)ZU1Y@$^AcJ zy#>hn4~3PTg^l%pbiauT{xd6}YU^$3peJeTXzAqsWBK`kGwcIV;B%B@JYb`aCjLiIkoBL?|5qyho#%he zz9m{1MUeG>7EKt1wpQRb3=G_}s-mV8BO~MV^fWs=dtGf^fgPNSpYmS410{{T{`1nLbM3k!jZfsQ9WowO&j*?SQ(9+UOPE3}Sl@%2gDNi(1 zS6BD;_KHf#ba!=4O-)r+Ryu)#si>*5v$Og61(=zcb@T z(=9D6qoSe`6BE%fu(hAtf;66 z0apwR40LpK*trG7#>PrZOY_;Jy1ToFgoZNn&{DNnCDUn!z<}Z;zsrZ?>*}~zWOqqtsHV?6WX13|jVyW=9?$9}^M~NJvV) zM|m$NFBl%eDUup0@}*;8VPPi8+rTeYl7o>-!dSMYz$#VUtGv&`LQN>%U)sQ0CALd| ziBeTn+~40KxOIMacQ;HvI6T~5TU(~MIIzjL76kg-I$Kd1NbivJH8sUG%~nTHMNf`X zwyy*)##_xaGOw-BWGLEA)!s)3s1<6iU#eR)+Ujj9X-$!N5*%zr7&f14pXv0O)Ynki zT2ZVfR`Oc}3z1E+gdka^w}q}a&sGB#%*mJFQ~Dc%huAg<(-?M`@Y3S1ZI+|E4{-; zRtTKtj&_V2MJ9xAWHEj053pg7sJrQt{-p84NAF7hTBqQK#t+#!8yl{Lh$*v)k{g?a zv;0_cRAsWs6hDzA6>R$Qs9v71etsg3D&*ODO=-Ozls?V0K=zHk41px4!P7y=A>t_;09y2Qc!W@o%*MWkD~p7;A!p zw>mllbsk0XH74drMXWxLE>HEEHhm1Vq6Qk109Tg`<3`AzZ#~9)a!I?P#m!hiV+@(h zPhSFitIHI?RP#{Bep3funS+!cgVF22l$El!sf;a` ze@{Sfz|GOkZTGItblbq4OvF;x7)s*Coi6@wL>1+fizfo#Kg}BQKJcUvj61xsAZKT4 zAYS9XsN%r8#SSzcBg0&;s`1Ei+1iBHN~6u zBM)dBhwu|3hGKU|R?bVWMxfrBTPa82MosWO^iQ9NU(*&|7a*`e#|l2*aavBJ$virT zI@TbGYj4XOT4{>>GRg-WOUS+?0O63;y7r7gOqtuo`0zqyCf%rjdnJBkzaXv?rRCwR z+JM^=sahBxne{SHAq$xi&Gt`rs=rNyf_K}sQH@Y+na>MUt6kn%d3`x-Aq1vm4oxkL zjM#Vtvd4K;2on?*QGOBs+h%%+=@2*3o|wcdc!vr8Hm{Td-z&JaBE zRLG9XJ^Su`!jL=CF7&{30|U`sINM^^ZS2?vF7t_`$=n)_UEuQl#n3%xs5QHnuo##& z(C6_KIh5gGSpGZkHIakXrLKS@NDV(01lubp7 zU7N;Vi6%;#P^59ip0hQ(O!b*!mmolGZ-u9=!RZolL#epu?rPDKPimE|e#mo#c3DCW zduxFHI4zSe{Fu!@d8uRBHi~1ZlgW%eSzuf^Cfl~hRu`ZkYJiCCQ|gXCl(V_C+n6tPGm=(jq%oH$Ks9QG2}P4hC=ayR+Ch#65=hcmfJkZp*?0z`-eMx z9~;fP&Ss{iR#=KSY>=U0MqeXVTIOd5O8Fz-&Q}^3ms) zFIj{%KzmpbvYY-vqGD3m(Jn_UvDGa!UxBZ765Rtbsh$;%wP899#=tkvUOLZ-Tc?pl&VeR=hRY#}IB z1h z47FWG9%f)m;>c%)NM>32KeO*^{4Lg1N9khV6iCip^l{9gS@e`33qh#~^UVR_eIjmX^!NH6r+hVrz z8f@c^In-p|2!J+pJpp)SxK;f9k>yg#j7{bqh}=^TE(n%W_6t_voExAlzr`5sYLu>o zUZtKeH}89Fk=X>L@AgZRqaiI$ekYpfK9hPjD$)sJ(#&H@9D}^RI zoK7eUG(fe=u+O|U zboV%4^;vrQFX6&Il&qyqns{VeUPo3)iKZ5QTpXpWFo7gJrARAWlboaYJgkfWI3MQG zX-=Ath0&0zL$kuhbeU^D_VkwpasZuw3j4||MuHef{e?$*m5NlrI$-Wz`q~;y?)O!t zQKFtBy9e8RSDypY-_|gii2ObJvR%8%gy=i1{DS8^Y~Al9{1!c(o7>xrBX@R7a>xkc z@_^CT{R}=}4xcaF5V&|>*+Q7hv(!YKUz5ov4`5`-6{dYFUuYGnZ>^pU=t|QLhSif7 znngdw{GF_QpZ9fK{XLCz#3G@|K=JYn7uP9*VJF3TkSZbyp8fAMe#2lurB8s5PkLYP zUteymfG~z)7P}1LIbcytko+z@{u!FZ!>&7~xnennnthR3b|@QpdR}o7Kpv*`{qz#| zyG_X_%#RW8`#N$EQ7Belz@j|&Nam|8)Rn_~z;_a-LwUK@7Zt#t@f4rDB!o+iasUr5 zC?KmCbU#FRyCeindQZ_Il2I#Ij!>TC>Lg)JMQvyNl0TUC{#7laBZT={d@Yh&!Gvnq z;Ud-p^)Y+J>IuIj2F^7(GF2nstmt7&qVK4fL@pSh zv#+Cu<}Y3;t2FQHP2jygkOBc7RKORrbEq%&k8Bu4{Nl$tL!6xPmAVlb1#;NpC>Xns zs-p7^Ro_uccw-+~=gxuq^_c35XP}$2^|MCSj2*uH?2G#ezF&KYT^~eDMqNalxb?dF?C}naHKc2&QuZ_V;fXN4AEpFeV2R0}>*f z(eZ@ItVMRDiZQaNs_3Wz6zkLB(+kFx_u}>PQAAiAz0202=kH3U;w-rpuJ&E(_1_2XD={BLltwlc5e~1I=6F3nn z^f8z)kU{|2Dd|JUEpMEM-YU*2x#}lHr)L_MIMv8wmw}cIj0W(I% zLDm6^dnaYuMsO}m=*0YYwYnbserm4+xD2Dn2wXN%~D%WA}vBkt+E< zs!WjS|4ic)0RWM<_bV1YGYZ%%@Ra z;P#!XThsFyfhU?&31oM1#Ylc+v8=v$c!Mu{cBQEHLrTdVG->Xlfc$bq>jB)|vXb3& zR$OQZ{dHU6FH8q=VRl4sPYq*6PKlhqd?u45x%A^g*(~OuGZCi_JHPy36O*?6KHv*d z_}j)ol(~JbcB(J6aa4u z#Qn2d_9PoZRRBMy=f)CF_@ry@UhD$BpVuI@H$)|`T)<90Pz_tELuLwg^I4T-!DN8D zVIV`(Po353U^?28PD=2?5x=jLW*h)QV(yLB5V}qw(nc|>v25E#iKk$$;;#;8f=+@G zoLsXAJwAg3>v7av$>A!b^8EyP+fg3+g`&_;lFnRt@R9_G&j&{fwVWp?7^4^vc;&Sd+`y*q)`W9JHVn;W94up77W`*7$O)b|P!6CQ zbQ=5U_U}8-X4gDRtjcRyqJCt?^2bNkdl_fzbg zRlpT|8mGN3sgMedg8MziF#8n;XxA`E;@xX}>q6b2)5sOALus^Q%Z_13O2a=$;h2Pz zFO8fLf?5#*n0#C6`f&zN$J;@L6o8OoAzfiBdrd^U}s)W7Rj+j8252XbLp^-(M@CzNhA^#r1+7K zOLREroCb5=c7j=*Gan}*+EHTeELrj$+{dsPe9=#qWj?Q4G) z(?!Tsd5yXv=KCul7|$xcU3N#2&FcI4C@*|ZJ%V#jPqgiz7FdVXRV4Zavq`B7>`<)F zvW_c2IZNZU-%NTHS&7YOv9}=rj7l@vkM-S2L9ZvonScA|V|^}I3>rd3&fABpu+PT7 z{3(l7z<>FZB3b!6#o~I>@mu%Cxj_yUWFf;IFOs#lg}Ul4=EDV1B1@AcxW$GA2H@APhX~F}{CakPZmCu$<4*QAi5`p96QOvS}c@#-_u}*27KA*Xwp& zo3s1cF#tw;?dpIB={o)+h}UB4z4>6=Xt@;hd1EGbEUDrSUYpc1eYJ`)S2!B|C9m`wr)P(V%kx1y+(V{TZwx(a z%E*s%@)g{linv=cowx7dJIxN&xo_#)qIJ|1``TUCNYI3o@ zx-m|K-sSVWKfjkRYm&S%o~2jWr=X~JP-HA0Gx)7$XGPF(PH7qBvA4x8XB}t)GIaGe zriENcoccTH;qB$-7Z!?)*1ox3^UK5Td1~w7l`Gv6cEe!Mw<%X^ttH@3B{SJPtE%B1 zx@^#n#Jg?B?RVVFMeI%{a@eJc?DIBXh8DSC+3mR?TwF zJUQq%H8{;qE;6JDXiRtDQ&1YuVu}1AeEb*6BN22pU@k#%{H#30ku_nq9s2pw${57Q z&X}&twf?+y7hNk{#L-xGvi%CH4E?FlkO(Ozl2ljk3ssiI0xwvWg=&61_Bzg9{GiV- zFc}krhgI>tADxYtAUvr|L+Kem8bFAy(3Oyv-dGxL5@?hL@Mursg1%-^oBP}p1lM#| z0<<@A)*Ji%TI3*Bz z5tKkXZ1~YyMokdiP7Pav+)^evxbm)RJ=s!5y9p}Gs*iX&A&O9Qw?f?N@a-$+(+$oE zK*MvG;r3crp8RuWnw5rJRFCKk=|Ea06R;`8atuVFYFe+KkJJNIoJ~kHY=VwYMkZ}j zPXt=aD2({ov~o{IBAgJSPg`fbSr88Mzw+y___1IGNlu4nASm3spMm{r)XoIFrO8+@ z$mIFV?AM{%G&+~byTb^6v#BY1Ow)sK-0yf5(i45qPCttk#NGK+W`1--}UAOp9{2s_^G=c%`--=SFv!;&f;dGJeF3A)9bs; zlETWNy^5BXhE4CqKr%DOw}g?1b>7bfZ+@6=!fZj51e~l1_wnFu9Wff3usI9Y4mYEh zD0?pX+PGQMnVM^?zgaVa!=DQ@G4Ob=YR{iEqy5iw22xBx#K}`*0|}GK`8KV;+&Lb~ zX$@GM?#l~-+X^}}wTX|qN_+AG*qc8@*J+%jZ8tYHi;JVH10=G|#~Szg@LnUD_78T4 zemzGjB%{*Tv4BBl;tU|&Rdw%)H7>{ds2+aS@coZI-9kXT9^1GpzU@SSOrY`+<5%l3 z@W%JUuULIv(=!5XQz8!oWhFOXJp}zlEW1ep)1b#&(RgEpAqk2f%5_)rvN{OYKBlSR zlNKf@QfYn$Yck}X(oYM*Wp$%!@T4LBBAZB?1Q9_lP66qTD0L8HnC=2tZ#Mpikc?6I zbh~oNZaD*~-~6vfj6tj~(X1Zqkcez}k6uQzpt1dVnHl}farC>I%$o$$ zp1Woi-Y`R^6Sv*BqGyKZO?zXxzz{ya$w?0at#O+?f?Mv78jPwgWSxWz?vnGY{tG!0FA?i=rN)=~!Rg)mT|qzf4`87OZk7 zB)gU2Fu6HL_O*kDi{CY*slK`xYeI*X5GhH_CJJZm!WuJ|lc+^FvUCnVVe z6l9j6-l_N#n}stwpXP|E$d(OnvKOdTwD8LUI-lj~3c?{E=sb+b3#VcEv@E^p1ZJ=D zFNej~*_zV*5-DXN<9hLV@f-K&c48ln<wqJl^Lji*;9de?H3^%YLYtE z8uHjYRXuRCXk~>Np%>@@C7aa!+eC# zw;UPja&&79cr@FvP*@tx-=l(E`oq%$Smfh3OpKQa&=zu)S4mxDB%s8Swv)l8rV^S< z4J@+>WQ%5TA7qAD5F$kIN019gG+%I|0gIt>-^XI{>i&j}9qvoB$n^f&T;J?eMveyL zZwj*W9!GT|c6NU40ZwMYMMUa5?ETW$1)4S#&;8^#?=4R!k4SbWHZ5Cu*z=sW4&q$g zRGD1K6aHiupO0it?XiFn$4X}|Kyc=bJM@z)RCrslv)0b6@14vCnqxjS$4PSmQG;=| zP<=X~_-VQpO5h}cQ<(N7b_6IGP&+LD!QSsae^#n zTs(K7ia4irg^K!}bSF}-`^oV4xp!5`mh@gZekv_k&A6dgwoYht%y;1B{9VoM2WoJ# zfR$_04CZY}gi&7V7*jLLM5zo20bD6)CD$;7`@^H_69kLb%{)2WH-cWa)!f@ic!-O} z%llyUT}Z7jvxwsAr@(2%jgt-_1dF{cs?RIMrzpBJ^I6k24iC6!xu60_fP z{%T=yJx51m=UH8G4XsTdhCMusQE9iUU321geTY;}9^EREVWM5!tzFir=qM*PGc?3dy6ax#3>4{d4R8w~Y~GScr$dFF*C+=l##8yIm3zCkEDd zhV$(l)vdMWZLyzID$GC=ImzB7CVUzqF2w=QB#wWzer^->qx=tq zI4UQnYv4i3P-wmynh2ynfim~43i1cW>C;K#B!ji?C^|1HJ%s$&+t4_TU*BG>KKfYk zTLfF{jevTB6y+6g7K}I{G54JjPr<`79Ae2DfV=<~CK+`K8Aji=dN)LsC{iaWgqIj0 zyd3e807?3^&@`^jD1nJ9-nP}HlAxdlu@AT+5zdGzr)6j_I-IP8iG)J?>s4?Iu6!}U3&V5>pm*yZ zFDNO1b^!FTgj>>+FEqrDX+pep=H2z(F8h!3^Oa4`n*1n5(DmkRa>@JH^ZxF|o`ved1x_0Rf0p_2b%e&q|Q)^#>_zZwa)r_Ve8Mtc0zi zQUn!9a!(mkaS9?jVVv;_J&m?8bnei;(=h7_5%hfUydX((VWm&YQ zKUT|rip9ZWj;{oxeljzlZ|QMs760^g&&|2(8npgYzOnv^5q!24?ljYc(^+38d$HN% z_Y8lV$0>3-q-*Zrcfo_PoIRb#?@p6{HQ`?1K6__Do9M+SRE~PwAh1mycJ3M4w2wS- zzGJh>05pqj;~*d5m^Dsi4N#_E(v*tiI@DQFaKt;iL|`GTxUDtOK@#Efply<1_H*bS zg2eS)m$D0xZ?V4I5H!R8=vN2SHBp#G)@+I$)h`5u!cP**@(rk+#!IKAj-&tdCeMbc z7(**sB$*)z6ZtJ)EG_d#>t{GGTxLn6OVxKkiBc*4{$zx7C_b$FD;7MV?V zbjd^}y7qVqYkcZz?JVE}ePihQY(n<>ndNjsB(zF;h@J>i(DZt58-p1CdaH3FVl8)^ z7VxzR-bty}4a4WAY?xFE19B}fruB2!JEI3OJfCgGbVmm_G+x$ejl`_6%t zQj0tB*U0Rv*5WFfW0s9mBdFdngPl1V_0iWUB?;N7;aX*Of9~jM$r_metQHoKP*UPY zom97d;gyj;0BxT!>#B3WF)-7cMsGhKlQ~b-eb-@;QD(XgJBo60w34b`z436gKlUYa z9KCl3(rg`U&9$|ll9zytQMr8q*iyq5`prXF|9}HxB8-<_^nz>OTa=})&6}-{lit%& z+;2f(8s4YXTHyO=iQHyVMtgDCwD?^PN~$fg&p{g#MLp@moU~E;_F9YwlzPw9c#a(- zLqa}!4ns&gaIVJ$)W(ygvVbk*B<%V$;exT}Vmj@q(FY$`^dN^(o}opseNkuuXZQIp z>kxW0pb3Ord!kfH-G{ew2sYqW8ZZ4AQfC*O3|@#@Ze>f`50_2U&=KwMrl~g^*8#(d z4Ils;OU0m2t`mW^FgRKS&#}vFn0D31uBEb}K$#uQRH1i1ESc44T2|>hwF)+k19Hph zyi^va>44sc0^sw}k>8`Kx}UX6AkJuOMS%I*z%_(Cx0PyyeL`6;o~8JwNRyCEK@M&o z&!r#dC6`_)or(ZMVcJ-FV5UP&^bhLK=VgfaN$E-Z^84x1ige*0!c&AKWM^s5YIude z-5|}_xVo;d#5`GI|vTz^~W!tk>z}K=`)$R><>H z+>cwGX`H1^T`&o~k_hl}MIaTW_VDGjZ)+|cu>NJ%tXH{%bA+ZxTaUf3A;%nPqUz^9 z_=~H;QU3Qd`_$1O;&3D%*&OMPT<9k|P*&JLTg8LLvpVl-gI11_+39wzN8hv|-`%@b z_doW{BbcotDsIj5SHD!QG&}kt(SWyBH)0cn=4-;Xx-Z#_i=2fmJ5<^^6cCOp8_ru) zaD4$FTKk8KD2l*K1saee!&GKexZDz)-1vVGPEfmI_K&-vb%0dI-r_Gb;CIN_xyuAN z(j58d(A;y(e7;zsi(Z&}JT>=3aKT)gx8is9xt(SrW!Lx8_vg9$p?EoiqOA;NyZj-{ z?Dyw(sDIQT7zUz72Q%G5e_b{8ajRx5%h&9|MQM~TNhnqT!1=rCzxU|A)05?x`dt+_qvQV53-Kqqt-{h?|!7 zXx;D0U(Zbo^e4sq&K*JBN@h#8s!a})Jhk}3n`QO_oHeDn6*`38o5Zg(rAa09qnilm z-I%>va!c6=ZD2>tF*~$C`B~;mteUR0nl%gSAs(q%;qoLI3B_d#OPViwXS*CLhfsVf z+ky>A%=pg3?t*p6QmlJ{hs4sXswHrJ>mmEV0p_2)2<)x{= zmdeHw?5M?vfkh$obJqBGXa6JthI$4N0{g?ev5Lv$sF~>zNvO#aNokBLCTa9z?ECl8 zb&B~Wm6Uxi;gw&7ZIDUQC+tXrpy^r};!-oE=r>x0N!)M%W_dTriNGRbd(l+gCpFO! z(c-!~MZOw3-{q3aM{;%rE$olggq}Ti2_%|&)@xdfu7)Q=f1^xgL_T76U1c^F6ugz( zk&%$vdzyxRxoVDmpgPjJGk6mPZq|| zZ*X4NX;`uftnY~%wzibQaA&O>(c+O(8dif*HHW1hW6{)V@&f>9T;mJyL55$K>`WEc zL%l{@^-mv!o&b@(86!yNTS`yNkd5WAA8izv12ylk6C8#c_K*Iou4>opv*QF&T?$We z0L_luMtcMAbByx!3@lBpK7cJElze-1xMjic&&7mCqrVM0 z-w#d)91dDQ8}Qg5MvBN~)9BEf?-WGy(SIs4&asoFEF-DPc4;14Uaij`&2!{0`IaL7 zSQZA%XTDH?U>SP`HTad(z%a;&@gXHr!|P>E?~`4|NR7ip-W^_Jq}okCn||O|PMvyj zl~glhyTw|hF+QcXmvwE9p;CYhFH>F^!bJzS6TWn3`-lv{wKfrTobvW&^Kx!K%;s8e zM`rtMKXkL~eoYw6AvZ`vJV|pyt7lM{Lp>Ko>LW48u+kM^nO={~c~W z;V4~KM;yH{MBYNx7@bt>F~X9>l!Ib4-g)+vEi8CuL%W~Q1;hIebd8C_@6|T9bk+fL zDkLPNL_e+P;4y2q24Y_!mD^OX;Km*oEvU<_`-T#~ zeNt2OhdUKC7nf5!7ZsTCX=%grKikAR;$(@yxZkcaJC={kQ|0=M%&V&ctp<+Y-a0b0 z^4|d&T1S)}i|O^Cj=Lj}H#!qXz00rd#qGz;l0lW;c zjoG_`1PC9=L)l(-o>X80|MX0-J>#gRp}%WifL49^jIRS1~t5V?rxI6L{-2QHB?tX4fe<=vZ=l z>5-`Z4B!i|z3t$s{PjH23r?R~v~jn}D1gXA6!@1vA|;Aa6$|V$Dvn(P6D*K!1xzit zxWkuzH;SW7g578iXCA4`M^`jTCIf5B{hA>9_-j)VoZQLfyh$cOxX@Fk+^!k#TSbLs zYXOy;MXa)c;2T?9?Zj#Wuq|TTs{z@QEAN=2<4C%_pE5+sQbuYl0>lMtNxfB83!1@D z(sP~3CNs$nOK-}#SSNcXL@x7n>+|ip;boH?*W4V}X}-Ekm_wTNj7@>QAP(u@I+HA< zpg+N1UQWBN_n#R1(R+(H0;*Hfk%fq20DV#Z__Pp)IP*!1h;fUzwtdA$`3U;2Ql&;i z6Q2jDy0&Hz{RHG zz0>Ar!UjraTd3?5(v)q$k{@{BcNTLs3MHcbv40wy7#32akFWTgERLpT2-?t&LyFW* zSxFJTDz>6ata{=5$%t_2th>ju-?)_D=$^~Ig>7bBYewKGNo&p4)U?((vWM#F75qU* zOjqXoJ*%*(x!L1c8-Ox+3{D(IPm6Py=hVnU<`2s)_3pVtn&RhY!jf|BSkXr@DKY+? z%^ecUXNpVDKvVtXchw-hZ|sYV?pROeXcI$Jt@J0bwCk3UJVS_^ds#}VO36<9M;f*@ z{nEhDO&=P_A~n*Tn>~SJ+Nr^EeN}a>NBX%HmEdp+^Sy-Uy~%}~7w?P^wtCK!c@&e2 z|AfaY!O^}M7WVsyKVRd`q{wJy-{EGTah9l&Q%dG+FK*S@T{wnGcgkXt9xy%PAt$T( zV#P^Q@DapIHX@90e6`|=QILX{-(9aXNf-#Ha@M0RZfr}oykljcqE=X_bV^?*>h`L? z+Twa^EAX55P?;`#$uaHbYxK*pEYHQaT8nb;3mkKRdymu%nc+NZ$er4y;xN~94og56 z4{bVmE|XYh<<|Kz^nUVHEdhuJ=xU2=M8<8sic{Ud*EM;R6!?PHkDB(*I#+&n5%Di0h?yRWKHT6FN7E@-ND4=xQ zSE~9c%O=M~kLD?!h$XZR-{5yD8MhbS(Tvg0&nH3*nA49LLjW|(E;w4E$tP^fr9Cb% zxDpCtACa=*8Hu?0#;y3tTkK$`pZbqyk-y!FxeMu{5rPw|if{noggRF0oAxV(UC;$T zdNyzU_@16j1EByH<880A!4E;r_er2*+ClU^-(+3kwyW7M8&-O>;8)*BBcnC2CaNB& zsxT}xG{@jY2FmyvG=TtZ|1xY*mCB{~GT;<=PY*o)!nN}y&eQq*1HnrL)6;U{0Q!^b z?{pD_kRH__!u<9K4He`_xx=p4?~Keyd#Gybf<)2l;1RwF-JBsYe|ip5jE2~ch7IGh zBS++qz&wD#JGwh-+j1usl2kOh@J7UppZlo69o}I^QH{_+wBFy|{(2&|lu&=->OH)} z3z3w#XdN6iTkVdnwBalC^Xq4Hq9>&>3H)3uNGyOgj;imQd7R~#K<{1Px~T<_q{(3n zHScNPUVq}$O2ic+c>WoeBQ~#|$kSsHHurL$hR>Z}F>% z%!=vOd{i>5^*NV@c5((1?Lfk_Y;ziS@0=~M=c=We{$&# z^Zb-K=-RPo$VZ$wMg^}PJXlIe2^A$O*AObZbO|L8YL3+os3H~@cqose=g$9{vv06K@0O_)9h1AkN#g7(K4 z0EJ9Hi6*l{*%bC7Go8+6CE1{~!Ab?iX@YpicQV{or|S2|tNLx!-_C9p=eAJ6#m+r- z6@%EL>ZKLu0^z8xkuPtJs|Pxh>y9uY*r2GCo!r*$9WnWa%)rF&uV0|~pA|LqNXGog z%V~v!3>^p1)YpsQq%ycR06!X}W6g>6E+`V>qB-fZBlNJMhJ@Qw`9_oEXg{zzR#{jL zrM{!fo=@XVnJCheZ3c&7Vd;{{daIMtWRFdZRy;q?cC@{=i=t|uoShSiPd&TO_M~0y zdd&(QJrTLjI$Y_3*7piOe2wEz7o8L9Zl>aWzC3Bk8hO!l@DSwAYI9mxZ#RZfVE1Yf zY;_7CXW5zU<2l6>`5URhz&}p&HNGR9Tf_K@Fi@S~SKy32{hg%`^E(JVfELuvZratY zyXA9>ntYSqMQrz-D2HD<1<*ZLVqnGP#{mf@M}9&`I2hi6Vv@ijPqJPng*Gk`KYdB5 zE7P)@PROXrDH(={pYqJ%qF$MdyLRwauP-fbebHN;S!4TtkEMFay9@ezb=tMztZGnP zNC|9OCNhZ(HjW`EdyhRZ56*oG1q)idOx5cve78WPRH#e6F%n4QVGLD29pzEc)9s3t zYpHoCi3VSkTZ~+c2ek8){cSNp{xUt}$jjv(hXy*%AgCx)1TD+6P<3fx!b8Xf;d0Q$ z8pw)NgI~Ch1i>HWzHy}jnD6gkA^lvrh+ANKPEVn&g z4MDg+w(bo37{Lpn86w-CE!R+<@1g-T?4evAlN6bcuAC3HRerq}ZX6OVu!=&Of9*c> z4gsWhmSXab(beHBNSf7X>RSC>$e2iI##bY$TZo2*@BrM7fsc++wJiCo#e_Re*K5h=%=Bm7)sdZ_2Gf3D0LERd zOsFEpUX5LC$*k?-uK{Mr(O@;0!7qC<_8W)$gDtVm63v_Q)9eWfwCIL-P(IdtwqF?p zYx7blK*RLYCqlsrZk>;B-{K);F?>zjJoD9dd@B0(@trCwz^!YO_gcO-o|d<9pYnK- zIKytYVHk3@1rNQFIEu;nYIS_+uf1kaaH?ML{fxu|-(kr?pffeB{W%^zi=|ZS`!G6I zqd71j$cj*FUV*>#1I-0Hy;E0lwmD9#f_kG#WUG-tt$|e(6#W~tUyo$*h-F5r>>W6m z1h(Q{k_Se~y2HXALG_}L@mhW}=a=cIw@h-@tCdn-{5s1J0r<1+jV$*Eh}VwaWM`Z& zrwA8LF7A}Fwuj$X^+hf`tT5Z1;D7J|m zq^}-c&QDh<{cbRx{E64q%hQDP^vkJgpm6}@UukTttL=y$Q@PF<%|dWTo{BQwZ&n%wknYuV z!cD_1jo=fW(^``aSHksEtYbllG%ru);&X{(n~v(`@5mlpQ79R%z*|)dkOi4|na|b% z(Ft%^rPpGtML{pDZY)}tnv%Iy*ETea*iQ$|k{#y8<=4>WH$VL&#s~a;+K(Rj+<3Jc z+BSrKwYG}vIF?>hMqBMUQY$?JvFRTNk{crrA?;2z7jKS!s5d@ugfT<@)&Ma*twaV9 zH@0P+u2ZLPzyohfsXIgI{j-s{v|41W8I9}r00_F?t_w)0L+seo(?49Oy0`+h(9s&` zKV#=!GdE->)jWR05Y{tN+%S~QfOoYiRj7i-o=n(5D(526!($oF3{}T|_EY`6Uq{{Y z2@yCnjH?w}Ved6YNEMRoF;+}m$K3_$P<*5gVX`Ii&FD^Tq^9#pR|*etbLpR>B)%un zsnCSXjTYI}@K;Wj^7VZ=_6tnV?vIR|#RQ`0Zq} ze6=u1i_?BBaQ{(GhMjDH0F>oOks3x9O~MNUYM*&u67cq&e?6MEHX zN+tud)Ylytp4|WVxF+ytvdr6>_YiEN87)PQ#UVpEZ|ypgcEb7!D6djhil3kn4I*q1#Re4SsAqz+@`SfKV8+-EQNP~l-FuH!34S25iuft_osPEi zPqr|iOT0*Kgi0>?W zO9Trs&qhcFN~fEjala>-s2O`IHCUtAGn|kQUbrZ`ZVZ^eXfG{Y%g$^cY8qX)al_@e zmYK*4ajpRe|B>GHL*N?t|H}I6ur`{gU!=uaf;+*BLvaf(#c6>;@e+boaDqD&C=j5y zTPf~NfdT=7Tan;yC3taYZ~A`U{pa3il704>**SA|cjo-g*_m_3%wZEKOL0EA64Z(H zhxP5&yu$-8wZ?(#&Gajbg}Qd@E|?1iB<=>>s>Zvq>w@dtO^2zh#YwXX93Y^A=CQ0; zw=IztwkYxbeM9B%YUYRqbymI7l_U;3c&hLQC(#`JrNsoZ7uNH7c^zujX?4C9HZ~p! zG_J$8K1K%i%J$%#3$N7X#<^P8U~d2-W_=1Ro-a;Z7sMsEMf0rr$`4Oq`2%wCO@4T} z3Vr*QB3oqQO~3Ypwg&zjgsf{9-~~MfU3*1fZ!qC`=9M*$qPq4X5kM&ry;aM`^F9e| zCOorOWGHIFvTog$G;f+fCt=sDU3hN`cHB<{r~!-L!-54$UbZwf&m(qC{E@N1?d2Vq zsFt<-6tIVi+U4aVI{Tf~cMxkbTbYRzB)RNQ^Il${jFSJsP6{2tlIt1bg$d6FgnM&5 zoVg*o$TJO9*Q3*?*J2>v)Rr}`MdFQ|zH_Jc`%icwwo_AXyjYAYEfF>C?yMzJq^PxV zW3!p1mYQYrzyiJF;lW_bB?Y;HaY0tio?8w9xU%D~7Tlp) zCw5%s_opw&Lr7Qbg1cB}grl=JP|lViEyQ#N#lcw7OQu>m)*qti;`Sj$n8pCb&FmL) zb>82emCw*4yaE<&QUn;t68Q{k#;Ap~bcw0xoc$#VhI5-M*87{Rm-4m8iBU!;gYSfn zB8P{y_l(&$02LBpsELYkWPQU8P_+os3&ToQ`BGNqT$x_kG;7OUWz`G&FrWW`H5#)W z0gNH6`j{~$x$AKfTXm9GvwRY}SvO5g2E#EW~Xc^rPZ@>y~ zPGc2>C;#A5mwT2~w>B}AEy!xkepvi_8$+eYN=vy}mh4=k5$o3nTPxMzU+u3akw|_~ zOi;x(LYgWPC|L)=J^bisgugff8{zBsUTHF^tXCOZSZZ*KZQZ@mG0AlSynAfK|94gU z*eeh@8U4b-cAUZz_fDePLz84cBC7)bkr;{sW;jv* zS9iM~uuk{l9|LNVwV@6xa_n{pNOAao&A37k*r1Z6|IX`dRSo}R;(u8Ce;A4c{>%Q4 zAe8tY8|e1XjCDYuMnI=bVDoL$%GDgm^r&riZZ59+%E`um=b^I`SiLhQIve=$%~gJK zXDP;9V?b#6F$XmMj~z0&6I=v@-bD&Kq3z82@aBV1F23Tw-!Ln0|K>MtWtyhU{N2mF zI%(Yg1{M~PI$x;_<-j}Mocvs}azqZ0x80vY$wQ|e~jVFi!E{RvP zt^D%4W^+Pa!cis>I}nWQ7ME5HbX-h|826Tw1Ks-HKRo0>Tn!6jV||7+2tl+V z`!cASW+LM`-)!tw5)P3=>>qt0TuA1MMr3y`-HSuH!1t7(x-gZPZ#d64%HaIPVzo>Q zhao1@E<^mJi=T*$#WoeIN_OsQt#)4z=e_S8!$BrI3;ru*C}@z}6M5CZ+lWyP=&jQ+ z^>%l|{iE}nMX*r-r1$uQbrb8*VX#g6^{ z?+h>0$joXBwe~oT6V({sn3qmoFBvJX@`j=)cUGiC#5wYa{0VVJiUM4~j#CncITc8N zuND(h#0j|cDU+zd-L(lN7HlXCX_@~jPfv!Dun`ZTcR)rc)~g{XlzQ}+~;J4HBb zigTj7{N30@E&gVRKV6$u*NOD8l;>L8a2ZTTtC~Z5R_{?u(U!K@S$l$qB5PNZ&7OdC z*By1CR88*iQH3$u9O6Cw;zm!*Af+1n zeNxUVr+)9(pVCGGD7`cEdYtfX9ZA%JUf6#A+Wh&qU+%ccEFyZ5aQ>!7RNkC*M9qW< zUW;y}G+c#s853W5vb0WVaufrEes+>;pxQ%eqmuhPk|(sKX*CkW)T{*D4<+l{#tnMd zp`x!B8!Fr0X*Bj=BMvXzKeue8|30e9e={HaoF-YsBXU$1|jjjZU;Nk*+S1$cM zY_0~rv+?-Wq2*W5aql}LKei(#VDcMw-i|V|7Lg4U7W9?3)$IzreWYH-OXf~JCHL{C zAVre7xUQ2|_S>8)%dyPRAdYP65MT(f^40O$_@A2%WZ=szd%dxZu_}rD`>rh&Epy>$ zA@-)7lj|`Gid< z+fn!+lUR;k@P-PH3xpd z@&muZGE#)_1^S2>k=8QuN3M;OG+w}NS`RKi?gRyU=P30 z#@MrP95DJCvr4k3IPnqa5y&JM2&yBp!_75Mh?N45PhnmKJpJ;~Yg6eXBycoCAM~b_ zi?I9Ik5x=m+hj+>gNFZwV!uY{`rra(1mF8oKA$1KxqOmo21odM5jhQ`0My+qS&IKt z>4d*(&F1FeG!t@5jInKDt`6ml&C+O)2mV6wR)lpFvo5=CQ_+kzE}}I4=t*(WZI4s8Um6-Pe5&70Sm7o6gWU0TTjYIgWZ_E9|v0WO-}?*L?# z=M&oNoaUKPFNb0KB8n$-KWmAVYKOnL3&&1*N`hWkm3W3U_UdS8;`MQfQ4$wwFlLaV zkh2r+sc+z@!{}$uyNAjj$Tw?6KELhGJ_X0z-ExAgI7!@0AA`aUsi05as$5kSG#yOLS& z7rpaC<#6iJFNRNzn^8A6-Xa?FlWx8Nf5Lunun0%Pfnym0<0(6)2gWkE?p(GfTKAw2Kq17%xO74pl%xcefujF?Z zNN778lxSIs@f7d)q5Ltn&f&UcOr~ z890~V*)R2CvQNjIU~^G3*o5oj0|wN+QF9c6$P@*@8k?&Ce*A|?rg%&-$PC;)| zG(<;3d3aW%?HyI1YW2cXC>M3wmw=qs5GM6>n$FC2wRyo1oL$w8=BmOY)7^=@X<#m? zTf_HyO!q%0l}O%8qzk7kNG|m=Akq zA8fn%DR6lBN7dm|n&>!l+mTA#%)qafMt)6gCaVw%6tHi2=qibRZ(WJ}E25lA(X#>F zJ;aN)2#uPUlO(v*cfatms(aQivALLhq5L8emGEt2ugwy1gmT5|F*%zLMtmavbr>Xq zlVA9dr}nB27n#t1{f=e5@#quKvkDWm@H~rJ=ecM!@O?Fxl*RMvLlHaU7{lw#SSAb! zsy`jKRV1LC zrKw^=ro5g$DU+Dp-5C;bNspE-;Pt-!yv}x3K>`|blsdojboAd$wdjWV_W@3QQ)cTc z=LHvK#*i*&e;OxuYBn!uA&7;{?MBhJp7*Cgf6t$$=~~1k4byGgOV;T|rSRmjXi#Xx z$L=Mb6-t^6Unl72FG<*WBN~Q&Qmhc)6_LN@{eh3}u6T?3(4|<-ETBx(b8)svWfCPl#zFxE4z>Mp1UbCj1l3lSHa0&Z*E04qI}|1|eJ8rXqrczoWTAs7I3 zqZ8P75VrO3gmsVqfmH9~;P@aQBMXC_L8i(MK|jNg%;%xXPB!@3P`s=S!U^O}YR^k1 zB^j;k2Y~M~fu~+reZ_l=3e$h~k&~Wcq}~A3z;9Wu8`QunN0A92O%=$i13m}bcIA`f zF5iCF0Xa7wZAu>ghdn))O)J5IqsES~+%%oH2e?LObxcDtioRFCBam!sl)a-U)Q_uT zyMhZv{G*$y2{C?bPc`ex{?7xMF=v&T<>F;GEK(qWNx8 zyShBOUGSSoQMTs=zo+y9DiW6l#J~uM24<{R8jQ{mK?n4j3FAyb*`J!~Rb4-8YuO{m zi7NKOfi}UiKE%2MZl)pen~&HRA;U0{R-dXS9=z{c!uW#;wupOh7J8lBemqiFFyO&7 zpw}bzO$N+-*L$bPL%TUNbdG$=WYSCf*?2>E7+yv{F&me1@iMGTP|Kj4_OMXNAr~BE zvMZ`S>t*qiyXgsd_qC{1sgA`pH?W*G;Y%M)_yVTk?;e2QXq3#2y7bE%-8DSWmwk61 zyO?=h0gSp~mr@ct#P2%!V}xdUT2o7H1?dwP`3HUSnN`K*?(<7 zT00RIF{xU4Ucr!WFzu5G%!qsSh^xKo=e?R9SECj-n_HP?+pjO~7IopYbwjR{$#cIy zAL%81R(x5ISsP_-`EoNDC{w$c_NV8IDpBbRJu}u9y_{eK?URQ-_m8St{camC^q4pY zKesl-(~?1_!|Z*YB2Ramqw269GZIAs%g_s~Tk`DNEVj2_$b?yiZWL5C?eJtMT9IZa z1TpoT*i$}v9kZZb4&)iknEqMTK}Nf5Bjuzq7e(q<{nafRi(h4z1|6YWG!z!hj%KMgZ8}QpH{axj+gS#E;INT%;5?Y7 z3lRN2*R65KHKWvNn&XOYkyxM;-Kn)wVW+TvJv9aM6WXe-4arY34&D zGW>4-_`_d0_Z?c$z8X8L*8ERq3c8>KE(w(suA+lyH2x!vcvJ^RipT8mzOk1_O*}vT z*R~}htQNi`{$YQA^LqUvZ^u5c_1^sPf2^^82JUo%e;*>?RH5Jq_nUDLjUPT*6sPe* zsqa3~sQhHaF*pu-;0ppSBWuY#EF%JVT90J?T&}BSZd1pb^x7ZR6p#r+f`bK*6M$4i zwjZf-7gUxMDD!PrHOXUF5&lIp>5!(GX#Z>Jlxixi~x@W0FN%?ow_YmN5)`p7<&7J?19fwOzj?w(4>@X zq{0Vi0`ix**bkFEanMG$<%vJ_tY^^EV4$7XcofiG;VcWH_~&%P97rbl^9SZJ)-kVC z86>0X_k_poF=F$+`uC5&UdCj?*AUwa2k(tV3v#LDQQIg;de-kYJNlR1=;z0Aqyz&w(s z1gy(fQAg)kXW2RDu=ZR{k5<=P{hGa!}3s-jp`u=vfOR7(V^ibC##cex7fVV~C zZj~257s>q9TyRfk*`Q?5-czi(_JCiz+w$ksPOf3k?71o7Ts@)MSkef7PHQJYOJ zL$Bpxt>L_r&iWSQCnk8i#Am6znIwTjWx+lfwhy~_mB@MUp3$gsqv2=4SgaKqyA|VIxciU*X_wG5#$&`XVP0CoUHF2{w~;I-#otNlAMQ4Z8Q<1YE$g zrYR%*X!VvRt#K7^^!>I*U^NCp7v3kd;E2cxfQ}&anzB;i)2+rdNE=D=jZB0q>m3AF zafzKDjU6Mm-}ZgK?8Y};u!AaWUq&g};liyEADYL$GRMiwXPl*`6y|Ke-pYNSUIg7* zO@of`1Y}!}9BpPr+I>_*f%60X)0!h51I8LTJ(K&GJ~V57xJSg7>}Q>knY9oy)mH7} zgi;H%dM_Q_u%i39V%MKxdI*+0P@e38O`Y^8Wj@zgL{^*Wlx#)jOne?Js(RUCl{W}` z?8GfypGpIS-fKNZVos?-2gIODX2f4UOs4ir4-ZlqUgc?vGn&C+pq`)9xV<_TFycWK z=|%4>HpxC$yyssEfxXD!9FmTPqMS%e6sQ1|M_Vfz3XG0zQDPfJ(3HE&o{NsKTygb3 z8|V3bi?OMn2vkPAgIS^YfC8~|VL*_D84@vE2!}DEwLqDgP0-xe+@y$(&dvAuZp%W! zr8~a_Hx|K*CPL!7O{L>iA|i@9(3YA+9l}PRxm15aUjN2~ilB(0lwV!eQL%H!J^i=^Jg+;f8(@9n0HU+P@yd~ZYRvV z$F5J?MwLy*tT?9Br_C%KFk0fN55|4-K78Qsx?0$!=3R{&lWeM9T@3;{R%bbYwyNAi&33= z?ENsOL}2d3whJOr{ZjhL&&K)gm(Qzm0`nben?i?x9rmJe0M*qCoytx787Ywe`-5#} z_HdofInIM3&33zQgfglt#V>rh4%)vnlc^?rc$)A1m*3>VY`3duH^K&Ydbf{&|83Eo zY;CBF>ae>%^rQ?G(bY=j_u84Hu`y+N^+RmuffTexsp5ThXQLN&c*cVIc)?OvUvvjY zh4)m#>iaq+kGjp;AeMJei@LrCTi#0H@~2Yw11|KSC5x<3xl19afWIgTnas)w$lSff z7j=G4-9i8|8SS(!zHxxs-*k38&NXktc1j7jjfjPZz4PN6-r5~D_4KGwwM7IR<V(R z^S2{+5&idRPm098MRrB3Q})LSEli3oHJCZ5KKOCP_P`!^OSs7O@wgumZ?NOnbMjV> z3^R?gIt=a++_4Q(jd2bS@Qr9|;41)P@>@2N$?S)Wnnso#jG@|7Es!3L!F{}pq$Y}a z1fA?xiiY^dgE8t&KQYzP9o0iWC^4;HFpIDsdVH*K40xO3=4h3WQg0eLme}c%i|p=o zPxQeBx~$QBsn1$B35I39`>tFQTw^Hrp^0Q_@luS?tbDF4Ot|G$_aVHELQmv2G0AU+ z*I~`JR4Ffr=)C21saQhQHc|Oue)j-|2EQe4`{#0Q4J=nBcQHIy(s;F^^Ce}( zxoX*^5Q9)@)+r7c-GUW4c4tocMsd?_H}2&lA*MzW^H~3y0xuRXg^q zaK|H=;-i(tm?7!MJhdLIlf>I^@QN(siXSJMEnJp9$}wgLeK-EmGB?JB1EfXwJu|Iy zu#}VYRUF+Fza7}BjRYjNjk`w*%~}H%t|*um7=n7157-Hp(H6);V;hN*2rdJ`9N`n7 zz9=3@xvnIeJhrJjnV{;*l-${_!3XiB8_-Z5RO5#Ul5VIYctjzH$I=6%22KweIcmcUAh-n>9_#~&r z24#7hfvjaF;*uJB+6xr1%v)D3{#BB(fRaE#5cq@&^xT`$Ko?Psc#ZU$LNgLgLi%qm zTD8ixbw4L>t2f0Kw|Q!@^JB_0p@cO`VFqs9&j)<1F~$=DpVEW^|KxQfIE+W_-?Lm@2!!3n{k!y-c zOGJD7c225viuX|$kR+sGB|%@0=10)&ykJ%PnjX6VC;o?KU89Q@HCNJb34F7*_S)~s z4Iut2>Ld7ZDGWG*3%U}_Bqy^Qhd>$wZGKU7g%9$LQ75Qi!#Z0l&cS8pxH&kfJs%- zNJ+b~I+P{uOAe9MtngyCVzm?EBn6~A4k$i#i>&&?Ifc~AHe8!#l3eUpS2)Pv9ktIJ z!j1*Pw_43=?vwbFjI6Rx)_(N?p;u*EyXxY+oFFkawTGusrr-!kC+cU%SBMy(*4uA} zx9Su=%`k)ap*+zbY;>IM_YEaKYtHkkGP6T&W-24490>~_u#Lxy8yQ;NpI#m@utI#7 zU7n{?lK^-8JWF&=;P=YCU`NUKrUC7Ne8)>lo)Okm2hEA~Y3H9vItaA|paRSKQ1@h~ zFY;FGPQMBkr{DW~`fQ6n{0yM`7*VhIgi3A>EVvQ!Hu^=nc#PuKc;r8TtKa;pUWczM zZt%mhu;8d2-@qvrBgFORdd1X0U=y6h@$@Y|sKOhr7DMhcjO=zlo)>hpd!bc0O805P zMa>#z*>;8gi=*Ucm*n;yUZP1xp{bUkyhwd|&|(l>g8~}Eh87{FcDRV&Jb{dS5L~pu z^8f!JxaeGT_P_Kq)fQnb)OK%s!uID?l|SO4v5;ykdnM6E=GeaRm#1_)WeOpm%Zhnn z_J~i``{tHf6e&XG;e6>g%HzJ6Oi79`muk2fn(X*ba)ko@FkTxEKF#TSX0}#l^8W1p zW_jWk8BBDX0@OVKKFRtYbc2|#^-oJQW370@4F=j=`j~Cd#(J7tETs! z4D-GQxBHA@fWm%mN5X;ei2d)k3as^;OwO68yz@`_o5xNkvL?S%BZwIPQ06lR*fsuz zzVmyyio+2NxQVMzjH)fn1(q6|F=x?5P*lpV)(XS`IUZ1Zeq2y`YXzhA4FZL5jGmO* zce2B$dc2rS&m_1Ua18m?T~D73(TcO9+KNgrf{h(DPZg6isfSZqIS9`>GoL7zhG)@j zE=?7%{D4u*ex+_sf4m>Q?jlGPMDdf)f%7Cop5;1Y)3!)!uK(91{QxobCgo4b0UfvB zz$c}q5cEi-rt)F42wbU2U%i*Thr=1aqli}@hS5=F?Hb0k!u-4tSVaA>{Kl!#ZS4Jd z%Z@_jU99rth^*D?lIr=XV_M)QCCHM$lwe77P5Q(O&Vfd>b1qoKH4=iP-)tI{+x}wF znPlNcv{j4kA%u12s%OyZfX8MxXZddMIdVsqxsh%3rzQAp#siP+|$#6G|XZ%i!T@82sdH@KOv zVt`N-9@m=N{0!*2V6>O-Z1&c{ywXB{DcJ6Sx zQ#dBJFnq0>;f#L{OKWfEnT?bp8KL-kAIr#qz_3eq`?@~94z=j3{6n#pQI|wpsJ+-H z+RT95IK60@?}sd)-<@FAYMi;b?eZPoA2eMg!-;Z*cSJe&vP)GT+5^k3-ro}OcnLtW z#$no|NfBYg{XlV@X*$ZjoHh^tM!jqxeJZ~~cMg!G(3+Om5~m&#x|sqFsbigB`DQCC z$txuYVzCak#bVc~4c#>3LW&^4Erb$-zFE7L%VwFtPbLH3TOwM~@hgwfFL7mW>7kev z)Cu&;?*n2JF|2vA7H_~ZO_tVeTyP-~K#-WF5iGjsd=uu0P^mKe3j@un_Z(YU(z|}Y zz%w{}YuZuR2XlC~PmMb#DXD2;#GB;0)UrjewImdI>Mrl15B+M1OeTHO<}JJFf*+uF zJiz0&AJk<$FIZZkGv?66#3rz`61tv7rnJFOK_2oEO8xHHrpcED)JYUsLZ?;%4{GA} zQ-_J_UbzmRG=GKXNTLrSw2|Y7lHD&L*znjAwbuo>;-i0Uw*_!fE$sJ4{9t}w=|Slc zu?WYGeD`-@*4P9UDS`Pl_WT!6$eX%Hk+$DiN02*|k&(|W32275s7UOwIg45_F=C$&C3}7g4bWK|LB!A`P z7j#@#1ViJEQ)wGlHJ#&vfRTePz1V;ra2g1P{rZ;(FNSk)U)l z>$eVT$J9mZqx28P1JD375>RtLQZ;e5zV3$1gfS9VrG>u^yTgLf&-FJ-X(lmy zXnt}#v0(6biT%8rQB}l8Siqvk_%-*BvPu+bj40;JsogRUKu)Y+!G(7DT30W_{9xp~ANe%~K zd%vE|c=|0v(DZqmbg<&pRON90TKNv8{|*E4b1^Mwd4*jUEIZGXeLOPng(V0%MTr1z zUfw%)(%;b4WJZ*7`llzK{CHmJR~7B=08KhGheWK1$I$s*j1KEOfNJjDolnw6@z`Z7 zRb>S{Qh>)Z1pA4O2pD8|J;23V@CV&bRg@$s-|B{n1H&p%io^h~`!QtS;L z-ziUOfi*JnJf5EPv9>J=Qkx9Gxw&nKx#dS{1gAZd_ro?2l;uynAN%JLY5n$$2AZr2 z(1y7Gl8l_FHlFVO%7Jo@EF8!IMg~F>hsa-!-peFo+5RxBJUUb90W=!%SFc~q{7TT! zsXUz4NtU~8U$#VuDeABFp`5$<^qb!bjsHklKnU;;7m^aF7V1%+TjF8k5U6+6DhNCu zj*g!h)zt9IVW+ilAj`Mmlu+wt%N6wF?xtCWa4taUc-JKzZ6j@*rdERhkON-ySb@cNUBsyu2NJ4|K@j{u?0|bS8o8o5YQXx!skNJ(JBZIn zB8z$UYU8bhEJd4H$BLl#e6ScfvF$iGBI30nW+4lJSxdu@^yRN2w)p+HakZL)Oy4u6 zk5^!*mt}&Nu}c?yr?djxPMToDoS@@X-k~8)A3=97V6^`g;&Hru0VM#{go`p_q`%j{ z4spd@T1>dKnq>(9=J%eOl4X65pe4W)t$BL#HO@I^E==*S~(Q z4aHB)K1D+x^dI=4u`CQ9f(T3kqVhxjA>xM|;2ob4!9cDtucykTso>2Ql;!vQ`|>Nh z`9Qt(*z?60jP=ipjpwmoV_ah&raoa((P*+Jbf zEc+er&UY#t0Xv)RdBehKL5~z((t}#)G#cr$ppBmfV*8P&AHKeK2cZU{P_-B_`=lUx z4e0b<@Ph8sA+V2V5aQ2ge@`72sAc9sWTAaxpXk0i1d-NfMI$_swQtlfM+rSBYEJC>_J!!D^9qN|HD=}T#n5xJBQDF{D{O(Bf00CtITgvFmHCQ z_)OBreh7!-5=uvU~k-$=E@IFrj*qGtqK=@~r0U zgG-LR)g`s1{k+~(hc-kARXwC;SiI-LzOC(rk90kWsmqvJ+BtjQaZp4#y^k|Ph=^AW zOK9=>Oq7!R>oSPg-bUI6m-U%G$a$Z=5f3=agrTNc3xTmJ|B79? zl#^yRtxBsSodiV4unavMP^8eU?sh+pikC^pYqX?Gzv&EP?j7Ua4uyolWvhZ~;6FF7 z-us)ql#t$IHb`SXWp4??pW(X$dNnY7q8)*KNUMSwB)SB2(}N;(L~Ze3Nzw~2o_9rI zVrw1>5Slud&u~}ovP{VJz z2d|K(+8#3u6Ro;YE8MLs-8~y>i0wyQmtc!-fVwI_|F^jOVp<0zF9bKyycgih(7Kx; zcHn7mCv!SK!9es3&Y3RVx{g4dgg5@Qjti%gkjgjsV=1uWbYgbN4nK~p#SZ#x>%}h! zQkJxNHx1WA2m1jV!2N~*kWWi$de3Xlxzd0v>3M?@H#|tppauNr1E}~>TKxfE`rWm< zGiuP5Rfj2|$*+GeM+4d=G^4v`hB&5nz*spFkW{;YL7&FZfN zxySzJE2u=i`Qg^M%Jg!h!#jVRLC=<~$>dD6Y z%AuE$0Zfi;0sCovCtf=mXTHdsxZM3oovW)C>#3%lybemWGUE}sJcxNV?;9I034I5D zAkSv7Jcs|BWYAkhY}da1;GlIUYNPB#)7JyH5HF+ert`Hb_%Lq6FYj#0wq*J!x+Y!y z!F^}2$*Sx-INrq*=xE@{pc|Z^pLd?_cR2H0WjJ9*d*FAMRFf7ehw{P*#_9m=xLbN3 zFXNV`o$6{*a*MRg%tEJ}zoc}V=^Y^xak}w0V6W<_TPe~sVm6DXc-KX>ta{R1zpvQ; z2FR_j;hmdKd;j?nIG>Xf$Ou}vBj-`?TdS~zB=6^8i4*#FX47SDOh$hX2Tr-cgKU(b zW|RIuz@F)CjV`IT#>Li%oVYg$uI}#xOij;6e?AI7VJeHPVKqc@hOvVz*2FXIa1}|Q zSpcqi5_^q5c|#fG7FjtTmI{0??*B&CDv^|au)D7NG0YwT{O$O0BCr0SezQ$;*Hz|) zKC-^$ih-}C#u7J#zG_%|rPaMin`+@@JsS!7G~{7?qc@ z&Z7wyhSQGogF2Fy#UtUY{5OQBd#Jm9AC zvx(=wUzq1avFEP_?O;prJNSg)+&-=del@v7qQ_%?SHSe~mv~U-rve;ypUg1)(0dAj z&aiLs8)u*X{C}Rfl zPH*FDj1HCv@jVY_TUF+%&VYs6TTvJzDmCWwf$Mm-Zq25t^w&G8)3jWpubf7iKt%M; z&b#3^wX8hTY7k1W6~-pB@NXqm&LoxcFc%S;p2p1<5fOgg0v+(i;3F5!N9z%%{b|GJ zY}5Ag(ZEOY#wD97yArjFeo+>|?uQ+E?IDCQSDwm*emo*LC%A)e74Y0~$Whk<_h@^5 zP%a9Xu>0xb2*6!c^^YAL7`O8WfKWHiX2`?EU<7MrwB?8l8qaBmFKnd|LFs;FXKUsJ z5ggVF1HLUZxPjq@`>F?>l@aH?sT2a)kJRBZYFs7v$<_vpfmbqD+e3hf=OGg$CZRx4 z73DG#Zs^+(igGJTv`%EL;Sx>Wu8dUpbjNZ!_4MH!XK82raxAYgis>o5R3%NH2V38n zoG99$EhN>D_-m?VX&zXm!xN4&T?_u%Yc&%!&uT=O# z^c0AFPN=T2?`>_x=a;`ags3b?9NV-BgX-&x&bP9i*!AH8B}C6`$g}xx!dCYR&B#bh zC=@1dqO03hhA&i7kM@ej_>5B5J#)qtSk3x5GE~Wd zMFwGC6{_Vv-hm;%{E9C2yJ`*geVC@OI`k`FMBG{#K)FPZ>{077Ow1Njo#OBJv~?t|GmJL;{`#28FVw^aZE-O|F&ISpf})qKvcc$EMXcJ*qlIy&Rw@ z543|v6O>YpDft=i9byDiA<7FeJwTss(neLsTE0t2?eZbJug(XdK}WPhijFX!BnGPU zE?=^WfcO|#;*Pu`565^>$9w7^mMAEM4{Z@6$FLS>wr?Ep3PPn@>!zt`(h26l zyCnd|g%2BD#RM{bh*oQu)1;7m=-}|LHluA~6lc#pW{_oF9WT=(YnB`#R#J#6nUME& z!N^EB?iaYU4DKaFQ_lXw5)&X;?+5dLb sPD=W}$7wkm#N!*^q%WxJ)!(><9|~9#u!LWuH@U}9SJ6?fQnU>DKec!Fp8x;= From a1028d604c6e64e0e84bed5a34dcc261a498eb6d Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 1 Oct 2025 14:08:37 +0200 Subject: [PATCH 134/307] Guards: Improve performance for uniqueValue. --- shared/controlflow/codeql/controlflow/Guards.qll | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/shared/controlflow/codeql/controlflow/Guards.qll b/shared/controlflow/codeql/controlflow/Guards.qll index 668fb60655c9..e9f48152cab1 100644 --- a/shared/controlflow/codeql/controlflow/Guards.qll +++ b/shared/controlflow/codeql/controlflow/Guards.qll @@ -692,6 +692,9 @@ module Make< * Holds if `e` equals `k` and may be assigned to `v`. The boolean * `fromBackEdge` indicates whether the flow from `e` to `v` goes through a * back edge. + * + * This predicate is restricted to cases where all such possible values are + * constants, which means that the `GuardValue`s are singleton values. */ private predicate possibleValue(SsaDefinition v, boolean fromBackEdge, Expr e, GuardValue k) { not hasPossibleUnknownValue(v) and @@ -711,9 +714,10 @@ module Make< private predicate uniqueValue(SsaDefinition v, Expr e, GuardValue k) { possibleValue(v, false, e, k) and not possibleValue(v, true, e, k) and - forex(Expr other, GuardValue otherval | possibleValue(v, _, other, otherval) and other != e | - disjointValues(otherval, k) - ) + // there's only one expression with the value `k` + 1 = strictcount(Expr e0 | possibleValue(v, _, e0, k)) and + // and `v` has at least two possible values + 2 <= strictcount(GuardValue k0 | possibleValue(v, _, _, k0)) } /** From dd3debc2d58f0614c2354d1bc64344e22e2f92c0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 1 Oct 2025 14:40:11 +0200 Subject: [PATCH 135/307] Address review comments --- .../hello-workspace/exe/src/main.rs | 3 +++ .../hello-workspace/functions.expected | 2 +- .../hello-workspace/lib/src/a_module/mod.rs | 2 +- .../hello-workspace/lib/src/lib.rs | 9 ++++++- .../hello-workspace/path-resolution.expected | 4 +++ .../hello-workspace/path-resolution.ql | 9 +++++++ .../hello-workspace/summary.cargo.expected | 8 +++--- .../summary.rust-project.expected | 8 +++--- .../codeql/rust/internal/PathResolution.qll | 26 +++++++++---------- 9 files changed, 46 insertions(+), 25 deletions(-) diff --git a/rust/ql/integration-tests/hello-workspace/exe/src/main.rs b/rust/ql/integration-tests/hello-workspace/exe/src/main.rs index ea26a90c3192..5bb9375719ea 100644 --- a/rust/ql/integration-tests/hello-workspace/exe/src/main.rs +++ b/rust/ql/integration-tests/hello-workspace/exe/src/main.rs @@ -1,7 +1,10 @@ use lib::a_module::hello; // $ item=HELLO +use lib::my_macro2; // $ item=my_macro2 + mod a_module; fn main() { + my_macro2!(); // $ item=my_macro2 hello(); // $ item=HELLO } diff --git a/rust/ql/integration-tests/hello-workspace/functions.expected b/rust/ql/integration-tests/hello-workspace/functions.expected index b30ae9be4742..6d8aa73cd833 100644 --- a/rust/ql/integration-tests/hello-workspace/functions.expected +++ b/rust/ql/integration-tests/hello-workspace/functions.expected @@ -1,2 +1,2 @@ -| exe/src/main.rs:5:1:7:1 | fn main | +| exe/src/main.rs:7:1:10:1 | fn main | | lib/src/a_module/mod.rs:1:1:4:1 | fn hello | diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs index d437e89e9bea..04076c6cd29b 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/a_module/mod.rs @@ -1,4 +1,4 @@ pub fn hello() { - my_macro!(); // $ item=my_macro + my_macro2!(); // $ item=my_macro2 println!("Hello, world!"); // $ item=println } // HELLO diff --git a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs index 8c385ab5a949..f313f76edadd 100644 --- a/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs +++ b/rust/ql/integration-tests/hello-workspace/lib/src/lib.rs @@ -1,10 +1,17 @@ #[macro_use] mod macros { - macro_rules! my_macro { + #[macro_export] + macro_rules! my_macro1 { () => { println!("my_macro!"); }; } + #[macro_export] + macro_rules! my_macro2 { + () => { + $crate::my_macro1!(); + }; + } } pub mod a_module; diff --git a/rust/ql/integration-tests/hello-workspace/path-resolution.expected b/rust/ql/integration-tests/hello-workspace/path-resolution.expected index e69de29bb2d1..2ac01b2837cc 100644 --- a/rust/ql/integration-tests/hello-workspace/path-resolution.expected +++ b/rust/ql/integration-tests/hello-workspace/path-resolution.expected @@ -0,0 +1,4 @@ +testFailures +resolveDollarCrate +| exe/src/main.rs:8:5:8:14 | $crate | lib/src/lib.rs:0:0:0:0 | Crate(lib@0.1.0) | +| lib/src/a_module/mod.rs:2:5:2:14 | $crate | lib/src/lib.rs:0:0:0:0 | Crate(lib@0.1.0) | diff --git a/rust/ql/integration-tests/hello-workspace/path-resolution.ql b/rust/ql/integration-tests/hello-workspace/path-resolution.ql index bf0a548fbb68..9ec97b61eeb3 100644 --- a/rust/ql/integration-tests/hello-workspace/path-resolution.ql +++ b/rust/ql/integration-tests/hello-workspace/path-resolution.ql @@ -1 +1,10 @@ +import rust +import codeql.rust.internal.PathResolution import utils.test.PathResolutionInlineExpectationsTest + +query predicate resolveDollarCrate(RelevantPath p, Crate c) { + c = resolvePath(p) and + p.isDollarCrate() and + p.fromSource() and + c.fromSource() +} diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 02b13afcfc26..cb07b66d437d 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 15 | -| Lines of user code extracted | 15 | -| Macro calls - resolved | 5 | -| Macro calls - total | 5 | +| Lines of code extracted | 21 | +| Lines of user code extracted | 21 | +| Macro calls - resolved | 10 | +| Macro calls - total | 10 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 02b13afcfc26..cb07b66d437d 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -9,8 +9,8 @@ | Inconsistencies - Path resolution | 0 | | Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | -| Lines of code extracted | 15 | -| Lines of user code extracted | 15 | -| Macro calls - resolved | 5 | -| Macro calls - total | 5 | +| Lines of code extracted | 21 | +| Lines of user code extracted | 21 | +| Macro calls - resolved | 10 | +| Macro calls - total | 10 | | Macro calls - unresolved | 0 | diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 32a96e6256aa..2bd581564035 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -1559,7 +1559,6 @@ private predicate unqualifiedPathLookup(ItemNode ancestor, string name, Namespac exists(RelevantPath path | path.isUnqualified(name, encl) and ancestor = encl and - exists(ns) and not name = ["crate", "$crate", "super", "self"] | pathUsesNamespace(path, ns) @@ -1668,7 +1667,7 @@ module TraitIsVisible { } pragma[nomagic] -private predicate isMacroExpansion(AstNode expansion, Path macroDefPath) { +private predicate isDollarCrateSupportedMacroExpansion(Path macroDefPath, AstNode expansion) { exists(MacroCall mc | expansion = mc.getMacroCallExpansion() and macroDefPath = mc.getPath() @@ -1681,25 +1680,25 @@ private predicate isMacroExpansion(AstNode expansion, Path macroDefPath) { } pragma[nomagic] -predicate isInMacroExpansion(Path macroDefPath, AstNode n) { - isMacroExpansion(n, macroDefPath) +predicate isInDollarCrateSupportedMacroExpansion(File macroDefFile, AstNode n) { + exists(Path macroDefPath | + isDollarCrateSupportedMacroExpansion(macroDefPath, n) and + macroDefFile = resolvePathCand(macroDefPath).getFile() + ) or - isInMacroExpansion(macroDefPath, n.getParentNode()) + isInDollarCrateSupportedMacroExpansion(macroDefFile, n.getParentNode()) } /** - * Holds if `n` is inside a macro expansion, and the macro _may_ originate from - * crate `crate`. + * Holds if `n` is a `$crate` path, and it may resolve to `crate`. * * The reason why we cannot be sure is that we need to consider all ancestor macro * calls. */ pragma[nomagic] -predicate isInMacroFromCrateExpansion(CrateItemNode crate, AstNode n) { - exists(Path macroDefPath | - isInMacroExpansion(macroDefPath, n) and - crate.getASourceFile().getFile() = resolvePathCand(macroDefPath).getFile() - ) +predicate resolveDollarCrate(RelevantPath p, CrateItemNode crate) { + p.isDollarCrate() and + isInDollarCrateSupportedMacroExpansion(crate.getASourceFile().getFile(), p) } pragma[nomagic] @@ -1714,8 +1713,7 @@ private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { else result = res ) or - path.isDollarCrate() and - isInMacroFromCrateExpansion(result, path) and + resolveDollarCrate(path, result) and ns = result.getNamespace() or result = resolvePathCandQualified(_, _, path, ns) From 8983ac92128a69bef80f59ca8376fead1de7db42 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 14:13:15 +0100 Subject: [PATCH 136/307] Phrase test in terms of safe URLs --- .../security/SafeUrlFlow/SafeUrlFlow.expected | 200 +++++++++--------- .../go/security/SafeUrlFlow/SafeUrlFlow.go | 126 ++++++----- 2 files changed, 160 insertions(+), 166 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected index 4cbe81bf2be0..79e0c9145fe9 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -1,115 +1,115 @@ #select -| SafeUrlFlow.go:11:24:11:46 | ...+... | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | +| SafeUrlFlow.go:11:24:11:50 | ...+... | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:10:14:10:21 | selection of Host | here | | SafeUrlFlow.go:14:29:14:44 | call to String | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:44 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:13:13:13:19 | selection of URL | here | -| SafeUrlFlow.go:18:11:18:28 | call to String | SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:18:11:18:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:10:10:10:17 | selection of Host | here | -| SafeUrlFlow.go:47:24:47:57 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:24:47:57 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | -| SafeUrlFlow.go:48:29:48:51 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:48:29:48:51 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | -| SafeUrlFlow.go:49:11:49:38 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:49:11:49:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | -| SafeUrlFlow.go:58:11:58:26 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:58:11:58:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:59:12:59:27 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:59:12:59:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:60:16:60:31 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:60:16:60:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:61:12:61:27 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:61:12:61:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:65:13:65:28 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:65:13:65:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:66:14:66:29 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:66:14:66:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:67:18:67:33 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:67:18:67:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:68:14:68:29 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:68:14:68:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:71:39:71:54 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:71:39:71:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:75:70:75:85 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:75:70:75:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:79:40:79:55 | call to String | SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:79:40:79:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:55:13:55:19 | selection of URL | here | -| SafeUrlFlow.go:90:24:90:41 | call to String | SafeUrlFlow.go:85:10:85:17 | selection of Host | SafeUrlFlow.go:90:24:90:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:85:10:85:17 | selection of Host | here | -| SafeUrlFlow.go:111:11:111:23 | reconstructed | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:111:11:111:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | -| SafeUrlFlow.go:114:24:114:46 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:114:24:114:46 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | -| SafeUrlFlow.go:115:29:115:54 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:115:29:115:54 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | -| SafeUrlFlow.go:116:12:116:38 | ...+... | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:116:12:116:38 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | -| SafeUrlFlow.go:117:12:117:21 | opaquePart | SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:117:12:117:21 | opaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:101:13:101:19 | selection of URL | here | +| SafeUrlFlow.go:18:11:18:28 | call to String | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:18:11:18:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:10:14:10:21 | selection of Host | here | +| SafeUrlFlow.go:45:24:45:61 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:46:29:46:55 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:47:11:47:42 | ...+... | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:11:47:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:37:13:37:19 | selection of URL | here | +| SafeUrlFlow.go:57:11:57:26 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:57:11:57:26 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:58:12:58:27 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:58:12:58:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:59:16:59:31 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:59:16:59:31 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:60:12:60:27 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:60:12:60:27 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:64:13:64:28 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:64:13:64:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:65:14:65:29 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:65:14:65:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:66:18:66:33 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:66:18:66:33 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:67:14:67:29 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:67:14:67:29 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:70:39:70:54 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:74:70:74:85 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:78:40:78:55 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | +| SafeUrlFlow.go:89:24:89:41 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:89:24:89:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | +| SafeUrlFlow.go:109:11:109:23 | reconstructed | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | +| SafeUrlFlow.go:112:24:112:50 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | +| SafeUrlFlow.go:113:29:113:58 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | +| SafeUrlFlow.go:114:12:114:42 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | +| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | edges -| SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:11:24:11:46 | ...+... | provenance | Sink:MaD:1 | -| SafeUrlFlow.go:10:10:10:17 | selection of Host | SafeUrlFlow.go:17:19:17:22 | host | provenance | | -| SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:14:29:14:35 | baseURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:17:19:17:22 | host | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | +| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | provenance | Sink:MaD:1 | +| SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:17:19:17:26 | safeHost | provenance | | +| SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:14:29:14:35 | safeURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | | SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:24:47:57 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | -| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:48:29:48:51 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:49:11:49:38 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:58:11:58:17 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:59:12:59:18 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:60:16:60:22 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:61:12:61:18 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:65:13:65:19 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:66:14:66:20 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:67:18:67:24 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:68:14:68:20 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:71:39:71:45 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:75:70:75:76 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | SafeUrlFlow.go:79:40:79:46 | baseURL | provenance | Src:MaD:2 | -| SafeUrlFlow.go:58:11:58:17 | baseURL | SafeUrlFlow.go:58:11:58:26 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:59:12:59:18 | baseURL | SafeUrlFlow.go:59:12:59:27 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:60:16:60:22 | baseURL | SafeUrlFlow.go:60:16:60:31 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:61:12:61:18 | baseURL | SafeUrlFlow.go:61:12:61:27 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:65:13:65:19 | baseURL | SafeUrlFlow.go:65:13:65:28 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:66:14:66:20 | baseURL | SafeUrlFlow.go:66:14:66:29 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:67:18:67:24 | baseURL | SafeUrlFlow.go:67:18:67:33 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:68:14:68:20 | baseURL | SafeUrlFlow.go:68:14:68:29 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:71:39:71:45 | baseURL | SafeUrlFlow.go:71:39:71:54 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:75:70:75:76 | baseURL | SafeUrlFlow.go:75:70:75:85 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:79:40:79:46 | baseURL | SafeUrlFlow.go:79:40:79:55 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:85:10:85:17 | selection of Host | SafeUrlFlow.go:88:19:88:22 | host | provenance | | -| SafeUrlFlow.go:88:19:88:22 | host | SafeUrlFlow.go:90:24:90:32 | targetURL | provenance | Config | -| SafeUrlFlow.go:90:24:90:32 | targetURL | SafeUrlFlow.go:90:24:90:41 | call to String | provenance | MaD:3 Sink:MaD:1 | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:111:11:111:23 | reconstructed | provenance | Src:MaD:2 | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:114:24:114:46 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:115:29:115:54 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:116:12:116:38 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | SafeUrlFlow.go:117:12:117:21 | opaquePart | provenance | Src:MaD:2 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:47:11:47:42 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:57:11:57:17 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:58:12:58:18 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:59:16:59:22 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:60:12:60:18 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:64:13:64:19 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:65:14:65:20 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:66:18:66:24 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:67:14:67:20 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:45 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:76 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:46 | safeURL | provenance | Src:MaD:2 | +| SafeUrlFlow.go:57:11:57:17 | safeURL | SafeUrlFlow.go:57:11:57:26 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:58:12:58:18 | safeURL | SafeUrlFlow.go:58:12:58:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:59:16:59:22 | safeURL | SafeUrlFlow.go:59:16:59:31 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:60:12:60:18 | safeURL | SafeUrlFlow.go:60:12:60:27 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:64:13:64:19 | safeURL | SafeUrlFlow.go:64:13:64:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:65:14:65:20 | safeURL | SafeUrlFlow.go:65:14:65:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:66:18:66:24 | safeURL | SafeUrlFlow.go:66:18:66:33 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:67:14:67:20 | safeURL | SafeUrlFlow.go:67:14:67:29 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:70:39:70:45 | safeURL | SafeUrlFlow.go:70:39:70:54 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:74:70:74:76 | safeURL | SafeUrlFlow.go:74:70:74:85 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:78:40:78:46 | safeURL | SafeUrlFlow.go:78:40:78:55 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:87:19:87:26 | safeHost | provenance | | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | Config | +| SafeUrlFlow.go:89:24:89:32 | targetURL | SafeUrlFlow.go:89:24:89:41 | call to String | provenance | MaD:3 Sink:MaD:1 | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | provenance | Src:MaD:2 | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | provenance | Src:MaD:2 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual | | 3 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes -| SafeUrlFlow.go:10:10:10:17 | selection of Host | semmle.label | selection of Host | -| SafeUrlFlow.go:11:24:11:46 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:10:14:10:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:11:24:11:50 | ...+... | semmle.label | ...+... | | SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:14:29:14:35 | baseURL | semmle.label | baseURL | +| SafeUrlFlow.go:14:29:14:35 | safeURL | semmle.label | safeURL | | SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:17:19:17:22 | host | semmle.label | host | +| SafeUrlFlow.go:17:19:17:26 | safeHost | semmle.label | safeHost | | SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | | SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | | SafeUrlFlow.go:37:13:37:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:47:24:47:57 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:48:29:48:51 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:49:11:49:38 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:55:13:55:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:58:11:58:17 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:58:11:58:26 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:59:12:59:18 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:59:12:59:27 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:60:16:60:22 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:60:16:60:31 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:61:12:61:18 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:61:12:61:27 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:65:13:65:19 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:65:13:65:28 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:66:14:66:20 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:66:14:66:29 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:67:18:67:24 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:67:18:67:33 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:68:14:68:20 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:68:14:68:29 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:71:39:71:45 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:71:39:71:54 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:75:70:75:76 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:75:70:75:85 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:79:40:79:46 | baseURL | semmle.label | baseURL | -| SafeUrlFlow.go:79:40:79:55 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:85:10:85:17 | selection of Host | semmle.label | selection of Host | -| SafeUrlFlow.go:88:19:88:22 | host | semmle.label | host | -| SafeUrlFlow.go:90:24:90:32 | targetURL | semmle.label | targetURL | -| SafeUrlFlow.go:90:24:90:41 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:101:13:101:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:111:11:111:23 | reconstructed | semmle.label | reconstructed | -| SafeUrlFlow.go:114:24:114:46 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:115:29:115:54 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:116:12:116:38 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:117:12:117:21 | opaquePart | semmle.label | opaquePart | +| SafeUrlFlow.go:45:24:45:61 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:46:29:46:55 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:47:11:47:42 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:54:13:54:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:57:11:57:17 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:57:11:57:26 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:58:12:58:18 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:58:12:58:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:59:16:59:22 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:59:16:59:31 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:60:12:60:18 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:60:12:60:27 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:64:13:64:19 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:64:13:64:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:65:14:65:20 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:65:14:65:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:66:18:66:24 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:66:18:66:33 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:67:14:67:20 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:67:14:67:29 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:70:39:70:45 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:70:39:70:54 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:74:70:74:76 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:74:70:74:85 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:78:40:78:46 | safeURL | semmle.label | safeURL | +| SafeUrlFlow.go:78:40:78:55 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:84:14:84:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:87:19:87:26 | safeHost | semmle.label | safeHost | +| SafeUrlFlow.go:89:24:89:32 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:89:24:89:41 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:100:13:100:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:109:11:109:23 | reconstructed | semmle.label | reconstructed | +| SafeUrlFlow.go:112:24:112:50 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:113:29:113:58 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:114:12:114:42 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | semmle.label | safeOpaquePart | subpaths diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go index 45a2b20b8d4d..9a1b2e5677ef 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go @@ -7,126 +7,120 @@ import ( ) func testStdlibSources(w http.ResponseWriter, req *http.Request) { - host := req.Host // $ Source - http.Redirect(w, req, "https://"+host+"/path", http.StatusFound) // $ Alert + safeHost := req.Host // $ Source + http.Redirect(w, req, "https://"+safeHost+"/path", http.StatusFound) // $ Alert - baseURL := req.URL // $ Source - w.Header().Set("Location", baseURL.String()) // $ Alert + safeURL := req.URL // $ Source + w.Header().Set("Location", safeURL.String()) // $ Alert targetURL := url.URL{} - targetURL.Host = host // additional flow step from Host field to URL struct + targetURL.Host = safeHost // URL is safe if Host is safe http.Get(targetURL.String()) // $ Alert } func testBarrierEdge1(w http.ResponseWriter, req *http.Request) { - baseURL := req.URL + safeURL := req.URL - query := baseURL.Query() // barrier edge blocks flow here - http.Redirect(w, req, query.Get("redirect"), http.StatusFound) // no flow expected + query := safeURL.Query() // query is not guaranteed to be safe + http.Redirect(w, req, query.Get("redirect"), http.StatusFound) // not guaranteed to be safe } func testBarrierEdge2(w http.ResponseWriter, req *http.Request) { - baseURL := req.URL + safeURL := req.URL - urlString := baseURL.String() - sliced := urlString[0:10] // barrier edge (string slicing) blocks flow here - w.Header().Set("Location", sliced) // no flow expected + urlString := safeURL.String() + sliced := urlString[0:10] // a substring of a safe URL is not guaranteed to be safe + w.Header().Set("Location", sliced) // not guaranteed to be safe } func testFieldReads(w http.ResponseWriter, req *http.Request) { - baseURL := req.URL // $ Source - - // Test that other URL methods preserve flow - scheme := baseURL.Scheme // should preserve flow - host := baseURL.Host // should preserve flow - path := baseURL.Path // should preserve flow - fragment := baseURL.Fragment // should not preserve flow - user := baseURL.User // should not preserve flow - - // These should still have flow (not sanitized) - http.Redirect(w, req, "https://"+scheme+"://example.com", http.StatusFound) // $ Alert - w.Header().Set("Location", "https://"+host+"/path") // $ Alert - http.Get("https://example.com" + path) // $ Alert - http.Get(fragment) - http.Get(user.String()) + safeURL := req.URL // $ Source + + safeScheme := safeURL.Scheme // the scheme of a safe URL is safe + safeHost := safeURL.Host // the host of a safe URL is safe + safePath := safeURL.Path // the path of a safe URL is safe + fragment := safeURL.Fragment // the fragment of a safe URL is not guaranteed to be safe + user := safeURL.User // the user of a safe URL is not guaranteed to be safe + + http.Redirect(w, req, "https://"+safeScheme+"://example.com", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://"+safeHost+"/path") // $ Alert + http.Get("https://example.com" + safePath) // $ Alert + + http.Get(fragment) // not guaranteed to be safe + http.Get(user.String()) // not guaranteed to be safe } func testRequestForgerySinks(req *http.Request) { - baseURL := req.URL // $ Source + safeURL := req.URL // $ Source // Standard library HTTP functions (request-forgery sinks) - http.Get(baseURL.String()) // $ Alert - http.Post(baseURL.String(), "application/json", nil) // $ Alert - http.PostForm(baseURL.String(), nil) // $ Alert - http.Head(baseURL.String()) // $ Alert + http.Get(safeURL.String()) // $ Alert + http.Post(safeURL.String(), "application/json", nil) // $ Alert + http.PostForm(safeURL.String(), nil) // $ Alert + http.Head(safeURL.String()) // $ Alert // HTTP Client methods (request-forgery sinks) client := &http.Client{} - client.Get(baseURL.String()) // $ Alert - client.Post(baseURL.String(), "application/json", nil) // $ Alert - client.PostForm(baseURL.String(), nil) // $ Alert - client.Head(baseURL.String()) // $ Alert + client.Get(safeURL.String()) // $ Alert + client.Post(safeURL.String(), "application/json", nil) // $ Alert + client.PostForm(safeURL.String(), nil) // $ Alert + client.Head(safeURL.String()) // $ Alert // NewRequest + Client.Do (request-forgery sinks) - request, _ := http.NewRequest("GET", baseURL.String(), nil) // $ Alert + request, _ := http.NewRequest("GET", safeURL.String(), nil) // $ Alert client.Do(request) // NewRequestWithContext + Client.Do (request-forgery sinks) - reqWithCtx, _ := http.NewRequestWithContext(context.TODO(), "POST", baseURL.String(), nil) // $ Alert + reqWithCtx, _ := http.NewRequestWithContext(context.TODO(), "POST", safeURL.String(), nil) // $ Alert client.Do(reqWithCtx) // RoundTrip method (request-forgery sink) - request2, _ := http.NewRequest("GET", baseURL.String(), nil) // $ Alert + request2, _ := http.NewRequest("GET", safeURL.String(), nil) // $ Alert transport := &http.Transport{} transport.RoundTrip(request2) } func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) { - host := req.Host // $ Source + safeHost := req.Host // $ Source targetURL, _ := url.Parse("http://example.com/data") - targetURL.Host = host // additional flow step from Host field to URL struct + targetURL.Host = safeHost // URL is safe if Host is safe http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert } func testHostFieldOverwritten(w http.ResponseWriter, req *http.Request) { - baseURL := req.URL + safeURL := req.URL - baseURL.Host = "something.else.com" // barrier edge (Host field overwritten) blocks flow here - http.Get(baseURL.String()) + safeURL.Host = "something.else.com" // safeURL is not guaranteed to be safe now that Host is overwritten + http.Get(safeURL.String()) // not guaranteed to be safe } func testFieldAccess(w http.ResponseWriter, req *http.Request) { - baseURL := req.URL // $ Source + safeURL := req.URL // $ Source - // These field accesses should preserve flow - host := baseURL.Host - path := baseURL.Path - scheme := baseURL.Scheme - opaquePart := baseURL.Opaque + safeHost := safeURL.Host // the host of a safe URL is safe + safePath := safeURL.Path // the path of a safe URL is safe + safeScheme := safeURL.Scheme // the scheme of a safe URL is safe + safeOpaquePart := safeURL.Opaque // the opaque part of a safe URL is safe - // Reconstruct URL - flow should be preserved through field access - reconstructed := scheme + "://" + host + path + // Reconstruct URL - still guaranteed to be safe + reconstructed := safeScheme + "://" + safeHost + safePath http.Get(reconstructed) // $ Alert // Test individual fields - http.Redirect(w, req, "https://"+host+"/path", http.StatusFound) // $ Alert - w.Header().Set("Location", "https://example.com"+path) // $ Alert - http.Post(scheme+"://example.com/api", "application/json", nil) // $ Alert - http.Post(opaquePart, "application/json", nil) // $ Alert + http.Redirect(w, req, "https://"+safeHost+"/path", http.StatusFound) // $ Alert + w.Header().Set("Location", "https://example.com"+safePath) // $ Alert + http.Post(safeScheme+"://example.com/api", "application/json", nil) // $ Alert + http.Post(safeOpaquePart, "application/json", nil) // $ Alert - // These field accesses should block flow - user := baseURL.User // barrier edge (User field) - query := baseURL.RawQuery // barrier edge (RawQuery field) - fragment := baseURL.Fragment // barrier edge (Fragment field) + user := safeURL.User // the user of a safe URL is not guaranteed to be safe + query := safeURL.RawQuery // the query of a safe URL is not guaranteed to be safe + fragment := safeURL.Fragment // the fragment of a safe URL is not guaranteed to be safe if user != nil { - http.Redirect(w, req, user.String(), http.StatusFound) // no flow expected + http.Redirect(w, req, user.String(), http.StatusFound) // not guaranteed to be safe } - w.Header().Set("Location", "https://example.com/?"+query) // no flow expected - http.Get("https://example.com/#" + fragment) // no flow expected + w.Header().Set("Location", "https://example.com/?"+query) // not guaranteed to be safe + http.Get("https://example.com/#" + fragment) // not guaranteed to be safe } - -// Helper function to avoid unused variable warnings -func use(vars ...interface{}) {} From 16a11b48ad0e5c742e5a55c77bdf1810a4519662 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 Nov 2023 14:48:04 +0000 Subject: [PATCH 137/307] Switch to use-use dataflow. This will make post-update nodes easy to implement. Queries / tests that required changes: * The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow * The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer * The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one. --- go/ql/lib/semmle/go/dataflow/SSA.qll | 4 + go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 141 ++++++ .../go/dataflow/internal/DataFlowPrivate.qll | 22 +- .../CleartextLoggingCustomizations.qll | 4 +- .../semmle/go/security/CommandInjection.qll | 22 + .../src/InconsistentCode/MissingErrorCheck.ql | 12 +- .../dataflow/FlowSteps/LocalFlowStep.expected | 87 ++-- .../go/frameworks/Echo/OpenRedirect.expected | 26 +- .../semmle/go/frameworks/Echo/test.go | 7 +- .../CWE-312/CleartextLogging.expected | 434 +++++++++++++----- .../test/query-tests/Security/CWE-312/main.go | 71 ++- .../query-tests/Security/CWE-312/passwords.go | 6 +- .../OpenUrlRedirect/OpenUrlRedirect.expected | 218 ++++----- .../CWE-601/OpenUrlRedirect/stdlib.go | 8 +- .../Security/CWE-918/RequestForgery.expected | 109 +++-- .../test/query-tests/Security/CWE-918/tst.go | 6 +- 16 files changed, 800 insertions(+), 377 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index d13bbe2de63a..5891c0ed800b 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -197,6 +197,8 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef { override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() } override Location getLocation() { result = this.getInstruction().getLocation() } + + IR::Instruction getAFirstUse() { firstUse(this, result) } } /** Provides a helper predicate for working with explicit SSA definitions. */ @@ -410,3 +412,5 @@ DataFlow::Node getASimilarReadNode(DataFlow::Node node) { result = readFields.similar().getAUse() ) } + +IR::Instruction getAnAdjacentUse(IR::Instruction pred) { adjacentUseUse(pred, result) } diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 0db37ac03ce3..7380aaf60ebf 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -199,6 +199,8 @@ private module Internal { /** * Holds if the `i`th node of `bb` is a use or an SSA definition of variable `v`, with * `k` indicating whether it is the former or the latter. + * + * Note this includes phi nodes, whereas `ref` above only includes explicit writes and captures. */ private predicate ssaRef(ReachableBasicBlock bb, int i, SsaSourceVariable v, RefKind k) { useAt(bb, i, v) and k = ReadRef() @@ -290,6 +292,145 @@ private module Internal { or rewindReads(bb, i, v) = 1 and result = getDefReachingEndOf(bb.getImmediateDominator(), v) } + + private module AdjacentUsesImpl { + /** Holds if `v` is defined or used in `b`. */ + private predicate varOccursInBlock(SsaSourceVariable v, ReachableBasicBlock b) { + ssaRef(b, _, v, _) + } + + /** Holds if `v` occurs in `b` or one of `b`'s transitive successors. */ + private predicate blockPrecedesVar(SsaSourceVariable v, ReachableBasicBlock b) { + varOccursInBlock(v, b) + or + exists(getDefReachingEndOf(b, v)) + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * in `b2` or one of its transitive successors but not in any block on the path + * between `b1` and `b2`. + */ + private predicate varBlockReaches( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varOccursInBlock(v, b1) and + b2 = b1.getASuccessor() and + blockPrecedesVar(v, b2) + or + exists(ReachableBasicBlock mid | + varBlockReaches(v, b1, mid) and + b2 = mid.getASuccessor() and + not varOccursInBlock(v, mid) and + blockPrecedesVar(v, b2) + ) + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * `b2` but not in any block on the path between `b1` and `b2`. + */ + private predicate varBlockStep( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varBlockReaches(v, b1, b2) and + varOccursInBlock(v, b2) + } + + /** + * Gets the maximum rank among all SSA references to `v` in basic block `bb`. + */ + private int maxSsaRefRank(ReachableBasicBlock bb, SsaSourceVariable v) { + result = max(ssaRefRank(bb, _, v, _)) + } + + /** + * Holds if `v` occurs at index `i1` in `b1` and at index `i2` in `b2` and + * there is a path between them without any occurrence of `v`. + */ + pragma[nomagic] + predicate adjacentVarRefs( + SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 + ) { + exists(int rankix | + b1 = b2 and + ssaRefRank(b1, i1, v, _) = rankix and + ssaRefRank(b2, i2, v, _) = rankix + 1 + ) + or + maxSsaRefRank(b1, v) = ssaRefRank(b1, i1, v, _) and + varBlockStep(v, b1, b2) and + ssaRefRank(b2, i2, v, _) = 1 + } + + predicate variableUse(SsaSourceVariable v, IR::Instruction use, ReachableBasicBlock bb, int i) { + bb.getNode(i) = use and + exists(SsaVariable sv | + sv.getSourceVariable() = v and + use = sv.getAUse() + ) + } + } + + private import AdjacentUsesImpl + + /** + * Holds if the value defined at `def` can reach `use` without passing through + * any other uses, but possibly through phi nodes. + */ + cached + predicate firstUse(SsaDefinition def, IR::Instruction use) { + exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | + adjacentVarRefs(v, b1, i1, b2, i2) and + def.definesAt(b1, i1, v) and + variableUse(v, use, b2, i2) + ) + or + exists( + SsaSourceVariable v, SsaPhiNode redef, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, + int i2 + | + adjacentVarRefs(v, b1, i1, b2, i2) and + def.definesAt(b1, i1, v) and + redef.definesAt(b2, i2, v) and + firstUse(redef, use) + ) + } + + /** + * Holds if `use1` and `use2` form an adjacent use-use-pair of the same SSA + * variable, that is, the value read in `use1` can reach `use2` without passing + * through any other use or any SSA definition of the variable. + */ + cached + predicate adjacentUseUseSameVar(IR::Instruction use1, IR::Instruction use2) { + exists(SsaSourceVariable v, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, int i2 | + adjacentVarRefs(v, b1, i1, b2, i2) and + variableUse(v, use1, b1, i1) and + variableUse(v, use2, b2, i2) + ) + } + + /** + * Holds if `use1` and `use2` form an adjacent use-use-pair of the same + * `SsaSourceVariable`, that is, the value read in `use1` can reach `use2` + * without passing through any other use or any SSA definition of the variable + * except for phi nodes and uncertain implicit updates. + */ + cached + predicate adjacentUseUse(IR::Instruction use1, IR::Instruction use2) { + adjacentUseUseSameVar(use1, use2) + or + exists( + SsaSourceVariable v, SsaPhiNode def, ReachableBasicBlock b1, int i1, ReachableBasicBlock b2, + int i2 + | + adjacentVarRefs(v, b1, i1, b2, i2) and + variableUse(v, use1, b1, i1) and + def.definesAt(b2, i2, v) and + firstUse(def, use2) + ) + } } import Internal diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 2d05b211a57e..15f8a8462a15 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -65,26 +65,36 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { else nodeTo.asInstruction() = evalAssert ) or - // Instruction -> SSA + // Instruction -> SSA defn exists(IR::Instruction pred, SsaExplicitDefinition succ | succ.getRhs() = pred and nodeFrom = instructionNode(pred) and nodeTo = ssaNode(succ) ) or - // SSA -> SSA - exists(SsaDefinition pred, SsaPseudoDefinition succ | succ.getAnInput() = pred | + // SSA defn -> SSA capture + exists(SsaExplicitDefinition pred, SsaVariableCapture succ | + // Check: should these flow from PHIs as well? Perhaps they should be included + // in the use-use graph? + succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable() + | nodeFrom = ssaNode(pred) and nodeTo = ssaNode(succ) ) or - // SSA -> Instruction - exists(SsaDefinition pred, IR::Instruction succ | - succ = pred.getVariable().getAUse() and + // SSA defn -> first SSA use + exists(SsaExplicitDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | nodeFrom = ssaNode(pred) and nodeTo = instructionNode(succ) ) or + // SSA use -> successive SSA use + // Note this case includes Phi node traversal + exists(IR::Instruction pred, IR::Instruction succ | succ = getAnAdjacentUse(pred) | + nodeFrom = instructionNode(pred) and + nodeTo = instructionNode(succ) + ) + or // GlobalFunctionNode -> use nodeFrom = any(GlobalFunctionNode fn | fn.getFunction() = nodeTo.asExpr().(FunctionName).getTarget()) diff --git a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll index 6c95686cb8c8..4abc9021268e 100644 --- a/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll +++ b/go/ql/lib/semmle/go/security/CleartextLoggingCustomizations.qll @@ -55,6 +55,8 @@ module CleartextLogging { | this.asExpr().(Ident).getName() = name or + this.(DataFlow::SsaNode).getSourceVariable().getName() = name + or this.(DataFlow::FieldReadNode).getFieldName() = name or this.(DataFlow::CallNode).getCalleeName() = name @@ -143,7 +145,7 @@ module CleartextLogging { not this instanceof NonCleartextPassword and name.regexpMatch(maybePassword()) and ( - this.asExpr().(Ident).getName() = name + this.(DataFlow::SsaNode).getSourceVariable().getName() = name or exists(DataFlow::FieldReadNode fn | fn = this and diff --git a/go/ql/lib/semmle/go/security/CommandInjection.qll b/go/ql/lib/semmle/go/security/CommandInjection.qll index 1774d77af54e..face45358a91 100644 --- a/go/ql/lib/semmle/go/security/CommandInjection.qll +++ b/go/ql/lib/semmle/go/security/CommandInjection.qll @@ -84,6 +84,28 @@ module CommandInjection { } predicate observeDiffInformedIncrementalMode() { any() } + + // Hack: with use-use flow, we might have x (use at line 1) -> x (use at line 2), + // x (use at line 1) -> array at line 1 and x (use at line 2) -> array at line 2, + // in the context + // + // array1 := {"--", x} + // array2 := {x, "--"} + // + // We want to taint array2 but not array1, which suggests excluding the edge x (use 1) -> array1 + // However isSanitizer only allows us to remove nodes (isSanitizerIn/Out permit removing all outgoing + // or incoming edges); we can't remove an individual edge, so instead we supply extra edges connecting + // the definition with the next use. + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + exists( + ArgumentArrayWithDoubleDash array, DataFlow::InstructionNode sanitized, + DataFlow::SsaNode defn + | + sanitized = array.getASanitizedElement() and sanitized = defn.getAUse() + | + pred = defn and succ = sanitized.getASuccessor() + ) + } } /** diff --git a/go/ql/src/InconsistentCode/MissingErrorCheck.ql b/go/ql/src/InconsistentCode/MissingErrorCheck.ql index 6a68904427de..e16b8641a97e 100644 --- a/go/ql/src/InconsistentCode/MissingErrorCheck.ql +++ b/go/ql/src/InconsistentCode/MissingErrorCheck.ql @@ -73,6 +73,16 @@ predicate checksValue(IR::Instruction instruction, DataFlow::SsaNode value) { ) } +// Now that we have use-use flow, phi nodes aren't directly involved in the flow graph. TODO: change this? +DataFlow::SsaNode phiDefinedFrom(DataFlow::SsaNode node) { + result.getDefinition().(SsaPseudoDefinition).getAnInput() = node.getDefinition().getVariable() +} + +DataFlow::SsaNode definedFrom(DataFlow::SsaNode node) { + DataFlow::localFlow(node, result) or + result = phiDefinedFrom*(node) +} + /** * Matches if `call` is a function returning (`ptr`, `err`) where `ptr` may be nil, and neither * `ptr` not `err` has been checked for validity as of `node`. @@ -99,7 +109,7 @@ predicate returnUncheckedAtNode( // localFlow is used to permit checks via either an SSA phi node or ordinary assignment. returnUncheckedAtNode(call, node.getAPredecessor(), ptr, err) and not exists(DataFlow::SsaNode checked | - DataFlow::localFlow(ptr, checked) or DataFlow::localFlow(err, checked) + checked = definedFrom(ptr) or checked = definedFrom(err) | checksValue(node, checked) ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index c6bfdfdc1d5a..b48b6fec1a77 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -49,27 +49,28 @@ | main.go:3:6:3:10 | function test1 | main.go:34:2:34:6 | test1 | | main.go:3:12:3:12 | argument corresponding to x | main.go:3:12:3:12 | definition of x | | main.go:3:12:3:12 | definition of x | main.go:5:5:5:5 | x | -| main.go:3:12:3:12 | definition of x | main.go:6:7:6:7 | x | -| main.go:3:12:3:12 | definition of x | main.go:8:8:8:8 | x | -| main.go:3:12:3:12 | definition of x | main.go:10:7:10:7 | x | -| main.go:3:12:3:12 | definition of x | main.go:10:22:10:22 | x | | main.go:3:19:3:20 | argument corresponding to fn | main.go:3:19:3:20 | definition of fn | | main.go:3:19:3:20 | definition of fn | main.go:10:24:10:25 | fn | -| main.go:6:3:6:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | +| main.go:5:5:5:5 | x | main.go:6:7:6:7 | x | +| main.go:5:5:5:5 | x | main.go:8:8:8:8 | x | +| main.go:6:3:6:3 | definition of y | main.go:10:12:10:12 | y | | main.go:6:7:6:7 | x | main.go:6:3:6:3 | definition of y | -| main.go:8:3:8:3 | definition of y | main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | +| main.go:6:7:6:7 | x | main.go:10:7:10:7 | x | +| main.go:8:3:8:3 | definition of y | main.go:10:12:10:12 | y | | main.go:8:7:8:8 | -... | main.go:8:3:8:3 | definition of y | +| main.go:8:8:8:8 | x | main.go:10:7:10:7 | x | | main.go:10:2:10:2 | definition of z | main.go:11:14:11:14 | z | -| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:12:10:12 | y | -| main.go:10:2:10:2 | y = phi(def@6:3, def@8:3) | main.go:10:17:10:17 | y | +| main.go:10:7:10:7 | x | main.go:10:22:10:22 | x | | main.go:10:7:10:12 | ...<=... | main.go:10:7:10:27 | ...&&... | | main.go:10:7:10:27 | ...&&... | main.go:10:2:10:2 | definition of z | +| main.go:10:12:10:12 | y | main.go:10:17:10:17 | y | | main.go:10:17:10:27 | ...>=... | main.go:10:7:10:27 | ...&&... | | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion | | main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 | | main.go:14:6:14:10 | function test2 | main.go:34:19:34:23 | test2 | +| main.go:15:2:15:4 | definition of acc | main.go:16:9:19:2 | capture variable acc | | main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc | -| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc | +| main.go:17:3:17:7 | definition of acc | main.go:16:9:19:2 | capture variable acc | | main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc | | main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc | | main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b | @@ -84,50 +85,50 @@ | main.go:26:5:26:6 | definition of ok | main.go:27:5:27:6 | ok | | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] | | main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s | -| main.go:38:2:38:2 | definition of s | main.go:40:15:40:15 | s | -| main.go:38:2:38:2 | definition of s | main.go:42:7:42:7 | s | | main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s | | main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 | | main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 | +| main.go:39:15:39:15 | s | main.go:40:15:40:15 | s | | main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 | | main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 | +| main.go:40:15:40:15 | s | main.go:42:7:42:7 | s | | main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 | | main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 | | main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs | | main.go:46:13:46:14 | definition of xs | main.go:47:20:47:21 | xs | -| main.go:46:24:46:27 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | +| main.go:46:24:46:27 | definition of keys | main.go:46:24:46:27 | implicit read of keys | +| main.go:46:24:46:27 | definition of keys | main.go:49:3:49:6 | keys | | main.go:46:24:46:27 | zero value for keys | main.go:46:24:46:27 | definition of keys | -| main.go:46:34:46:37 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | +| main.go:46:34:46:37 | definition of vals | main.go:46:34:46:37 | implicit read of vals | +| main.go:46:34:46:37 | definition of vals | main.go:48:3:48:6 | vals | | main.go:46:34:46:37 | zero value for vals | main.go:46:34:46:37 | definition of vals | | main.go:47:2:50:2 | range statement[0] | main.go:47:6:47:6 | definition of k | | main.go:47:2:50:2 | range statement[1] | main.go:47:9:47:9 | definition of v | | main.go:47:6:47:6 | definition of k | main.go:49:11:49:11 | k | | main.go:47:9:47:9 | definition of v | main.go:48:11:48:11 | v | -| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:46:24:46:27 | implicit read of keys | -| main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | main.go:49:3:49:6 | keys | -| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:46:34:46:37 | implicit read of vals | -| main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | main.go:48:3:48:6 | vals | -| main.go:48:3:48:6 | definition of vals | main.go:47:20:47:21 | vals = phi(def@46:34, def@48:3) | +| main.go:48:3:48:6 | definition of vals | main.go:46:34:46:37 | implicit read of vals | +| main.go:48:3:48:6 | definition of vals | main.go:48:3:48:6 | vals | | main.go:48:3:48:11 | ... += ... | main.go:48:3:48:6 | definition of vals | -| main.go:49:3:49:6 | definition of keys | main.go:47:20:47:21 | keys = phi(def@46:24, def@49:3) | +| main.go:49:3:49:6 | definition of keys | main.go:46:24:46:27 | implicit read of keys | +| main.go:49:3:49:6 | definition of keys | main.go:49:3:49:6 | keys | | main.go:49:3:49:11 | ... += ... | main.go:49:3:49:6 | definition of keys | | main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch | -| main.go:55:6:55:7 | definition of ch | main.go:57:4:57:5 | ch | | main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch | +| main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch | | main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x | -| main.go:61:2:61:2 | definition of x | main.go:65:11:65:11 | x | | main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x | | main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y | -| main.go:62:2:62:2 | definition of y | main.go:65:14:65:14 | y | | main.go:62:7:62:7 | 2 | main.go:62:2:62:2 | definition of y | | main.go:63:2:63:2 | definition of z | main.go:64:17:64:17 | z | -| main.go:63:2:63:2 | definition of z | main.go:65:17:65:17 | z | | main.go:63:7:63:7 | 3 | main.go:63:2:63:2 | definition of z | | main.go:64:2:64:2 | definition of a | main.go:66:9:66:9 | a | | main.go:64:7:64:18 | call to min | main.go:64:2:64:2 | definition of a | | main.go:64:11:64:11 | x | main.go:64:7:64:18 | call to min | +| main.go:64:11:64:11 | x | main.go:65:11:65:11 | x | | main.go:64:14:64:14 | y | main.go:64:7:64:18 | call to min | +| main.go:64:14:64:14 | y | main.go:65:14:65:14 | y | | main.go:64:17:64:17 | z | main.go:64:7:64:18 | call to min | +| main.go:64:17:64:17 | z | main.go:65:17:65:17 | z | | main.go:65:2:65:2 | definition of b | main.go:66:12:66:12 | b | | main.go:65:7:65:18 | call to max | main.go:65:2:65:2 | definition of b | | main.go:65:11:65:11 | x | main.go:65:7:65:18 | call to max | @@ -135,62 +136,60 @@ | main.go:65:17:65:17 | z | main.go:65:7:65:18 | call to max | | strings.go:8:12:8:12 | argument corresponding to s | strings.go:8:12:8:12 | definition of s | | strings.go:8:12:8:12 | definition of s | strings.go:9:24:9:24 | s | -| strings.go:8:12:8:12 | definition of s | strings.go:10:27:10:27 | s | | strings.go:9:2:9:3 | definition of s2 | strings.go:11:20:11:21 | s2 | -| strings.go:9:2:9:3 | definition of s2 | strings.go:11:48:11:49 | s2 | | strings.go:9:8:9:38 | call to Replace | strings.go:9:2:9:3 | definition of s2 | +| strings.go:9:24:9:24 | s | strings.go:10:27:10:27 | s | | strings.go:10:2:10:3 | definition of s3 | strings.go:11:24:11:25 | s3 | -| strings.go:10:2:10:3 | definition of s3 | strings.go:11:67:11:68 | s3 | | strings.go:10:8:10:42 | call to ReplaceAll | strings.go:10:2:10:3 | definition of s3 | +| strings.go:11:20:11:21 | s2 | strings.go:11:48:11:49 | s2 | +| strings.go:11:24:11:25 | s3 | strings.go:11:67:11:68 | s3 | | url.go:8:12:8:12 | argument corresponding to b | url.go:8:12:8:12 | definition of b | | url.go:8:12:8:12 | definition of b | url.go:11:5:11:5 | b | | url.go:8:20:8:20 | argument corresponding to s | url.go:8:20:8:20 | definition of s | | url.go:8:20:8:20 | definition of s | url.go:12:46:12:46 | s | | url.go:8:20:8:20 | definition of s | url.go:14:48:14:48 | s | -| url.go:12:3:12:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | +| url.go:12:3:12:5 | definition of res | url.go:19:9:19:11 | res | | url.go:12:3:12:48 | ... = ...[0] | url.go:12:3:12:5 | definition of res | | url.go:12:3:12:48 | ... = ...[1] | url.go:12:8:12:10 | definition of err | -| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | -| url.go:14:3:14:5 | definition of res | url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | +| url.go:12:8:12:10 | definition of err | url.go:16:5:16:7 | err | +| url.go:14:3:14:5 | definition of res | url.go:19:9:19:11 | res | | url.go:14:3:14:50 | ... = ...[0] | url.go:14:3:14:5 | definition of res | | url.go:14:3:14:50 | ... = ...[1] | url.go:14:8:14:10 | definition of err | -| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | -| url.go:16:5:16:7 | err = phi(def@12:8, def@14:8) | url.go:16:5:16:7 | err | -| url.go:16:5:16:7 | res = phi(def@12:3, def@14:3) | url.go:19:9:19:11 | res | +| url.go:14:8:14:10 | definition of err | url.go:16:5:16:7 | err | | url.go:22:12:22:12 | argument corresponding to i | url.go:22:12:22:12 | definition of i | | url.go:22:12:22:12 | definition of i | url.go:24:5:24:5 | i | | url.go:22:19:22:19 | argument corresponding to s | url.go:22:19:22:19 | definition of s | | url.go:22:19:22:19 | definition of s | url.go:23:20:23:20 | s | -| url.go:22:19:22:19 | definition of s | url.go:27:29:27:29 | s | | url.go:23:2:23:2 | definition of u | url.go:25:10:25:10 | u | | url.go:23:2:23:21 | ... := ...[0] | url.go:23:2:23:2 | definition of u | +| url.go:23:20:23:20 | s | url.go:27:29:27:29 | s | | url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u | -| url.go:27:2:27:2 | definition of u | url.go:29:14:29:14 | u | -| url.go:27:2:27:2 | definition of u | url.go:30:11:30:11 | u | -| url.go:27:2:27:2 | definition of u | url.go:32:9:32:9 | u | | url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u | +| url.go:28:14:28:14 | u | url.go:29:14:29:14 | u | +| url.go:29:14:29:14 | u | url.go:30:11:30:11 | u | | url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs | | url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs | +| url.go:30:11:30:11 | u | url.go:32:9:32:9 | u | | url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:34:14:34:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:35:14:35:14 | u | -| url.go:32:2:32:2 | definition of u | url.go:36:6:36:6 | u | -| url.go:32:2:32:2 | definition of u | url.go:36:25:36:25 | u | | url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u | +| url.go:33:14:33:14 | u | url.go:34:14:34:14 | u | +| url.go:34:14:34:14 | u | url.go:35:14:35:14 | u | +| url.go:35:14:35:14 | u | url.go:36:6:36:6 | u | | url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u | +| url.go:36:6:36:6 | u | url.go:36:25:36:25 | u | | url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u | | url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui | -| url.go:42:2:42:3 | definition of ui | url.go:45:14:45:15 | ui | -| url.go:42:2:42:3 | definition of ui | url.go:46:9:46:10 | ui | | url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui | | url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw | | url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw | +| url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui | +| url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui | | url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q | | url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q | | url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v | -| url.go:50:2:50:2 | definition of v | url.go:52:14:52:14 | v | -| url.go:50:2:50:2 | definition of v | url.go:53:9:53:9 | v | | url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v | +| url.go:51:14:51:14 | v | url.go:52:14:52:14 | v | +| url.go:52:14:52:14 | v | url.go:53:9:53:9 | v | | url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q | | url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q | | url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected index 4b38e6e8c479..bebd53c1ac55 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected @@ -1,14 +1,14 @@ #select | test.go:173:20:173:24 | param | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | This path to an untrusted URL redirection depends on a $@. | test.go:172:11:172:32 | call to Param | user-provided value | -| test.go:182:20:182:28 | ...+... | test.go:178:11:178:32 | call to Param | test.go:182:20:182:28 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value | +| test.go:185:20:185:29 | ...+... | test.go:178:11:178:32 | call to Param | test.go:185:20:185:29 | ...+... | This path to an untrusted URL redirection depends on a $@. | test.go:178:11:178:32 | call to Param | user-provided value | edges | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 | -| test.go:178:11:178:32 | call to Param | test.go:182:24:182:28 | param | provenance | Src:MaD:2 | -| test.go:182:24:182:28 | param | test.go:182:20:182:28 | ...+... | provenance | Config Sink:MaD:1 | -| test.go:190:9:190:26 | star expression | test.go:190:10:190:26 | selection of URL | provenance | Config | -| test.go:190:9:190:26 | star expression | test.go:193:21:193:23 | url | provenance | | -| test.go:190:10:190:26 | selection of URL | test.go:190:9:190:26 | star expression | provenance | Src:MaD:3 Config | -| test.go:193:21:193:23 | url | test.go:193:21:193:32 | call to String | provenance | Config Sink:MaD:1 | +| test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2 | +| test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 | +| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL | provenance | Config | +| test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance | | +| test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config | +| test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual | | 2 | Source: github.com/labstack/echo; Context; true; Param; ; ; ReturnValue[0]; remote; manual | @@ -17,10 +17,10 @@ nodes | test.go:172:11:172:32 | call to Param | semmle.label | call to Param | | test.go:173:20:173:24 | param | semmle.label | param | | test.go:178:11:178:32 | call to Param | semmle.label | call to Param | -| test.go:182:20:182:28 | ...+... | semmle.label | ...+... | -| test.go:182:24:182:28 | param | semmle.label | param | -| test.go:190:9:190:26 | star expression | semmle.label | star expression | -| test.go:190:10:190:26 | selection of URL | semmle.label | selection of URL | -| test.go:193:21:193:23 | url | semmle.label | url | -| test.go:193:21:193:32 | call to String | semmle.label | call to String | +| test.go:185:20:185:29 | ...+... | semmle.label | ...+... | +| test.go:185:24:185:29 | param2 | semmle.label | param2 | +| test.go:193:9:193:26 | star expression | semmle.label | star expression | +| test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL | +| test.go:196:21:196:23 | url | semmle.label | url | +| test.go:196:21:196:32 | call to String | semmle.label | call to String | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go index 45f92cd19cbf..a15fb819ccc5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go @@ -176,12 +176,15 @@ func testRedirect(ctx echo.Context) error { func testLocalRedirects(ctx echo.Context) error { param := ctx.Param("someParam") + param2 := param + param3 := param + // Gratuitious copy because sanitization of uses propagates to subsequent uses // GOOD: local redirects are unproblematic ctx.Redirect(301, "/local"+param) // BAD: this could be a non-local redirect - ctx.Redirect(301, "/"+param) + ctx.Redirect(301, "/"+param2) // GOOD: localhost redirects are unproblematic - ctx.Redirect(301, "//localhost/"+param) + ctx.Redirect(301, "//localhost/"+param3) return nil } diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index a7f7f83a9ffe..90d182b144bf 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,97 +1,235 @@ #select | klog.go:23:15:23:20 | header | klog.go:21:30:21:37 | selection of Header | klog.go:23:15:23:20 | header | $@ flows to a logging call. | klog.go:21:30:21:37 | selection of Header | Sensitive data returned by HTTP request headers | | klog.go:29:13:29:41 | call to Get | klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | $@ flows to a logging call. | klog.go:29:13:29:20 | selection of Header | Sensitive data returned by HTTP request headers | -| main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | main.go:16:12:16:19 | password | $@ flows to a logging call. | main.go:16:12:16:19 | password | Sensitive data returned by an access to password | -| main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | main.go:17:19:17:26 | password | $@ flows to a logging call. | main.go:17:19:17:26 | password | Sensitive data returned by an access to password | -| main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | main.go:18:13:18:20 | password | $@ flows to a logging call. | main.go:18:13:18:20 | password | Sensitive data returned by an access to password | -| main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | main.go:19:14:19:21 | password | $@ flows to a logging call. | main.go:19:14:19:21 | password | Sensitive data returned by an access to password | -| main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | main.go:20:12:20:19 | password | $@ flows to a logging call. | main.go:20:12:20:19 | password | Sensitive data returned by an access to password | -| main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | main.go:21:19:21:26 | password | $@ flows to a logging call. | main.go:21:19:21:26 | password | Sensitive data returned by an access to password | -| main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | main.go:22:13:22:20 | password | $@ flows to a logging call. | main.go:22:13:22:20 | password | Sensitive data returned by an access to password | -| main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | main.go:23:14:23:21 | password | $@ flows to a logging call. | main.go:23:14:23:21 | password | Sensitive data returned by an access to password | -| main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | main.go:24:12:24:19 | password | $@ flows to a logging call. | main.go:24:12:24:19 | password | Sensitive data returned by an access to password | -| main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | main.go:25:19:25:26 | password | $@ flows to a logging call. | main.go:25:19:25:26 | password | Sensitive data returned by an access to password | -| main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | main.go:26:13:26:20 | password | $@ flows to a logging call. | main.go:26:13:26:20 | password | Sensitive data returned by an access to password | -| main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | main.go:27:14:27:21 | password | $@ flows to a logging call. | main.go:27:14:27:21 | password | Sensitive data returned by an access to password | -| main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | main.go:28:16:28:23 | password | $@ flows to a logging call. | main.go:28:16:28:23 | password | Sensitive data returned by an access to password | -| main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | main.go:32:10:32:17 | password | $@ flows to a logging call. | main.go:32:10:32:17 | password | Sensitive data returned by an access to password | -| main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | main.go:33:17:33:24 | password | $@ flows to a logging call. | main.go:33:17:33:24 | password | Sensitive data returned by an access to password | -| main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | main.go:34:11:34:18 | password | $@ flows to a logging call. | main.go:34:11:34:18 | password | Sensitive data returned by an access to password | -| main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | main.go:35:12:35:19 | password | $@ flows to a logging call. | main.go:35:12:35:19 | password | Sensitive data returned by an access to password | -| main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | main.go:36:10:36:17 | password | $@ flows to a logging call. | main.go:36:10:36:17 | password | Sensitive data returned by an access to password | -| main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | main.go:37:17:37:24 | password | $@ flows to a logging call. | main.go:37:17:37:24 | password | Sensitive data returned by an access to password | -| main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | main.go:38:11:38:18 | password | $@ flows to a logging call. | main.go:38:11:38:18 | password | Sensitive data returned by an access to password | -| main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | main.go:39:12:39:19 | password | $@ flows to a logging call. | main.go:39:12:39:19 | password | Sensitive data returned by an access to password | -| main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | main.go:40:10:40:17 | password | $@ flows to a logging call. | main.go:40:10:40:17 | password | Sensitive data returned by an access to password | -| main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | main.go:41:17:41:24 | password | $@ flows to a logging call. | main.go:41:17:41:24 | password | Sensitive data returned by an access to password | -| main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | main.go:42:11:42:18 | password | $@ flows to a logging call. | main.go:42:11:42:18 | password | Sensitive data returned by an access to password | -| main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | main.go:43:12:43:19 | password | $@ flows to a logging call. | main.go:43:12:43:19 | password | Sensitive data returned by an access to password | -| main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | main.go:44:14:44:21 | password | $@ flows to a logging call. | main.go:44:14:44:21 | password | Sensitive data returned by an access to password | -| main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | main.go:47:12:47:19 | password | $@ flows to a logging call. | main.go:47:12:47:19 | password | Sensitive data returned by an access to password | -| main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | main.go:48:17:48:24 | password | $@ flows to a logging call. | main.go:48:17:48:24 | password | Sensitive data returned by an access to password | -| main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | main.go:55:35:55:42 | password | $@ flows to a logging call. | main.go:55:35:55:42 | password | Sensitive data returned by an access to password | -| overrides.go:13:14:13:23 | call to String | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:9:9:9:16 | password | Sensitive data returned by an access to password | -| passwords.go:9:14:9:14 | x | passwords.go:30:8:30:15 | password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:30:8:30:15 | password | Sensitive data returned by an access to password | -| passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:25:14:25:21 | password | Sensitive data returned by an access to password | +| main.go:19:12:19:19 | password | main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:20:19:20:26 | password | main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:21:13:21:20 | password | main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:22:14:22:21 | password | main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:24:13:24:20 | password | main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:27:20:27:27 | password | main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:30:14:30:21 | password | main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:33:15:33:22 | password | main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:36:13:36:20 | password | main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:39:20:39:27 | password | main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:42:14:42:21 | password | main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:45:15:45:22 | password | main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:47:16:47:23 | password | main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:51:10:51:17 | password | main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:52:17:52:24 | password | main.go:17:2:17:9 | definition of password | main.go:52:17:52:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:53:11:53:18 | password | main.go:17:2:17:9 | definition of password | main.go:53:11:53:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:54:12:54:19 | password | main.go:17:2:17:9 | definition of password | main.go:54:12:54:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:56:11:56:18 | password | main.go:17:2:17:9 | definition of password | main.go:56:11:56:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:59:18:59:25 | password | main.go:17:2:17:9 | definition of password | main.go:59:18:59:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:62:12:62:19 | password | main.go:17:2:17:9 | definition of password | main.go:62:12:62:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:65:13:65:20 | password | main.go:17:2:17:9 | definition of password | main.go:65:13:65:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:68:11:68:18 | password | main.go:17:2:17:9 | definition of password | main.go:68:11:68:18 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:71:18:71:25 | password | main.go:17:2:17:9 | definition of password | main.go:71:18:71:25 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:74:12:74:19 | password | main.go:17:2:17:9 | definition of password | main.go:74:12:74:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:77:13:77:20 | password | main.go:17:2:17:9 | definition of password | main.go:77:13:77:20 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:79:14:79:21 | password | main.go:17:2:17:9 | definition of password | main.go:79:14:79:21 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:82:12:82:19 | password | main.go:17:2:17:9 | definition of password | main.go:82:12:82:19 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:83:17:83:24 | password | main.go:17:2:17:9 | definition of password | main.go:83:17:83:24 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:87:29:87:34 | fields | main.go:17:2:17:9 | definition of password | main.go:87:29:87:34 | fields | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| main.go:90:35:90:42 | password | main.go:17:2:17:9 | definition of password | main.go:90:35:90:42 | password | $@ flows to a logging call. | main.go:17:2:17:9 | definition of password | Sensitive data returned by an access to password | +| overrides.go:13:14:13:23 | call to String | overrides.go:8:2:8:9 | definition of password | overrides.go:13:14:13:23 | call to String | $@ flows to a logging call. | overrides.go:8:2:8:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:9:14:9:14 | x | passwords.go:21:2:21:9 | definition of password | passwords.go:9:14:9:14 | x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:25:14:25:21 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | passwords.go:26:14:26:23 | selection of password | $@ flows to a logging call. | passwords.go:26:14:26:23 | selection of password | Sensitive data returned by an access to password | | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | passwords.go:27:14:27:26 | call to getPassword | $@ flows to a logging call. | passwords.go:27:14:27:26 | call to getPassword | Sensitive data returned by a call to getPassword | | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | passwords.go:28:14:28:28 | call to getPassword | $@ flows to a logging call. | passwords.go:28:14:28:28 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:32:12:32:19 | password | Sensitive data returned by an access to password | -| passwords.go:34:14:34:35 | ...+... | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:34:28:34:35 | password | Sensitive data returned by an access to password | +| passwords.go:32:12:32:19 | password | passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | -| passwords.go:44:14:44:17 | obj2 | passwords.go:42:6:42:13 | password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:42:6:42:13 | password | Sensitive data returned by an access to password | -| passwords.go:47:14:47:17 | obj3 | passwords.go:48:11:48:18 | password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:48:11:48:18 | password | Sensitive data returned by an access to password | -| passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:51:14:51:27 | fixed_password | Sensitive data returned by an access to fixed_password | -| passwords.go:88:14:88:26 | utilityObject | passwords.go:86:16:86:36 | call to make | passwords.go:88:14:88:26 | utilityObject | $@ flows to a logging call. | passwords.go:86:16:86:36 | call to make | Sensitive data returned by an access to passwordSet | -| passwords.go:91:23:91:28 | secret | passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | $@ flows to a logging call. | passwords.go:90:12:90:19 | password | Sensitive data returned by an access to password | -| passwords.go:101:15:101:40 | ...+... | passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | $@ flows to a logging call. | passwords.go:101:33:101:40 | password | Sensitive data returned by an access to password | -| passwords.go:107:16:107:41 | ...+... | passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | $@ flows to a logging call. | passwords.go:107:34:107:41 | password | Sensitive data returned by an access to password | -| passwords.go:112:15:112:40 | ...+... | passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | $@ flows to a logging call. | passwords.go:112:33:112:40 | password | Sensitive data returned by an access to password | -| passwords.go:116:14:116:45 | ...+... | passwords.go:116:28:116:36 | password1 | passwords.go:116:14:116:45 | ...+... | $@ flows to a logging call. | passwords.go:116:28:116:36 | password1 | Sensitive data returned by an access to password1 | -| passwords.go:125:14:125:19 | config | passwords.go:119:13:119:13 | x | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:119:13:119:13 | x | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:121:13:121:20 | password | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:125:14:125:19 | config | passwords.go:122:13:122:25 | call to getPassword | passwords.go:125:14:125:19 | config | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| passwords.go:126:14:126:21 | selection of x | passwords.go:121:13:121:20 | password | passwords.go:126:14:126:21 | selection of x | $@ flows to a logging call. | passwords.go:121:13:121:20 | password | Sensitive data returned by an access to password | -| passwords.go:127:14:127:21 | selection of y | passwords.go:122:13:122:25 | call to getPassword | passwords.go:127:14:127:21 | selection of y | $@ flows to a logging call. | passwords.go:122:13:122:25 | call to getPassword | Sensitive data returned by a call to getPassword | -| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:12:22:12:29 | password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:12:22:12:29 | password | Sensitive data returned by an access to password | +| passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:47:14:47:17 | obj3 | passwords.go:21:2:21:9 | definition of password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password | +| passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet | +| passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:102:15:102:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:102:15:102:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:108:16:108:41 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:108:16:108:41 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:113:15:113:40 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:113:15:113:40 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:117:14:117:45 | ...+... | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:14:117:45 | ...+... | $@ flows to a logging call. | passwords.go:116:6:116:14 | definition of password1 | Sensitive data returned by an access to password1 | +| passwords.go:127:14:127:19 | config | passwords.go:21:2:21:9 | definition of password | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:127:14:127:19 | config | passwords.go:121:13:121:14 | x3 | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:121:13:121:14 | x3 | Sensitive data returned by an access to password | +| passwords.go:127:14:127:19 | config | passwords.go:124:13:124:25 | call to getPassword | passwords.go:127:14:127:19 | config | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| passwords.go:128:14:128:21 | selection of x | passwords.go:21:2:21:9 | definition of password | passwords.go:128:14:128:21 | selection of x | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | +| passwords.go:129:14:129:21 | selection of y | passwords.go:124:13:124:25 | call to getPassword | passwords.go:129:14:129:21 | selection of y | $@ flows to a logging call. | passwords.go:124:13:124:25 | call to getPassword | Sensitive data returned by a call to getPassword | +| protobuf.go:14:14:14:35 | call to GetDescription | protobuf.go:9:2:9:9 | definition of password | protobuf.go:14:14:14:35 | call to GetDescription | $@ flows to a logging call. | protobuf.go:9:2:9:9 | definition of password | Sensitive data returned by an access to password | edges | klog.go:21:3:26:3 | range statement[1] | klog.go:22:27:22:33 | headers | provenance | | -| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:1 Config | +| klog.go:21:30:21:37 | selection of Header | klog.go:21:3:26:3 | range statement[1] | provenance | Src:MaD:11 Config | | klog.go:22:4:25:4 | range statement[1] | klog.go:23:15:23:20 | header | provenance | | | klog.go:22:27:22:33 | headers | klog.go:22:4:25:4 | range statement[1] | provenance | Config | -| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:1 Config | +| klog.go:29:13:29:20 | selection of Header | klog.go:29:13:29:41 | call to Get | provenance | Src:MaD:11 Config | +| main.go:17:2:17:9 | definition of password | main.go:19:12:19:19 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:20:19:20:26 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:21:13:21:20 | password | provenance | Sink:MaD:6 | +| main.go:17:2:17:9 | definition of password | main.go:22:14:22:21 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:24:13:24:20 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:27:20:27:27 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:30:14:30:21 | password | provenance | Sink:MaD:3 | +| main.go:17:2:17:9 | definition of password | main.go:33:15:33:22 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:36:13:36:20 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:39:20:39:27 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:42:14:42:21 | password | provenance | Sink:MaD:5 | +| main.go:17:2:17:9 | definition of password | main.go:45:15:45:22 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:47:16:47:23 | password | provenance | Sink:MaD:4 | +| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | +| main.go:17:2:17:9 | definition of password | main.go:51:10:51:17 | password | provenance | | +| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | +| main.go:51:10:51:17 | password | main.go:52:17:52:24 | password | provenance | | +| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | | +| main.go:52:17:52:24 | password | main.go:53:11:53:18 | password | provenance | Sink:MaD:10 | +| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | | +| main.go:53:11:53:18 | password | main.go:54:12:54:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:56:11:56:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:54:12:54:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:54:12:54:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:59:18:59:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:56:11:56:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:56:11:56:18 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:62:12:62:19 | password | provenance | Sink:MaD:7 | +| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:59:18:59:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:59:18:59:25 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:65:13:65:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:62:12:62:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:62:12:62:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:68:11:68:18 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:65:13:65:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:65:13:65:20 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:71:18:71:25 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:68:11:68:18 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:68:11:68:18 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:74:12:74:19 | password | provenance | Sink:MaD:9 | +| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:71:18:71:25 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:71:18:71:25 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:77:13:77:20 | password | provenance | | +| main.go:74:12:74:19 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:74:12:74:19 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:77:13:77:20 | password | main.go:79:14:79:21 | password | provenance | Sink:MaD:8 | +| main.go:77:13:77:20 | password | main.go:80:17:80:24 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | | +| main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | | +| main.go:85:2:85:7 | definition of fields | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 | +| main.go:86:19:86:26 | password | main.go:85:2:85:7 | definition of fields | provenance | Config | +| main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 | +| overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance | | | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | | | passwords.go:8:12:8:12 | definition of x | passwords.go:9:14:9:14 | x | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:25:14:25:21 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:30:8:30:15 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:32:12:32:19 | password | provenance | | +| passwords.go:21:2:21:9 | definition of password | passwords.go:34:28:34:35 | password | provenance | | | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | +| passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | | | passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | | passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | | passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | | passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | +| passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | | | passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config | -| passwords.go:85:19:87:2 | struct literal | passwords.go:88:14:88:26 | utilityObject | provenance | | -| passwords.go:86:16:86:36 | call to make | passwords.go:85:19:87:2 | struct literal | provenance | Config | -| passwords.go:90:12:90:19 | password | passwords.go:91:23:91:28 | secret | provenance | | -| passwords.go:101:33:101:40 | password | passwords.go:101:15:101:40 | ...+... | provenance | Config | -| passwords.go:107:34:107:41 | password | passwords.go:107:16:107:41 | ...+... | provenance | Config | -| passwords.go:112:33:112:40 | password | passwords.go:112:15:112:40 | ...+... | provenance | Config | -| passwords.go:116:28:116:36 | password1 | passwords.go:116:28:116:45 | call to String | provenance | Config | -| passwords.go:116:28:116:45 | call to String | passwords.go:116:14:116:45 | ...+... | provenance | Config | -| passwords.go:118:12:123:2 | struct literal | passwords.go:125:14:125:19 | config | provenance | | -| passwords.go:118:12:123:2 | struct literal [x] | passwords.go:126:14:126:19 | config [x] | provenance | | -| passwords.go:118:12:123:2 | struct literal [y] | passwords.go:127:14:127:19 | config [y] | provenance | | -| passwords.go:119:13:119:13 | x | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:121:13:121:20 | password | passwords.go:118:12:123:2 | struct literal [x] | provenance | | -| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal | provenance | Config | -| passwords.go:122:13:122:25 | call to getPassword | passwords.go:118:12:123:2 | struct literal [y] | provenance | | -| passwords.go:126:14:126:19 | config [x] | passwords.go:126:14:126:21 | selection of x | provenance | | -| passwords.go:127:14:127:19 | config [y] | passwords.go:127:14:127:21 | selection of y | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | | +| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | | +| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config | +| passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config | +| passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | | +| passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:102:33:102:40 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:108:34:108:41 | password | passwords.go:108:16:108:41 | ...+... | provenance | Config | +| passwords.go:108:34:108:41 | password | passwords.go:113:33:113:40 | password | provenance | | +| passwords.go:108:34:108:41 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:113:33:113:40 | password | passwords.go:113:15:113:40 | ...+... | provenance | Config | +| passwords.go:113:33:113:40 | password | passwords.go:123:13:123:20 | password | provenance | | +| passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | | +| passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config | +| passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config | +| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | | +| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | | +| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | | +| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | | +| passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | | +| passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | | +| protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | | | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | | protobuf.go:12:2:12:6 | implicit dereference [Description] | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | provenance | | | protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | +| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | | protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance | | @@ -99,7 +237,17 @@ edges | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | provenance | | | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | implicit dereference [Description] | provenance | | models -| 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | +| 1 | Sink: group:logrus; ; false; WithField; ; ; Argument[0..1]; log-injection; manual | +| 2 | Sink: group:logrus; ; false; WithFields; ; ; Argument[0]; log-injection; manual | +| 3 | Sink: log; ; false; Fatalf; ; ; Argument[0..1]; log-injection; manual | +| 4 | Sink: log; ; false; Output; ; ; Argument[1]; log-injection; manual | +| 5 | Sink: log; ; false; Panicf; ; ; Argument[0..1]; log-injection; manual | +| 6 | Sink: log; ; false; Printf; ; ; Argument[0..1]; log-injection; manual | +| 7 | Sink: log; Logger; true; Fatalf; ; ; Argument[0..1]; log-injection; manual | +| 8 | Sink: log; Logger; true; Output; ; ; Argument[1]; log-injection; manual | +| 9 | Sink: log; Logger; true; Panicf; ; ; Argument[0..1]; log-injection; manual | +| 10 | Sink: log; Logger; true; Printf; ; ; Argument[0..1]; log-injection; manual | +| 11 | Source: net/http; Request; true; Header; ; ; ; remote; manual | nodes | klog.go:21:3:26:3 | range statement[1] | semmle.label | range statement[1] | | klog.go:21:30:21:37 | selection of Header | semmle.label | selection of Header | @@ -108,39 +256,58 @@ nodes | klog.go:23:15:23:20 | header | semmle.label | header | | klog.go:29:13:29:20 | selection of Header | semmle.label | selection of Header | | klog.go:29:13:29:41 | call to Get | semmle.label | call to Get | -| main.go:16:12:16:19 | password | semmle.label | password | -| main.go:17:19:17:26 | password | semmle.label | password | -| main.go:18:13:18:20 | password | semmle.label | password | -| main.go:19:14:19:21 | password | semmle.label | password | -| main.go:20:12:20:19 | password | semmle.label | password | -| main.go:21:19:21:26 | password | semmle.label | password | -| main.go:22:13:22:20 | password | semmle.label | password | -| main.go:23:14:23:21 | password | semmle.label | password | -| main.go:24:12:24:19 | password | semmle.label | password | -| main.go:25:19:25:26 | password | semmle.label | password | -| main.go:26:13:26:20 | password | semmle.label | password | -| main.go:27:14:27:21 | password | semmle.label | password | -| main.go:28:16:28:23 | password | semmle.label | password | -| main.go:32:10:32:17 | password | semmle.label | password | -| main.go:33:17:33:24 | password | semmle.label | password | -| main.go:34:11:34:18 | password | semmle.label | password | -| main.go:35:12:35:19 | password | semmle.label | password | -| main.go:36:10:36:17 | password | semmle.label | password | -| main.go:37:17:37:24 | password | semmle.label | password | -| main.go:38:11:38:18 | password | semmle.label | password | -| main.go:39:12:39:19 | password | semmle.label | password | -| main.go:40:10:40:17 | password | semmle.label | password | -| main.go:41:17:41:24 | password | semmle.label | password | -| main.go:42:11:42:18 | password | semmle.label | password | -| main.go:43:12:43:19 | password | semmle.label | password | -| main.go:44:14:44:21 | password | semmle.label | password | -| main.go:47:12:47:19 | password | semmle.label | password | -| main.go:48:17:48:24 | password | semmle.label | password | -| main.go:55:35:55:42 | password | semmle.label | password | +| main.go:17:2:17:9 | definition of password | semmle.label | definition of password | +| main.go:19:12:19:19 | password | semmle.label | password | +| main.go:20:19:20:26 | password | semmle.label | password | +| main.go:21:13:21:20 | password | semmle.label | password | +| main.go:22:14:22:21 | password | semmle.label | password | +| main.go:24:13:24:20 | password | semmle.label | password | +| main.go:27:20:27:27 | password | semmle.label | password | +| main.go:30:14:30:21 | password | semmle.label | password | +| main.go:33:15:33:22 | password | semmle.label | password | +| main.go:36:13:36:20 | password | semmle.label | password | +| main.go:39:20:39:27 | password | semmle.label | password | +| main.go:42:14:42:21 | password | semmle.label | password | +| main.go:45:15:45:22 | password | semmle.label | password | +| main.go:47:16:47:23 | password | semmle.label | password | +| main.go:51:10:51:17 | password | semmle.label | password | +| main.go:51:10:51:17 | password | semmle.label | password | +| main.go:52:17:52:24 | password | semmle.label | password | +| main.go:52:17:52:24 | password | semmle.label | password | +| main.go:53:11:53:18 | password | semmle.label | password | +| main.go:53:11:53:18 | password | semmle.label | password | +| main.go:54:12:54:19 | password | semmle.label | password | +| main.go:54:12:54:19 | password | semmle.label | password | +| main.go:56:11:56:18 | password | semmle.label | password | +| main.go:56:11:56:18 | password | semmle.label | password | +| main.go:59:18:59:25 | password | semmle.label | password | +| main.go:59:18:59:25 | password | semmle.label | password | +| main.go:62:12:62:19 | password | semmle.label | password | +| main.go:62:12:62:19 | password | semmle.label | password | +| main.go:65:13:65:20 | password | semmle.label | password | +| main.go:65:13:65:20 | password | semmle.label | password | +| main.go:68:11:68:18 | password | semmle.label | password | +| main.go:68:11:68:18 | password | semmle.label | password | +| main.go:71:18:71:25 | password | semmle.label | password | +| main.go:71:18:71:25 | password | semmle.label | password | +| main.go:74:12:74:19 | password | semmle.label | password | +| main.go:74:12:74:19 | password | semmle.label | password | +| main.go:77:13:77:20 | password | semmle.label | password | +| main.go:77:13:77:20 | password | semmle.label | password | +| main.go:79:14:79:21 | password | semmle.label | password | +| main.go:80:17:80:24 | password | semmle.label | password | +| main.go:82:12:82:19 | password | semmle.label | password | +| main.go:83:17:83:24 | password | semmle.label | password | +| main.go:85:2:85:7 | definition of fields | semmle.label | definition of fields | +| main.go:86:19:86:26 | password | semmle.label | password | +| main.go:87:29:87:34 | fields | semmle.label | fields | +| main.go:90:35:90:42 | password | semmle.label | password | +| overrides.go:8:2:8:9 | definition of password | semmle.label | definition of password | | overrides.go:9:9:9:16 | password | semmle.label | password | | overrides.go:13:14:13:23 | call to String | semmle.label | call to String | | passwords.go:8:12:8:12 | definition of x | semmle.label | definition of x | | passwords.go:9:14:9:14 | x | semmle.label | x | +| passwords.go:21:2:21:9 | definition of password | semmle.label | definition of password | | passwords.go:25:14:25:21 | password | semmle.label | password | | passwords.go:26:14:26:23 | selection of password | semmle.label | selection of password | | passwords.go:27:14:27:26 | call to getPassword | semmle.label | call to getPassword | @@ -158,32 +325,34 @@ nodes | passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 | | passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:48:11:48:18 | password | semmle.label | password | +| passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:85:19:87:2 | struct literal | semmle.label | struct literal | -| passwords.go:86:16:86:36 | call to make | semmle.label | call to make | -| passwords.go:88:14:88:26 | utilityObject | semmle.label | utilityObject | -| passwords.go:90:12:90:19 | password | semmle.label | password | -| passwords.go:91:23:91:28 | secret | semmle.label | secret | -| passwords.go:101:15:101:40 | ...+... | semmle.label | ...+... | -| passwords.go:101:33:101:40 | password | semmle.label | password | -| passwords.go:107:16:107:41 | ...+... | semmle.label | ...+... | -| passwords.go:107:34:107:41 | password | semmle.label | password | -| passwords.go:112:15:112:40 | ...+... | semmle.label | ...+... | -| passwords.go:112:33:112:40 | password | semmle.label | password | -| passwords.go:116:14:116:45 | ...+... | semmle.label | ...+... | -| passwords.go:116:28:116:36 | password1 | semmle.label | password1 | -| passwords.go:116:28:116:45 | call to String | semmle.label | call to String | -| passwords.go:118:12:123:2 | struct literal | semmle.label | struct literal | -| passwords.go:118:12:123:2 | struct literal [x] | semmle.label | struct literal [x] | -| passwords.go:118:12:123:2 | struct literal [y] | semmle.label | struct literal [y] | -| passwords.go:119:13:119:13 | x | semmle.label | x | -| passwords.go:121:13:121:20 | password | semmle.label | password | -| passwords.go:122:13:122:25 | call to getPassword | semmle.label | call to getPassword | -| passwords.go:125:14:125:19 | config | semmle.label | config | -| passwords.go:126:14:126:19 | config [x] | semmle.label | config [x] | -| passwords.go:126:14:126:21 | selection of x | semmle.label | selection of x | -| passwords.go:127:14:127:19 | config [y] | semmle.label | config [y] | -| passwords.go:127:14:127:21 | selection of y | semmle.label | selection of y | +| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal | +| passwords.go:87:16:87:36 | call to make | semmle.label | call to make | +| passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject | +| passwords.go:92:23:92:28 | secret | semmle.label | secret | +| passwords.go:102:15:102:40 | ...+... | semmle.label | ...+... | +| passwords.go:102:33:102:40 | password | semmle.label | password | +| passwords.go:108:16:108:41 | ...+... | semmle.label | ...+... | +| passwords.go:108:34:108:41 | password | semmle.label | password | +| passwords.go:113:15:113:40 | ...+... | semmle.label | ...+... | +| passwords.go:113:33:113:40 | password | semmle.label | password | +| passwords.go:116:6:116:14 | definition of password1 | semmle.label | definition of password1 | +| passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... | +| passwords.go:117:28:117:36 | password1 | semmle.label | password1 | +| passwords.go:117:28:117:45 | call to String | semmle.label | call to String | +| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal | +| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] | +| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] | +| passwords.go:121:13:121:14 | x3 | semmle.label | x3 | +| passwords.go:123:13:123:20 | password | semmle.label | password | +| passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword | +| passwords.go:127:14:127:19 | config | semmle.label | config | +| passwords.go:128:14:128:19 | config [x] | semmle.label | config [x] | +| passwords.go:128:14:128:21 | selection of x | semmle.label | selection of x | +| passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] | +| passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y | +| protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password | | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | semmle.label | definition of query [pointer, Description] | | protobuf.go:12:2:12:6 | implicit dereference [Description] | semmle.label | implicit dereference [Description] | | protobuf.go:12:2:12:6 | query [pointer, Description] | semmle.label | query [pointer, Description] | @@ -196,3 +365,18 @@ nodes | protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description | subpaths | protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription | +testFailures +| main.go:17:2:17:9 | definition of password | Unexpected result: Source | +| main.go:87:29:87:34 | fields | Unexpected result: Alert | +| overrides.go:8:2:8:9 | definition of password | Unexpected result: Source | +| overrides.go:9:18:9:28 | comment | Missing result: Source | +| passwords.go:21:2:21:9 | definition of password | Unexpected result: Source | +| passwords.go:30:18:30:28 | comment | Missing result: Source | +| passwords.go:42:16:42:26 | comment | Missing result: Source | +| passwords.go:48:20:48:30 | comment | Missing result: Source | +| passwords.go:50:2:50:15 | definition of fixed_password | Unexpected result: Source | +| passwords.go:91:31:91:41 | comment | Missing result: Source | +| passwords.go:116:6:116:14 | definition of password1 | Unexpected result: Source | +| passwords.go:123:28:123:38 | comment | Missing result: Source | +| protobuf.go:9:2:9:9 | definition of password | Unexpected result: Source | +| protobuf.go:12:31:12:41 | comment | Missing result: Source | diff --git a/go/ql/test/query-tests/Security/CWE-312/main.go b/go/ql/test/query-tests/Security/CWE-312/main.go index 17a183ff2096..0372fc2df14b 100644 --- a/go/ql/test/query-tests/Security/CWE-312/main.go +++ b/go/ql/test/query-tests/Security/CWE-312/main.go @@ -5,11 +5,14 @@ package main import ( "log" + "math/rand" "github.com/golang/glog" "github.com/sirupsen/logrus" ) +var i int = rand.Int() + func main() { password := "P4ssw0rd" @@ -17,15 +20,31 @@ func main() { log.Printf("%s", password) // $ Alert log.Printf(password, "") // $ Alert log.Println(password) // $ Alert - log.Fatal(password) // $ Alert - log.Fatalf("%s", password) // $ Alert - log.Fatalf(password, "") // $ Alert - log.Fatalln(password) // $ Alert - log.Panic(password) // $ Alert - log.Panicf("%s", password) // $ Alert - log.Panicf(password, "") // $ Alert - log.Panicln(password) // $ Alert - log.Output(0, password) // $ Alert + if i == 0 { + log.Fatal(password) // $ Alert + } + if i == 1 { + log.Fatalf("%s", password) // $ Alert + } + if i == 2 { + log.Fatalf(password, "") // $ Alert + } + if i == 3 { + log.Fatalln(password) // $ Alert + } + if i == 4 { + log.Panic(password) // $ Alert + } + if i == 5 { + log.Panicf("%s", password) // $ Alert + } + if i == 6 { + log.Panicf(password, "") // $ Alert + } + if i == 7 { + log.Panicln(password) // $ Alert + } + log.Output(0, password) // $ Alert log.Printf("%T", password) l := log.Default() @@ -33,15 +52,31 @@ func main() { l.Printf("%s", password) // $ Alert l.Printf(password, "") // $ Alert l.Println(password) // $ Alert - l.Fatal(password) // $ Alert - l.Fatalf("%s", password) // $ Alert - l.Fatalf(password, "") // $ Alert - l.Fatalln(password) // $ Alert - l.Panic(password) // $ Alert - l.Panicf("%s", password) // $ Alert - l.Panicf(password, "") // $ Alert - l.Panicln(password) // $ Alert - l.Output(0, password) // $ Alert + if i == 100 { + l.Fatal(password) // $ Alert + } + if i == 101 { + l.Fatalf("%s", password) // $ Alert + } + if i == 102 { + l.Fatalf(password, "") // $ Alert + } + if i == 103 { + l.Fatalln(password) // $ Alert + } + if i == 104 { + l.Panic(password) // $ Alert + } + if i == 105 { + l.Panicf("%s", password) // $ Alert + } + if i == 106 { + l.Panicf(password, "") // $ Alert + } + if i == 107 { + l.Panicln(password) // $ Alert + } + l.Output(0, password) // $ Alert l.Printf("%T", password) glog.Info(password) // $ Alert diff --git a/go/ql/test/query-tests/Security/CWE-312/passwords.go b/go/ql/test/query-tests/Security/CWE-312/passwords.go index f99178f0fae0..6be68be7265a 100644 --- a/go/ql/test/query-tests/Security/CWE-312/passwords.go +++ b/go/ql/test/query-tests/Security/CWE-312/passwords.go @@ -65,7 +65,8 @@ func test() { log.Println(actually_secure_password) // OK var user1 cryptedStruct - user1.cryptedPassword = x + x2 := "perhaps sensitive" + user1.cryptedPassword = x2 log.Println(user1) // OK var user2 passStruct @@ -115,8 +116,9 @@ func test() { var password1 stringable = stringable{"arstneio"} log.Println(name + ", " + password1.String()) // $ Alert + x3 := "sheepbatterystaplecorrect" config := Config{ - password: x, // $ Source + password: x3, // $ Source hostname: "tarski", x: password, // $ Source y: getPassword(), // $ Source diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index f8d193348ba0..65d24e8b45b6 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -2,69 +2,71 @@ | OpenUrlRedirect.go:10:23:10:42 | call to Get | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | This path to an untrusted URL redirection depends on a $@. | OpenUrlRedirect.go:10:23:10:28 | selection of Form | user-provided value | | stdlib.go:15:30:15:35 | target | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:15:30:15:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:13:13:13:18 | selection of Form | user-provided value | | stdlib.go:24:30:24:35 | target | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:24:30:24:35 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:22:13:22:18 | selection of Form | user-provided value | -| stdlib.go:35:30:35:39 | ...+... | stdlib.go:31:13:31:18 | selection of Form | stdlib.go:35:30:35:39 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:31:13:31:18 | selection of Form | user-provided value | -| stdlib.go:46:23:46:28 | target | stdlib.go:44:13:44:18 | selection of Form | stdlib.go:46:23:46:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:44:13:44:18 | selection of Form | user-provided value | -| stdlib.go:67:23:67:40 | ...+... | stdlib.go:64:13:64:18 | selection of Form | stdlib.go:67:23:67:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:64:13:64:18 | selection of Form | user-provided value | -| stdlib.go:92:23:92:28 | target | stdlib.go:89:13:89:18 | selection of Form | stdlib.go:92:23:92:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:89:13:89:18 | selection of Form | user-provided value | -| stdlib.go:152:23:152:28 | target | stdlib.go:146:13:146:18 | selection of Form | stdlib.go:152:23:152:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:146:13:146:18 | selection of Form | user-provided value | -| stdlib.go:184:23:184:28 | target | stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:182:13:182:33 | call to FormValue | user-provided value | -| stdlib.go:192:23:192:33 | selection of Path | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:192:23:192:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value | -| stdlib.go:194:23:194:42 | call to EscapedPath | stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:194:23:194:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:190:36:190:56 | call to FormValue | user-provided value | +| stdlib.go:39:30:39:40 | ...+... | stdlib.go:33:13:33:18 | selection of Form | stdlib.go:39:30:39:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:33:13:33:18 | selection of Form | user-provided value | +| stdlib.go:50:23:50:28 | target | stdlib.go:48:13:48:18 | selection of Form | stdlib.go:50:23:50:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:48:13:48:18 | selection of Form | user-provided value | +| stdlib.go:71:23:71:40 | ...+... | stdlib.go:68:13:68:18 | selection of Form | stdlib.go:71:23:71:40 | ...+... | This path to an untrusted URL redirection depends on a $@. | stdlib.go:68:13:68:18 | selection of Form | user-provided value | +| stdlib.go:96:23:96:28 | target | stdlib.go:93:13:93:18 | selection of Form | stdlib.go:96:23:96:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:93:13:93:18 | selection of Form | user-provided value | +| stdlib.go:156:23:156:28 | target | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:156:23:156:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:150:13:150:18 | selection of Form | user-provided value | +| stdlib.go:188:23:188:28 | target | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:186:13:186:33 | call to FormValue | user-provided value | +| stdlib.go:196:23:196:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:196:23:196:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | edges | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:2 Config Sink:MaD:1 | | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:2 Config | | stdlib.go:13:13:13:32 | call to Get | stdlib.go:15:30:15:35 | target | provenance | | | stdlib.go:22:13:22:18 | selection of Form | stdlib.go:22:13:22:32 | call to Get | provenance | Src:MaD:2 Config | | stdlib.go:22:13:22:32 | call to Get | stdlib.go:24:30:24:35 | target | provenance | | -| stdlib.go:31:13:31:18 | selection of Form | stdlib.go:31:13:31:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:31:13:31:32 | call to Get | stdlib.go:35:34:35:39 | target | provenance | | -| stdlib.go:35:34:35:39 | target | stdlib.go:35:30:35:39 | ...+... | provenance | Config | -| stdlib.go:44:13:44:18 | selection of Form | stdlib.go:44:13:44:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:44:13:44:32 | call to Get | stdlib.go:46:23:46:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:64:13:64:18 | selection of Form | stdlib.go:64:13:64:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:64:13:64:32 | call to Get | stdlib.go:67:23:67:28 | target | provenance | | -| stdlib.go:67:23:67:28 | target | stdlib.go:67:23:67:37 | ...+... | provenance | Config | -| stdlib.go:67:23:67:37 | ...+... | stdlib.go:67:23:67:40 | ...+... | provenance | Config Sink:MaD:1 | -| stdlib.go:89:13:89:18 | selection of Form | stdlib.go:89:13:89:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:89:13:89:32 | call to Get | stdlib.go:90:3:90:8 | target | provenance | | -| stdlib.go:90:3:90:8 | target | stdlib.go:90:3:90:25 | ... += ... | provenance | Config | -| stdlib.go:90:3:90:25 | ... += ... | stdlib.go:92:23:92:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | provenance | | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:112:4:112:4 | r [pointer, URL] | provenance | | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | stdlib.go:113:24:113:24 | r [pointer, URL] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:107:54:107:54 | definition of r [pointer, URL] | provenance | | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | stdlib.go:112:4:112:8 | selection of URL | provenance | | -| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:112:4:112:4 | r [pointer, URL] | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | | -| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL | provenance | Config | -| stdlib.go:112:4:112:8 | implicit dereference | stdlib.go:112:4:112:8 | selection of URL [pointer] | provenance | | -| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:4 | implicit dereference [URL] | provenance | Src:MaD:4 | -| stdlib.go:112:4:112:8 | selection of URL | stdlib.go:112:4:112:8 | implicit dereference | provenance | Src:MaD:4 Config | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | stdlib.go:112:4:112:8 | implicit dereference | provenance | | -| stdlib.go:113:24:113:24 | implicit dereference [URL] | stdlib.go:113:24:113:28 | selection of URL | provenance | | -| stdlib.go:113:24:113:24 | r [pointer, URL] | stdlib.go:113:24:113:24 | implicit dereference [URL] | provenance | | -| stdlib.go:113:24:113:28 | selection of URL | stdlib.go:113:24:113:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 | -| stdlib.go:146:13:146:18 | selection of Form | stdlib.go:146:13:146:32 | call to Get | provenance | Src:MaD:2 Config | -| stdlib.go:146:13:146:32 | call to Get | stdlib.go:152:23:152:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:159:10:159:15 | star expression | stdlib.go:159:11:159:15 | selection of URL | provenance | Config | -| stdlib.go:159:10:159:15 | star expression | stdlib.go:162:24:162:26 | url | provenance | | -| stdlib.go:159:11:159:15 | selection of URL | stdlib.go:159:10:159:15 | star expression | provenance | Src:MaD:4 Config | -| stdlib.go:162:24:162:26 | url | stdlib.go:162:24:162:35 | call to String | provenance | Config Sink:MaD:1 | -| stdlib.go:173:35:173:39 | selection of URL | stdlib.go:173:35:173:52 | call to RequestURI | provenance | Src:MaD:4 Config | -| stdlib.go:173:35:173:52 | call to RequestURI | stdlib.go:173:24:173:52 | ...+... | provenance | Config Sink:MaD:1 | -| stdlib.go:182:13:182:33 | call to FormValue | stdlib.go:184:23:184:28 | target | provenance | Src:MaD:3 Sink:MaD:1 | -| stdlib.go:190:3:190:8 | definition of target | stdlib.go:192:23:192:28 | target | provenance | | -| stdlib.go:190:3:190:8 | definition of target | stdlib.go:194:23:194:28 | target | provenance | | -| stdlib.go:190:3:190:57 | ... := ...[0] | stdlib.go:190:3:190:8 | definition of target | provenance | | -| stdlib.go:190:36:190:56 | call to FormValue | stdlib.go:190:3:190:57 | ... := ...[0] | provenance | Src:MaD:3 Config | -| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:190:3:190:8 | definition of target | provenance | Config | -| stdlib.go:192:23:192:28 | implicit dereference | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:28 | implicit dereference | provenance | Config | -| stdlib.go:192:23:192:28 | target | stdlib.go:192:23:192:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:194:23:194:28 | target | stdlib.go:194:23:194:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | +| stdlib.go:33:13:33:18 | selection of Form | stdlib.go:33:13:33:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:33:13:33:32 | call to Get | stdlib.go:39:34:39:40 | target2 | provenance | | +| stdlib.go:39:34:39:40 | target2 | stdlib.go:39:30:39:40 | ...+... | provenance | Config | +| stdlib.go:48:13:48:18 | selection of Form | stdlib.go:48:13:48:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:48:13:48:32 | call to Get | stdlib.go:50:23:50:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:68:13:68:18 | selection of Form | stdlib.go:68:13:68:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:68:13:68:32 | call to Get | stdlib.go:71:23:71:28 | target | provenance | | +| stdlib.go:71:23:71:28 | target | stdlib.go:71:23:71:37 | ...+... | provenance | Config | +| stdlib.go:71:23:71:37 | ...+... | stdlib.go:71:23:71:40 | ...+... | provenance | Config Sink:MaD:1 | +| stdlib.go:93:13:93:18 | selection of Form | stdlib.go:93:13:93:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance | | +| stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config | +| stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | provenance | | +| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | stdlib.go:115:6:115:6 | r [pointer, URL] | provenance | | +| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | provenance | | +| stdlib.go:115:6:115:6 | r [pointer, URL] | stdlib.go:116:4:116:4 | r [pointer, URL] | provenance | | +| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | provenance | | +| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | | +| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:111:54:111:54 | definition of r [pointer, URL] | provenance | | +| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:116:4:116:8 | selection of URL | provenance | | +| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | | +| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | | +| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance | | +| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL | provenance | Config | +| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | | +| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | Src:MaD:4 | +| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config | +| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | | +| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:8 | implicit dereference | provenance | | +| stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance | | +| stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance | | +| stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 | +| stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config | +| stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 | +| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL | provenance | Config | +| stdlib.go:163:10:163:15 | star expression | stdlib.go:166:24:166:26 | url | provenance | | +| stdlib.go:163:11:163:15 | selection of URL | stdlib.go:163:10:163:15 | star expression | provenance | Src:MaD:4 Config | +| stdlib.go:166:24:166:26 | url | stdlib.go:166:24:166:35 | call to String | provenance | Config Sink:MaD:1 | +| stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config | +| stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 | +| stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 | +| stdlib.go:194:3:194:8 | definition of target | stdlib.go:196:23:196:28 | target | provenance | | +| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:194:3:194:8 | definition of target | provenance | | +| stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config | +| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:194:3:194:8 | definition of target | provenance | Config | +| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | +| stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; Form; ; ; ; remote; manual | @@ -79,54 +81,56 @@ nodes | stdlib.go:22:13:22:18 | selection of Form | semmle.label | selection of Form | | stdlib.go:22:13:22:32 | call to Get | semmle.label | call to Get | | stdlib.go:24:30:24:35 | target | semmle.label | target | -| stdlib.go:31:13:31:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:31:13:31:32 | call to Get | semmle.label | call to Get | -| stdlib.go:35:30:35:39 | ...+... | semmle.label | ...+... | -| stdlib.go:35:34:35:39 | target | semmle.label | target | -| stdlib.go:44:13:44:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:44:13:44:32 | call to Get | semmle.label | call to Get | -| stdlib.go:46:23:46:28 | target | semmle.label | target | -| stdlib.go:64:13:64:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:64:13:64:32 | call to Get | semmle.label | call to Get | -| stdlib.go:67:23:67:28 | target | semmle.label | target | -| stdlib.go:67:23:67:37 | ...+... | semmle.label | ...+... | -| stdlib.go:67:23:67:40 | ...+... | semmle.label | ...+... | -| stdlib.go:89:13:89:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:89:13:89:32 | call to Get | semmle.label | call to Get | -| stdlib.go:90:3:90:8 | target | semmle.label | target | -| stdlib.go:90:3:90:25 | ... += ... | semmle.label | ... += ... | -| stdlib.go:92:23:92:28 | target | semmle.label | target | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] | -| stdlib.go:107:54:107:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] | -| stdlib.go:112:4:112:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] | -| stdlib.go:112:4:112:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | -| stdlib.go:112:4:112:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | -| stdlib.go:112:4:112:4 | r [pointer, URL] | semmle.label | r [pointer, URL] | -| stdlib.go:112:4:112:8 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:112:4:112:8 | selection of URL | semmle.label | selection of URL | -| stdlib.go:112:4:112:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] | -| stdlib.go:113:24:113:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | -| stdlib.go:113:24:113:24 | r [pointer, URL] | semmle.label | r [pointer, URL] | -| stdlib.go:113:24:113:28 | selection of URL | semmle.label | selection of URL | -| stdlib.go:113:24:113:37 | call to String | semmle.label | call to String | -| stdlib.go:146:13:146:18 | selection of Form | semmle.label | selection of Form | -| stdlib.go:146:13:146:32 | call to Get | semmle.label | call to Get | -| stdlib.go:152:23:152:28 | target | semmle.label | target | -| stdlib.go:159:10:159:15 | star expression | semmle.label | star expression | -| stdlib.go:159:11:159:15 | selection of URL | semmle.label | selection of URL | -| stdlib.go:162:24:162:26 | url | semmle.label | url | -| stdlib.go:162:24:162:35 | call to String | semmle.label | call to String | -| stdlib.go:173:24:173:52 | ...+... | semmle.label | ...+... | -| stdlib.go:173:35:173:39 | selection of URL | semmle.label | selection of URL | -| stdlib.go:173:35:173:52 | call to RequestURI | semmle.label | call to RequestURI | -| stdlib.go:182:13:182:33 | call to FormValue | semmle.label | call to FormValue | -| stdlib.go:184:23:184:28 | target | semmle.label | target | -| stdlib.go:190:3:190:8 | definition of target | semmle.label | definition of target | -| stdlib.go:190:3:190:57 | ... := ...[0] | semmle.label | ... := ...[0] | -| stdlib.go:190:36:190:56 | call to FormValue | semmle.label | call to FormValue | -| stdlib.go:192:23:192:28 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:192:23:192:28 | target | semmle.label | target | -| stdlib.go:192:23:192:33 | selection of Path | semmle.label | selection of Path | -| stdlib.go:194:23:194:28 | target | semmle.label | target | -| stdlib.go:194:23:194:42 | call to EscapedPath | semmle.label | call to EscapedPath | +| stdlib.go:33:13:33:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:33:13:33:32 | call to Get | semmle.label | call to Get | +| stdlib.go:39:30:39:40 | ...+... | semmle.label | ...+... | +| stdlib.go:39:34:39:40 | target2 | semmle.label | target2 | +| stdlib.go:48:13:48:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:48:13:48:32 | call to Get | semmle.label | call to Get | +| stdlib.go:50:23:50:28 | target | semmle.label | target | +| stdlib.go:68:13:68:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:68:13:68:32 | call to Get | semmle.label | call to Get | +| stdlib.go:71:23:71:28 | target | semmle.label | target | +| stdlib.go:71:23:71:37 | ...+... | semmle.label | ...+... | +| stdlib.go:71:23:71:40 | ...+... | semmle.label | ...+... | +| stdlib.go:93:13:93:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:93:13:93:32 | call to Get | semmle.label | call to Get | +| stdlib.go:94:3:94:8 | target | semmle.label | target | +| stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... | +| stdlib.go:96:23:96:28 | target | semmle.label | target | +| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] | +| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] | +| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | +| stdlib.go:115:6:115:6 | r [pointer, URL] | semmle.label | r [pointer, URL] | +| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] | +| stdlib.go:116:4:116:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | +| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | +| stdlib.go:116:4:116:4 | r [pointer, URL] | semmle.label | r [pointer, URL] | +| stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL | +| stdlib.go:116:4:116:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] | +| stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | +| stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] | +| stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL | +| stdlib.go:117:24:117:37 | call to String | semmle.label | call to String | +| stdlib.go:150:13:150:18 | selection of Form | semmle.label | selection of Form | +| stdlib.go:150:13:150:32 | call to Get | semmle.label | call to Get | +| stdlib.go:156:23:156:28 | target | semmle.label | target | +| stdlib.go:163:10:163:15 | star expression | semmle.label | star expression | +| stdlib.go:163:11:163:15 | selection of URL | semmle.label | selection of URL | +| stdlib.go:166:24:166:26 | url | semmle.label | url | +| stdlib.go:166:24:166:35 | call to String | semmle.label | call to String | +| stdlib.go:177:24:177:52 | ...+... | semmle.label | ...+... | +| stdlib.go:177:35:177:39 | selection of URL | semmle.label | selection of URL | +| stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI | +| stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:188:23:188:28 | target | semmle.label | target | +| stdlib.go:194:3:194:8 | definition of target | semmle.label | definition of target | +| stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] | +| stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:196:23:196:28 | target | semmle.label | target | +| stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path | +| stdlib.go:198:23:198:28 | target | semmle.label | target | +| stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go index 0ccacd7d87e7..f6cd1e5576f2 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go @@ -28,13 +28,17 @@ func serveStdlib() { http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() + // Taking gratuitous copies of target so that sanitizing the use in + // the first request doesn't also sanitize other uses target := r.Form.Get("target") + target2 := target + target3 := target // GOOD: local redirects are unproblematic w.Header().Set("Location", "/local"+target) // BAD: this could be a non-local redirect - w.Header().Set("Location", "/"+target) + w.Header().Set("Location", "/"+target2) // GOOD: localhost redirects are unproblematic - w.Header().Set("Location", "//localhost/"+target) + w.Header().Set("Location", "//localhost/"+target3) w.WriteHeader(302) }) diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 696d8dd700b4..1fa5431811bd 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,18 +1,18 @@ #select | RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value | -| tst.go:14:2:14:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | The $@ of this request depends on a $@. | tst.go:14:11:14:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:16:2:16:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | The $@ of this request depends on a $@. | tst.go:16:12:16:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:18:2:18:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | The $@ of this request depends on a $@. | tst.go:18:12:18:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:20:2:20:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | The $@ of this request depends on a $@. | tst.go:20:16:20:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:24:2:24:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | The $@ of this request depends on a $@. | tst.go:23:35:23:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:27:2:27:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | The $@ of this request depends on a $@. | tst.go:26:68:26:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:29:2:29:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | The $@ of this request depends on a $@. | tst.go:29:13:29:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:30:2:30:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | The $@ of this request depends on a $@. | tst.go:30:14:30:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:31:2:31:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | The $@ of this request depends on a $@. | tst.go:31:14:31:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:32:2:32:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | The $@ of this request depends on a $@. | tst.go:32:18:32:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:34:2:34:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | The $@ of this request depends on a $@. | tst.go:34:11:34:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:36:2:36:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | The $@ of this request depends on a $@. | tst.go:36:11:36:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:44:2:44:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:44:11:44:20 | call to String | The $@ of this request depends on a $@. | tst.go:44:11:44:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:18:2:18:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | The $@ of this request depends on a $@. | tst.go:18:11:18:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:20:2:20:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | The $@ of this request depends on a $@. | tst.go:20:12:20:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:22:2:22:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | The $@ of this request depends on a $@. | tst.go:22:12:22:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:24:2:24:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | The $@ of this request depends on a $@. | tst.go:24:16:24:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:28:2:28:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | The $@ of this request depends on a $@. | tst.go:27:35:27:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:31:2:31:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | The $@ of this request depends on a $@. | tst.go:30:68:30:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:33:2:33:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | The $@ of this request depends on a $@. | tst.go:33:13:33:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:34:2:34:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | The $@ of this request depends on a $@. | tst.go:34:14:34:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:35:2:35:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | The $@ of this request depends on a $@. | tst.go:35:14:35:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:36:2:36:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | The $@ of this request depends on a $@. | tst.go:36:18:36:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:38:2:38:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | The $@ of this request depends on a $@. | tst.go:38:11:38:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:40:2:40:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | The $@ of this request depends on a $@. | tst.go:40:11:40:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:48:2:48:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:48:11:48:20 | call to String | The $@ of this request depends on a $@. | tst.go:48:11:48:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | | websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value | | websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value | | websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value | @@ -24,29 +24,28 @@ | websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value | edges | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:14:11:14:17 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:16:12:16:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:12:18:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:20:16:20:22 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:23:35:23:41 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:26:68:26:74 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:29:13:29:19 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:30:14:30:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:31:14:31:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:32:18:32:24 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:34:11:34:29 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:11:36:40 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:43:11:43:17 | tainted | provenance | Src:MaD:1 | -| tst.go:42:2:42:2 | definition of u [pointer] | tst.go:43:2:43:2 | u [pointer] | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:42:2:42:2 | definition of u [pointer] | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:43:2:43:2 | u | provenance | | -| tst.go:43:2:43:2 | implicit dereference | tst.go:44:11:44:11 | u | provenance | | -| tst.go:43:2:43:2 | u | tst.go:43:2:43:2 | implicit dereference | provenance | | -| tst.go:43:2:43:2 | u | tst.go:44:11:44:11 | u | provenance | | -| tst.go:43:2:43:2 | u [pointer] | tst.go:43:2:43:2 | implicit dereference | provenance | | -| tst.go:43:11:43:17 | tainted | tst.go:43:2:43:2 | u | provenance | Config | -| tst.go:43:11:43:17 | tainted | tst.go:44:11:44:11 | u | provenance | Config | -| tst.go:44:11:44:11 | u | tst.go:44:11:44:20 | call to String | provenance | MaD:3 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 | +| tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 | +| tst.go:46:2:46:2 | definition of u [pointer] | tst.go:47:2:47:2 | u [pointer] | provenance | | +| tst.go:47:2:47:2 | implicit dereference | tst.go:46:2:46:2 | definition of u [pointer] | provenance | | +| tst.go:47:2:47:2 | implicit dereference | tst.go:47:2:47:2 | u | provenance | | +| tst.go:47:2:47:2 | u | tst.go:47:2:47:2 | implicit dereference | provenance | | +| tst.go:47:2:47:2 | u | tst.go:48:11:48:11 | u | provenance | | +| tst.go:47:2:47:2 | u [pointer] | tst.go:47:2:47:2 | implicit dereference | provenance | | +| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u | provenance | Config | +| tst.go:47:11:47:18 | tainted2 | tst.go:48:11:48:11 | u | provenance | Config | +| tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 | | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 | | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 | | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:2 | @@ -64,25 +63,25 @@ nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | | tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue | -| tst.go:14:11:14:17 | tainted | semmle.label | tainted | -| tst.go:16:12:16:18 | tainted | semmle.label | tainted | -| tst.go:18:12:18:18 | tainted | semmle.label | tainted | -| tst.go:20:16:20:22 | tainted | semmle.label | tainted | -| tst.go:23:35:23:41 | tainted | semmle.label | tainted | -| tst.go:26:68:26:74 | tainted | semmle.label | tainted | -| tst.go:29:13:29:19 | tainted | semmle.label | tainted | -| tst.go:30:14:30:20 | tainted | semmle.label | tainted | -| tst.go:31:14:31:20 | tainted | semmle.label | tainted | -| tst.go:32:18:32:24 | tainted | semmle.label | tainted | -| tst.go:34:11:34:29 | ...+... | semmle.label | ...+... | -| tst.go:36:11:36:40 | ...+... | semmle.label | ...+... | -| tst.go:42:2:42:2 | definition of u [pointer] | semmle.label | definition of u [pointer] | -| tst.go:43:2:43:2 | implicit dereference | semmle.label | implicit dereference | -| tst.go:43:2:43:2 | u | semmle.label | u | -| tst.go:43:2:43:2 | u [pointer] | semmle.label | u [pointer] | -| tst.go:43:11:43:17 | tainted | semmle.label | tainted | -| tst.go:44:11:44:11 | u | semmle.label | u | -| tst.go:44:11:44:20 | call to String | semmle.label | call to String | +| tst.go:18:11:18:17 | tainted | semmle.label | tainted | +| tst.go:20:12:20:18 | tainted | semmle.label | tainted | +| tst.go:22:12:22:18 | tainted | semmle.label | tainted | +| tst.go:24:16:24:22 | tainted | semmle.label | tainted | +| tst.go:27:35:27:41 | tainted | semmle.label | tainted | +| tst.go:30:68:30:74 | tainted | semmle.label | tainted | +| tst.go:33:13:33:19 | tainted | semmle.label | tainted | +| tst.go:34:14:34:20 | tainted | semmle.label | tainted | +| tst.go:35:14:35:20 | tainted | semmle.label | tainted | +| tst.go:36:18:36:24 | tainted | semmle.label | tainted | +| tst.go:38:11:38:29 | ...+... | semmle.label | ...+... | +| tst.go:40:11:40:40 | ...+... | semmle.label | ...+... | +| tst.go:46:2:46:2 | definition of u [pointer] | semmle.label | definition of u [pointer] | +| tst.go:47:2:47:2 | implicit dereference | semmle.label | implicit dereference | +| tst.go:47:2:47:2 | u | semmle.label | u | +| tst.go:47:2:47:2 | u [pointer] | semmle.label | u [pointer] | +| tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 | +| tst.go:48:11:48:11 | u | semmle.label | u | +| tst.go:48:11:48:20 | call to String | semmle.label | call to String | | websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | | websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput | | websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer | diff --git a/go/ql/test/query-tests/Security/CWE-918/tst.go b/go/ql/test/query-tests/Security/CWE-918/tst.go index 44a172ddad07..02f65507abd5 100644 --- a/go/ql/test/query-tests/Security/CWE-918/tst.go +++ b/go/ql/test/query-tests/Security/CWE-918/tst.go @@ -8,6 +8,10 @@ import ( func handler2(w http.ResponseWriter, req *http.Request) { tainted := req.FormValue("target") // $ Source + // Gratuitous copy due to use-use flow propagating sanitization when + // used as a suffix in the last two OK cases forwards onto the final + // Not OK case. + tainted2 := tainted http.Get("example.com") // OK @@ -40,7 +44,7 @@ func handler2(w http.ResponseWriter, req *http.Request) { http.Get("http://example.com/?" + tainted) // OK u, _ := url.Parse("http://example.com/relative-path") - u.Host = tainted + u.Host = tainted2 http.Get(u.String()) // $ Alert } From 4484d5bfa95c65b98bf3792e821ac8ad53e0342c Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 28 Nov 2023 16:02:14 +0000 Subject: [PATCH 138/307] Add missing QLDoc --- go/ql/lib/semmle/go/dataflow/SSA.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index 5891c0ed800b..b255c14f66c0 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -198,6 +198,11 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef { override Location getLocation() { result = this.getInstruction().getLocation() } + /** + * Gets the first instruction that the value of this `SsaDefinition` can + * reach without passing through any other instructions, but possibly through + * phi nodes. + */ IR::Instruction getAFirstUse() { firstUse(this, result) } } @@ -413,4 +418,11 @@ DataFlow::Node getASimilarReadNode(DataFlow::Node node) { ) } +/** + * Gets an instruction such that `pred` and `result` form an adjacent + * use-use-pair of the same`SsaSourceVariable`, that is, the value read in + * `pred` can reach `result` without passing through any other use or any SSA + * definition of the variable except for phi nodes and uncertain implicit + * updates. + */ IR::Instruction getAnAdjacentUse(IR::Instruction pred) { adjacentUseUse(pred, result) } From 5267671b1502e3657c14c5a6f881ebbb21ad0044 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 28 Nov 2023 13:25:45 +0000 Subject: [PATCH 139/307] Clean up code in basicLocalFlowStep No changes in functionality. --- .../semmle/go/dataflow/internal/DataFlowPrivate.qll | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 15f8a8462a15..ee612bde0e44 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -69,22 +69,22 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { exists(IR::Instruction pred, SsaExplicitDefinition succ | succ.getRhs() = pred and nodeFrom = instructionNode(pred) and - nodeTo = ssaNode(succ) + nodeTo = ssaNode(succ.getVariable()) ) or // SSA defn -> SSA capture exists(SsaExplicitDefinition pred, SsaVariableCapture succ | // Check: should these flow from PHIs as well? Perhaps they should be included // in the use-use graph? - succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable() + succ.getSourceVariable() = pred.getSourceVariable() | - nodeFrom = ssaNode(pred) and - nodeTo = ssaNode(succ) + nodeFrom = ssaNode(pred.getVariable()) and + nodeTo = ssaNode(succ.getVariable()) ) or // SSA defn -> first SSA use exists(SsaExplicitDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | - nodeFrom = ssaNode(pred) and + nodeFrom = ssaNode(pred.getVariable()) and nodeTo = instructionNode(succ) ) or From b4743155f6c2f3a3c063a931f8a6631501171170 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 28 Nov 2023 15:47:55 +0000 Subject: [PATCH 140/307] Include first step from SsaVariableCapture Without this change the test go/ql/test/query-tests/InconsistentCode/UnhandledCloseWritableHandle/UnhandledCloseWritableHandle.qlref was failing. --- go/ql/lib/semmle/go/dataflow/SSA.qll | 14 +++++++------- .../go/dataflow/internal/DataFlowPrivate.qll | 3 ++- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SSA.qll b/go/ql/lib/semmle/go/dataflow/SSA.qll index b255c14f66c0..98dae5f3d014 100644 --- a/go/ql/lib/semmle/go/dataflow/SSA.qll +++ b/go/ql/lib/semmle/go/dataflow/SSA.qll @@ -166,6 +166,13 @@ class SsaDefinition extends TSsaDefinition { ) { this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) } + + /** + * Gets the first instruction that the value of this `SsaDefinition` can + * reach without passing through any other instructions, but possibly through + * phi nodes. + */ + IR::Instruction getAFirstUse() { firstUse(this, result) } } /** @@ -197,13 +204,6 @@ class SsaExplicitDefinition extends SsaDefinition, TExplicitDef { override string prettyPrintDef() { result = "definition of " + this.getSourceVariable() } override Location getLocation() { result = this.getInstruction().getLocation() } - - /** - * Gets the first instruction that the value of this `SsaDefinition` can - * reach without passing through any other instructions, but possibly through - * phi nodes. - */ - IR::Instruction getAFirstUse() { firstUse(this, result) } } /** Provides a helper predicate for working with explicit SSA definitions. */ diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index ee612bde0e44..3b8ed07c1a3b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -83,7 +83,8 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { ) or // SSA defn -> first SSA use - exists(SsaExplicitDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | + exists(SsaDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | + (pred instanceof SsaExplicitDefinition or pred instanceof SsaVariableCapture) and nodeFrom = ssaNode(pred.getVariable()) and nodeTo = instructionNode(succ) ) From 49b8b0bca3e21e849cc46ad78ddc82650e36ee68 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 5 Sep 2025 14:20:06 +0100 Subject: [PATCH 141/307] Remove local flow step from SSA defn to SSA capture --- .../semmle/go/dataflow/internal/DataFlowPrivate.qll | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 3b8ed07c1a3b..f05859de8137 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -72,16 +72,6 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { nodeTo = ssaNode(succ.getVariable()) ) or - // SSA defn -> SSA capture - exists(SsaExplicitDefinition pred, SsaVariableCapture succ | - // Check: should these flow from PHIs as well? Perhaps they should be included - // in the use-use graph? - succ.getSourceVariable() = pred.getSourceVariable() - | - nodeFrom = ssaNode(pred.getVariable()) and - nodeTo = ssaNode(succ.getVariable()) - ) - or // SSA defn -> first SSA use exists(SsaDefinition pred, IR::Instruction succ | succ = pred.getAFirstUse() | (pred instanceof SsaExplicitDefinition or pred instanceof SsaVariableCapture) and From 4e04d27d3212cffb0d694056d99bf07a8268c7b2 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 29 Nov 2023 11:19:00 +0000 Subject: [PATCH 142/307] Adjust SafeFormatArgumentSanitizer to use-use flow Make it sanitize the result of the call rather than the input, so that further uses of the input are still tainted. This means that it catches things like `log.Print(fmt.Sprintf("user %q logged in.\n", username))` where the argument to the LoggerCall contains a StringFormatCall, but it misses things like `log.Printf("user %q logged in.\n", username)`. So we extract the logic into a predicate and apply it as a condition in the sink as well. The downside of this approach is that if there are two tainted inputs and only one has a safe format argument then we still sanitize the result. Hopefully this is rare. --- .../security/LogInjectionCustomizations.qll | 34 ++++++++++++++++--- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index 565cf29a4508..4518104d33a7 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -35,7 +35,15 @@ module LogInjection { /** An argument to a logging mechanism. */ class LoggerSink extends Sink { - LoggerSink() { this = any(LoggerCall log).getAValueFormattedMessageComponent() } + LoggerSink() { + exists(LoggerCall call | + this = call.getAValueFormattedMessageComponent() and + // exclude arguments to `call` which have a safe format argument, which + // aren't caught by SafeFormatArgumentSanitizer as that sanitizes the + // result of the call. + not safeFormatArgument(this, call) + ) + } } /** @@ -47,6 +55,22 @@ module LogInjection { ReplaceSanitizer() { this.getReplacedString() = ["\r", "\n"] } } + /** + * Holds if `arg` is an argument to `call` that is formatted using the `%q` + * directive. This formatting directive replaces newline characters with + * escape sequences, so `arg` would not be a sink for log injection. + */ + private predicate safeFormatArgument( + DataFlow::Node arg, StringOps::Formatting::StringFormatCall call + ) { + exists(string safeDirective | + // Mark "%q" formats as safe, but not "%#q", which would preserve newline characters. + safeDirective.regexpMatch("%[^%#]*q") + | + arg = call.getOperand(_, safeDirective) + ) + } + /** * An argument that is formatted using the `%q` directive, considered as a sanitizer * for log injection. @@ -55,10 +79,10 @@ module LogInjection { */ private class SafeFormatArgumentSanitizer extends Sanitizer { SafeFormatArgumentSanitizer() { - exists(StringOps::Formatting::StringFormatCall call, string safeDirective | - this = call.getOperand(_, safeDirective) and - // Mark "%q" formats as safe, but not "%#q", which would preserve newline characters. - safeDirective.regexpMatch("%[^%#]*q") + exists(DataFlow::Node arg, StringOps::Formatting::StringFormatCall call | + safeFormatArgument(arg, call) + | + this = call.getAResult() ) } } From b2a9cecd69c3411ee63c1c0c70cebf3120a058e7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 30 Nov 2023 14:17:18 +0000 Subject: [PATCH 143/307] Fix Allocation Size Overflow for use-use flow We have an operator expression like `x * 5`. We want to follow where the value of the operator expression goes. We used to follow local flow from an operand, but now there is flow from that operand to the next use of the variable. The fix is to explicitly start local flow from the operator expression. There are also some expected edge changes due to use-use flow. --- .../AllocationSizeOverflowCustomizations.qll | 23 +++++++++++-------- .../CWE-190/AllocationSizeOverflow.expected | 10 ++++++-- 2 files changed, 22 insertions(+), 11 deletions(-) diff --git a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll index 60841b048f43..3eced801f209 100644 --- a/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll +++ b/go/ql/lib/semmle/go/security/AllocationSizeOverflowCustomizations.qll @@ -32,7 +32,10 @@ module AllocationSizeOverflow { /** * A data-flow node that is an operand to an operation that may overflow. */ - abstract class OverflowProneOperand extends DataFlow::Node { } + abstract class OverflowProneOperand extends DataFlow::Node { + /** Gets the operation that may overflow that `this` is an operand of. */ + abstract DataFlow::Node getOverflowProneOperation(); + } /** * A data-flow node that represents the size argument of an allocation, such as the `n` in @@ -91,8 +94,7 @@ module AllocationSizeOverflow { AllocationSize allocsz; DefaultSink() { - this instanceof OverflowProneOperand and - localStep*(this, allocsz) and + localStep*(this.(OverflowProneOperand).getOverflowProneOperation(), allocsz) and not allocsz instanceof AllocationSizeCheckBarrier } @@ -134,15 +136,18 @@ module AllocationSizeOverflow { /** An operand of an arithmetic expression that could cause overflow. */ private class DefaultOverflowProneOperand extends OverflowProneOperand { + OperatorExpr parent; + DefaultOverflowProneOperand() { - exists(OperatorExpr parent | isOverflowProne(parent) | - this.asExpr() = parent.getAnOperand() and - // only consider outermost operands to avoid double reporting - not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() | - isOverflowProne(grandparent) - ) + isOverflowProne(parent) and + this.asExpr() = parent.getAnOperand() and + // only consider outermost operands to avoid double reporting + not exists(OperatorExpr grandparent | parent = grandparent.getAnOperand().stripParens() | + isOverflowProne(grandparent) ) } + + override DataFlow::Node getOverflowProneOperation() { result.asExpr() = parent } } /** diff --git a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected index 3a9de1ebe600..ec1835a6f8ac 100644 --- a/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected +++ b/go/ql/test/query-tests/Security/CWE-190/AllocationSizeOverflow.expected @@ -17,10 +17,13 @@ edges | tst2.go:14:2:14:29 | ... := ...[0] | tst2.go:15:26:15:29 | data | provenance | | | tst2.go:15:26:15:29 | data | tst2.go:15:22:15:30 | call to len | provenance | Config | | tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:7:26:7:33 | jsonData | provenance | | -| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:24:20:24:27 | jsonData | provenance | | -| tst3.go:6:2:6:31 | ... := ...[0] | tst3.go:32:20:32:27 | jsonData | provenance | | | tst3.go:7:26:7:33 | jsonData | tst3.go:7:22:7:34 | call to len | provenance | Config | +| tst3.go:7:26:7:33 | jsonData | tst3.go:9:32:9:39 | jsonData | provenance | | +| tst3.go:9:32:9:39 | jsonData | tst3.go:11:9:11:16 | jsonData | provenance | | +| tst3.go:11:9:11:16 | jsonData | tst3.go:16:20:16:27 | jsonData | provenance | | +| tst3.go:16:20:16:27 | jsonData | tst3.go:24:20:24:27 | jsonData | provenance | | | tst3.go:24:20:24:27 | jsonData | tst3.go:24:16:24:28 | call to len | provenance | Config | +| tst3.go:24:20:24:27 | jsonData | tst3.go:32:20:32:27 | jsonData | provenance | | | tst3.go:32:20:32:27 | jsonData | tst3.go:32:16:32:28 | call to len | provenance | Config | | tst.go:14:2:14:30 | ... = ...[0] | tst.go:15:26:15:33 | jsonData | provenance | | | tst.go:15:26:15:33 | jsonData | tst.go:15:22:15:34 | call to len | provenance | Config | @@ -45,6 +48,9 @@ nodes | tst3.go:6:2:6:31 | ... := ...[0] | semmle.label | ... := ...[0] | | tst3.go:7:22:7:34 | call to len | semmle.label | call to len | | tst3.go:7:26:7:33 | jsonData | semmle.label | jsonData | +| tst3.go:9:32:9:39 | jsonData | semmle.label | jsonData | +| tst3.go:11:9:11:16 | jsonData | semmle.label | jsonData | +| tst3.go:16:20:16:27 | jsonData | semmle.label | jsonData | | tst3.go:24:16:24:28 | call to len | semmle.label | call to len | | tst3.go:24:20:24:27 | jsonData | semmle.label | jsonData | | tst3.go:32:16:32:28 | call to len | semmle.label | call to len | From 9068315f038c52a599b191e7952cc646ac7fe100 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 30 Nov 2023 21:23:22 +0000 Subject: [PATCH 144/307] Fix IncorrectIntegerConversion for use-use flow We were assuming that `sink` only had one successor, the TypeCastNode, but it can now have an adjacent use as well. --- .../go/security/IncorrectIntegerConversionLib.qll | 12 ++++++++---- .../CWE-681/IncorrectIntegerConversionQuery.ql | 3 ++- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll index 7864205d1dce..161916cd11ef 100644 --- a/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll +++ b/go/ql/lib/semmle/go/security/IncorrectIntegerConversionLib.qll @@ -290,13 +290,17 @@ private predicate integerTypeBound(IntegerType it, int bitSize, int architecture * the type assertion succeeded. If it is not checked then there will be a * run-time panic if the type assertion fails, so we can assume it succeeded. */ -class TypeAssertionCheck extends DataFlow::ExprNode, FlowStateTransformer { +class TypeAssertionCheck extends DataFlow::InstructionNode, FlowStateTransformer { IntegerType it; TypeAssertionCheck() { - exists(TypeAssertExpr tae | - this = DataFlow::exprNode(tae.getExpr()) and - it = tae.getTypeExpr().getType().getUnderlyingType() + exists(IR::Instruction evalAssert, TypeAssertExpr assert | + it = assert.getTypeExpr().getType().getUnderlyingType() and + evalAssert = IR::evalExprInstruction(assert) + | + if exists(IR::extractTupleElement(evalAssert, _)) + then this.asInstruction() = IR::extractTupleElement(evalAssert, 0) + else this.asInstruction() = evalAssert ) } diff --git a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql index a310f024a2d0..ce5081a92e92 100644 --- a/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql +++ b/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql @@ -18,7 +18,8 @@ import semmle.go.security.IncorrectIntegerConversionLib import Flow::PathGraph from - Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call, DataFlow::Node sinkConverted + Flow::PathNode source, Flow::PathNode sink, DataFlow::CallNode call, + DataFlow::TypeCastNode sinkConverted where Flow::flowPath(source, sink) and call.getResult(0) = source.getNode() and From a3eb0100a653c3a4c37e9bae20cb332645e135ab Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 26 Jan 2021 14:00:06 +0000 Subject: [PATCH 145/307] Optimise join order for varBlockReaches --- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 39 +++++++++++++++++++++--- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index 7380aaf60ebf..fb1ec99c3105 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -306,6 +306,38 @@ private module Internal { exists(getDefReachingEndOf(b, v)) } + /** + * Holds if `v` occurs in `b1` and `b2` is one of `b1`'s successors. + * + * Factored out of `varBlockReaches` to force join order compared to the larger + * set `blockPrecedesVar(v, b2)`. + */ + pragma[noinline] + private predicate varBlockReachesBaseCand( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 + ) { + varOccursInBlock(v, b1) and + b2 = b1.getASuccessor() + } + + /** + * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and + * in `b2` or one of its transitive successors but not in any block on the path + * between `b1` and `b2`. Unlike `varBlockReaches` this may include blocks `b2` + * where `v` is dead. + * + * Factored out of `varBlockReaches` to force join order compared to the larger + * set `blockPrecedesVar(v, b2)`. + */ + pragma[noinline] + private predicate varBlockReachesRecCand( + SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock mid, ReachableBasicBlock b2 + ) { + varBlockReaches(v, b1, mid) and + not varOccursInBlock(v, mid) and + b2 = mid.getASuccessor() + } + /** * Holds if `b2` is a transitive successor of `b1` and `v` occurs in `b1` and * in `b2` or one of its transitive successors but not in any block on the path @@ -314,14 +346,11 @@ private module Internal { private predicate varBlockReaches( SsaSourceVariable v, ReachableBasicBlock b1, ReachableBasicBlock b2 ) { - varOccursInBlock(v, b1) and - b2 = b1.getASuccessor() and + varBlockReachesBaseCand(v, b1, b2) and blockPrecedesVar(v, b2) or exists(ReachableBasicBlock mid | - varBlockReaches(v, b1, mid) and - b2 = mid.getASuccessor() and - not varOccursInBlock(v, mid) and + varBlockReachesRecCand(v, b1, mid, b2) and blockPrecedesVar(v, b2) ) } From 32de2113a6a5057c121884eed42848aca7644769 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 2 Sep 2025 15:51:37 +0100 Subject: [PATCH 146/307] Use `_` instead of exists variable x2 --- go/ql/lib/semmle/go/dataflow/SsaImpl.qll | 6 ++---- go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll | 4 +--- 2 files changed, 3 insertions(+), 7 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll index fb1ec99c3105..8549d9b497ad 100644 --- a/go/ql/lib/semmle/go/dataflow/SsaImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/SsaImpl.qll @@ -349,10 +349,8 @@ private module Internal { varBlockReachesBaseCand(v, b1, b2) and blockPrecedesVar(v, b2) or - exists(ReachableBasicBlock mid | - varBlockReachesRecCand(v, b1, mid, b2) and - blockPrecedesVar(v, b2) - ) + varBlockReachesRecCand(v, b1, _, b2) and + blockPrecedesVar(v, b2) } /** diff --git a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll index 4518104d33a7..9160c204df1d 100644 --- a/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/LogInjectionCustomizations.qll @@ -79,9 +79,7 @@ module LogInjection { */ private class SafeFormatArgumentSanitizer extends Sanitizer { SafeFormatArgumentSanitizer() { - exists(DataFlow::Node arg, StringOps::Formatting::StringFormatCall call | - safeFormatArgument(arg, call) - | + exists(StringOps::Formatting::StringFormatCall call | safeFormatArgument(_, call) | this = call.getAResult() ) } From 3594dba83c91471e217064aa6e6fc16497260c87 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 6 Mar 2025 15:05:17 +0000 Subject: [PATCH 147/307] Make insecure randomness test more realistic --- .../InsecureRandomness/InsecureRandomness.expected | 9 +++------ .../Security/CWE-338/InsecureRandomness/sample.go | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index b2659fffde78..40be0e8df691 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -1,8 +1,7 @@ #select | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | InsecureRandomness.go:12:18:12:40 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | InsecureRandomness.go:12:18:12:40 | call to Intn | random number | | sample.go:26:25:26:30 | call to Guid | sample.go:15:49:15:61 | call to Uint32 | sample.go:26:25:26:30 | call to Guid | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:15:49:15:61 | call to Uint32 | random number | -| sample.go:37:25:37:29 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:25:37:29 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | -| sample.go:37:32:37:36 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:32:37:36 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | +| sample.go:37:35:37:39 | nonce | sample.go:34:12:34:40 | call to New | sample.go:37:35:37:39 | nonce | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:34:12:34:40 | call to New | random number | | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | sample.go:43:17:43:39 | call to Intn | A password-related function depends on a $@ generated with a cryptographically weak RNG. | sample.go:43:17:43:39 | call to Intn | random number | | sample.go:58:32:58:43 | type conversion | sample.go:55:17:55:42 | call to Intn | sample.go:58:32:58:43 | type conversion | This cryptographic algorithm depends on a $@ generated with a cryptographically weak RNG. | sample.go:55:17:55:42 | call to Intn | random number | edges @@ -13,8 +12,7 @@ edges | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance | | -| sample.go:33:2:33:6 | definition of nonce | sample.go:37:25:37:29 | nonce | provenance | | -| sample.go:33:2:33:6 | definition of nonce | sample.go:37:32:37:36 | nonce | provenance | | +| sample.go:33:2:33:6 | definition of nonce | sample.go:37:35:37:39 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | | sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:2 | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | @@ -36,8 +34,7 @@ nodes | sample.go:33:2:33:6 | definition of nonce | semmle.label | definition of nonce | | sample.go:34:12:34:40 | call to New | semmle.label | call to New | | sample.go:35:14:35:19 | random | semmle.label | random | -| sample.go:37:25:37:29 | nonce | semmle.label | nonce | -| sample.go:37:32:37:36 | nonce | semmle.label | nonce | +| sample.go:37:35:37:39 | nonce | semmle.label | nonce | | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn | | sample.go:44:17:44:39 | call to Intn | semmle.label | call to Intn | | sample.go:45:17:45:39 | call to Intn | semmle.label | call to Intn | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go index df703ff0dfa0..9eef81f63bb4 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/sample.go @@ -34,7 +34,7 @@ func encrypt(data []byte, password string) []byte { random := rand.New(rand.NewSource(999)) io.ReadFull(random, nonce) - ciphertext := gcm.Seal(nonce, nonce, data, nil) // BAD: use of an insecure rng to generate a nonce + ciphertext := gcm.Seal(data[:0], nonce, data, nil) // BAD: use of an insecure rng to generate a nonce return ciphertext } From 521066578bc5a05b590c4dc82648742cc90d0899 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 Nov 2023 14:58:52 +0000 Subject: [PATCH 148/307] Test result that was missing is now found --- .../library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go | 2 +- .../library-tests/semmle/go/dataflow/ExternalValueFlow/test.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go index 14b9a43b5991..c9d732e74002 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/test.go @@ -158,7 +158,7 @@ func simpleflow() { ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) - b.Sink1(taint16) // $ MISSING: hasTaintFlow="taint16" // currently fails due to lack of post-update nodes after send statements + b.Sink1(taint16) // $ hasTaintFlow="taint16" c1 := test.C{""} c1.Set(a.Src1().(string)) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go index f118880d4978..3c172e6082d2 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/test.go @@ -158,7 +158,7 @@ func simpleflow() { ch := make(chan string) ch <- a.Src1().(string) taint16 := test.StepArgCollectionContentRes(ch) - b.Sink1(taint16) // $ MISSING: hasValueFlow="taint16" // currently fails due to lack of post-update nodes after send statements + b.Sink1(taint16) // $ hasValueFlow="taint16" c1 := test.C{""} c1.Set(a.Src1().(string)) From c20abf6d58fd93d54bc3f7a5ec92e8f774dfdc4c Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 29 Nov 2023 15:30:29 +0000 Subject: [PATCH 149/307] Line numbers change because 3 lines were added --- .../go/frameworks/Echo/TaintedPath.expected | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected index c579c480fb3e..6a26aba5d76f 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/TaintedPath.expected @@ -1,16 +1,16 @@ #select -| test.go:222:17:222:24 | filepath | test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | This path depends on a $@. | test.go:221:15:221:38 | call to QueryParam | user-provided value | -| test.go:226:23:226:30 | filepath | test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | This path depends on a $@. | test.go:225:15:225:38 | call to QueryParam | user-provided value | +| test.go:225:17:225:24 | filepath | test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | This path depends on a $@. | test.go:224:15:224:38 | call to QueryParam | user-provided value | +| test.go:229:23:229:30 | filepath | test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | This path depends on a $@. | test.go:228:15:228:38 | call to QueryParam | user-provided value | edges -| test.go:221:15:221:38 | call to QueryParam | test.go:222:17:222:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 | -| test.go:225:15:225:38 | call to QueryParam | test.go:226:23:226:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 | +| test.go:224:15:224:38 | call to QueryParam | test.go:225:17:225:24 | filepath | provenance | Src:MaD:3 Sink:MaD:2 | +| test.go:228:15:228:38 | call to QueryParam | test.go:229:23:229:30 | filepath | provenance | Src:MaD:3 Sink:MaD:1 | models | 1 | Sink: github.com/labstack/echo; Context; true; Attachment; ; ; Argument[0]; path-injection; manual | | 2 | Sink: github.com/labstack/echo; Context; true; File; ; ; Argument[0]; path-injection; manual | | 3 | Source: github.com/labstack/echo; Context; true; QueryParam; ; ; ReturnValue[0]; remote; manual | nodes -| test.go:221:15:221:38 | call to QueryParam | semmle.label | call to QueryParam | -| test.go:222:17:222:24 | filepath | semmle.label | filepath | -| test.go:225:15:225:38 | call to QueryParam | semmle.label | call to QueryParam | -| test.go:226:23:226:30 | filepath | semmle.label | filepath | +| test.go:224:15:224:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:225:17:225:24 | filepath | semmle.label | filepath | +| test.go:228:15:228:38 | call to QueryParam | semmle.label | call to QueryParam | +| test.go:229:23:229:30 | filepath | semmle.label | filepath | subpaths From 14301e0af4bef171c8fe9ffd6f35a9c73c3f68a2 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 10 Nov 2023 15:28:21 +0000 Subject: [PATCH 150/307] Expected changes in dataflow edges --- .../CWE-1004/CookieWithoutHttpOnly.expected | 35 +++--- .../DecompressionBombs.expected | 2 +- .../dataflow/FlowSteps/LocalFlowStep.expected | 3 +- .../PromotedFields/LocalFlowStep.expected | 112 +++++++++--------- .../Beego/CleartextLogging.expected | 103 ++++++++++------ .../Security/CWE-022/TaintedPath.expected | 2 +- .../CWE-078/CommandInjection.expected | 16 +-- .../Security/CWE-078/SanitizingDoubleDash.go | 22 ++-- .../Security/CWE-089/SqlInjection.expected | 24 ++-- 9 files changed, 174 insertions(+), 145 deletions(-) diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected index 5c7bef1155ef..0c60eb3f97ef 100644 --- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected +++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected @@ -255,8 +255,6 @@ edges | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config | @@ -272,8 +270,6 @@ edges | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | @@ -282,12 +278,14 @@ edges | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | @@ -298,7 +296,6 @@ edges | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | @@ -312,14 +309,14 @@ edges | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | | @@ -329,8 +326,6 @@ edges | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | @@ -346,8 +341,6 @@ edges | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | @@ -356,12 +349,14 @@ edges | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | @@ -376,8 +371,6 @@ edges | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | @@ -393,8 +386,6 @@ edges | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | @@ -403,12 +394,14 @@ edges | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected index 34703cdeef4e..46bccc77a976 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -68,9 +68,9 @@ edges | test.go:91:15:91:26 | selection of Body | test.go:555:19:555:22 | definition of file | provenance | Src:MaD:1 | | test.go:93:5:93:16 | selection of Body | test.go:580:9:580:12 | definition of file | provenance | Src:MaD:1 | | test.go:128:20:128:27 | definition of filename | test.go:130:33:130:40 | filename | provenance | | -| test.go:128:20:128:27 | definition of filename | test.go:143:51:143:58 | filename | provenance | | | test.go:130:2:130:41 | ... := ...[0] | test.go:132:12:132:12 | f | provenance | | | test.go:130:33:130:40 | filename | test.go:130:2:130:41 | ... := ...[0] | provenance | Config | +| test.go:130:33:130:40 | filename | test.go:143:51:143:58 | filename | provenance | | | test.go:132:3:132:19 | ... := ...[0] | test.go:134:37:134:38 | rc | provenance | | | test.go:132:12:132:12 | f | test.go:132:3:132:19 | ... := ...[0] | provenance | MaD:4 | | test.go:143:2:143:59 | ... := ...[0] | test.go:145:12:145:12 | f | provenance | | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index b48b6fec1a77..cf8a278a9030 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -68,9 +68,8 @@ | main.go:11:14:11:14 | z | main.go:11:9:11:15 | type conversion | | main.go:14:6:14:10 | function test2 | main.go:34:8:34:12 | test2 | | main.go:14:6:14:10 | function test2 | main.go:34:19:34:23 | test2 | -| main.go:15:2:15:4 | definition of acc | main.go:16:9:19:2 | capture variable acc | | main.go:15:9:15:9 | 0 | main.go:15:2:15:4 | definition of acc | -| main.go:17:3:17:7 | definition of acc | main.go:16:9:19:2 | capture variable acc | +| main.go:16:9:19:2 | capture variable acc | main.go:17:3:17:5 | acc | | main.go:17:3:17:7 | definition of acc | main.go:18:10:18:12 | acc | | main.go:17:3:17:7 | rhs of increment statement | main.go:17:3:17:7 | definition of acc | | main.go:22:12:22:12 | argument corresponding to b | main.go:22:12:22:12 | definition of b | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected index d61d6be9c5f9..a74e39db2f1a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected @@ -79,106 +79,106 @@ | main.go:7:6:7:9 | function sink | main.go:149:2:149:5 | sink | | main.go:7:6:7:9 | function sink | main.go:150:2:150:5 | sink | | main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:26:7:26:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:27:7:27:11 | outer | -| main.go:22:2:22:6 | definition of outer | main.go:28:7:28:11 | outer | | main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer | +| main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer | +| main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer | +| main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer | | main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:34:7:34:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:35:7:35:12 | outerp | -| main.go:30:2:30:7 | definition of outerp | main.go:36:7:36:12 | outerp | | main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp | +| main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp | +| main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp | +| main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp | | main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:42:7:42:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:43:7:43:11 | outer | -| main.go:40:2:40:6 | definition of outer | main.go:44:7:44:11 | outer | | main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer | +| main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer | +| main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer | +| main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer | | main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:48:7:48:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:49:7:49:12 | outerp | -| main.go:46:2:46:7 | definition of outerp | main.go:50:7:50:12 | outerp | | main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp | +| main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp | +| main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp | +| main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp | | main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner | | main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner | | main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle | | main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle | | main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:58:7:58:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:59:7:59:11 | outer | -| main.go:56:2:56:6 | definition of outer | main.go:60:7:60:11 | outer | | main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer | +| main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer | +| main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer | +| main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer | | main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp | | main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp | | main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep | | main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep | | main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:66:7:66:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:67:7:67:12 | outerp | -| main.go:64:2:64:7 | definition of outerp | main.go:68:7:68:12 | outerp | | main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp | +| main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp | +| main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp | +| main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp | | main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner | | main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner | | main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle | | main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle | | main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:76:7:76:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:77:7:77:11 | outer | -| main.go:74:2:74:6 | definition of outer | main.go:78:7:78:11 | outer | | main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer | +| main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer | +| main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer | +| main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer | | main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp | | main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp | | main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep | | main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep | | main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:84:7:84:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:85:7:85:12 | outerp | -| main.go:82:2:82:7 | definition of outerp | main.go:86:7:86:12 | outerp | | main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp | +| main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp | +| main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp | +| main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp | | main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:92:7:92:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:93:7:93:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:94:7:94:11 | outer | -| main.go:90:6:90:10 | definition of outer | main.go:95:7:95:11 | outer | | main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer | +| main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer | +| main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer | +| main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer | +| main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer | | main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:99:7:99:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:100:7:100:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:101:7:101:12 | outerp | -| main.go:97:6:97:11 | definition of outerp | main.go:102:7:102:12 | outerp | | main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp | +| main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp | +| main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp | +| main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp | +| main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp | | main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:108:7:108:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:109:7:109:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:110:7:110:11 | outer | -| main.go:106:6:106:10 | definition of outer | main.go:111:7:111:11 | outer | | main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer | +| main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer | +| main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer | +| main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer | +| main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer | | main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:115:7:115:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:116:7:116:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:117:7:117:12 | outerp | -| main.go:113:6:113:11 | definition of outerp | main.go:118:7:118:12 | outerp | | main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp | +| main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp | +| main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp | +| main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp | +| main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp | | main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:124:7:124:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:125:7:125:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:126:7:126:11 | outer | -| main.go:122:6:122:10 | definition of outer | main.go:127:7:127:11 | outer | | main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer | +| main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer | +| main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer | +| main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer | +| main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer | | main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:131:7:131:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:132:7:132:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:133:7:133:12 | outerp | -| main.go:129:6:129:11 | definition of outerp | main.go:134:7:134:12 | outerp | | main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp | +| main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp | +| main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp | +| main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp | +| main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp | | main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:140:7:140:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:141:7:141:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:142:7:142:11 | outer | -| main.go:138:6:138:10 | definition of outer | main.go:143:7:143:11 | outer | | main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer | +| main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer | +| main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer | +| main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer | +| main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer | | main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:147:7:147:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:148:7:148:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:149:7:149:12 | outerp | -| main.go:145:6:145:11 | definition of outerp | main.go:150:7:150:12 | outerp | | main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp | +| main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp | +| main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp | +| main.go:148:7:148:12 | outerp | main.go:149:7:149:12 | outerp | +| main.go:149:7:149:12 | outerp | main.go:150:7:150:12 | outerp | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected index 6fd719423566..591d990be47c 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/CleartextLogging.expected @@ -1,5 +1,40 @@ edges +| test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | provenance | | +| test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | provenance | Sink:MaD:380 | +| test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | provenance | Sink:MaD:381 | +| test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | provenance | Sink:MaD:382 | +| test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | provenance | Sink:MaD:383 | +| test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | provenance | Sink:MaD:384 | +| test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | provenance | Sink:MaD:385 | +| test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | provenance | Sink:MaD:386 | +| test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | provenance | Sink:MaD:387 | +| test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | provenance | Sink:MaD:388 | +| test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | provenance | Sink:MaD:389 | +| test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | provenance | Sink:MaD:390 | +| test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | provenance | Sink:MaD:391 | +| test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | provenance | Sink:MaD:392 | +| test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | provenance | Sink:MaD:393 | +| test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | provenance | Sink:MaD:394 | +| test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | provenance | Sink:MaD:395 | +| test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | provenance | Sink:MaD:396 | +| test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | provenance | Sink:MaD:397 | +| test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | provenance | Sink:MaD:398 | +| test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | provenance | Sink:MaD:399 | +| test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | provenance | Sink:MaD:400 | +| test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | provenance | Sink:MaD:401 | +| test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | provenance | | nodes +| test.go:153:17:153:24 | definition of password | semmle.label | definition of password | | test.go:154:14:154:21 | password | semmle.label | password | | test.go:155:17:155:24 | password | semmle.label | password | | test.go:156:14:156:21 | password | semmle.label | password | @@ -36,37 +71,37 @@ nodes | test.go:187:16:187:23 | password | semmle.label | password | subpaths #select -| test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:154:14:154:21 | password | Sensitive data returned by an access to password | -| test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:155:17:155:24 | password | Sensitive data returned by an access to password | -| test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:156:14:156:21 | password | Sensitive data returned by an access to password | -| test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:157:18:157:25 | password | Sensitive data returned by an access to password | -| test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:158:14:158:21 | password | Sensitive data returned by an access to password | -| test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:159:13:159:20 | password | Sensitive data returned by an access to password | -| test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:160:22:160:29 | password | Sensitive data returned by an access to password | -| test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:161:15:161:22 | password | Sensitive data returned by an access to password | -| test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:162:14:162:21 | password | Sensitive data returned by an access to password | -| test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:163:13:163:20 | password | Sensitive data returned by an access to password | -| test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:164:16:164:23 | password | Sensitive data returned by an access to password | -| test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:165:13:165:20 | password | Sensitive data returned by an access to password | -| test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:166:16:166:23 | password | Sensitive data returned by an access to password | -| test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:167:13:167:20 | password | Sensitive data returned by an access to password | -| test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:168:17:168:24 | password | Sensitive data returned by an access to password | -| test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:169:13:169:20 | password | Sensitive data returned by an access to password | -| test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:170:12:170:19 | password | Sensitive data returned by an access to password | -| test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:171:21:171:28 | password | Sensitive data returned by an access to password | -| test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:172:14:172:21 | password | Sensitive data returned by an access to password | -| test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:173:13:173:20 | password | Sensitive data returned by an access to password | -| test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:174:12:174:19 | password | Sensitive data returned by an access to password | -| test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:175:15:175:22 | password | Sensitive data returned by an access to password | -| test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:176:15:176:22 | password | Sensitive data returned by an access to password | -| test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:177:18:177:25 | password | Sensitive data returned by an access to password | -| test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:178:15:178:22 | password | Sensitive data returned by an access to password | -| test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:179:19:179:26 | password | Sensitive data returned by an access to password | -| test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:180:15:180:22 | password | Sensitive data returned by an access to password | -| test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:181:14:181:21 | password | Sensitive data returned by an access to password | -| test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:182:23:182:30 | password | Sensitive data returned by an access to password | -| test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:183:16:183:23 | password | Sensitive data returned by an access to password | -| test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:184:15:184:22 | password | Sensitive data returned by an access to password | -| test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:185:14:185:21 | password | Sensitive data returned by an access to password | -| test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:186:17:186:24 | password | Sensitive data returned by an access to password | -| test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:187:16:187:23 | password | Sensitive data returned by an access to password | +| test.go:154:14:154:21 | password | test.go:153:17:153:24 | definition of password | test.go:154:14:154:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:155:17:155:24 | password | test.go:153:17:153:24 | definition of password | test.go:155:17:155:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:156:14:156:21 | password | test.go:153:17:153:24 | definition of password | test.go:156:14:156:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:157:18:157:25 | password | test.go:153:17:153:24 | definition of password | test.go:157:18:157:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:158:14:158:21 | password | test.go:153:17:153:24 | definition of password | test.go:158:14:158:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:159:13:159:20 | password | test.go:153:17:153:24 | definition of password | test.go:159:13:159:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:160:22:160:29 | password | test.go:153:17:153:24 | definition of password | test.go:160:22:160:29 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:161:15:161:22 | password | test.go:153:17:153:24 | definition of password | test.go:161:15:161:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:162:14:162:21 | password | test.go:153:17:153:24 | definition of password | test.go:162:14:162:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:163:13:163:20 | password | test.go:153:17:153:24 | definition of password | test.go:163:13:163:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:164:16:164:23 | password | test.go:153:17:153:24 | definition of password | test.go:164:16:164:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:165:13:165:20 | password | test.go:153:17:153:24 | definition of password | test.go:165:13:165:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:166:16:166:23 | password | test.go:153:17:153:24 | definition of password | test.go:166:16:166:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:167:13:167:20 | password | test.go:153:17:153:24 | definition of password | test.go:167:13:167:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:168:17:168:24 | password | test.go:153:17:153:24 | definition of password | test.go:168:17:168:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:169:13:169:20 | password | test.go:153:17:153:24 | definition of password | test.go:169:13:169:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:170:12:170:19 | password | test.go:153:17:153:24 | definition of password | test.go:170:12:170:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:171:21:171:28 | password | test.go:153:17:153:24 | definition of password | test.go:171:21:171:28 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:172:14:172:21 | password | test.go:153:17:153:24 | definition of password | test.go:172:14:172:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:173:13:173:20 | password | test.go:153:17:153:24 | definition of password | test.go:173:13:173:20 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:174:12:174:19 | password | test.go:153:17:153:24 | definition of password | test.go:174:12:174:19 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:175:15:175:22 | password | test.go:153:17:153:24 | definition of password | test.go:175:15:175:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:176:15:176:22 | password | test.go:153:17:153:24 | definition of password | test.go:176:15:176:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:177:18:177:25 | password | test.go:153:17:153:24 | definition of password | test.go:177:18:177:25 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:178:15:178:22 | password | test.go:153:17:153:24 | definition of password | test.go:178:15:178:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:179:19:179:26 | password | test.go:153:17:153:24 | definition of password | test.go:179:19:179:26 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:180:15:180:22 | password | test.go:153:17:153:24 | definition of password | test.go:180:15:180:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:181:14:181:21 | password | test.go:153:17:153:24 | definition of password | test.go:181:14:181:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:182:23:182:30 | password | test.go:153:17:153:24 | definition of password | test.go:182:23:182:30 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:183:16:183:23 | password | test.go:153:17:153:24 | definition of password | test.go:183:16:183:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:184:15:184:22 | password | test.go:153:17:153:24 | definition of password | test.go:184:15:184:22 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:185:14:185:21 | password | test.go:153:17:153:24 | definition of password | test.go:185:14:185:21 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:186:17:186:24 | password | test.go:153:17:153:24 | definition of password | test.go:186:17:186:24 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | +| test.go:187:16:187:23 | password | test.go:153:17:153:24 | definition of password | test.go:187:16:187:23 | password | $@ flows to a logging call. | test.go:153:17:153:24 | definition of password | Sensitive data returned by an access to password | diff --git a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected index f5d86e68dbc6..c95fa5e7af62 100644 --- a/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected +++ b/go/ql/test/query-tests/Security/CWE-022/TaintedPath.expected @@ -6,8 +6,8 @@ edges | TaintedPath.go:15:18:15:22 | selection of URL | TaintedPath.go:15:18:15:30 | call to Query | provenance | Src:MaD:2 MaD:3 | | TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:18:29:18:40 | tainted_path | provenance | Sink:MaD:1 | | TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:22:57:22:68 | tainted_path | provenance | | -| TaintedPath.go:15:18:15:30 | call to Query | TaintedPath.go:74:39:74:56 | ...+... | provenance | | | TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:22:28:22:69 | call to Join | provenance | FunctionModel Sink:MaD:1 | +| TaintedPath.go:22:57:22:68 | tainted_path | TaintedPath.go:74:39:74:56 | ...+... | provenance | | | TaintedPath.go:74:39:74:56 | ...+... | TaintedPath.go:74:28:74:57 | call to Clean | provenance | MaD:4 Sink:MaD:1 | models | 1 | Sink: io/ioutil; ; false; ReadFile; ; ; Argument[0]; path-injection; manual | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index dff32df4e1ff..78dde84a9475 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -48,14 +48,14 @@ edges | GitSubcommands.go:11:13:11:27 | call to Query | GitSubcommands.go:17:36:17:42 | tainted | provenance | | | GitSubcommands.go:33:13:33:19 | selection of URL | GitSubcommands.go:33:13:33:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | GitSubcommands.go:33:13:33:27 | call to Query | GitSubcommands.go:38:32:38:38 | tainted | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | Config | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:13:25:13:31 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:39:31:39:37 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:52:24:52:30 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:68:31:68:37 | tainted | provenance | | -| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | | +| SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | @@ -67,6 +67,7 @@ edges | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | | | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | | +| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | SanitizingDoubleDash.go:53:14:53:35 | call to append | provenance | MaD:4 | @@ -180,6 +181,7 @@ nodes | GitSubcommands.go:33:13:33:19 | selection of URL | semmle.label | selection of URL | | GitSubcommands.go:33:13:33:27 | call to Query | semmle.label | call to Query | | GitSubcommands.go:38:32:38:38 | tainted | semmle.label | tainted | +| SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query | | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] | diff --git a/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go b/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go index d69a970f0d09..0428df550868 100644 --- a/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go +++ b/go/ql/test/query-tests/Security/CWE-078/SanitizingDoubleDash.go @@ -93,62 +93,62 @@ func testDoubleDashIrrelevant(req *http.Request) { { arrayLit := [1]string{tainted} - exec.Command("sudo", arrayLit[:]...) + exec.Command("sudo", arrayLit[:]...) // BAD } { arrayLit := [2]string{"--", tainted} - exec.Command("sudo", arrayLit[:]...) + exec.Command("sudo", arrayLit[:]...) // BAD } { arrayLit := []string{"--", tainted} - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{} arrayLit = append(arrayLit, "--", tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{} arrayLit = append(arrayLit, tainted, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"--"} arrayLit = append(arrayLit, tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{tainted} arrayLit = append(arrayLit, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"--"} arrayLit = append(arrayLit, "something else") arrayLit = append(arrayLit, tainted) - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { arrayLit := []string{"something else"} arrayLit = append(arrayLit, tainted) arrayLit = append(arrayLit, "--") - exec.Command("sudo", arrayLit...) + exec.Command("sudo", arrayLit...) // BAD } { - exec.Command("sudo", "--", tainted) + exec.Command("sudo", "--", tainted) // BAD } { - exec.Command("sudo", tainted, "--") + exec.Command("sudo", tainted, "--") // BAD } } diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 1ce8c3d1dcf6..542f1b5b89c2 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -117,22 +117,22 @@ edges | main.go:61:5:61:15 | RequestData [pointer, Category] | main.go:61:4:61:15 | star expression [Category] | provenance | | | mongoDB.go:40:20:40:30 | call to Referer | mongoDB.go:42:28:42:41 | untrustedInput | provenance | Src:MaD:20 | | mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:50:34:50:39 | filter | provenance | | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 | -| mongoDB.go:42:19:42:42 | struct literal | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 | | mongoDB.go:42:28:42:41 | untrustedInput | mongoDB.go:42:19:42:42 | struct literal | provenance | Config | | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:57:22:57:29 | pipeline | provenance | Sink:MaD:3 | | mongoDB.go:50:23:50:40 | struct literal | mongoDB.go:81:18:81:25 | pipeline | provenance | Sink:MaD:16 | | mongoDB.go:50:34:50:39 | filter | mongoDB.go:50:23:50:40 | struct literal | provenance | Config | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:61:27:61:32 | filter | provenance | Sink:MaD:4 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:63:23:63:28 | filter | provenance | Sink:MaD:5 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:64:22:64:27 | filter | provenance | Sink:MaD:6 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:66:32:66:37 | filter | provenance | Sink:MaD:7 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:69:17:69:22 | filter | provenance | Sink:MaD:8 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:70:20:70:25 | filter | provenance | Sink:MaD:9 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:71:29:71:34 | filter | provenance | Sink:MaD:10 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:72:30:72:35 | filter | provenance | Sink:MaD:11 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:73:29:73:34 | filter | provenance | Sink:MaD:12 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:78:23:78:28 | filter | provenance | Sink:MaD:13 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:79:23:79:28 | filter | provenance | Sink:MaD:14 | +| mongoDB.go:50:34:50:39 | filter | mongoDB.go:80:22:80:27 | filter | provenance | Sink:MaD:15 | models | 1 | Sink: database/sql; DB; true; Query; ; ; Argument[0]; sql-injection; manual | | 2 | Sink: database/sql; Tx; true; Query; ; ; Argument[0]; sql-injection; manual | From d13d7173ed3a0a8b185a09446a0cce8818723e00 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 5 May 2025 17:34:30 -0400 Subject: [PATCH 151/307] Fix QLDoc typo --- go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 20a147a6454c..61c67083cc0a 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -866,7 +866,7 @@ module Public { int getPosition() { result = i } /** - * Gets a data-flow node for a syntactic argument corresponding this this + * Gets a data-flow node for a syntactic argument corresponding to this * argument. If this argument is not an implicit varargs slice then this * will just be the argument itself. If this argument is an implicit * varargs slice then this will be a data-flow node that for an argument From 7a515c101af5572d921497536abc8104fa528793 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 5 May 2025 17:51:25 -0400 Subject: [PATCH 152/307] Pull out post-update node logic into predicate --- .../go/dataflow/internal/DataFlowNodes.qll | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 61c67083cc0a..79026544d4d5 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -807,22 +807,24 @@ module Public { abstract Node getPreUpdateNode(); } + predicate hasPostUpdateNode(Node preupd) { + preupd instanceof AddressOperationNode + or + preupd = any(AddressOperationNode addr).getOperand() + or + preupd = any(PointerDereferenceNode deref).getOperand() + or + preupd = getAWrittenNode() + or + preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and + mutableType(preupd.getType()) + } + private class DefaultPostUpdateNode extends PostUpdateNode { Node preupd; DefaultPostUpdateNode() { - ( - preupd instanceof AddressOperationNode - or - preupd = any(AddressOperationNode addr).getOperand() - or - preupd = any(PointerDereferenceNode deref).getOperand() - or - preupd = getAWrittenNode() - or - preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and - mutableType(preupd.getType()) - ) and + hasPostUpdateNode(preupd) and ( preupd = this.(SsaNode).getAUse() or From c8b8e25fbb6bde1eb8f59ba98338e2c2616c49b0 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 5 May 2025 18:50:04 -0400 Subject: [PATCH 153/307] Convert post-update logic to IR (part 1) --- .../go/dataflow/internal/DataFlowNodes.qll | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 79026544d4d5..cf93dd042f3b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -807,12 +807,18 @@ module Public { abstract Node getPreUpdateNode(); } + predicate insnHasPostUpdateNode(IR::Instruction insn) { + exists(Expr e | insn.(IR::EvalInstruction).getExpr() = e | + e instanceof AddressExpr or + e = any(AddressExpr ae).getOperand() or + e = any(StarExpr ae).getBase() or + e = any(DerefExpr ae).getOperand() or + e = any(IR::EvalImplicitDerefInstruction eidi).getOperand() + ) + } + predicate hasPostUpdateNode(Node preupd) { - preupd instanceof AddressOperationNode - or - preupd = any(AddressOperationNode addr).getOperand() - or - preupd = any(PointerDereferenceNode deref).getOperand() + insnHasPostUpdateNode(preupd.asInstruction()) or preupd = getAWrittenNode() or From 203952fa4750705caedf9e65d2d97e754cd0a000 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 10 Sep 2025 22:06:08 +0100 Subject: [PATCH 154/307] Convert post-update logic to IR (part 2) Note that we don't create post-update nodes for method receivers if the call to the method is indirect, via a function variable. We could aim to do this in future. --- .../go/dataflow/internal/DataFlowNodes.qll | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index cf93dd042f3b..75f3188c79d0 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -815,15 +815,28 @@ module Public { e = any(DerefExpr ae).getOperand() or e = any(IR::EvalImplicitDerefInstruction eidi).getOperand() ) + or + exists(CallExpr ce | + ce.getArgument(0).getType() instanceof TupleType and + insn = IR::extractTupleElement(IR::evalExprInstruction(ce.getArgument(0)), _) + or + not ce.getArgument(0).getType() instanceof TupleType and + insn = IR::evalExprInstruction(ce.getAnArgument()) + or + // Receiver of a method call + exists(IR::MethodReadInstruction mri | + ce.getTarget() instanceof Method and + mri = IR::evalExprInstruction(ce.getCalleeExpr()) and + insn = mri.getReceiver() + ) + ) and + mutableType(insn.getResultType()) } predicate hasPostUpdateNode(Node preupd) { insnHasPostUpdateNode(preupd.asInstruction()) or preupd = getAWrittenNode() - or - preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and - mutableType(preupd.getType()) } private class DefaultPostUpdateNode extends PostUpdateNode { From ad1801827b4169752d8ee8cb5d14c5f92db48aac Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 12 Sep 2025 09:51:27 +0100 Subject: [PATCH 155/307] Implement `writesComponent` at IR level --- .../go/controlflow/ControlFlowGraph.qll | 33 ++++++++++++++----- 1 file changed, 25 insertions(+), 8 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index f5905b89beac..37be62f37105 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -140,13 +140,17 @@ module ControlFlow { * node corresponding to `newWidth`. */ predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) { + this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction()) + } + + private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { exists(IR::FieldTarget trg | trg = super.getLhs() | ( - trg.getBase() = base.asInstruction() or - trg.getBase() = MkImplicitDeref(base.asExpr()) + trg.getBase() = base or + trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr()) ) and trg.getField() = f and - super.getRhs() = rhs.asInstruction() + super.getRhs() = rhs ) } @@ -160,13 +164,19 @@ module ControlFlow { * is the data-flow node corresponding to `base`. */ predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { + this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction()) + } + + private predicate writesElementInsn( + IR::Instruction base, IR::Instruction index, IR::Instruction rhs + ) { exists(IR::ElementTarget trg | trg = super.getLhs() | ( - trg.getBase() = base.asInstruction() or - trg.getBase() = MkImplicitDeref(base.asExpr()) + trg.getBase() = base or + trg.getBase() = MkImplicitDeref(base.(IR::EvalInstruction).getExpr()) ) and - trg.getIndex() = index.asInstruction() and - super.getRhs() = rhs.asInstruction() + trg.getIndex() = index and + super.getRhs() = rhs ) } @@ -174,7 +184,14 @@ module ControlFlow { * Holds if this node sets any field or element of `base` to `rhs`. */ predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { - this.writesElement(base, _, rhs) or this.writesField(base, _, rhs) + this.writesComponentInstruction(base.asInstruction(), rhs.asInstruction()) + } + + /** + * Holds if this node sets any field or element of `base` to `rhs`. + */ + predicate writesComponentInstruction(IR::Instruction base, IR::Instruction rhs) { + this.writesElementInsn(base, _, rhs) or this.writesFieldInsn(base, _, rhs) } } From 05a16dc100fab6ad441d3c6a70100117ccd4b8df Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 Sep 2025 22:01:23 +0100 Subject: [PATCH 156/307] Convert post-update logic to IR (part 3) --- .../go/dataflow/internal/DataFlowNodes.qll | 31 ++++++++++++------- 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 75f3188c79d0..9fa5f5b43978 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -760,18 +760,27 @@ module Public { predicate isReceiverOf(MethodDecl m) { parm.isReceiverOf(m) } } - private Node getADirectlyWrittenNode() { - exists(Write w | w.writesComponent(result, _)) or - result = DataFlow::exprNode(any(SendStmt s).getChannel()) + private IR::Instruction getADirectlyWrittenInsn() { + exists(Write w | w.writesComponentInstruction(result, _)) + or + result = IR::evalExprInstruction(any(SendStmt s).getChannel()) } - private DataFlow::Node getAccessPathPredecessor(DataFlow::Node node) { - result = node.(PointerDereferenceNode).getOperand() + private IR::Instruction getAccessPathPredecessorInsn(IR::Instruction insn) { + exists(Expr e1, Expr e2 | + insn = IR::evalExprInstruction(e1) and result = IR::evalExprInstruction(e2) + | + e2 = e1.(DerefExpr).getOperand() or e2 = e1.(StarExpr).getBase() + ) or - result = node.(ComponentReadNode).getBase() + exists(Expr e | insn = IR::implicitDerefInstruction(e) and result = IR::evalExprInstruction(e)) + or + result = insn.(IR::ComponentReadInstruction).getBase() } - private Node getAWrittenNode() { result = getAccessPathPredecessor*(getADirectlyWrittenNode()) } + private IR::Instruction getAWrittenInsn() { + result = getAccessPathPredecessorInsn*(getADirectlyWrittenInsn()) + } /** * Holds if `tp` is a type that may (directly or indirectly) reference a memory location. @@ -831,14 +840,12 @@ module Public { ) ) and mutableType(insn.getResultType()) - } - - predicate hasPostUpdateNode(Node preupd) { - insnHasPostUpdateNode(preupd.asInstruction()) or - preupd = getAWrittenNode() + insn = getAWrittenInsn() } + predicate hasPostUpdateNode(Node preupd) { insnHasPostUpdateNode(preupd.asInstruction()) } + private class DefaultPostUpdateNode extends PostUpdateNode { Node preupd; From 89ae0e3bf3483a357d4c7e3f4c79f12ee5ea8e7f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 11 Sep 2025 22:02:06 +0100 Subject: [PATCH 157/307] Inline predicate only used once --- go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 9fa5f5b43978..4183a409b0ac 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -844,13 +844,11 @@ module Public { insn = getAWrittenInsn() } - predicate hasPostUpdateNode(Node preupd) { insnHasPostUpdateNode(preupd.asInstruction()) } - private class DefaultPostUpdateNode extends PostUpdateNode { Node preupd; DefaultPostUpdateNode() { - hasPostUpdateNode(preupd) and + insnHasPostUpdateNode(preupd.asInstruction()) and ( preupd = this.(SsaNode).getAUse() or From 9892836f14532f585d60f0650e70da5b0aa24f79 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 12 Sep 2025 11:35:18 +0100 Subject: [PATCH 158/307] Switch order of PUN test output --- .../go/dataflow/PostUpdateNodes/test.expected | 22 +++++++++---------- .../go/dataflow/PostUpdateNodes/test.ql | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected index 9f29e364be9a..6959eac7e2f9 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected @@ -1,26 +1,26 @@ -| file://:0:0:0:0 | [summary] to write: Argument[0] in copy | file://:0:0:0:0 | [summary param] 0 in copy | -| test.go:22:2:22:2 | definition of a | test.go:23:2:23:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:24:2:24:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:25:2:25:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:26:2:26:2 | a | -| test.go:22:2:22:2 | definition of a | test.go:29:6:29:6 | a | -| test.go:22:2:22:2 | definition of a | test.go:30:7:30:7 | a | -| test.go:22:2:22:2 | definition of a | test.go:35:4:35:4 | a | -| test.go:22:2:22:2 | definition of a | test.go:36:5:36:5 | a | +| file://:0:0:0:0 | [summary param] 0 in copy | file://:0:0:0:0 | [summary] to write: Argument[0] in copy | +| test.go:23:2:23:2 | a | test.go:22:2:22:2 | definition of a | | test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... | | test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b | +| test.go:24:2:24:2 | a | test.go:22:2:22:2 | definition of a | | test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs | | test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression | | test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... | | test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal | +| test.go:25:2:25:2 | a | test.go:22:2:22:2 | definition of a | | test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs | | test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression | | test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference | | test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr | +| test.go:26:2:26:2 | a | test.go:22:2:22:2 | definition of a | | test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference | | test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr | | test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference | | test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr | -| test.go:28:2:28:2 | definition of c | test.go:29:2:29:2 | c | -| test.go:28:2:28:2 | definition of c | test.go:30:2:30:2 | c | | test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal | +| test.go:29:2:29:2 | c | test.go:28:2:28:2 | definition of c | +| test.go:29:6:29:6 | a | test.go:22:2:22:2 | definition of a | +| test.go:30:2:30:2 | c | test.go:28:2:28:2 | definition of c | +| test.go:30:7:30:7 | a | test.go:22:2:22:2 | definition of a | +| test.go:35:4:35:4 | a | test.go:22:2:22:2 | definition of a | +| test.go:36:5:36:5 | a | test.go:22:2:22:2 | definition of a | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql index ca2a9c5980b5..b200ed4b8a7d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.ql @@ -1,4 +1,4 @@ import go from DataFlow::PostUpdateNode pun -select pun, pun.getPreUpdateNode() +select pun.getPreUpdateNode(), pun From a0c647ce835d0f329e678e5408ee557f66913ae7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 18 Sep 2025 11:56:01 +0100 Subject: [PATCH 159/307] Add Email Injection tests for reverse flow models --- .../query-tests/Security/CWE-640/EmailBad.go | 4 +- .../Security/CWE-640/EmailInjection.expected | 136 +++++++++++------- .../Security/CWE-640/EmailInjection.qlref | 4 +- .../test/query-tests/Security/CWE-640/main.go | 65 +++++++-- 4 files changed, 137 insertions(+), 72 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailBad.go b/go/ql/test/query-tests/Security/CWE-640/EmailBad.go index aab8467b3406..7ceed9e7a36d 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailBad.go +++ b/go/ql/test/query-tests/Security/CWE-640/EmailBad.go @@ -6,8 +6,8 @@ import ( ) func mail(w http.ResponseWriter, r *http.Request) { - host := r.Header.Get("Host") + host := r.Header.Get("Host") // $ Source token := backend.getUserSecretResetToken(email) body := "Click to reset password: " + host + "/" + token - smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(body)) + smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(body)) // $ Alert } diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index ac5985f110d9..c56e35fa7a86 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,66 +1,94 @@ #select | EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input | -| main.go:31:57:31:78 | type conversion | main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | Email content may contain $@. | main.go:29:21:29:31 | call to Referer | untrusted input | -| main.go:40:3:40:7 | definition of write | main.go:37:21:37:31 | call to Referer | main.go:40:3:40:7 | definition of write | Email content may contain $@. | main.go:37:21:37:31 | call to Referer | untrusted input | -| main.go:52:46:52:59 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input | -| main.go:53:52:53:65 | untrustedInput | main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | Email content may contain $@. | main.go:46:21:46:31 | call to Referer | untrusted input | -| main.go:63:16:63:22 | content | main.go:58:21:58:31 | call to Referer | main.go:63:16:63:22 | content | Email content may contain $@. | main.go:58:21:58:31 | call to Referer | untrusted input | -| main.go:76:50:76:56 | content | main.go:68:21:68:31 | call to Referer | main.go:76:50:76:56 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:76:59:76:65 | content | main.go:68:21:68:31 | call to Referer | main.go:76:59:76:65 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:77:16:77:22 | content | main.go:68:21:68:31 | call to Referer | main.go:77:16:77:22 | content | Email content may contain $@. | main.go:68:21:68:31 | call to Referer | untrusted input | -| main.go:89:37:89:50 | untrustedInput | main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input | -| main.go:93:16:93:23 | content2 | main.go:82:21:82:31 | call to Referer | main.go:93:16:93:23 | content2 | Email content may contain $@. | main.go:82:21:82:31 | call to Referer | untrusted input | +| main.go:33:57:33:78 | type conversion | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | Email content may contain $@. | main.go:31:21:31:31 | call to Referer | untrusted input | +| main.go:42:3:42:7 | definition of write | main.go:39:21:39:31 | call to Referer | main.go:42:3:42:7 | definition of write | Email content may contain $@. | main.go:39:21:39:31 | call to Referer | untrusted input | +| main.go:54:46:54:59 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | +| main.go:55:52:55:65 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | +| main.go:65:16:65:22 | content | main.go:60:21:60:31 | call to Referer | main.go:65:16:65:22 | content | Email content may contain $@. | main.go:60:21:60:31 | call to Referer | untrusted input | +| main.go:78:50:78:56 | content | main.go:70:21:70:31 | call to Referer | main.go:78:50:78:56 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:78:59:78:65 | content | main.go:70:21:70:31 | call to Referer | main.go:78:59:78:65 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:79:16:79:22 | content | main.go:70:21:70:31 | call to Referer | main.go:79:16:79:22 | content | Email content may contain $@. | main.go:70:21:70:31 | call to Referer | untrusted input | +| main.go:91:37:91:50 | untrustedInput | main.go:84:21:84:31 | call to Referer | main.go:91:37:91:50 | untrustedInput | Email content may contain $@. | main.go:84:21:84:31 | call to Referer | untrusted input | +| main.go:95:16:95:23 | content2 | main.go:84:21:84:31 | call to Referer | main.go:95:16:95:23 | content2 | Email content may contain $@. | main.go:84:21:84:31 | call to Referer | untrusted input | +| main.go:124:57:124:65 | call to Bytes | main.go:113:21:113:31 | call to Referer | main.go:124:57:124:65 | call to Bytes | Email content may contain $@. | main.go:113:21:113:31 | call to Referer | untrusted input | +| main.go:141:57:141:65 | call to Bytes | main.go:129:21:129:31 | call to Referer | main.go:141:57:141:65 | call to Bytes | Email content may contain $@. | main.go:129:21:129:31 | call to Referer | untrusted input | edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:5 | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:7 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | -| main.go:29:21:29:31 | call to Referer | main.go:31:57:31:78 | type conversion | provenance | Src:MaD:2 | -| main.go:37:21:37:31 | call to Referer | main.go:41:25:41:38 | untrustedInput | provenance | Src:MaD:2 | -| main.go:41:25:41:38 | untrustedInput | main.go:40:3:40:7 | definition of write | provenance | MaD:4 | -| main.go:46:21:46:31 | call to Referer | main.go:52:46:52:59 | untrustedInput | provenance | Src:MaD:2 | -| main.go:46:21:46:31 | call to Referer | main.go:53:52:53:65 | untrustedInput | provenance | Src:MaD:2 | -| main.go:58:21:58:31 | call to Referer | main.go:60:47:60:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:60:14:60:61 | call to NewContent | main.go:63:16:63:22 | content | provenance | | -| main.go:60:47:60:60 | untrustedInput | main.go:60:14:60:61 | call to NewContent | provenance | MaD:3 | -| main.go:68:21:68:31 | call to Referer | main.go:74:47:74:60 | untrustedInput | provenance | Src:MaD:2 | -| main.go:74:14:74:61 | call to NewContent | main.go:76:50:76:56 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:76:59:76:65 | content | provenance | | -| main.go:74:14:74:61 | call to NewContent | main.go:77:16:77:22 | content | provenance | | -| main.go:74:47:74:60 | untrustedInput | main.go:74:14:74:61 | call to NewContent | provenance | MaD:3 | -| main.go:82:21:82:31 | call to Referer | main.go:89:37:89:50 | untrustedInput | provenance | Src:MaD:2 | -| main.go:82:21:82:31 | call to Referer | main.go:91:48:91:61 | untrustedInput | provenance | Src:MaD:2 | -| main.go:91:15:91:62 | call to NewContent | main.go:93:16:93:23 | content2 | provenance | | -| main.go:91:48:91:61 | untrustedInput | main.go:91:15:91:62 | call to NewContent | provenance | MaD:3 | +| main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | provenance | Src:MaD:2 | +| main.go:39:21:39:31 | call to Referer | main.go:43:25:43:38 | untrustedInput | provenance | Src:MaD:2 | +| main.go:43:25:43:38 | untrustedInput | main.go:42:3:42:7 | definition of write | provenance | MaD:5 | +| main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | provenance | Src:MaD:2 | +| main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | provenance | Src:MaD:2 | +| main.go:60:21:60:31 | call to Referer | main.go:62:47:62:60 | untrustedInput | provenance | Src:MaD:2 | +| main.go:62:14:62:61 | call to NewContent | main.go:65:16:65:22 | content | provenance | | +| main.go:62:47:62:60 | untrustedInput | main.go:62:14:62:61 | call to NewContent | provenance | MaD:4 | +| main.go:70:21:70:31 | call to Referer | main.go:76:47:76:60 | untrustedInput | provenance | Src:MaD:2 | +| main.go:76:14:76:61 | call to NewContent | main.go:78:50:78:56 | content | provenance | | +| main.go:76:14:76:61 | call to NewContent | main.go:78:59:78:65 | content | provenance | | +| main.go:76:14:76:61 | call to NewContent | main.go:79:16:79:22 | content | provenance | | +| main.go:76:47:76:60 | untrustedInput | main.go:76:14:76:61 | call to NewContent | provenance | MaD:4 | +| main.go:84:21:84:31 | call to Referer | main.go:91:37:91:50 | untrustedInput | provenance | Src:MaD:2 | +| main.go:84:21:84:31 | call to Referer | main.go:93:48:93:61 | untrustedInput | provenance | Src:MaD:2 | +| main.go:93:15:93:62 | call to NewContent | main.go:95:16:95:23 | content2 | provenance | | +| main.go:93:48:93:61 | untrustedInput | main.go:93:15:93:62 | call to NewContent | provenance | MaD:4 | +| main.go:113:21:113:31 | call to Referer | main.go:119:28:119:41 | untrustedInput | provenance | Src:MaD:2 | +| main.go:116:3:116:4 | definition of mw | main.go:116:29:116:30 | &... | provenance | FunctionModel | +| main.go:116:29:116:30 | &... | main.go:124:57:124:57 | b | provenance | | +| main.go:119:28:119:41 | untrustedInput | main.go:116:3:116:4 | definition of mw | provenance | MaD:6 | +| main.go:124:57:124:57 | b | main.go:124:57:124:65 | call to Bytes | provenance | MaD:3 | +| main.go:129:21:129:31 | call to Referer | main.go:136:30:136:43 | untrustedInput | provenance | Src:MaD:2 | +| main.go:132:3:132:4 | definition of mw | main.go:132:29:132:30 | &... | provenance | FunctionModel | +| main.go:132:29:132:30 | &... | main.go:141:57:141:57 | b | provenance | | +| main.go:135:3:135:12 | definition of formWriter | main.go:132:3:132:4 | definition of mw | provenance | FunctionModel | +| main.go:136:30:136:43 | untrustedInput | main.go:135:3:135:12 | definition of formWriter | provenance | MaD:5 | +| main.go:141:57:141:57 | b | main.go:141:57:141:65 | call to Bytes | provenance | MaD:3 | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | -| 3 | Summary: github.com/sendgrid/sendgrid-go/helpers/mail; ; false; NewContent; ; ; Argument[1]; ReturnValue; taint; manual | -| 4 | Summary: io; ; false; WriteString; ; ; Argument[1]; Argument[0]; taint; manual | -| 5 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 3 | Summary: bytes; Buffer; true; Bytes; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 4 | Summary: github.com/sendgrid/sendgrid-go/helpers/mail; ; false; NewContent; ; ; Argument[1]; ReturnValue; taint; manual | +| 5 | Summary: io; ; false; WriteString; ; ; Argument[1]; Argument[0]; taint; manual | +| 6 | Summary: mime/multipart; Writer; true; WriteField; ; ; Argument[0..1]; Argument[receiver]; taint; manual | +| 7 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | | EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion | -| main.go:29:21:29:31 | call to Referer | semmle.label | call to Referer | -| main.go:31:57:31:78 | type conversion | semmle.label | type conversion | -| main.go:37:21:37:31 | call to Referer | semmle.label | call to Referer | -| main.go:40:3:40:7 | definition of write | semmle.label | definition of write | -| main.go:41:25:41:38 | untrustedInput | semmle.label | untrustedInput | -| main.go:46:21:46:31 | call to Referer | semmle.label | call to Referer | -| main.go:52:46:52:59 | untrustedInput | semmle.label | untrustedInput | -| main.go:53:52:53:65 | untrustedInput | semmle.label | untrustedInput | -| main.go:58:21:58:31 | call to Referer | semmle.label | call to Referer | -| main.go:60:14:60:61 | call to NewContent | semmle.label | call to NewContent | -| main.go:60:47:60:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:63:16:63:22 | content | semmle.label | content | -| main.go:68:21:68:31 | call to Referer | semmle.label | call to Referer | -| main.go:74:14:74:61 | call to NewContent | semmle.label | call to NewContent | -| main.go:74:47:74:60 | untrustedInput | semmle.label | untrustedInput | -| main.go:76:50:76:56 | content | semmle.label | content | -| main.go:76:59:76:65 | content | semmle.label | content | -| main.go:77:16:77:22 | content | semmle.label | content | -| main.go:82:21:82:31 | call to Referer | semmle.label | call to Referer | -| main.go:89:37:89:50 | untrustedInput | semmle.label | untrustedInput | -| main.go:91:15:91:62 | call to NewContent | semmle.label | call to NewContent | -| main.go:91:48:91:61 | untrustedInput | semmle.label | untrustedInput | -| main.go:93:16:93:23 | content2 | semmle.label | content2 | +| main.go:31:21:31:31 | call to Referer | semmle.label | call to Referer | +| main.go:33:57:33:78 | type conversion | semmle.label | type conversion | +| main.go:39:21:39:31 | call to Referer | semmle.label | call to Referer | +| main.go:42:3:42:7 | definition of write | semmle.label | definition of write | +| main.go:43:25:43:38 | untrustedInput | semmle.label | untrustedInput | +| main.go:48:21:48:31 | call to Referer | semmle.label | call to Referer | +| main.go:54:46:54:59 | untrustedInput | semmle.label | untrustedInput | +| main.go:55:52:55:65 | untrustedInput | semmle.label | untrustedInput | +| main.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | +| main.go:62:14:62:61 | call to NewContent | semmle.label | call to NewContent | +| main.go:62:47:62:60 | untrustedInput | semmle.label | untrustedInput | +| main.go:65:16:65:22 | content | semmle.label | content | +| main.go:70:21:70:31 | call to Referer | semmle.label | call to Referer | +| main.go:76:14:76:61 | call to NewContent | semmle.label | call to NewContent | +| main.go:76:47:76:60 | untrustedInput | semmle.label | untrustedInput | +| main.go:78:50:78:56 | content | semmle.label | content | +| main.go:78:59:78:65 | content | semmle.label | content | +| main.go:79:16:79:22 | content | semmle.label | content | +| main.go:84:21:84:31 | call to Referer | semmle.label | call to Referer | +| main.go:91:37:91:50 | untrustedInput | semmle.label | untrustedInput | +| main.go:93:15:93:62 | call to NewContent | semmle.label | call to NewContent | +| main.go:93:48:93:61 | untrustedInput | semmle.label | untrustedInput | +| main.go:95:16:95:23 | content2 | semmle.label | content2 | +| main.go:113:21:113:31 | call to Referer | semmle.label | call to Referer | +| main.go:116:3:116:4 | definition of mw | semmle.label | definition of mw | +| main.go:116:29:116:30 | &... | semmle.label | &... | +| main.go:119:28:119:41 | untrustedInput | semmle.label | untrustedInput | +| main.go:124:57:124:57 | b | semmle.label | b | +| main.go:124:57:124:65 | call to Bytes | semmle.label | call to Bytes | +| main.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | +| main.go:132:3:132:4 | definition of mw | semmle.label | definition of mw | +| main.go:132:29:132:30 | &... | semmle.label | &... | +| main.go:135:3:135:12 | definition of formWriter | semmle.label | definition of formWriter | +| main.go:136:30:136:43 | untrustedInput | semmle.label | untrustedInput | +| main.go:141:57:141:57 | b | semmle.label | b | +| main.go:141:57:141:65 | call to Bytes | semmle.label | call to Bytes | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref index c3b6cac31133..67240cd9df4d 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.qlref @@ -1,2 +1,4 @@ query: Security/CWE-640/EmailInjection.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-640/main.go b/go/ql/test/query-tests/Security/CWE-640/main.go index c6685475a8df..f83b413ebc45 100644 --- a/go/ql/test/query-tests/Security/CWE-640/main.go +++ b/go/ql/test/query-tests/Security/CWE-640/main.go @@ -3,11 +3,13 @@ package main //go:generate depstubber -vendor github.com/sendgrid/sendgrid-go/helpers/mail "" NewEmail,NewSingleEmail,NewContent,NewV3Mail,NewV3MailInit import ( + "bytes" "crypto/hmac" "crypto/sha256" "encoding/base64" "io" "log" + "mime/multipart" "net/http" "net/smtp" @@ -26,46 +28,46 @@ func main() { // Not OK http.HandleFunc("/ex0", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source - smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(untrustedInput)) + smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(untrustedInput)) // $ Alert }) // Not OK http.HandleFunc("/ex1", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source s, _ := smtp.Dial("test.test") - write, _ := s.Data() + write, _ := s.Data() // $ Alert io.WriteString(write, untrustedInput) }) // Not OK http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") subject := "test" body := "body" - sendgrid.NewSingleEmail(from, subject, to, untrustedInput, body) - sendgrid.NewSingleEmail(from, subject, to, body, untrustedInput) + sendgrid.NewSingleEmail(from, subject, to, untrustedInput, body) // $ Alert + sendgrid.NewSingleEmail(from, subject, to, body, untrustedInput) // $ Alert }) // Not OK http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source content := sendgrid.NewContent("text/html", untrustedInput) v := sendgrid.NewV3Mail() - v.AddContent(content) + v.AddContent(content) // $ Alert }) // Not OK http.HandleFunc("/ex4", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") @@ -73,24 +75,24 @@ func main() { content := sendgrid.NewContent("text/html", untrustedInput) - v := sendgrid.NewV3MailInit(from, subject, to, content, content) - v.AddContent(content) + v := sendgrid.NewV3MailInit(from, subject, to, content, content) // $ Alert + v.AddContent(content) // $ Alert }) // Not OK http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source from := sendgrid.NewEmail("from", "from@from.com") to := sendgrid.NewEmail("to", "to@to.com") content := sendgrid.NewContent("text/html", "test") - v := sendgrid.NewV3MailInit(from, untrustedInput, to, content, content) + v := sendgrid.NewV3MailInit(from, untrustedInput, to, content, content) // $ Alert content2 := sendgrid.NewContent("text/html", untrustedInput) - v.AddContent(content2) + v.AddContent(content2) // $ Alert }) // OK @@ -106,6 +108,39 @@ func main() { smtp.SendMail("test.test", nil, "from@from.com", nil, []byte(signature)) }) + // Not OK - mime/multipart.New.Writer test + http.HandleFunc("/multipart1", func(w http.ResponseWriter, r *http.Request) { + untrustedInput := r.Referer() // $ Source + + var b bytes.Buffer + mw := multipart.NewWriter(&b) + + // Add user-controlled data directly to the multipart writer + mw.WriteField("message", untrustedInput) // Injection point + + mw.Close() + + // Send the potentially malicious email content + smtp.SendMail("test.test", nil, "from@from.com", nil, b.Bytes()) // $ Alert + }) + + // Not OK - alternative multipart test + http.HandleFunc("/multipart2", func(w http.ResponseWriter, r *http.Request) { + untrustedInput := r.Referer() // $ Source + + var b bytes.Buffer + mw := multipart.NewWriter(&b) + + // Create form file with untrusted content + formWriter, _ := mw.CreateFormFile("attachment", "message.txt") + io.WriteString(formWriter, untrustedInput) // Injection point + + mw.Close() + + // Send email with user-controlled form file content + smtp.SendMail("test.test", nil, "from@from.com", nil, b.Bytes()) // $ Alert + }) + log.Println(http.ListenAndServe(":80", nil)) } From 118def8d28e78ec98a53438e95c838aa2d28d906 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 12 Sep 2025 11:49:50 +0100 Subject: [PATCH 160/307] Make separate post-update nodes --- .../go/dataflow/internal/DataFlowNodes.qll | 25 ++++++---- .../go/dataflow/internal/DataFlowPrivate.qll | 10 +++- .../dataflow/internal/TaintTrackingUtil.qll | 20 +++++--- .../go/dataflow/PostUpdateNodes/test.expected | 50 +++++++++---------- 4 files changed, 59 insertions(+), 46 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 4183a409b0ac..5e9cc7f6b740 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -12,7 +12,8 @@ private newtype TNode = MkGlobalFunctionNode(Function f) or MkImplicitVarargsSlice(CallExpr c) { c.hasImplicitVarargs() } or MkSliceElementNode(SliceExpr se) or - MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) + MkFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or + MkDefaultPostUpdateNode(IR::Instruction insn) { insnHasPostUpdateNode(insn) } /** Nodes intended for only use inside the data-flow libraries. */ module Private { @@ -844,20 +845,22 @@ module Public { insn = getAWrittenInsn() } - private class DefaultPostUpdateNode extends PostUpdateNode { + private class DefaultPostUpdateNode extends PostUpdateNode, MkDefaultPostUpdateNode { Node preupd; - DefaultPostUpdateNode() { - insnHasPostUpdateNode(preupd.asInstruction()) and - ( - preupd = this.(SsaNode).getAUse() - or - preupd = this and - not basicLocalFlowStep(_, this) - ) - } + DefaultPostUpdateNode() { this = MkDefaultPostUpdateNode(preupd.asInstruction()) } override Node getPreUpdateNode() { result = preupd } + + override ControlFlow::Root getRoot() { result = preupd.getRoot() } + + override Type getType() { result = preupd.getType() } + + override string getNodeKind() { result = "post-update node" } + + override string toString() { result = preupd.toString() + " [postupdate]" } + + override Location getLocation() { result = preupd.getLocation() } } /** diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index f05859de8137..7ca942fdf59f 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -68,7 +68,10 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { // Instruction -> SSA defn exists(IR::Instruction pred, SsaExplicitDefinition succ | succ.getRhs() = pred and - nodeFrom = instructionNode(pred) and + ( + nodeFrom = instructionNode(pred) or + nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred) + ) and nodeTo = ssaNode(succ.getVariable()) ) or @@ -82,7 +85,10 @@ predicate basicLocalFlowStep(Node nodeFrom, Node nodeTo) { // SSA use -> successive SSA use // Note this case includes Phi node traversal exists(IR::Instruction pred, IR::Instruction succ | succ = getAnAdjacentUse(pred) | - nodeFrom = instructionNode(pred) and + ( + nodeFrom = instructionNode(pred) or + nodeFrom.(PostUpdateNode).getPreUpdateNode() = instructionNode(pred) + ) and nodeTo = instructionNode(succ) ) or diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index c69a7f32e63b..05cb663f7be4 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -88,14 +88,18 @@ class AdditionalTaintStep extends Unit { * global taint flow configurations. */ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { - ( - referenceStep(pred, succ) or - elementWriteStep(pred, succ) or - fieldReadStep(pred, succ) or - elementStep(pred, succ) or - tupleStep(pred, succ) or - stringConcatStep(pred, succ) or - sliceStep(pred, succ) + exists(DataFlow::Node pred2 | + pred2 = pred + or + pred2 = pred.(DataFlow::PostUpdateNode).getPreUpdateNode() + | + referenceStep(pred2, succ) or + elementWriteStep(pred2, succ) or + fieldReadStep(pred2, succ) or + elementStep(pred2, succ) or + tupleStep(pred2, succ) or + stringConcatStep(pred2, succ) or + sliceStep(pred2, succ) ) and model = "" or diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected index 6959eac7e2f9..d29d11627b0f 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PostUpdateNodes/test.expected @@ -1,26 +1,26 @@ | file://:0:0:0:0 | [summary param] 0 in copy | file://:0:0:0:0 | [summary] to write: Argument[0] in copy | -| test.go:23:2:23:2 | a | test.go:22:2:22:2 | definition of a | -| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... | -| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b | -| test.go:24:2:24:2 | a | test.go:22:2:22:2 | definition of a | -| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs | -| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression | -| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... | -| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal | -| test.go:25:2:25:2 | a | test.go:22:2:22:2 | definition of a | -| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs | -| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression | -| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference | -| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr | -| test.go:26:2:26:2 | a | test.go:22:2:22:2 | definition of a | -| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference | -| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr | -| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference | -| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr | -| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal | -| test.go:29:2:29:2 | c | test.go:28:2:28:2 | definition of c | -| test.go:29:6:29:6 | a | test.go:22:2:22:2 | definition of a | -| test.go:30:2:30:2 | c | test.go:28:2:28:2 | definition of c | -| test.go:30:7:30:7 | a | test.go:22:2:22:2 | definition of a | -| test.go:35:4:35:4 | a | test.go:22:2:22:2 | definition of a | -| test.go:36:5:36:5 | a | test.go:22:2:22:2 | definition of a | +| test.go:23:2:23:2 | a | test.go:23:2:23:2 | a [postupdate] | +| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... [postupdate] | +| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b [postupdate] | +| test.go:24:2:24:2 | a | test.go:24:2:24:2 | a [postupdate] | +| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs [postupdate] | +| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression [postupdate] | +| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... [postupdate] | +| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal [postupdate] | +| test.go:25:2:25:2 | a | test.go:25:2:25:2 | a [postupdate] | +| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs [postupdate] | +| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression [postupdate] | +| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference [postupdate] | +| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr [postupdate] | +| test.go:26:2:26:2 | a | test.go:26:2:26:2 | a [postupdate] | +| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference [postupdate] | +| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr [postupdate] | +| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference [postupdate] | +| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr [postupdate] | +| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal [postupdate] | +| test.go:29:2:29:2 | c | test.go:29:2:29:2 | c [postupdate] | +| test.go:29:6:29:6 | a | test.go:29:6:29:6 | a [postupdate] | +| test.go:30:2:30:2 | c | test.go:30:2:30:2 | c [postupdate] | +| test.go:30:7:30:7 | a | test.go:30:7:30:7 | a [postupdate] | +| test.go:35:4:35:4 | a | test.go:35:4:35:4 | a [postupdate] | +| test.go:36:5:36:5 | a | test.go:36:5:36:5 | a [postupdate] | From d2230c531d3777c40210b37825fc62ad4dea2f79 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 12 Sep 2025 15:42:02 +0100 Subject: [PATCH 161/307] Expected changes in test output --- .../CWE-1004/CookieWithoutHttpOnly.expected | 324 ++---------------- .../CWE-321-V2/HardCodedKeys.expected | 4 - .../CWE-74/DsnInjectionLocal.expected | 16 +- go/ql/test/experimental/CWE-918/SSRF.expected | 24 +- .../DefaultSanitizer.expected | 30 +- .../dataflow/ExternalTaintFlow/srcs.expected | 2 +- .../dataflow/ExternalTaintFlow/steps.expected | 14 +- .../dataflow/ExternalValueFlow/srcs.expected | 2 +- .../dataflow/ExternalValueFlow/steps.expected | 12 +- .../FlowSteps/LocalTaintStep.expected | 8 +- .../FunctionModelStep.expected | 6 +- .../FunctionOutput_getExitNode.expected | 20 +- .../database/test_gogf_gf_database_gdb.go | 12 +- .../go/frameworks/Beego/ReflectedXss.expected | 40 +-- .../go/frameworks/Beego/TaintedPath.expected | 6 +- .../go/frameworks/BeegoOrm/StoredXss.expected | 106 +++--- .../go/frameworks/Echo/OpenRedirect.expected | 4 +- .../go/frameworks/Echo/ReflectedXss.expected | 32 +- .../go/frameworks/Encoding/jsoniter.expected | 24 +- .../semmle/go/frameworks/Gin/Gin.expected | 72 ++-- .../frameworks/Gorestful/gorestful.expected | 12 +- .../go/frameworks/Revel/OpenRedirect.expected | 4 +- .../go/frameworks/Revel/ReflectedXss.expected | 6 +- .../frameworks/TaintSteps/TaintStep.expected | 86 +++-- .../go/frameworks/WebSocket/Read.expected | 8 +- .../WebSocket/RemoteFlowSources.expected | 8 +- .../frameworks/XNetHtml/ReflectedXss.expected | 26 +- .../semmle/go/frameworks/Yaml/yaml.go | 24 +- .../CWE-078/CommandInjection.expected | 36 +- .../Security/CWE-078/StoredCommand.expected | 6 +- .../Security/CWE-079/ReflectedXss.expected | 39 ++- .../Security/CWE-079/StoredXss.expected | 6 +- .../InsecureRandomness.expected | 6 +- .../OpenUrlRedirect/OpenUrlRedirect.expected | 46 +-- .../Security/CWE-918/RequestForgery.expected | 8 - 35 files changed, 399 insertions(+), 680 deletions(-) diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected index 0c60eb3f97ef..7e8c64062116 100644 --- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected +++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected @@ -1,90 +1,54 @@ edges | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | CookieWithoutHttpOnly.go:15:21:15:21 | c | provenance | | | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... | provenance | | | CookieWithoutHttpOnly.go:15:21:15:21 | c | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:20:13:20:21 | "session" | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:22:13:22:17 | false | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | CookieWithoutHttpOnly.go:24:21:24:21 | c | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:24:21:24:21 | c | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:29:13:29:21 | "session" | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:31:13:31:16 | true | CookieWithoutHttpOnly.go:28:7:32:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | CookieWithoutHttpOnly.go:33:21:33:21 | c | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:33:21:33:21 | c | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:38:10:38:18 | "session" | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:41:15:41:18 | true | CookieWithoutHttpOnly.go:37:7:40:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | CookieWithoutHttpOnly.go:42:21:42:21 | c | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:42:21:42:21 | c | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:47:10:47:18 | "session" | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:50:15:50:19 | false | CookieWithoutHttpOnly.go:46:7:49:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | CookieWithoutHttpOnly.go:51:21:51:21 | c | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... | provenance | | | CookieWithoutHttpOnly.go:51:21:51:21 | c | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | provenance | | @@ -93,20 +57,12 @@ edges | CookieWithoutHttpOnly.go:55:9:55:13 | false | CookieWithoutHttpOnly.go:59:13:59:15 | val | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:57:13:57:21 | "session" | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:59:13:59:15 | val | CookieWithoutHttpOnly.go:56:7:60:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | CookieWithoutHttpOnly.go:61:21:61:21 | c | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... | provenance | | | CookieWithoutHttpOnly.go:61:21:61:21 | c | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | provenance | | @@ -115,20 +71,12 @@ edges | CookieWithoutHttpOnly.go:65:9:65:12 | true | CookieWithoutHttpOnly.go:69:13:69:15 | val | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:67:13:67:21 | "session" | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:69:13:69:15 | val | CookieWithoutHttpOnly.go:66:7:70:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | CookieWithoutHttpOnly.go:71:21:71:21 | c | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... | provenance | | | CookieWithoutHttpOnly.go:71:21:71:21 | c | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | provenance | | @@ -137,20 +85,12 @@ edges | CookieWithoutHttpOnly.go:75:9:75:12 | true | CookieWithoutHttpOnly.go:80:15:80:17 | val | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:77:10:77:18 | "session" | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:80:15:80:17 | val | CookieWithoutHttpOnly.go:76:7:79:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | CookieWithoutHttpOnly.go:81:21:81:21 | c | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... | provenance | | | CookieWithoutHttpOnly.go:81:21:81:21 | c | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | provenance | | @@ -159,51 +99,31 @@ edges | CookieWithoutHttpOnly.go:85:9:85:13 | false | CookieWithoutHttpOnly.go:90:15:90:17 | val | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:87:10:87:18 | "session" | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:90:15:90:17 | val | CookieWithoutHttpOnly.go:86:7:89:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | CookieWithoutHttpOnly.go:91:21:91:21 | c | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:91:21:91:21 | c | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | | CookieWithoutHttpOnly.go:99:15:99:19 | false | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | CookieWithoutHttpOnly.go:100:21:100:21 | c | provenance | | | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... | provenance | | | CookieWithoutHttpOnly.go:100:21:100:21 | c | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | provenance | | | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | CookieWithoutHttpOnly.go:106:10:106:13 | name | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:106:10:106:13 | name | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:109:15:109:19 | false | CookieWithoutHttpOnly.go:105:7:108:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | CookieWithoutHttpOnly.go:110:21:110:21 | c | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... | provenance | | | CookieWithoutHttpOnly.go:110:21:110:21 | c | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | provenance | | @@ -211,20 +131,12 @@ edges | CookieWithoutHttpOnly.go:114:13:114:24 | "login_name" | CookieWithoutHttpOnly.go:116:10:116:16 | session | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:116:10:116:16 | session | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:119:15:119:19 | false | CookieWithoutHttpOnly.go:115:7:118:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | CookieWithoutHttpOnly.go:120:21:120:21 | c | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... | provenance | | | CookieWithoutHttpOnly.go:120:21:120:21 | c | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | provenance | | @@ -235,226 +147,90 @@ edges | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | | CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:123:13:123:49 | call to NewCookieStore | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | CookieWithoutHttpOnly.go:129:2:129:8 | session | provenance | | | CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:2:126:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:126:16:126:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | -| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | | | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | provenance | | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | CookieWithoutHttpOnly.go:191:19:191:25 | session | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | | CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:183:16:183:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | CookieWithoutHttpOnly.go:202:19:202:25 | session | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | | CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:195:16:195:20 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:126:16:126:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:134:16:134:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:146:16:146:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:158:16:158:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:170:16:170:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:183:16:183:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:191:2:191:6 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:195:16:195:20 | store | provenance | | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | CookieWithoutHttpOnly.go:202:2:202:6 | store | provenance | | nodes | CookieWithoutHttpOnly.go:11:7:14:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:12:10:12:18 | "session" | semmle.label | "session" | | CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:15:20:15:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:15:20:15:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:15:21:15:21 | c | semmle.label | c | | CookieWithoutHttpOnly.go:19:7:23:2 | struct literal | semmle.label | struct literal | @@ -463,8 +239,6 @@ nodes | CookieWithoutHttpOnly.go:22:13:22:17 | false | semmle.label | false | | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:24:20:24:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:24:20:24:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:24:21:24:21 | c | semmle.label | c | @@ -475,8 +249,6 @@ nodes | CookieWithoutHttpOnly.go:31:13:31:16 | true | semmle.label | true | | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:33:20:33:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:33:20:33:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:33:21:33:21 | c | semmle.label | c | @@ -487,8 +259,6 @@ nodes | CookieWithoutHttpOnly.go:41:15:41:18 | true | semmle.label | true | | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:42:20:42:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:42:20:42:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:42:21:42:21 | c | semmle.label | c | @@ -499,8 +269,6 @@ nodes | CookieWithoutHttpOnly.go:50:15:50:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:51:20:51:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:51:20:51:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:51:21:51:21 | c | semmle.label | c | @@ -513,8 +281,6 @@ nodes | CookieWithoutHttpOnly.go:59:13:59:15 | val | semmle.label | val | | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:61:20:61:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:61:20:61:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:61:21:61:21 | c | semmle.label | c | @@ -527,8 +293,6 @@ nodes | CookieWithoutHttpOnly.go:69:13:69:15 | val | semmle.label | val | | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:71:20:71:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:71:20:71:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:71:21:71:21 | c | semmle.label | c | @@ -541,8 +305,6 @@ nodes | CookieWithoutHttpOnly.go:80:15:80:17 | val | semmle.label | val | | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:81:20:81:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:81:20:81:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:81:21:81:21 | c | semmle.label | c | @@ -555,8 +317,6 @@ nodes | CookieWithoutHttpOnly.go:90:15:90:17 | val | semmle.label | val | | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:91:20:91:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:91:20:91:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:91:21:91:21 | c | semmle.label | c | @@ -564,7 +324,6 @@ nodes | CookieWithoutHttpOnly.go:95:7:98:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:99:15:99:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:100:20:100:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:100:20:100:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:100:21:100:21 | c | semmle.label | c | | CookieWithoutHttpOnly.go:104:10:104:18 | "session" | semmle.label | "session" | @@ -574,8 +333,6 @@ nodes | CookieWithoutHttpOnly.go:109:15:109:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:110:20:110:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:110:20:110:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:110:21:110:21 | c | semmle.label | c | @@ -587,8 +344,6 @@ nodes | CookieWithoutHttpOnly.go:119:15:119:19 | false | semmle.label | false | | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | -| CookieWithoutHttpOnly.go:120:20:120:21 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:120:20:120:21 | &... [pointer] | semmle.label | &... [pointer] | | CookieWithoutHttpOnly.go:120:21:120:21 | c | semmle.label | c | @@ -599,20 +354,14 @@ nodes | CookieWithoutHttpOnly.go:129:2:129:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:133:2:133:9 | definition of httpOnly | semmle.label | definition of httpOnly | | CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:134:2:134:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:135:2:135:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:135:2:135:8 | session [pointer] | semmle.label | session [pointer] | | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:137:2:137:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | semmle.label | struct literal | @@ -621,34 +370,25 @@ nodes | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:146:2:146:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:147:2:147:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:147:2:147:8 | session [pointer] | semmle.label | session [pointer] | | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:149:2:149:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:149:2:149:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal | | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:153:2:153:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | semmle.label | definition of httpOnly | | CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:158:2:158:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:159:2:159:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:159:2:159:8 | session [pointer] | semmle.label | session [pointer] | | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:161:2:161:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | semmle.label | struct literal | @@ -659,20 +399,14 @@ nodes | CookieWithoutHttpOnly.go:166:2:166:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:169:56:169:63 | argument corresponding to httpOnly | semmle.label | argument corresponding to httpOnly | | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | -| CookieWithoutHttpOnly.go:170:2:170:8 | definition of session [pointer] | semmle.label | definition of session [pointer] | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:171:2:171:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:171:2:171:8 | session [pointer] | semmle.label | session [pointer] | | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | | CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] | -| CookieWithoutHttpOnly.go:173:2:173:8 | session [pointer] | semmle.label | session [pointer] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | semmle.label | struct literal | @@ -683,11 +417,9 @@ nodes | CookieWithoutHttpOnly.go:178:2:178:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:183:2:183:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:183:16:183:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:191:2:191:6 | store | semmle.label | store | | CookieWithoutHttpOnly.go:191:19:191:25 | session | semmle.label | session | | CookieWithoutHttpOnly.go:195:2:195:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:195:16:195:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:202:2:202:6 | store | semmle.label | store | | CookieWithoutHttpOnly.go:202:19:202:25 | session | semmle.label | session | | CookieWithoutHttpOnly.go:214:66:214:70 | false | semmle.label | false | subpaths diff --git a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected index fa926d9be307..5b26a2a9b369 100644 --- a/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected +++ b/go/ql/test/experimental/CWE-321-V2/HardCodedKeys.expected @@ -1,16 +1,12 @@ edges | go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | -| go-jose.v3.go:13:14:13:34 | type conversion | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | | go-jose.v3.go:13:21:13:33 | "AllYourBase" | go-jose.v3.go:13:14:13:34 | type conversion | provenance | | -| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | -| go-jose.v3.go:24:32:24:37 | JwtKey | go-jose.v3.go:24:32:24:37 | JwtKey | provenance | | | golang-jwt-v5.go:19:15:19:35 | type conversion | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | provenance | | | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | golang-jwt-v5.go:19:15:19:35 | type conversion | provenance | | nodes | go-jose.v3.go:13:14:13:34 | type conversion | semmle.label | type conversion | | go-jose.v3.go:13:21:13:33 | "AllYourBase" | semmle.label | "AllYourBase" | | go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey | -| go-jose.v3.go:24:32:24:37 | JwtKey | semmle.label | JwtKey | | golang-jwt-v5.go:19:15:19:35 | type conversion | semmle.label | type conversion | | golang-jwt-v5.go:19:22:19:34 | "AllYourBase" | semmle.label | "AllYourBase" | | golang-jwt-v5.go:27:9:27:15 | JwtKey1 | semmle.label | JwtKey1 | diff --git a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected index 634d637c5881..4b26395c8e7c 100644 --- a/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected +++ b/go/ql/test/experimental/CWE-74/DsnInjectionLocal.expected @@ -7,17 +7,14 @@ edges | Dsn.go:28:11:28:110 | call to Sprintf | Dsn.go:29:29:29:33 | dbDSN | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | []type{args} [array] | provenance | | | Dsn.go:28:102:28:109 | index expression | Dsn.go:28:11:28:110 | call to Sprintf | provenance | FunctionModel | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:63:9:63:11 | cfg [pointer] | provenance | | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | -| Dsn.go:63:9:63:11 | cfg [pointer] | Dsn.go:63:9:63:11 | implicit dereference | provenance | | -| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:62:2:62:4 | definition of cfg [pointer] | provenance | | -| Dsn.go:63:9:63:11 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | +| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | Dsn.go:67:102:67:104 | cfg [pointer] | provenance | | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | provenance | | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:63:19:63:25 | selection of Args | Dsn.go:63:19:63:29 | slice expression | provenance | Src:MaD:1 | -| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference | provenance | FunctionModel | +| Dsn.go:63:19:63:29 | slice expression | Dsn.go:63:9:63:11 | implicit dereference [postupdate] | provenance | FunctionModel | | Dsn.go:67:11:67:109 | []type{args} [array] | Dsn.go:67:11:67:109 | call to Sprintf | provenance | MaD:2 | | Dsn.go:67:11:67:109 | call to Sprintf | Dsn.go:68:29:68:33 | dbDSN | provenance | | | Dsn.go:67:102:67:104 | cfg [pointer] | Dsn.go:67:102:67:104 | implicit dereference | provenance | | -| Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:63:9:63:11 | implicit dereference | provenance | | | Dsn.go:67:102:67:104 | implicit dereference | Dsn.go:67:102:67:108 | selection of dsn | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | []type{args} [array] | provenance | | | Dsn.go:67:102:67:108 | selection of dsn | Dsn.go:67:11:67:109 | call to Sprintf | provenance | FunctionModel | @@ -30,9 +27,8 @@ nodes | Dsn.go:28:11:28:110 | call to Sprintf | semmle.label | call to Sprintf | | Dsn.go:28:102:28:109 | index expression | semmle.label | index expression | | Dsn.go:29:29:29:33 | dbDSN | semmle.label | dbDSN | -| Dsn.go:62:2:62:4 | definition of cfg [pointer] | semmle.label | definition of cfg [pointer] | -| Dsn.go:63:9:63:11 | cfg [pointer] | semmle.label | cfg [pointer] | -| Dsn.go:63:9:63:11 | implicit dereference | semmle.label | implicit dereference | +| Dsn.go:63:9:63:11 | cfg [postupdate] [pointer] | semmle.label | cfg [postupdate] [pointer] | +| Dsn.go:63:9:63:11 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | | Dsn.go:63:19:63:25 | selection of Args | semmle.label | selection of Args | | Dsn.go:63:19:63:29 | slice expression | semmle.label | slice expression | | Dsn.go:67:11:67:109 | []type{args} [array] | semmle.label | []type{args} [array] | diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index 87780085a549..a947101b354f 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -4,9 +4,9 @@ | builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. | | builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. | | builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. | -| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | -| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | -| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | +| new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | | new-tests.go:47:2:47:47 | call to Get | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:50:2:50:47 | call to Get | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:68:2:68:58 | call to Get | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:68:11:68:57 | call to Sprintf | The URL of this request depends on a user-provided value. | @@ -22,9 +22,9 @@ edges | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:8 | | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:8 | | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:8 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | -| new-tests.go:26:26:26:30 | &... | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | +| new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | | new-tests.go:31:11:31:57 | []type{args} [array] | new-tests.go:31:11:31:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | []type{args} [array] | provenance | | | new-tests.go:31:48:31:56 | selection of word | new-tests.go:31:11:31:57 | call to Sprintf | provenance | FunctionModel | @@ -38,10 +38,10 @@ edges | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | | new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:12 | -| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... | provenance | MaD:10 | -| new-tests.go:63:26:63:30 | &... | new-tests.go:68:48:68:56 | selection of word | provenance | | -| new-tests.go:63:26:63:30 | &... | new-tests.go:69:48:69:56 | selection of safe | provenance | | -| new-tests.go:63:26:63:30 | &... | new-tests.go:74:49:74:57 | selection of word | provenance | | +| new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance | | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance | | +| new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:74:49:74:57 | selection of word | provenance | | | new-tests.go:68:11:68:57 | []type{args} [array] | new-tests.go:68:11:68:57 | call to Sprintf | provenance | MaD:11 | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | []type{args} [array] | provenance | | | new-tests.go:68:48:68:56 | selection of word | new-tests.go:68:11:68:57 | call to Sprintf | provenance | FunctionModel | @@ -86,7 +86,7 @@ nodes | builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput | | builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | | builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput | -| new-tests.go:26:26:26:30 | &... | semmle.label | &... | +| new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] | | new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] | | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf | | new-tests.go:31:48:31:56 | selection of word | semmle.label | selection of word | @@ -103,7 +103,7 @@ nodes | new-tests.go:62:2:62:39 | ... := ...[0] | semmle.label | ... := ...[0] | | new-tests.go:62:31:62:38 | selection of Body | semmle.label | selection of Body | | new-tests.go:63:17:63:23 | reqBody | semmle.label | reqBody | -| new-tests.go:63:26:63:30 | &... | semmle.label | &... | +| new-tests.go:63:26:63:30 | &... [postupdate] | semmle.label | &... [postupdate] | | new-tests.go:68:11:68:57 | []type{args} [array] | semmle.label | []type{args} [array] | | new-tests.go:68:11:68:57 | call to Sprintf | semmle.label | call to Sprintf | | new-tests.go:68:48:68:56 | selection of word | semmle.label | selection of word | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected index b198361df04d..72124e7dae0b 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/DefaultTaintSanitizer/DefaultSanitizer.expected @@ -4,27 +4,27 @@ models | 3 | Summary: io; Reader; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual | | 4 | Summary: os; File; true; Read; ; ; Argument[receiver]; Argument[0]; taint; manual | edges -| Builtin.go:6:2:6:2 | definition of b | Builtin.go:8:9:8:17 | type conversion | provenance | | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:6:2:6:2 | definition of b | provenance | Src:MaD:1 MaD:4 | -| Builtin.go:12:2:12:2 | definition of b | Builtin.go:17:9:17:17 | type conversion | provenance | | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:12:2:12:2 | definition of b | provenance | Src:MaD:1 MaD:4 | -| Builtin.go:21:2:21:2 | definition of b | Builtin.go:24:10:24:18 | type conversion | provenance | | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:2 | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:3 | -| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:21:2:21:2 | definition of b | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:7:2:7:15 | selection of Body | Builtin.go:7:22:7:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:7:22:7:22 | b [postupdate] | Builtin.go:8:9:8:17 | type conversion | provenance | | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:13:2:13:15 | selection of Body | Builtin.go:13:22:13:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:13:22:13:22 | b [postupdate] | Builtin.go:17:9:17:17 | type conversion | provenance | | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:2 | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:3 | +| Builtin.go:22:2:22:15 | selection of Body | Builtin.go:22:22:22:22 | b [postupdate] | provenance | Src:MaD:1 MaD:4 | +| Builtin.go:22:22:22:22 | b [postupdate] | Builtin.go:24:10:24:18 | type conversion | provenance | | nodes -| Builtin.go:6:2:6:2 | definition of b | semmle.label | definition of b | | Builtin.go:7:2:7:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:7:22:7:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:8:9:8:17 | type conversion | semmle.label | type conversion | -| Builtin.go:12:2:12:2 | definition of b | semmle.label | definition of b | | Builtin.go:13:2:13:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:13:22:13:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:17:9:17:17 | type conversion | semmle.label | type conversion | -| Builtin.go:21:2:21:2 | definition of b | semmle.label | definition of b | | Builtin.go:22:2:22:15 | selection of Body | semmle.label | selection of Body | +| Builtin.go:22:22:22:22 | b [postupdate] | semmle.label | b [postupdate] | | Builtin.go:24:10:24:18 | type conversion | semmle.label | type conversion | subpaths #select diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected index a6f313198d1d..f99ee92a4928 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/srcs.expected @@ -1,6 +1,5 @@ invalidModelRow #select -| test.go:10:6:10:8 | definition of arg | qltest-arg | | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | @@ -8,6 +7,7 @@ invalidModelRow | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | +| test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | | test.go:102:46:102:53 | call to Src1 | qltest | | test.go:112:35:112:42 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected index eaf00bde26f7..97a1cc49261a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalTaintFlow/steps.expected @@ -2,18 +2,18 @@ invalidModelRow #select | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes | | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] | -| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 | -| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t | +| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] | +| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] | | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes | -| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg | +| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] | | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual | | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes | | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] | -| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 | -| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 | +| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] | +| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] | | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes | -| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 | +| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] | | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual | | test.go:149:10:149:27 | []type{args} | test.go:149:10:149:27 | call to append | | test.go:149:17:149:21 | slice | test.go:149:10:149:27 | call to append | -| test.go:155:15:155:20 | slice1 | test.go:154:2:154:7 | definition of slice2 | +| test.go:155:15:155:20 | slice1 | test.go:155:7:155:12 | slice2 [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected index a85e8689960f..009238baa4d8 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/srcs.expected @@ -1,6 +1,5 @@ invalidModelRow #select -| test.go:10:6:10:8 | definition of arg | qltest-arg | | test.go:39:8:39:15 | call to Src1 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest | | test.go:40:8:40:15 | call to Src2 | qltest-w-subtypes | @@ -8,6 +7,7 @@ invalidModelRow | test.go:42:2:42:21 | ... = ...[0] | qltest | | test.go:42:2:42:21 | ... = ...[1] | qltest-w-subtypes | | test.go:43:2:43:22 | ... = ...[1] | qltest-w-subtypes | +| test.go:44:11:44:13 | arg [postupdate] | qltest-arg | | test.go:59:9:59:16 | call to Src1 | qltest | | test.go:102:46:102:53 | call to Src1 | qltest | | test.go:112:35:112:42 | call to Src1 | qltest | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected index e53ed76ad002..eb52daa42537 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ExternalValueFlow/steps.expected @@ -2,17 +2,17 @@ invalidModelRow #select | test.go:17:23:17:25 | arg | test.go:17:10:17:26 | call to StepArgRes | | test.go:18:27:18:29 | arg | test.go:18:2:18:30 | ... = ...[1] | -| test.go:19:15:19:17 | arg | test.go:11:6:11:9 | definition of arg1 | -| test.go:21:16:21:18 | arg | test.go:13:6:13:6 | definition of t | +| test.go:19:15:19:17 | arg | test.go:19:20:19:23 | arg1 [postupdate] | +| test.go:21:16:21:18 | arg | test.go:21:2:21:2 | t [postupdate] | | test.go:22:10:22:10 | t | test.go:22:10:22:24 | call to StepQualRes | -| test.go:23:2:23:2 | t | test.go:10:6:10:8 | definition of arg | +| test.go:23:2:23:2 | t | test.go:23:16:23:18 | arg [postupdate] | | test.go:24:32:24:34 | arg | test.go:24:10:24:35 | call to StepArgResNoQual | | test.go:61:25:61:27 | src | test.go:61:12:61:28 | call to StepArgRes | | test.go:64:29:64:31 | src | test.go:64:2:64:32 | ... := ...[1] | -| test.go:68:15:68:17 | src | test.go:67:6:67:11 | definition of taint3 | -| test.go:76:21:76:23 | src | test.go:75:6:75:11 | definition of taint4 | +| test.go:68:15:68:17 | src | test.go:68:20:68:25 | taint3 [postupdate] | +| test.go:76:21:76:23 | src | test.go:76:2:76:7 | taint4 [postupdate] | | test.go:79:13:79:25 | type assertion | test.go:79:12:79:40 | call to StepQualRes | -| test.go:83:3:83:15 | type assertion | test.go:82:6:82:11 | definition of taint6 | +| test.go:83:3:83:15 | type assertion | test.go:83:30:83:35 | taint6 [postupdate] | | test.go:86:34:86:36 | src | test.go:86:12:86:37 | call to StepArgResNoQual | | test.go:202:14:202:19 | srcInt | test.go:202:10:202:26 | call to max | | test.go:202:22:202:22 | 0 | test.go:202:10:202:26 | call to max | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index 6fadcdaabe63..11b73b0915d1 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -1,13 +1,13 @@ | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] | | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] | -| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal | -| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal | -| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal | +| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal [postupdate] | +| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal [postupdate] | +| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal [postupdate] | | main.go:39:8:39:25 | []type{args} | main.go:39:8:39:25 | call to append | | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | | main.go:40:18:40:19 | s1 | main.go:40:8:40:23 | call to append | -| main.go:42:10:42:11 | s4 | main.go:38:2:38:2 | definition of s | +| main.go:42:10:42:11 | s4 | main.go:42:7:42:7 | s [postupdate] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[0] | | main.go:47:20:47:21 | next key-value pair in range | main.go:47:2:50:2 | range statement[1] | | main.go:47:20:47:21 | xs | main.go:47:2:50:2 | range statement[1] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected index f9b4b8106f11..b0c0a58b339a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionModelStep.expected @@ -1,3 +1,3 @@ -| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w | -| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:9:2:9:12 | definition of bytesBuffer | -| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:11:6:11:11 | definition of reader | +| file://:0:0:0:0 | NewEncoder | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] | +| file://:0:0:0:0 | ReadFrom | tst.go:10:23:10:28 | reader | tst.go:10:2:10:12 | bytesBuffer [postupdate] | +| file://:0:0:0:0 | Reset | reset.go:12:15:12:20 | source | reset.go:12:2:12:7 | reader [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected index e8addfb217eb..eebf68d92d4a 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FunctionInputsAndOutputs/FunctionOutput_getExitNode.expected @@ -1,13 +1,13 @@ -| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:9:2:9:7 | definition of source | -| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:9:6:9:6 | definition of w | -| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:8:12:8:15 | definition of data | -| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:8:12:8:17 | definition of reader | -| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:15:12:15:12 | definition of x | -| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:15:15:15:15 | definition of y | -| receiver | main.go:53:14:53:21 | call to bump | main.go:52:2:52:2 | definition of c | -| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:11:6:11:11 | definition of reader | -| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder | -| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:9:2:9:12 | definition of bytesBuffer | +| parameter 0 | reset.go:12:2:12:21 | call to Reset | reset.go:12:15:12:20 | source [postupdate] | +| parameter 0 | tst2.go:10:9:10:26 | call to NewEncoder | tst2.go:10:25:10:25 | w [postupdate] | +| parameter 0 | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:35:10:38 | data [postupdate] | +| parameter 0 | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:23:10:28 | reader [postupdate] | +| parameter 0 | tst.go:16:2:16:12 | call to test5 | tst.go:16:8:16:8 | x [postupdate] | +| parameter 1 | tst.go:16:2:16:12 | call to test5 | tst.go:16:11:16:11 | y [postupdate] | +| receiver | main.go:53:14:53:21 | call to bump | main.go:53:14:53:14 | c [postupdate] | +| receiver | reset.go:12:2:12:21 | call to Reset | reset.go:12:2:12:7 | reader [postupdate] | +| receiver | tst2.go:10:9:10:39 | call to Encode | tst2.go:10:9:10:26 | call to NewEncoder [postupdate] | +| receiver | tst.go:10:2:10:29 | call to ReadFrom | tst.go:10:2:10:12 | bytesBuffer [postupdate] | | result | main.go:51:2:51:14 | call to op | main.go:51:2:51:14 | call to op | | result | main.go:53:2:53:22 | call to op2 | main.go:53:2:53:22 | call to op2 | | result | main.go:53:14:53:21 | call to bump | main.go:53:14:53:21 | call to bump | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go index 436c9dab677d..45e6a3aefa1f 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -30,9 +30,9 @@ func gogf_Core(g gdb.Core) { g.GetStruct(&v7, "SELECT user from users") // $ source sink(v7) // $ hasTaintFlow="v7" - var v8 []User // $ source - g.GetStructs(v8, "SELECT user from users") - sink(v8) // $ hasTaintFlow="v8" + var v8 []User + g.GetStructs(v8, "SELECT user from users") // $ source + sink(v8) // $ hasTaintFlow="v8" v9, _ := g.GetValue("SELECT user from users") // $ source sink(v9) // $ hasTaintFlow="v9" @@ -132,9 +132,9 @@ func gogf_TX(g gdb.TX) { g.GetStruct(&v4, "SELECT user from users") // $ source sink(v4) // $ hasTaintFlow="v4" - var v5 []User // $ source - g.GetStructs(v5, "SELECT user from users") - sink(v5) // $ hasTaintFlow="v5" + var v5 []User + g.GetStructs(v5, "SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" v6, _ := g.GetValue("SELECT user from users") // $ source sink(v6) // $ hasTaintFlow="v6" diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected index aa0345f221e1..be8ae2ec2fa4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/ReflectedXss.expected @@ -1,7 +1,7 @@ #select -| test.go:35:13:35:30 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:36:13:36:27 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:37:13:37:29 | type conversion | test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:33:6:33:10 | definition of bound | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:35:13:35:30 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:36:13:36:27 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:37:13:37:29 | type conversion | test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:34:13:34:17 | bound [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:42:13:42:43 | type conversion | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:42:20:42:42 | call to Cookie | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:47:13:47:52 | type conversion | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:47:20:47:31 | call to Data | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:52:13:52:53 | type conversion | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:52:20:52:43 | call to GetData | user-provided value | test.go:0:0:0:0 | test.go | | @@ -30,7 +30,7 @@ | test.go:232:14:232:22 | type conversion | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:231:7:231:28 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:235:14:235:26 | type conversion | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:234:8:234:35 | call to GetStrings | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:238:14:238:27 | type conversion | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:237:9:237:17 | call to Input | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:242:14:242:30 | type conversion | test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:240:6:240:8 | definition of str | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:242:14:242:30 | type conversion | test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:241:14:241:16 | str [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:249:21:249:29 | untrusted | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | Cross-site scripting vulnerability due to $@. | test.go:246:15:246:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:259:16:259:45 | type conversion | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:259:23:259:44 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | test.go:264:16:264:37 | call to GetCookie | Cross-site scripting vulnerability due to $@. | test.go:264:16:264:37 | call to GetCookie | user-provided value | test.go:0:0:0:0 | test.go | | @@ -53,9 +53,9 @@ | test.go:311:21:311:48 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:311:21:311:48 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:312:21:312:52 | type assertion | test.go:309:15:309:36 | call to GetString | test.go:312:21:312:52 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:309:15:309:36 | call to GetString | user-provided value | test.go:0:0:0:0 | test.go | | edges -| test.go:33:6:33:10 | definition of bound | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 | -| test.go:33:6:33:10 | definition of bound | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 | -| test.go:33:6:33:10 | definition of bound | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:35:13:35:30 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:36:13:36:27 | type conversion | provenance | Src:MaD:1 | +| test.go:34:13:34:17 | bound [postupdate] | test.go:37:13:37:29 | type conversion | provenance | Src:MaD:1 | | test.go:42:20:42:42 | call to Cookie | test.go:42:13:42:43 | type conversion | provenance | Src:MaD:2 | | test.go:47:20:47:31 | call to Data | test.go:47:13:47:52 | type conversion | provenance | Src:MaD:3 | | test.go:52:20:52:43 | call to GetData | test.go:52:13:52:53 | type conversion | provenance | Src:MaD:4 | @@ -87,8 +87,8 @@ edges | test.go:204:36:204:53 | type assertion | test.go:204:21:204:54 | call to Str2html | provenance | MaD:39 | | test.go:205:21:205:58 | call to Substr | test.go:205:14:205:59 | type conversion | provenance | | | test.go:205:34:205:51 | type assertion | test.go:205:21:205:58 | call to Substr | provenance | MaD:40 | -| test.go:207:6:207:6 | definition of s | test.go:209:14:209:28 | type conversion | provenance | | -| test.go:208:18:208:33 | selection of Form | test.go:207:6:207:6 | definition of s | provenance | Src:MaD:21 MaD:38 | +| test.go:208:18:208:33 | selection of Form | test.go:208:36:208:36 | s [postupdate] | provenance | Src:MaD:21 MaD:38 | +| test.go:208:36:208:36 | s [postupdate] | test.go:209:14:209:28 | type conversion | provenance | | | test.go:223:2:223:34 | ... := ...[0] | test.go:225:31:225:31 | f | provenance | Src:MaD:15 | | test.go:223:2:223:34 | ... := ...[1] | test.go:224:14:224:32 | type conversion | provenance | Src:MaD:15 | | test.go:225:2:225:32 | ... := ...[0] | test.go:226:14:226:20 | content | provenance | | @@ -97,7 +97,7 @@ edges | test.go:231:7:231:28 | call to GetString | test.go:232:14:232:22 | type conversion | provenance | Src:MaD:17 | | test.go:234:8:234:35 | call to GetStrings | test.go:235:14:235:26 | type conversion | provenance | Src:MaD:18 | | test.go:237:9:237:17 | call to Input | test.go:238:14:238:27 | type conversion | provenance | Src:MaD:19 | -| test.go:240:6:240:8 | definition of str | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 | +| test.go:241:14:241:16 | str [postupdate] | test.go:242:14:242:30 | type conversion | provenance | Src:MaD:20 | | test.go:246:15:246:36 | call to GetString | test.go:249:21:249:29 | untrusted | provenance | Src:MaD:17 | | test.go:259:23:259:44 | call to GetCookie | test.go:259:16:259:45 | type conversion | provenance | Src:MaD:14 | | test.go:270:62:270:83 | call to GetCookie | test.go:270:55:270:84 | type conversion | provenance | Src:MaD:14 | @@ -116,8 +116,8 @@ edges | test.go:275:2:275:40 | ... := ...[0] | test.go:301:39:301:50 | genericFiles | provenance | Src:MaD:16 | | test.go:275:2:275:40 | ... := ...[0] | test.go:302:40:302:51 | genericFiles | provenance | Src:MaD:16 | | test.go:275:2:275:40 | ... := ...[0] | test.go:303:39:303:50 | genericFiles | provenance | Src:MaD:16 | -| test.go:276:2:276:13 | definition of genericFiles [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | | -| test.go:278:21:278:28 | index expression | test.go:276:2:276:13 | definition of genericFiles [array] | provenance | | +| test.go:278:3:278:14 | genericFiles [postupdate] [array] | test.go:297:51:297:62 | genericFiles [array] | provenance | | +| test.go:278:21:278:28 | index expression | test.go:278:3:278:14 | genericFiles [postupdate] [array] | provenance | | | test.go:283:44:283:60 | selection of Filename | test.go:283:21:283:61 | call to GetDisplayString | provenance | FunctionModel | | test.go:284:21:284:53 | call to SliceChunk | test.go:284:21:284:92 | selection of Filename | provenance | | | test.go:284:38:284:49 | genericFiles | test.go:284:21:284:53 | call to SliceChunk | provenance | MaD:22 | @@ -146,10 +146,10 @@ edges | test.go:302:40:302:51 | genericFiles | test.go:302:21:302:52 | call to SliceShuffle | provenance | MaD:30 | | test.go:303:21:303:51 | call to SliceUnique | test.go:303:21:303:87 | selection of Filename | provenance | | | test.go:303:39:303:50 | genericFiles | test.go:303:21:303:51 | call to SliceUnique | provenance | MaD:31 | -| test.go:308:2:308:5 | definition of bMap | test.go:311:21:311:24 | bMap | provenance | | -| test.go:308:2:308:5 | definition of bMap | test.go:312:21:312:24 | bMap | provenance | | | test.go:309:15:309:36 | call to GetString | test.go:310:22:310:30 | untrusted | provenance | Src:MaD:17 | -| test.go:310:22:310:30 | untrusted | test.go:308:2:308:5 | definition of bMap | provenance | MaD:34 | +| test.go:310:2:310:5 | bMap [postupdate] | test.go:311:21:311:24 | bMap | provenance | | +| test.go:310:2:310:5 | bMap [postupdate] | test.go:312:21:312:24 | bMap | provenance | | +| test.go:310:22:310:30 | untrusted | test.go:310:2:310:5 | bMap [postupdate] | provenance | MaD:34 | | test.go:311:21:311:24 | bMap | test.go:311:21:311:39 | call to Get | provenance | MaD:32 | | test.go:311:21:311:39 | call to Get | test.go:311:21:311:48 | type assertion | provenance | | | test.go:312:21:312:24 | bMap | test.go:312:21:312:32 | call to Items | provenance | MaD:33 | @@ -197,7 +197,7 @@ models | 40 | Summary: group:beego; ; false; Substr; ; ; Argument[0]; ReturnValue; taint; manual | | 41 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | nodes -| test.go:33:6:33:10 | definition of bound | semmle.label | definition of bound | +| test.go:34:13:34:17 | bound [postupdate] | semmle.label | bound [postupdate] | | test.go:35:13:35:30 | type conversion | semmle.label | type conversion | | test.go:36:13:36:27 | type conversion | semmle.label | type conversion | | test.go:37:13:37:29 | type conversion | semmle.label | type conversion | @@ -249,8 +249,8 @@ nodes | test.go:205:14:205:59 | type conversion | semmle.label | type conversion | | test.go:205:21:205:58 | call to Substr | semmle.label | call to Substr | | test.go:205:34:205:51 | type assertion | semmle.label | type assertion | -| test.go:207:6:207:6 | definition of s | semmle.label | definition of s | | test.go:208:18:208:33 | selection of Form | semmle.label | selection of Form | +| test.go:208:36:208:36 | s [postupdate] | semmle.label | s [postupdate] | | test.go:209:14:209:28 | type conversion | semmle.label | type conversion | | test.go:223:2:223:34 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:223:2:223:34 | ... := ...[1] | semmle.label | ... := ...[1] | @@ -266,7 +266,7 @@ nodes | test.go:235:14:235:26 | type conversion | semmle.label | type conversion | | test.go:237:9:237:17 | call to Input | semmle.label | call to Input | | test.go:238:14:238:27 | type conversion | semmle.label | type conversion | -| test.go:240:6:240:8 | definition of str | semmle.label | definition of str | +| test.go:241:14:241:16 | str [postupdate] | semmle.label | str [postupdate] | | test.go:242:14:242:30 | type conversion | semmle.label | type conversion | | test.go:246:15:246:36 | call to GetString | semmle.label | call to GetString | | test.go:249:21:249:29 | untrusted | semmle.label | untrusted | @@ -277,7 +277,7 @@ nodes | test.go:270:55:270:84 | type conversion | semmle.label | type conversion | | test.go:270:62:270:83 | call to GetCookie | semmle.label | call to GetCookie | | test.go:275:2:275:40 | ... := ...[0] | semmle.label | ... := ...[0] | -| test.go:276:2:276:13 | definition of genericFiles [array] | semmle.label | definition of genericFiles [array] | +| test.go:278:3:278:14 | genericFiles [postupdate] [array] | semmle.label | genericFiles [postupdate] [array] | | test.go:278:21:278:28 | index expression | semmle.label | index expression | | test.go:283:21:283:61 | call to GetDisplayString | semmle.label | call to GetDisplayString | | test.go:283:44:283:60 | selection of Filename | semmle.label | selection of Filename | @@ -321,8 +321,8 @@ nodes | test.go:303:21:303:51 | call to SliceUnique | semmle.label | call to SliceUnique | | test.go:303:21:303:87 | selection of Filename | semmle.label | selection of Filename | | test.go:303:39:303:50 | genericFiles | semmle.label | genericFiles | -| test.go:308:2:308:5 | definition of bMap | semmle.label | definition of bMap | | test.go:309:15:309:36 | call to GetString | semmle.label | call to GetString | +| test.go:310:2:310:5 | bMap [postupdate] | semmle.label | bMap [postupdate] | | test.go:310:22:310:30 | untrusted | semmle.label | untrusted | | test.go:311:21:311:24 | bMap | semmle.label | bMap | | test.go:311:21:311:39 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected index 98b536aac656..2324a9679ad8 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/TaintedPath.expected @@ -10,8 +10,8 @@ edges | test.go:215:15:215:26 | call to Data | test.go:216:18:216:26 | untrusted | provenance | Src:MaD:6 Sink:MaD:2 | | test.go:215:15:215:26 | call to Data | test.go:217:10:217:18 | untrusted | provenance | Src:MaD:6 Sink:MaD:5 | | test.go:215:15:215:26 | call to Data | test.go:218:35:218:43 | untrusted | provenance | Src:MaD:6 Sink:MaD:3 | -| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... | provenance | Src:MaD:7 MaD:8 | -| test.go:324:40:324:43 | &... | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 | +| test.go:324:17:324:37 | selection of RequestBody | test.go:324:40:324:43 | &... [postupdate] | provenance | Src:MaD:7 MaD:8 | +| test.go:324:40:324:43 | &... [postupdate] | test.go:326:35:326:43 | untrusted | provenance | Sink:MaD:3 | | test.go:332:15:332:26 | call to Data | test.go:334:23:334:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 | | test.go:340:15:340:26 | call to Data | test.go:342:53:342:61 | untrusted | provenance | Src:MaD:6 Sink:MaD:4 | | test.go:340:15:340:26 | call to Data | test.go:344:23:344:31 | untrusted | provenance | Src:MaD:6 Sink:MaD:1 | @@ -30,7 +30,7 @@ nodes | test.go:217:10:217:18 | untrusted | semmle.label | untrusted | | test.go:218:35:218:43 | untrusted | semmle.label | untrusted | | test.go:324:17:324:37 | selection of RequestBody | semmle.label | selection of RequestBody | -| test.go:324:40:324:43 | &... | semmle.label | &... | +| test.go:324:40:324:43 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:326:35:326:43 | untrusted | semmle.label | untrusted | | test.go:332:15:332:26 | call to Data | semmle.label | call to Data | | test.go:334:23:334:31 | untrusted | semmle.label | untrusted | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected index f766a1a2db61..87c68cdc50bb 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/BeegoOrm/StoredXss.expected @@ -1,8 +1,8 @@ #select -| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value | -| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... | stored value | -| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... | stored value | -| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... | stored value | +| test.go:81:13:81:29 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value | +| test.go:82:13:82:43 | type conversion | test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:80:13:80:16 | &... [postupdate] | stored value | +| test.go:86:13:86:30 | type conversion | test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:85:22:85:26 | &... [postupdate] | stored value | +| test.go:90:13:90:30 | type conversion | test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:89:21:89:25 | &... [postupdate] | stored value | | test.go:95:13:95:37 | type conversion | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:95:20:95:36 | call to Value | stored value | | test.go:96:13:96:49 | type conversion | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:96:20:96:39 | call to RawValue | stored value | | test.go:97:13:97:38 | type conversion | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:97:20:97:37 | call to String | stored value | @@ -12,25 +12,25 @@ | test.go:101:13:101:38 | type conversion | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:101:20:101:37 | call to Value | stored value | | test.go:102:13:102:50 | type conversion | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:102:20:102:40 | call to RawValue | stored value | | test.go:103:13:103:39 | type conversion | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:103:20:103:38 | call to String | stored value | -| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... | stored value | -| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... | stored value | -| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... | stored value | -| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... | stored value | -| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... | stored value | -| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... | stored value | -| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... | stored value | -| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... | stored value | -| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... | stored value | -| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... | stored value | -| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... | stored value | -| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... | stored value | -| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... | stored value | -| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... | stored value | +| test.go:110:13:110:33 | type conversion | test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:109:9:109:13 | &... [postupdate] | stored value | +| test.go:114:13:114:29 | type conversion | test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:113:9:113:12 | &... [postupdate] | stored value | +| test.go:118:13:118:48 | type conversion | test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:117:12:117:19 | &... [postupdate] | stored value | +| test.go:122:13:122:43 | type conversion | test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:121:16:121:24 | &... [postupdate] | stored value | +| test.go:126:13:126:39 | type conversion | test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:125:16:125:23 | &... [postupdate] | stored value | +| test.go:130:13:130:47 | type conversion | test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:129:15:129:24 | &... [postupdate] | stored value | +| test.go:134:13:134:38 | type conversion | test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:133:18:133:30 | &... [postupdate] | stored value | +| test.go:141:13:141:48 | type conversion | test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:140:12:140:19 | &... [postupdate] | stored value | +| test.go:145:13:145:43 | type conversion | test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:144:16:144:24 | &... [postupdate] | stored value | +| test.go:149:13:149:39 | type conversion | test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:148:16:148:23 | &... [postupdate] | stored value | +| test.go:153:13:153:47 | type conversion | test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:152:15:152:24 | &... [postupdate] | stored value | +| test.go:157:13:157:38 | type conversion | test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:156:18:156:30 | &... [postupdate] | stored value | +| test.go:161:13:161:28 | type conversion | test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:160:14:160:22 | &... [postupdate] | stored value | +| test.go:165:13:165:32 | type conversion | test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | Stored cross-site scripting vulnerability due to $@. | test.go:164:15:164:24 | &... [postupdate] | stored value | edges -| test.go:80:13:80:16 | &... | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 | -| test.go:80:13:80:16 | &... | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 | -| test.go:85:22:85:26 | &... | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 | -| test.go:89:21:89:25 | &... | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 | +| test.go:80:13:80:16 | &... [postupdate] | test.go:81:13:81:29 | type conversion | provenance | Src:MaD:1 | +| test.go:80:13:80:16 | &... [postupdate] | test.go:82:13:82:43 | type conversion | provenance | Src:MaD:1 | +| test.go:85:22:85:26 | &... [postupdate] | test.go:86:13:86:30 | type conversion | provenance | Src:MaD:2 | +| test.go:89:21:89:25 | &... [postupdate] | test.go:90:13:90:30 | type conversion | provenance | Src:MaD:3 | | test.go:95:20:95:36 | call to Value | test.go:95:13:95:37 | type conversion | provenance | | | test.go:96:20:96:39 | call to RawValue | test.go:96:13:96:49 | type conversion | provenance | | | test.go:97:20:97:37 | call to String | test.go:97:13:97:38 | type conversion | provenance | | @@ -40,31 +40,31 @@ edges | test.go:101:20:101:37 | call to Value | test.go:101:13:101:38 | type conversion | provenance | | | test.go:102:20:102:40 | call to RawValue | test.go:102:13:102:50 | type conversion | provenance | | | test.go:103:20:103:38 | call to String | test.go:103:13:103:39 | type conversion | provenance | | -| test.go:109:9:109:13 | &... | test.go:110:13:110:33 | type conversion | provenance | | -| test.go:113:9:113:12 | &... | test.go:114:13:114:29 | type conversion | provenance | | -| test.go:117:12:117:19 | &... | test.go:118:13:118:48 | type conversion | provenance | | -| test.go:121:16:121:24 | &... | test.go:122:13:122:43 | type conversion | provenance | | -| test.go:125:16:125:23 | &... | test.go:126:13:126:39 | type conversion | provenance | | -| test.go:129:15:129:24 | &... | test.go:130:13:130:47 | type conversion | provenance | | -| test.go:133:18:133:30 | &... | test.go:134:13:134:38 | type conversion | provenance | | -| test.go:140:12:140:19 | &... | test.go:141:13:141:48 | type conversion | provenance | | -| test.go:144:16:144:24 | &... | test.go:145:13:145:43 | type conversion | provenance | | -| test.go:148:16:148:23 | &... | test.go:149:13:149:39 | type conversion | provenance | | -| test.go:152:15:152:24 | &... | test.go:153:13:153:47 | type conversion | provenance | | -| test.go:156:18:156:30 | &... | test.go:157:13:157:38 | type conversion | provenance | | -| test.go:160:14:160:22 | &... | test.go:161:13:161:28 | type conversion | provenance | | -| test.go:164:15:164:24 | &... | test.go:165:13:165:32 | type conversion | provenance | | +| test.go:109:9:109:13 | &... [postupdate] | test.go:110:13:110:33 | type conversion | provenance | | +| test.go:113:9:113:12 | &... [postupdate] | test.go:114:13:114:29 | type conversion | provenance | | +| test.go:117:12:117:19 | &... [postupdate] | test.go:118:13:118:48 | type conversion | provenance | | +| test.go:121:16:121:24 | &... [postupdate] | test.go:122:13:122:43 | type conversion | provenance | | +| test.go:125:16:125:23 | &... [postupdate] | test.go:126:13:126:39 | type conversion | provenance | | +| test.go:129:15:129:24 | &... [postupdate] | test.go:130:13:130:47 | type conversion | provenance | | +| test.go:133:18:133:30 | &... [postupdate] | test.go:134:13:134:38 | type conversion | provenance | | +| test.go:140:12:140:19 | &... [postupdate] | test.go:141:13:141:48 | type conversion | provenance | | +| test.go:144:16:144:24 | &... [postupdate] | test.go:145:13:145:43 | type conversion | provenance | | +| test.go:148:16:148:23 | &... [postupdate] | test.go:149:13:149:39 | type conversion | provenance | | +| test.go:152:15:152:24 | &... [postupdate] | test.go:153:13:153:47 | type conversion | provenance | | +| test.go:156:18:156:30 | &... [postupdate] | test.go:157:13:157:38 | type conversion | provenance | | +| test.go:160:14:160:22 | &... [postupdate] | test.go:161:13:161:28 | type conversion | provenance | | +| test.go:164:15:164:24 | &... [postupdate] | test.go:165:13:165:32 | type conversion | provenance | | models | 1 | Source: group:beego-orm; Ormer; true; Read; ; ; Argument[0]; database; manual | | 2 | Source: group:beego-orm; Ormer; true; ReadForUpdate; ; ; Argument[0]; database; manual | | 3 | Source: group:beego-orm; Ormer; true; ReadOrCreate; ; ; Argument[0]; database; manual | nodes -| test.go:80:13:80:16 | &... | semmle.label | &... | +| test.go:80:13:80:16 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:81:13:81:29 | type conversion | semmle.label | type conversion | | test.go:82:13:82:43 | type conversion | semmle.label | type conversion | -| test.go:85:22:85:26 | &... | semmle.label | &... | +| test.go:85:22:85:26 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:86:13:86:30 | type conversion | semmle.label | type conversion | -| test.go:89:21:89:25 | &... | semmle.label | &... | +| test.go:89:21:89:25 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:90:13:90:30 | type conversion | semmle.label | type conversion | | test.go:95:13:95:37 | type conversion | semmle.label | type conversion | | test.go:95:20:95:36 | call to Value | semmle.label | call to Value | @@ -84,32 +84,32 @@ nodes | test.go:102:20:102:40 | call to RawValue | semmle.label | call to RawValue | | test.go:103:13:103:39 | type conversion | semmle.label | type conversion | | test.go:103:20:103:38 | call to String | semmle.label | call to String | -| test.go:109:9:109:13 | &... | semmle.label | &... | +| test.go:109:9:109:13 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:110:13:110:33 | type conversion | semmle.label | type conversion | -| test.go:113:9:113:12 | &... | semmle.label | &... | +| test.go:113:9:113:12 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:114:13:114:29 | type conversion | semmle.label | type conversion | -| test.go:117:12:117:19 | &... | semmle.label | &... | +| test.go:117:12:117:19 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:118:13:118:48 | type conversion | semmle.label | type conversion | -| test.go:121:16:121:24 | &... | semmle.label | &... | +| test.go:121:16:121:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:122:13:122:43 | type conversion | semmle.label | type conversion | -| test.go:125:16:125:23 | &... | semmle.label | &... | +| test.go:125:16:125:23 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:126:13:126:39 | type conversion | semmle.label | type conversion | -| test.go:129:15:129:24 | &... | semmle.label | &... | +| test.go:129:15:129:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:130:13:130:47 | type conversion | semmle.label | type conversion | -| test.go:133:18:133:30 | &... | semmle.label | &... | +| test.go:133:18:133:30 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:134:13:134:38 | type conversion | semmle.label | type conversion | -| test.go:140:12:140:19 | &... | semmle.label | &... | +| test.go:140:12:140:19 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:141:13:141:48 | type conversion | semmle.label | type conversion | -| test.go:144:16:144:24 | &... | semmle.label | &... | +| test.go:144:16:144:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:145:13:145:43 | type conversion | semmle.label | type conversion | -| test.go:148:16:148:23 | &... | semmle.label | &... | +| test.go:148:16:148:23 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:149:13:149:39 | type conversion | semmle.label | type conversion | -| test.go:152:15:152:24 | &... | semmle.label | &... | +| test.go:152:15:152:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:153:13:153:47 | type conversion | semmle.label | type conversion | -| test.go:156:18:156:30 | &... | semmle.label | &... | +| test.go:156:18:156:30 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:157:13:157:38 | type conversion | semmle.label | type conversion | -| test.go:160:14:160:22 | &... | semmle.label | &... | +| test.go:160:14:160:22 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:161:13:161:28 | type conversion | semmle.label | type conversion | -| test.go:164:15:164:24 | &... | semmle.label | &... | +| test.go:164:15:164:24 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:165:13:165:32 | type conversion | semmle.label | type conversion | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected index bebd53c1ac55..0fa6b12603a4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/OpenRedirect.expected @@ -5,9 +5,10 @@ edges | test.go:172:11:172:32 | call to Param | test.go:173:20:173:24 | param | provenance | Src:MaD:2 Sink:MaD:1 | | test.go:178:11:178:32 | call to Param | test.go:185:24:185:29 | param2 | provenance | Src:MaD:2 | | test.go:185:24:185:29 | param2 | test.go:185:20:185:29 | ...+... | provenance | Config Sink:MaD:1 | -| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL | provenance | Config | +| test.go:193:9:193:26 | star expression | test.go:193:10:193:26 | selection of URL [postupdate] | provenance | Config | | test.go:193:9:193:26 | star expression | test.go:196:21:196:23 | url | provenance | | | test.go:193:10:193:26 | selection of URL | test.go:193:9:193:26 | star expression | provenance | Src:MaD:3 Config | +| test.go:193:10:193:26 | selection of URL [postupdate] | test.go:193:9:193:26 | star expression | provenance | Config | | test.go:196:21:196:23 | url | test.go:196:21:196:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: github.com/labstack/echo; Context; true; Redirect; ; ; Argument[1]; url-redirection; manual | @@ -21,6 +22,7 @@ nodes | test.go:185:24:185:29 | param2 | semmle.label | param2 | | test.go:193:9:193:26 | star expression | semmle.label | star expression | | test.go:193:10:193:26 | selection of URL | semmle.label | selection of URL | +| test.go:193:10:193:26 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | | test.go:196:21:196:23 | url | semmle.label | url | | test.go:196:21:196:32 | call to String | semmle.label | call to String | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected index 61b8706f4e05..4e885d284d48 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/ReflectedXss.expected @@ -11,7 +11,7 @@ | test.go:77:20:77:25 | buffer | test.go:72:2:72:31 | ... := ...[0] | test.go:77:20:77:25 | buffer | Cross-site scripting vulnerability due to $@. | test.go:72:2:72:31 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:83:16:83:24 | selection of Value | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:82:2:82:32 | ... := ...[0] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:89:16:89:31 | selection of Value | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | Cross-site scripting vulnerability due to $@. | test.go:88:13:88:25 | call to Cookies | user-provided value | test.go:0:0:0:0 | test.go | | -| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... | user-provided value | test.go:0:0:0:0 | test.go | | +| test.go:100:16:100:21 | selection of s | test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | Cross-site scripting vulnerability due to $@. | test.go:99:11:99:15 | &... [postupdate] | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:114:16:114:42 | type assertion | test.go:113:21:113:42 | call to Param | test.go:114:16:114:42 | type assertion | Cross-site scripting vulnerability due to $@. | test.go:113:21:113:42 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:125:16:125:20 | param | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | Cross-site scripting vulnerability due to $@. | test.go:124:11:124:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | | test.go:131:20:131:32 | type conversion | test.go:130:11:130:32 | call to Param | test.go:131:20:131:32 | type conversion | Cross-site scripting vulnerability due to $@. | test.go:130:11:130:32 | call to Param | user-provided value | test.go:0:0:0:0 | test.go | | @@ -29,23 +29,23 @@ edges | test.go:57:2:57:46 | ... := ...[0] | test.go:58:13:58:22 | fileHeader | provenance | Src:MaD:4 | | test.go:58:2:58:29 | ... := ...[0] | test.go:60:2:60:5 | file | provenance | | | test.go:58:13:58:22 | fileHeader | test.go:58:2:58:29 | ... := ...[0] | provenance | MaD:17 | -| test.go:59:2:59:7 | definition of buffer | test.go:61:20:61:25 | buffer | provenance | | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:15 | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:16 | -| test.go:60:2:60:5 | file | test.go:59:2:59:7 | definition of buffer | provenance | MaD:18 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:15 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:16 | +| test.go:60:2:60:5 | file | test.go:60:12:60:17 | buffer [postupdate] | provenance | MaD:18 | +| test.go:60:12:60:17 | buffer [postupdate] | test.go:61:20:61:25 | buffer | provenance | | | test.go:66:2:66:31 | ... := ...[0] | test.go:67:16:67:41 | index expression | provenance | Src:MaD:7 | | test.go:72:2:72:31 | ... := ...[0] | test.go:74:13:74:22 | fileHeader | provenance | Src:MaD:7 | | test.go:74:2:74:29 | ... := ...[0] | test.go:76:2:76:5 | file | provenance | | | test.go:74:13:74:22 | fileHeader | test.go:74:2:74:29 | ... := ...[0] | provenance | MaD:17 | -| test.go:75:2:75:7 | definition of buffer | test.go:77:20:77:25 | buffer | provenance | | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:15 | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:16 | -| test.go:76:2:76:5 | file | test.go:75:2:75:7 | definition of buffer | provenance | MaD:18 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:15 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:16 | +| test.go:76:2:76:5 | file | test.go:76:12:76:17 | buffer [postupdate] | provenance | MaD:18 | +| test.go:76:12:76:17 | buffer [postupdate] | test.go:77:20:77:25 | buffer | provenance | | | test.go:82:2:82:32 | ... := ...[0] | test.go:83:16:83:24 | selection of Value | provenance | Src:MaD:2 | | test.go:88:13:88:25 | call to Cookies | test.go:89:16:89:31 | selection of Value | provenance | Src:MaD:3 | -| test.go:99:11:99:15 | &... | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 | -| test.go:112:17:112:19 | definition of ctx | test.go:114:16:114:18 | ctx | provenance | | -| test.go:113:21:113:42 | call to Param | test.go:112:17:112:19 | definition of ctx | provenance | Src:MaD:8 MaD:14 | +| test.go:99:11:99:15 | &... [postupdate] | test.go:100:16:100:21 | selection of s | provenance | Src:MaD:1 | +| test.go:113:2:113:4 | ctx [postupdate] | test.go:114:16:114:18 | ctx | provenance | | +| test.go:113:21:113:42 | call to Param | test.go:113:2:113:4 | ctx [postupdate] | provenance | Src:MaD:8 MaD:14 | | test.go:114:16:114:18 | ctx | test.go:114:16:114:33 | call to Get | provenance | MaD:13 | | test.go:114:16:114:33 | call to Get | test.go:114:16:114:42 | type assertion | provenance | | | test.go:124:11:124:32 | call to Param | test.go:125:16:125:20 | param | provenance | Src:MaD:8 | @@ -93,24 +93,24 @@ nodes | test.go:57:2:57:46 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:58:2:58:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:58:13:58:22 | fileHeader | semmle.label | fileHeader | -| test.go:59:2:59:7 | definition of buffer | semmle.label | definition of buffer | | test.go:60:2:60:5 | file | semmle.label | file | +| test.go:60:12:60:17 | buffer [postupdate] | semmle.label | buffer [postupdate] | | test.go:61:20:61:25 | buffer | semmle.label | buffer | | test.go:66:2:66:31 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:67:16:67:41 | index expression | semmle.label | index expression | | test.go:72:2:72:31 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:74:2:74:29 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:74:13:74:22 | fileHeader | semmle.label | fileHeader | -| test.go:75:2:75:7 | definition of buffer | semmle.label | definition of buffer | | test.go:76:2:76:5 | file | semmle.label | file | +| test.go:76:12:76:17 | buffer [postupdate] | semmle.label | buffer [postupdate] | | test.go:77:20:77:25 | buffer | semmle.label | buffer | | test.go:82:2:82:32 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:83:16:83:24 | selection of Value | semmle.label | selection of Value | | test.go:88:13:88:25 | call to Cookies | semmle.label | call to Cookies | | test.go:89:16:89:31 | selection of Value | semmle.label | selection of Value | -| test.go:99:11:99:15 | &... | semmle.label | &... | +| test.go:99:11:99:15 | &... [postupdate] | semmle.label | &... [postupdate] | | test.go:100:16:100:21 | selection of s | semmle.label | selection of s | -| test.go:112:17:112:19 | definition of ctx | semmle.label | definition of ctx | +| test.go:113:2:113:4 | ctx [postupdate] | semmle.label | ctx [postupdate] | | test.go:113:21:113:42 | call to Param | semmle.label | call to Param | | test.go:114:16:114:18 | ctx | semmle.label | ctx | | test.go:114:16:114:33 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected index 0e79c3135b08..5dfd597c10ab 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Encoding/jsoniter.expected @@ -9,28 +9,28 @@ edges | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | jsoniter.go:31:21:31:34 | untrustedInput | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:35:27:35:41 | untrustedString | provenance | | | jsoniter.go:24:21:24:40 | call to getUntrustedString | jsoniter.go:39:31:39:45 | untrustedString | provenance | | -| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... | provenance | MaD:4 | -| jsoniter.go:27:33:27:37 | &... | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... | provenance | MaD:2 | -| jsoniter.go:31:37:31:42 | &... | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... | provenance | MaD:5 | -| jsoniter.go:35:44:35:49 | &... | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 | -| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... | provenance | MaD:3 | -| jsoniter.go:39:48:39:53 | &... | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:27:17:27:30 | untrustedInput | jsoniter.go:27:33:27:37 | &... [postupdate] | provenance | MaD:4 | +| jsoniter.go:27:33:27:37 | &... [postupdate] | jsoniter.go:28:15:28:24 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:31:21:31:34 | untrustedInput | jsoniter.go:31:37:31:42 | &... [postupdate] | provenance | MaD:2 | +| jsoniter.go:31:37:31:42 | &... [postupdate] | jsoniter.go:32:15:32:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:35:27:35:41 | untrustedString | jsoniter.go:35:44:35:49 | &... [postupdate] | provenance | MaD:5 | +| jsoniter.go:35:44:35:49 | &... [postupdate] | jsoniter.go:36:15:36:25 | selection of field | provenance | Sink:MaD:1 | +| jsoniter.go:39:31:39:45 | untrustedString | jsoniter.go:39:48:39:53 | &... [postupdate] | provenance | MaD:3 | +| jsoniter.go:39:48:39:53 | &... [postupdate] | jsoniter.go:40:15:40:25 | selection of field | provenance | Sink:MaD:1 | nodes | jsoniter.go:23:20:23:38 | call to getUntrustedBytes | semmle.label | call to getUntrustedBytes | | jsoniter.go:24:21:24:40 | call to getUntrustedString | semmle.label | call to getUntrustedString | | jsoniter.go:27:17:27:30 | untrustedInput | semmle.label | untrustedInput | -| jsoniter.go:27:33:27:37 | &... | semmle.label | &... | +| jsoniter.go:27:33:27:37 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:28:15:28:24 | selection of field | semmle.label | selection of field | | jsoniter.go:31:21:31:34 | untrustedInput | semmle.label | untrustedInput | -| jsoniter.go:31:37:31:42 | &... | semmle.label | &... | +| jsoniter.go:31:37:31:42 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:32:15:32:25 | selection of field | semmle.label | selection of field | | jsoniter.go:35:27:35:41 | untrustedString | semmle.label | untrustedString | -| jsoniter.go:35:44:35:49 | &... | semmle.label | &... | +| jsoniter.go:35:44:35:49 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:36:15:36:25 | selection of field | semmle.label | selection of field | | jsoniter.go:39:31:39:45 | untrustedString | semmle.label | untrustedString | -| jsoniter.go:39:48:39:53 | &... | semmle.label | &... | +| jsoniter.go:39:48:39:53 | &... [postupdate] | semmle.label | &... [postupdate] | | jsoniter.go:40:15:40:25 | selection of field | semmle.label | selection of field | subpaths invalidModelRow diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected index 719a6a26147a..071bf34cd7e0 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/Gin.expected @@ -31,39 +31,39 @@ | Gin.go:158:10:158:19 | selection of Params | | Gin.go:162:13:162:22 | selection of Params | | Gin.go:168:12:168:21 | selection of Params | -| Gin.go:178:16:178:22 | &... | -| Gin.go:182:7:182:19 | definition of personPointer | -| Gin.go:188:15:188:21 | &... | -| Gin.go:192:7:192:19 | definition of personPointer | -| Gin.go:198:16:198:22 | &... | -| Gin.go:202:7:202:19 | definition of personPointer | -| Gin.go:208:15:208:21 | &... | -| Gin.go:212:7:212:19 | definition of personPointer | -| Gin.go:218:17:218:23 | &... | -| Gin.go:222:7:222:19 | definition of personPointer | -| Gin.go:228:20:228:26 | &... | -| Gin.go:232:7:232:19 | definition of personPointer | -| Gin.go:238:16:238:22 | &... | -| Gin.go:242:7:242:19 | definition of personPointer | -| Gin.go:248:12:248:18 | &... | -| Gin.go:252:7:252:19 | definition of personPointer | -| Gin.go:258:18:258:24 | &... | -| Gin.go:262:7:262:19 | definition of personPointer | -| Gin.go:268:26:268:32 | &... | -| Gin.go:272:7:272:19 | definition of personPointer | -| Gin.go:278:22:278:28 | &... | -| Gin.go:282:7:282:19 | definition of personPointer | -| Gin.go:288:23:288:29 | &... | -| Gin.go:292:7:292:19 | definition of personPointer | -| Gin.go:298:21:298:27 | &... | -| Gin.go:302:7:302:19 | definition of personPointer | -| Gin.go:308:22:308:28 | &... | -| Gin.go:312:7:312:19 | definition of personPointer | -| Gin.go:318:21:318:27 | &... | -| Gin.go:322:7:322:19 | definition of personPointer | -| Gin.go:328:22:328:28 | &... | -| Gin.go:332:7:332:19 | definition of personPointer | -| Gin.go:338:18:338:24 | &... | -| Gin.go:342:7:342:19 | definition of personPointer | -| Gin.go:348:24:348:30 | &... | -| Gin.go:352:7:352:19 | definition of personPointer | +| Gin.go:178:16:178:22 | &... [postupdate] | +| Gin.go:183:16:183:28 | personPointer [postupdate] | +| Gin.go:188:15:188:21 | &... [postupdate] | +| Gin.go:193:15:193:27 | personPointer [postupdate] | +| Gin.go:198:16:198:22 | &... [postupdate] | +| Gin.go:203:16:203:28 | personPointer [postupdate] | +| Gin.go:208:15:208:21 | &... [postupdate] | +| Gin.go:213:15:213:27 | personPointer [postupdate] | +| Gin.go:218:17:218:23 | &... [postupdate] | +| Gin.go:223:17:223:29 | personPointer [postupdate] | +| Gin.go:228:20:228:26 | &... [postupdate] | +| Gin.go:233:20:233:32 | personPointer [postupdate] | +| Gin.go:238:16:238:22 | &... [postupdate] | +| Gin.go:243:16:243:28 | personPointer [postupdate] | +| Gin.go:248:12:248:18 | &... [postupdate] | +| Gin.go:253:12:253:24 | personPointer [postupdate] | +| Gin.go:258:18:258:24 | &... [postupdate] | +| Gin.go:263:18:263:30 | personPointer [postupdate] | +| Gin.go:268:26:268:32 | &... [postupdate] | +| Gin.go:273:26:273:38 | personPointer [postupdate] | +| Gin.go:278:22:278:28 | &... [postupdate] | +| Gin.go:283:22:283:34 | personPointer [postupdate] | +| Gin.go:288:23:288:29 | &... [postupdate] | +| Gin.go:293:23:293:35 | personPointer [postupdate] | +| Gin.go:298:21:298:27 | &... [postupdate] | +| Gin.go:303:21:303:33 | personPointer [postupdate] | +| Gin.go:308:22:308:28 | &... [postupdate] | +| Gin.go:313:22:313:34 | personPointer [postupdate] | +| Gin.go:318:21:318:27 | &... [postupdate] | +| Gin.go:323:21:323:33 | personPointer [postupdate] | +| Gin.go:328:22:328:28 | &... [postupdate] | +| Gin.go:333:22:333:34 | personPointer [postupdate] | +| Gin.go:338:18:338:24 | &... [postupdate] | +| Gin.go:343:18:343:30 | personPointer [postupdate] | +| Gin.go:348:24:348:30 | &... [postupdate] | +| Gin.go:353:24:353:36 | personPointer [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected index 4cdacabe873d..0af67462f7c2 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gorestful/gorestful.expected @@ -8,11 +8,11 @@ edges | gorestful.go:15:15:15:44 | call to QueryParameters | gorestful.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 | | gorestful.go:17:2:17:39 | ... := ...[0] | gorestful.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 | | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 | -| gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | +| gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | provenance | Src:MaD:4 Sink:MaD:1 | | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | provenance | Src:MaD:2 Sink:MaD:1 | | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | provenance | Src:MaD:3 Sink:MaD:1 | -| gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | +| gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | provenance | Src:MaD:5 Sink:MaD:1 | nodes | gorestful.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters | | gorestful.go:15:15:15:47 | index expression | semmle.label | index expression | @@ -23,7 +23,7 @@ nodes | gorestful.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter | | gorestful.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters | | gorestful.go:21:15:21:45 | index expression | semmle.label | index expression | -| gorestful.go:23:21:23:24 | &... | semmle.label | &... | +| gorestful.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] | | gorestful.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd | | gorestful_v2.go:15:15:15:44 | call to QueryParameters | semmle.label | call to QueryParameters | | gorestful_v2.go:15:15:15:47 | index expression | semmle.label | index expression | @@ -34,7 +34,7 @@ nodes | gorestful_v2.go:20:15:20:42 | call to PathParameter | semmle.label | call to PathParameter | | gorestful_v2.go:21:15:21:38 | call to PathParameters | semmle.label | call to PathParameters | | gorestful_v2.go:21:15:21:45 | index expression | semmle.label | index expression | -| gorestful_v2.go:23:21:23:24 | &... | semmle.label | &... | +| gorestful_v2.go:23:21:23:24 | &... [postupdate] | semmle.label | &... [postupdate] | | gorestful_v2.go:24:15:24:21 | selection of cmd | semmle.label | selection of cmd | subpaths invalidModelRow @@ -45,11 +45,11 @@ invalidModelRow | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | gorestful.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful.go:19:15:19:44 | call to HeaderParameter | a user-provided value | | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | gorestful.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful.go:20:15:20:42 | call to PathParameter | a user-provided value | | gorestful.go:21:15:21:45 | index expression | gorestful.go:21:15:21:38 | call to PathParameters | gorestful.go:21:15:21:45 | index expression | This command depends on $@. | gorestful.go:21:15:21:38 | call to PathParameters | a user-provided value | -| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... | a user-provided value | +| gorestful.go:24:15:24:21 | selection of cmd | gorestful.go:23:21:23:24 | &... [postupdate] | gorestful.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful.go:23:21:23:24 | &... [postupdate] | a user-provided value | | gorestful_v2.go:15:15:15:47 | index expression | gorestful_v2.go:15:15:15:44 | call to QueryParameters | gorestful_v2.go:15:15:15:47 | index expression | This command depends on $@. | gorestful_v2.go:15:15:15:44 | call to QueryParameters | a user-provided value | | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | gorestful_v2.go:16:15:16:43 | call to QueryParameter | This command depends on $@. | gorestful_v2.go:16:15:16:43 | call to QueryParameter | a user-provided value | | gorestful_v2.go:18:15:18:17 | val | gorestful_v2.go:17:2:17:39 | ... := ...[0] | gorestful_v2.go:18:15:18:17 | val | This command depends on $@. | gorestful_v2.go:17:2:17:39 | ... := ...[0] | a user-provided value | | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | This command depends on $@. | gorestful_v2.go:19:15:19:44 | call to HeaderParameter | a user-provided value | | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | gorestful_v2.go:20:15:20:42 | call to PathParameter | This command depends on $@. | gorestful_v2.go:20:15:20:42 | call to PathParameter | a user-provided value | | gorestful_v2.go:21:15:21:45 | index expression | gorestful_v2.go:21:15:21:38 | call to PathParameters | gorestful_v2.go:21:15:21:45 | index expression | This command depends on $@. | gorestful_v2.go:21:15:21:38 | call to PathParameters | a user-provided value | -| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... | a user-provided value | +| gorestful_v2.go:24:15:24:21 | selection of cmd | gorestful_v2.go:23:21:23:24 | &... [postupdate] | gorestful_v2.go:24:15:24:21 | selection of cmd | This command depends on $@. | gorestful_v2.go:23:21:23:24 | &... [postupdate] | a user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected index 6e20fd5699ca..d3f52f4f9c67 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/OpenRedirect.expected @@ -1,10 +1,11 @@ #select | EndToEnd.go:94:20:94:49 | call to Get | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:49 | call to Get | This path to an untrusted URL redirection depends on a $@. | EndToEnd.go:94:20:94:27 | selection of Params | user-provided value | edges -| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params | provenance | Config | +| EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | provenance | Config | | EndToEnd.go:94:20:94:27 | implicit dereference | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Config | | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Src:MaD:2 Config | | EndToEnd.go:94:20:94:27 | selection of Params | EndToEnd.go:94:20:94:32 | selection of Form | provenance | Src:MaD:2 Config | +| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | EndToEnd.go:94:20:94:27 | implicit dereference | provenance | Config | | EndToEnd.go:94:20:94:32 | selection of Form | EndToEnd.go:94:20:94:49 | call to Get | provenance | Config Sink:MaD:1 | models | 1 | Sink: group:revel; Controller; true; Redirect; ; ; Argument[0]; url-redirection; manual | @@ -12,6 +13,7 @@ models nodes | EndToEnd.go:94:20:94:27 | implicit dereference | semmle.label | implicit dereference | | EndToEnd.go:94:20:94:27 | selection of Params | semmle.label | selection of Params | +| EndToEnd.go:94:20:94:27 | selection of Params [postupdate] | semmle.label | selection of Params [postupdate] | | EndToEnd.go:94:20:94:32 | selection of Form | semmle.label | selection of Form | | EndToEnd.go:94:20:94:49 | call to Get | semmle.label | call to Get | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected index 9d45f1e29960..9ea4016a7e47 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/ReflectedXss.expected @@ -5,10 +5,10 @@ | examples/booking/app/init.go:36:44:36:53 | selection of Path | examples/booking/app/init.go:36:44:36:48 | selection of URL | examples/booking/app/init.go:36:44:36:53 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:36:44:36:48 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | | | examples/booking/app/init.go:40:49:40:58 | selection of Path | examples/booking/app/init.go:40:49:40:53 | selection of URL | examples/booking/app/init.go:40:49:40:58 | selection of Path | Cross-site scripting vulnerability due to $@. | examples/booking/app/init.go:40:49:40:53 | selection of URL | user-provided value | examples/booking/app/init.go:0:0:0:0 | examples/booking/app/init.go | | edges -| EndToEnd.go:35:2:35:4 | definition of buf | EndToEnd.go:37:24:37:26 | buf | provenance | | +| EndToEnd.go:36:2:36:4 | buf [postupdate] | EndToEnd.go:37:24:37:26 | buf | provenance | | | EndToEnd.go:36:18:36:25 | selection of Params | EndToEnd.go:36:18:36:30 | selection of Form | provenance | Src:MaD:1 | | EndToEnd.go:36:18:36:30 | selection of Form | EndToEnd.go:36:18:36:47 | call to Get | provenance | MaD:4 | -| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:35:2:35:4 | definition of buf | provenance | MaD:3 | +| EndToEnd.go:36:18:36:47 | call to Get | EndToEnd.go:36:2:36:4 | buf [postupdate] | provenance | MaD:3 | | EndToEnd.go:69:22:69:29 | selection of Params | EndToEnd.go:69:22:69:34 | selection of Form | provenance | Src:MaD:1 | | EndToEnd.go:69:22:69:34 | selection of Form | EndToEnd.go:69:22:69:51 | call to Get | provenance | MaD:4 | | Revel.go:70:22:70:29 | selection of Params | Revel.go:70:22:70:35 | selection of Query | provenance | Src:MaD:1 | @@ -20,7 +20,7 @@ models | 3 | Summary: io; StringWriter; true; WriteString; ; ; Argument[0]; Argument[receiver]; taint; manual | | 4 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes -| EndToEnd.go:35:2:35:4 | definition of buf | semmle.label | definition of buf | +| EndToEnd.go:36:2:36:4 | buf [postupdate] | semmle.label | buf [postupdate] | | EndToEnd.go:36:18:36:25 | selection of Params | semmle.label | selection of Params | | EndToEnd.go:36:18:36:30 | selection of Form | semmle.label | selection of Form | | EndToEnd.go:36:18:36:47 | call to Get | semmle.label | call to Get | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index b7c6f703cf51..8209afc7b50e 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -8,64 +8,76 @@ invalidModelRow | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] | | crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] | | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader | -| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... | -| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... | -| io.go:16:23:16:27 | &... | io.go:15:7:15:10 | definition of buf1 | +| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... [postupdate] | +| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... [postupdate] | +| io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] | +| io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] | | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... | -| io.go:16:30:16:34 | &... | io.go:15:13:15:16 | definition of buf2 | +| io.go:16:24:16:27 | buf1 [postupdate] | io.go:16:23:16:27 | &... | +| io.go:16:30:16:34 | &... | io.go:16:31:16:34 | buf2 [postupdate] | +| io.go:16:30:16:34 | &... [postupdate] | io.go:16:31:16:34 | buf2 [postupdate] | | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... | -| io.go:18:14:18:19 | reader | io.go:16:3:16:3 | definition of w | +| io.go:16:31:16:34 | buf2 [postupdate] | io.go:16:30:16:34 | &... | +| io.go:18:14:18:19 | reader | io.go:18:11:18:11 | w [postupdate] | | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader | -| io.go:25:19:25:23 | &... | io.go:23:7:23:10 | definition of buf1 | +| io.go:25:19:25:23 | &... | io.go:25:20:25:23 | buf1 [postupdate] | +| io.go:25:19:25:23 | &... [postupdate] | io.go:25:20:25:23 | buf1 [postupdate] | | io.go:25:20:25:23 | buf1 | io.go:25:19:25:23 | &... | -| io.go:27:21:27:26 | reader | io.go:25:3:25:4 | definition of w2 | +| io.go:25:20:25:23 | buf1 [postupdate] | io.go:25:19:25:23 | &... | +| io.go:27:21:27:26 | reader | io.go:27:17:27:18 | w2 [postupdate] | | io.go:31:31:31:43 | "some string" | io.go:31:13:31:44 | call to NewReader | -| io.go:33:19:33:23 | &... | io.go:32:7:32:10 | definition of buf1 | +| io.go:33:19:33:23 | &... | io.go:33:20:33:23 | buf1 [postupdate] | +| io.go:33:19:33:23 | &... [postupdate] | io.go:33:20:33:23 | buf1 [postupdate] | | io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... | -| io.go:35:16:35:21 | reader | io.go:33:3:33:4 | definition of w2 | +| io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... | +| io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] | | io.go:39:6:39:6 | definition of w | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] | -| io.go:40:17:40:31 | "some string\\n" | io.go:39:6:39:6 | definition of w | -| io.go:43:16:43:16 | r | io.go:42:3:42:5 | definition of buf | +| io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] | +| io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] | | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String | | io.go:48:31:48:43 | "some string" | io.go:48:13:48:44 | call to NewReader | -| io.go:50:18:50:23 | reader | io.go:49:3:49:5 | definition of buf | +| io.go:50:18:50:23 | reader | io.go:50:26:50:28 | buf [postupdate] | | io.go:54:31:54:43 | "some string" | io.go:54:13:54:44 | call to NewReader | -| io.go:56:15:56:20 | reader | io.go:55:3:55:5 | definition of buf | -| io.go:61:18:61:21 | &... | io.go:60:7:60:9 | definition of buf | +| io.go:56:15:56:20 | reader | io.go:56:23:56:25 | buf [postupdate] | +| io.go:61:18:61:21 | &... | io.go:61:19:61:21 | buf [postupdate] | +| io.go:61:18:61:21 | &... [postupdate] | io.go:61:19:61:21 | buf [postupdate] | | io.go:61:19:61:21 | buf | io.go:61:18:61:21 | &... | -| io.go:62:21:62:26 | "test" | io.go:61:3:61:3 | definition of w | +| io.go:61:19:61:21 | buf [postupdate] | io.go:61:18:61:21 | &... | +| io.go:62:21:62:26 | "test" | io.go:62:18:62:18 | w [postupdate] | | io.go:65:31:65:43 | "some string" | io.go:65:13:65:44 | call to NewReader | -| io.go:67:3:67:8 | reader | io.go:66:3:66:5 | definition of buf | +| io.go:67:3:67:8 | reader | io.go:67:15:67:17 | buf [postupdate] | | io.go:70:31:70:43 | "some string" | io.go:70:13:70:44 | call to NewReader | -| io.go:72:3:72:8 | reader | io.go:71:3:71:5 | definition of buf | +| io.go:72:3:72:8 | reader | io.go:72:17:72:19 | buf [postupdate] | | io.go:76:31:76:43 | "some string" | io.go:76:13:76:44 | call to NewReader | | io.go:77:24:77:29 | reader | io.go:77:9:77:33 | call to LimitReader | -| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout | +| io.go:78:22:78:23 | lr | io.go:78:11:78:19 | selection of Stdout [postupdate] | | io.go:82:27:82:36 | "reader1 " | io.go:82:9:82:37 | call to NewReader | | io.go:83:27:83:36 | "reader2 " | io.go:83:9:83:37 | call to NewReader | | io.go:84:27:84:35 | "reader3" | io.go:84:9:84:36 | call to NewReader | | io.go:85:23:85:24 | r1 | io.go:85:8:85:33 | call to MultiReader | | io.go:85:27:85:28 | r2 | io.go:85:8:85:33 | call to MultiReader | | io.go:85:31:85:32 | r3 | io.go:85:8:85:33 | call to MultiReader | -| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout | +| io.go:86:22:86:22 | r | io.go:86:11:86:19 | selection of Stdout [postupdate] | | io.go:89:26:89:38 | "some string" | io.go:89:8:89:39 | call to NewReader | | io.go:91:23:91:23 | r | io.go:91:10:91:30 | call to TeeReader | -| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... | -| io.go:91:26:91:29 | &... | io.go:90:7:90:9 | definition of buf | +| io.go:91:23:91:23 | r | io.go:91:26:91:29 | &... [postupdate] | +| io.go:91:26:91:29 | &... | io.go:91:27:91:29 | buf [postupdate] | +| io.go:91:26:91:29 | &... [postupdate] | io.go:91:27:91:29 | buf [postupdate] | | io.go:91:27:91:29 | buf | io.go:91:26:91:29 | &... | -| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout | +| io.go:91:27:91:29 | buf [postupdate] | io.go:91:26:91:29 | &... | +| io.go:93:22:93:24 | tee | io.go:93:11:93:19 | selection of Stdout [postupdate] | | io.go:96:26:96:38 | "some string" | io.go:96:8:96:39 | call to NewReader | | io.go:97:28:97:28 | r | io.go:97:8:97:36 | call to NewSectionReader | -| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout | +| io.go:98:22:98:22 | s | io.go:98:11:98:19 | selection of Stdout [postupdate] | | io.go:101:26:101:38 | "some string" | io.go:101:8:101:39 | call to NewReader | -| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout | +| io.go:102:3:102:3 | r | io.go:102:13:102:21 | selection of Stdout [postupdate] | | io.go:108:30:108:42 | "some string" | io.go:108:12:108:43 | call to NewReader | | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[0] | | io.go:109:12:109:33 | call to ReadAll | io.go:109:2:109:33 | ... := ...[1] | | io.go:109:27:109:32 | reader | io.go:109:2:109:33 | ... := ...[0] | -| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout | +| io.go:110:18:110:20 | buf | io.go:110:2:110:10 | selection of Stdout [postupdate] | | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[0] | | main.go:11:12:11:26 | call to Marshal | main.go:11:2:11:26 | ... := ...[1] | | main.go:11:25:11:25 | v | main.go:11:2:11:26 | ... := ...[0] | @@ -74,21 +86,23 @@ invalidModelRow | main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] | | main.go:13:36:13:45 | "/*JSON*/" | main.go:13:2:13:52 | ... := ...[0] | | main.go:13:48:13:51 | " " | main.go:13:2:13:52 | ... := ...[0] | -| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal | -| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal | -| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal | -| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal | +| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal [postupdate] | +| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal [postupdate] | +| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal [postupdate] | +| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal [postupdate] | | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] | | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] | | main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] | -| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal | -| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal | -| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal | -| main.go:28:2:28:4 | implicit dereference | main.go:26:15:26:17 | definition of req | +| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal [postupdate] | +| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal [postupdate] | +| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal [postupdate] | +| main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] | | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body | | main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference | -| main.go:28:2:28:9 | selection of Body | main.go:27:2:27:2 | definition of b | -| main.go:34:2:34:4 | implicit dereference | main.go:32:16:32:18 | definition of req | +| main.go:28:2:28:4 | req [postupdate] | main.go:28:2:28:4 | implicit dereference | +| main.go:28:2:28:9 | selection of Body | main.go:28:16:28:16 | b [postupdate] | +| main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:4 | req [postupdate] | | main.go:34:2:34:4 | implicit dereference | main.go:34:2:34:9 | selection of Body | | main.go:34:2:34:4 | req | main.go:34:2:34:4 | implicit dereference | -| main.go:34:2:34:9 | selection of Body | main.go:33:2:33:2 | definition of b | +| main.go:34:2:34:4 | req [postupdate] | main.go:34:2:34:4 | implicit dereference | +| main.go:34:2:34:9 | selection of Body | main.go:34:16:34:16 | b [postupdate] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected index 4bfef26418a4..4c4bd0743d24 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/Read.expected @@ -1,8 +1,8 @@ -| WebSocketReadWrite.go:31:7:31:10 | definition of xnet | -| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 | +| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] | +| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] | | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] | | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] | -| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg | -| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 | +| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] | +| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] | | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] | | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected index 0124cf73218f..e0c1603ff2e9 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/RemoteFlowSources.expected @@ -1,9 +1,9 @@ | WebSocketReadWrite.go:27:9:27:16 | selection of Header | -| WebSocketReadWrite.go:31:7:31:10 | definition of xnet | -| WebSocketReadWrite.go:35:3:35:7 | definition of xnet2 | +| WebSocketReadWrite.go:32:11:32:14 | xnet [postupdate] | +| WebSocketReadWrite.go:36:21:36:25 | xnet2 [postupdate] | | WebSocketReadWrite.go:41:3:41:40 | ... := ...[1] | | WebSocketReadWrite.go:44:3:44:48 | ... := ...[1] | -| WebSocketReadWrite.go:51:7:51:16 | definition of gorillaMsg | -| WebSocketReadWrite.go:55:3:55:10 | definition of gorilla2 | +| WebSocketReadWrite.go:52:26:52:35 | gorillaMsg [postupdate] | +| WebSocketReadWrite.go:56:17:56:24 | gorilla2 [postupdate] | | WebSocketReadWrite.go:61:3:61:38 | ... := ...[1] | | WebSocketReadWrite.go:67:3:67:36 | ... := ...[0] | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected index b94733d5054b..17c74de55552 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/XNetHtml/ReflectedXss.expected @@ -44,28 +44,20 @@ edges | test.go:39:23:39:77 | call to NewTokenizerFragment | test.go:40:15:40:31 | tokenizerFragment | provenance | | | test.go:39:49:39:60 | selection of Body | test.go:39:23:39:77 | call to NewTokenizerFragment | provenance | Src:MaD:1 MaD:4 | | test.go:40:15:40:31 | tokenizerFragment | test.go:40:15:40:42 | call to Buffered | provenance | MaD:12 | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:22:45:31 | &... | provenance | | -| test.go:42:6:42:14 | definition of cleanNode | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:43:2:43:43 | ... := ...[0] | test.go:44:24:44:34 | taintedNode | provenance | | | test.go:43:31:43:42 | selection of Body | test.go:43:2:43:43 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 | -| test.go:44:24:44:34 | taintedNode | test.go:42:6:42:14 | definition of cleanNode | provenance | MaD:10 | -| test.go:45:22:45:31 | &... | test.go:45:23:45:31 | cleanNode | provenance | | +| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:22:45:31 | &... | provenance | | +| test.go:44:2:44:10 | cleanNode [postupdate] | test.go:45:23:45:31 | cleanNode | provenance | | +| test.go:44:24:44:34 | taintedNode | test.go:44:2:44:10 | cleanNode [postupdate] | provenance | MaD:10 | | test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | | -| test.go:45:22:45:31 | &... [pointer] | test.go:45:22:45:31 | &... | provenance | | -| test.go:45:22:45:31 | &... [pointer] | test.go:45:23:45:31 | cleanNode | provenance | | | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... | provenance | | | test.go:45:23:45:31 | cleanNode | test.go:45:22:45:31 | &... [pointer] | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:22:50:32 | &... | provenance | | -| test.go:47:6:47:15 | definition of cleanNode2 | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:48:2:48:44 | ... := ...[0] | test.go:49:26:49:37 | taintedNode2 | provenance | | | test.go:48:32:48:43 | selection of Body | test.go:48:2:48:44 | ... := ...[0] | provenance | Src:MaD:1 MaD:5 | -| test.go:49:26:49:37 | taintedNode2 | test.go:47:6:47:15 | definition of cleanNode2 | provenance | MaD:11 | -| test.go:50:22:50:32 | &... | test.go:50:23:50:32 | cleanNode2 | provenance | | -| test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:22:50:32 | &... | provenance | | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | test.go:50:23:50:32 | cleanNode2 | provenance | | +| test.go:49:26:49:37 | taintedNode2 | test.go:49:2:49:11 | cleanNode2 [postupdate] | provenance | MaD:11 | | test.go:50:22:50:32 | &... [pointer] | test.go:50:22:50:32 | &... | provenance | | -| test.go:50:22:50:32 | &... [pointer] | test.go:50:23:50:32 | cleanNode2 | provenance | | | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... | provenance | | | test.go:50:23:50:32 | cleanNode2 | test.go:50:22:50:32 | &... [pointer] | provenance | | models @@ -125,20 +117,18 @@ nodes | test.go:39:49:39:60 | selection of Body | semmle.label | selection of Body | | test.go:40:15:40:31 | tokenizerFragment | semmle.label | tokenizerFragment | | test.go:40:15:40:42 | call to Buffered | semmle.label | call to Buffered | -| test.go:42:6:42:14 | definition of cleanNode | semmle.label | definition of cleanNode | | test.go:43:2:43:43 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:43:31:43:42 | selection of Body | semmle.label | selection of Body | +| test.go:44:2:44:10 | cleanNode [postupdate] | semmle.label | cleanNode [postupdate] | | test.go:44:24:44:34 | taintedNode | semmle.label | taintedNode | | test.go:45:22:45:31 | &... | semmle.label | &... | -| test.go:45:22:45:31 | &... | semmle.label | &... | | test.go:45:22:45:31 | &... [pointer] | semmle.label | &... [pointer] | | test.go:45:23:45:31 | cleanNode | semmle.label | cleanNode | -| test.go:47:6:47:15 | definition of cleanNode2 | semmle.label | definition of cleanNode2 | | test.go:48:2:48:44 | ... := ...[0] | semmle.label | ... := ...[0] | | test.go:48:32:48:43 | selection of Body | semmle.label | selection of Body | +| test.go:49:2:49:11 | cleanNode2 [postupdate] | semmle.label | cleanNode2 [postupdate] | | test.go:49:26:49:37 | taintedNode2 | semmle.label | taintedNode2 | | test.go:50:22:50:32 | &... | semmle.label | &... | -| test.go:50:22:50:32 | &... | semmle.label | &... | | test.go:50:22:50:32 | &... [pointer] | semmle.label | &... [pointer] | | test.go:50:23:50:32 | cleanNode2 | semmle.label | cleanNode2 | subpaths diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go index 9861acf33e61..fb8f7ea4bfa3 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Yaml/yaml.go @@ -13,30 +13,30 @@ func main() { var inb []byte out, _ = yaml1.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml1.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" out, _ = yaml2.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" - yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml2.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" + yaml2.UnmarshalStrict(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" var r io.Reader d := yaml2.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder" - d.Decode(out) // $ ttfnmodelstep="d -> definition of out" + d.Decode(out) // $ ttfnmodelstep="d -> out [postupdate]" var w io.Writer - e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> definition of w" - e.Encode(in) // $ ttfnmodelstep="in -> definition of e" + e := yaml2.NewEncoder(w) // $ ttfnmodelstep="definition of e -> w [postupdate]" + e.Encode(in) // $ ttfnmodelstep="in -> e [postupdate]" out, _ = yaml3.Marshal(in) // $ marshaler="yaml: in -> ... = ...[0]" ttfnmodelstep="in -> ... = ...[0]" - yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> definition of out" ttfnmodelstep="inb -> definition of out" + yaml3.Unmarshal(inb, out) // $ unmarshaler="yaml: inb -> out [postupdate]" ttfnmodelstep="inb -> out [postupdate]" d1 := yaml3.NewDecoder(r) // $ ttfnmodelstep="r -> call to NewDecoder" - d1.Decode(out) // $ ttfnmodelstep="d1 -> definition of out" + d1.Decode(out) // $ ttfnmodelstep="d1 -> out [postupdate]" - e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> definition of w" - e1.Encode(in) // $ ttfnmodelstep="in -> definition of e1" + e1 := yaml3.NewEncoder(w) // $ ttfnmodelstep="definition of e1 -> w [postupdate]" + e1.Encode(in) // $ ttfnmodelstep="in -> e1 [postupdate]" var n1 yaml3.Node - n1.Decode(out) // $ ttfnmodelstep="n1 -> definition of out" - n1.Encode(in) // $ ttfnmodelstep="in -> definition of n1" + n1.Decode(out) // $ ttfnmodelstep="n1 -> out [postupdate]" + n1.Encode(in) // $ ttfnmodelstep="in -> n1 [postupdate]" } diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 78dde84a9475..22dec49d4845 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -56,8 +56,8 @@ edges | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | | -| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | | +| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | | SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | MaD:5 | @@ -65,8 +65,8 @@ edges | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | | +| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | @@ -99,16 +99,16 @@ edges | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:152:24:152:30 | tainted | provenance | | -| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | provenance | | +| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | SanitizingDoubleDash.go:96:24:96:34 | slice element node | provenance | | | SanitizingDoubleDash.go:96:24:96:34 | slice element node | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | -| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | provenance | | +| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | SanitizingDoubleDash.go:101:24:101:34 | slice element node | provenance | | | SanitizingDoubleDash.go:101:24:101:34 | slice element node | SanitizingDoubleDash.go:101:24:101:34 | slice expression | provenance | | -| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | provenance | | +| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | MaD:5 | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | provenance | MaD:5 | | SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | @@ -124,8 +124,8 @@ edges | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | provenance | | +| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | MaD:4 | @@ -184,7 +184,7 @@ nodes | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query | -| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] | +| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | | SanitizingDoubleDash.go:13:25:13:31 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:14:23:14:33 | slice element node | semmle.label | slice element node | @@ -194,7 +194,7 @@ nodes | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | semmle.label | slice literal [array] | +| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | | SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | semmle.label | call to append [array] | @@ -213,17 +213,17 @@ nodes | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | semmle.label | call to Query | -| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | semmle.label | array literal [array] | +| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | | SanitizingDoubleDash.go:95:25:95:31 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:96:24:96:34 | slice element node | semmle.label | slice element node | | SanitizingDoubleDash.go:96:24:96:34 | slice expression | semmle.label | slice expression | -| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | semmle.label | array literal [array] | +| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | | SanitizingDoubleDash.go:100:31:100:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:101:24:101:34 | slice element node | semmle.label | slice element node | | SanitizingDoubleDash.go:101:24:101:34 | slice expression | semmle.label | slice expression | -| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | semmle.label | slice literal [array] | +| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | | SanitizingDoubleDash.go:105:30:105:36 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | semmle.label | []type{args} [array] | @@ -241,7 +241,7 @@ nodes | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:123:31:123:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | semmle.label | slice literal [array] | +| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | | SanitizingDoubleDash.go:128:24:128:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:129:14:129:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | semmle.label | call to append [array] | diff --git a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected index c274067926a6..809f5c20976b 100644 --- a/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected +++ b/go/ql/test/query-tests/Security/CWE-078/StoredCommand.expected @@ -2,14 +2,14 @@ | StoredCommand.go:14:22:14:28 | cmdName | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:14:22:14:28 | cmdName | This command depends on a $@. | StoredCommand.go:11:2:11:27 | ... := ...[0] | stored value | edges | StoredCommand.go:11:2:11:27 | ... := ...[0] | StoredCommand.go:13:2:13:5 | rows | provenance | Src:MaD:2 | -| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... | provenance | FunctionModel | -| StoredCommand.go:13:12:13:19 | &... | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | +| StoredCommand.go:13:2:13:5 | rows | StoredCommand.go:13:12:13:19 | &... [postupdate] | provenance | FunctionModel | +| StoredCommand.go:13:12:13:19 | &... [postupdate] | StoredCommand.go:14:22:14:28 | cmdName | provenance | Sink:MaD:1 | models | 1 | Sink: os/exec; ; false; Command; ; ; Argument[0]; command-injection; manual | | 2 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual | nodes | StoredCommand.go:11:2:11:27 | ... := ...[0] | semmle.label | ... := ...[0] | | StoredCommand.go:13:2:13:5 | rows | semmle.label | rows | -| StoredCommand.go:13:12:13:19 | &... | semmle.label | &... | +| StoredCommand.go:13:12:13:19 | &... [postupdate] | semmle.label | &... [postupdate] | | StoredCommand.go:14:22:14:28 | cmdName | semmle.label | cmdName | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected index 91b39e0e2a04..0e1265b5c1e6 100644 --- a/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/ReflectedXss.expected @@ -13,11 +13,11 @@ | reflectedxsstest.go:54:11:54:21 | type conversion | reflectedxsstest.go:51:14:51:18 | selection of URL | reflectedxsstest.go:54:11:54:21 | type conversion | Cross-site scripting vulnerability due to $@. | reflectedxsstest.go:51:14:51:18 | selection of URL | user-provided value | reflectedxsstest.go:0:0:0:0 | reflectedxsstest.go | | | tst.go:18:12:18:39 | type conversion | tst.go:14:15:14:20 | selection of Form | tst.go:18:12:18:39 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:14:15:14:20 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | | | tst.go:53:12:53:26 | type conversion | tst.go:48:14:48:19 | selection of Form | tst.go:53:12:53:26 | type conversion | Cross-site scripting vulnerability due to $@. | tst.go:48:14:48:19 | selection of Form | user-provided value | tst.go:0:0:0:0 | tst.go | | -| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:30:7:30:10 | definition of xnet | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:34:3:34:7 | definition of xnet2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:32:24:32:27 | xnet | websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | Cross-site scripting vulnerability due to $@. | websocketXss.go:31:11:31:14 | xnet [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:36:24:36:28 | xnet2 | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:35:21:35:25 | xnet2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | | websocketXss.go:41:24:41:29 | nhooyr | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | Cross-site scripting vulnerability due to $@. | websocketXss.go:40:3:40:40 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:46:7:46:16 | definition of gorillaMsg | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | -| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:50:3:50:10 | definition of gorilla2 | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:48:24:48:33 | gorillaMsg | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | Cross-site scripting vulnerability due to $@. | websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | +| websocketXss.go:52:24:52:31 | gorilla2 | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | Cross-site scripting vulnerability due to $@. | websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | | websocketXss.go:55:24:55:31 | gorilla3 | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | Cross-site scripting vulnerability due to $@. | websocketXss.go:54:3:54:38 | ... := ...[1] | user-provided value | websocketXss.go:0:0:0:0 | websocketXss.go | | edges | ReflectedXss.go:11:15:11:20 | selection of Form | ReflectedXss.go:11:15:11:36 | call to Get | provenance | Src:MaD:6 MaD:18 | @@ -48,8 +48,8 @@ edges | reflectedxsstest.go:39:16:39:21 | reader | reflectedxsstest.go:39:2:39:32 | ... := ...[0] | provenance | MaD:16 | | reflectedxsstest.go:40:14:40:17 | part | reflectedxsstest.go:40:14:40:28 | call to FileName | provenance | MaD:15 | | reflectedxsstest.go:40:14:40:28 | call to FileName | reflectedxsstest.go:44:46:44:53 | partName | provenance | | -| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | -| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:41:2:41:10 | definition of byteSlice | provenance | MaD:14 | +| reflectedxsstest.go:42:2:42:5 | part | reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | provenance | MaD:14 | +| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | reflectedxsstest.go:45:10:45:18 | byteSlice | provenance | | | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | reflectedxsstest.go:44:17:44:54 | call to Sprintf | provenance | MaD:12 | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | reflectedxsstest.go:44:10:44:55 | type conversion | provenance | | | reflectedxsstest.go:44:46:44:53 | partName | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | provenance | | @@ -62,11 +62,11 @@ edges | tst.go:18:32:18:32 | a | tst.go:18:19:18:38 | call to Join | provenance | MaD:19 | | tst.go:48:14:48:19 | selection of Form | tst.go:48:14:48:34 | call to Get | provenance | Src:MaD:6 MaD:18 | | tst.go:48:14:48:34 | call to Get | tst.go:53:12:53:26 | type conversion | provenance | | -| websocketXss.go:30:7:30:10 | definition of xnet | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | -| websocketXss.go:34:3:34:7 | definition of xnet2 | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | websocketXss.go:32:24:32:27 | xnet | provenance | Src:MaD:5 | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | websocketXss.go:36:24:36:28 | xnet2 | provenance | Src:MaD:4 | | websocketXss.go:40:3:40:40 | ... := ...[1] | websocketXss.go:41:24:41:29 | nhooyr | provenance | Src:MaD:11 | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | websocketXss.go:48:24:48:33 | gorillaMsg | provenance | Src:MaD:1 | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | websocketXss.go:52:24:52:31 | gorilla2 | provenance | Src:MaD:2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | websocketXss.go:55:24:55:31 | gorilla3 | provenance | Src:MaD:3 | models | 1 | Source: github.com/gorilla/websocket; ; false; ReadJSON; ; ; Argument[1]; remote; manual | @@ -123,8 +123,8 @@ nodes | reflectedxsstest.go:39:16:39:21 | reader | semmle.label | reader | | reflectedxsstest.go:40:14:40:17 | part | semmle.label | part | | reflectedxsstest.go:40:14:40:28 | call to FileName | semmle.label | call to FileName | -| reflectedxsstest.go:41:2:41:10 | definition of byteSlice | semmle.label | definition of byteSlice | | reflectedxsstest.go:42:2:42:5 | part | semmle.label | part | +| reflectedxsstest.go:42:12:42:20 | byteSlice [postupdate] | semmle.label | byteSlice [postupdate] | | reflectedxsstest.go:44:10:44:55 | type conversion | semmle.label | type conversion | | reflectedxsstest.go:44:17:44:54 | []type{args} [array] | semmle.label | []type{args} [array] | | reflectedxsstest.go:44:17:44:54 | call to Sprintf | semmle.label | call to Sprintf | @@ -141,16 +141,25 @@ nodes | tst.go:48:14:48:19 | selection of Form | semmle.label | selection of Form | | tst.go:48:14:48:34 | call to Get | semmle.label | call to Get | | tst.go:53:12:53:26 | type conversion | semmle.label | type conversion | -| websocketXss.go:30:7:30:10 | definition of xnet | semmle.label | definition of xnet | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | semmle.label | xnet [postupdate] | | websocketXss.go:32:24:32:27 | xnet | semmle.label | xnet | -| websocketXss.go:34:3:34:7 | definition of xnet2 | semmle.label | definition of xnet2 | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | semmle.label | xnet2 [postupdate] | | websocketXss.go:36:24:36:28 | xnet2 | semmle.label | xnet2 | | websocketXss.go:40:3:40:40 | ... := ...[1] | semmle.label | ... := ...[1] | | websocketXss.go:41:24:41:29 | nhooyr | semmle.label | nhooyr | -| websocketXss.go:46:7:46:16 | definition of gorillaMsg | semmle.label | definition of gorillaMsg | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | semmle.label | gorillaMsg [postupdate] | | websocketXss.go:48:24:48:33 | gorillaMsg | semmle.label | gorillaMsg | -| websocketXss.go:50:3:50:10 | definition of gorilla2 | semmle.label | definition of gorilla2 | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | semmle.label | gorilla2 [postupdate] | | websocketXss.go:52:24:52:31 | gorilla2 | semmle.label | gorilla2 | | websocketXss.go:54:3:54:38 | ... := ...[1] | semmle.label | ... := ...[1] | | websocketXss.go:55:24:55:31 | gorilla3 | semmle.label | gorilla3 | subpaths +testFailures +| websocketXss.go:30:32:30:60 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:31:11:31:14 | xnet [postupdate] | Unexpected result: Source | +| websocketXss.go:34:30:34:58 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:35:21:35:25 | xnet2 [postupdate] | Unexpected result: Source | +| websocketXss.go:46:38:46:66 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:47:26:47:35 | gorillaMsg [postupdate] | Unexpected result: Source | +| websocketXss.go:50:33:50:61 | comment | Missing result: Source[go/reflected-xss] | +| websocketXss.go:51:17:51:24 | gorilla2 [postupdate] | Unexpected result: Source | diff --git a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected index 4e2958c767e2..41ec62706d04 100644 --- a/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected +++ b/go/ql/test/query-tests/Security/CWE-079/StoredXss.expected @@ -3,15 +3,15 @@ | stored.go:61:22:61:25 | path | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | Stored cross-site scripting vulnerability due to $@. | stored.go:59:30:59:33 | definition of path | stored value | edges | stored.go:18:3:18:28 | ... := ...[0] | stored.go:25:14:25:17 | rows | provenance | Src:MaD:1 | -| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... | provenance | FunctionModel | -| stored.go:25:29:25:33 | &... | stored.go:30:22:30:25 | name | provenance | | +| stored.go:25:14:25:17 | rows | stored.go:25:29:25:33 | &... [postupdate] | provenance | FunctionModel | +| stored.go:25:29:25:33 | &... [postupdate] | stored.go:30:22:30:25 | name | provenance | | | stored.go:59:30:59:33 | definition of path | stored.go:61:22:61:25 | path | provenance | | models | 1 | Source: database/sql; DB; true; Query; ; ; ReturnValue[0]; database; manual | nodes | stored.go:18:3:18:28 | ... := ...[0] | semmle.label | ... := ...[0] | | stored.go:25:14:25:17 | rows | semmle.label | rows | -| stored.go:25:29:25:33 | &... | semmle.label | &... | +| stored.go:25:29:25:33 | &... [postupdate] | semmle.label | &... [postupdate] | | stored.go:30:22:30:25 | name | semmle.label | name | | stored.go:59:30:59:33 | definition of path | semmle.label | definition of path | | stored.go:61:22:61:25 | path | semmle.label | path | diff --git a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected index 40be0e8df691..ef5f3a1f7b94 100644 --- a/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected +++ b/go/ql/test/query-tests/Security/CWE-338/InsecureRandomness/InsecureRandomness.expected @@ -12,9 +12,9 @@ edges | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | []type{args} [array] | provenance | | | sample.go:15:49:15:61 | call to Uint32 | sample.go:15:31:15:62 | call to Sprintf | provenance | FunctionModel | | sample.go:16:9:16:15 | slice expression | sample.go:26:25:26:30 | call to Guid | provenance | | -| sample.go:33:2:33:6 | definition of nonce | sample.go:37:35:37:39 | nonce | provenance | | | sample.go:34:12:34:40 | call to New | sample.go:35:14:35:19 | random | provenance | | -| sample.go:35:14:35:19 | random | sample.go:33:2:33:6 | definition of nonce | provenance | MaD:2 | +| sample.go:35:14:35:19 | random | sample.go:35:22:35:26 | nonce [postupdate] | provenance | MaD:2 | +| sample.go:35:22:35:26 | nonce [postupdate] | sample.go:37:35:37:39 | nonce | provenance | | | sample.go:55:17:55:42 | call to Intn | sample.go:56:29:56:38 | randNumber | provenance | | | sample.go:56:11:56:40 | type conversion | sample.go:58:32:58:43 | type conversion | provenance | | | sample.go:56:18:56:39 | index expression | sample.go:56:11:56:40 | type conversion | provenance | | @@ -31,9 +31,9 @@ nodes | sample.go:15:49:15:61 | call to Uint32 | semmle.label | call to Uint32 | | sample.go:16:9:16:15 | slice expression | semmle.label | slice expression | | sample.go:26:25:26:30 | call to Guid | semmle.label | call to Guid | -| sample.go:33:2:33:6 | definition of nonce | semmle.label | definition of nonce | | sample.go:34:12:34:40 | call to New | semmle.label | call to New | | sample.go:35:14:35:19 | random | semmle.label | random | +| sample.go:35:22:35:26 | nonce [postupdate] | semmle.label | nonce [postupdate] | | sample.go:37:35:37:39 | nonce | semmle.label | nonce | | sample.go:43:17:43:39 | call to Intn | semmle.label | call to Intn | | sample.go:44:17:44:39 | call to Intn | semmle.label | call to Intn | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index 65d24e8b45b6..b091d0343d80 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -29,43 +29,34 @@ edges | stdlib.go:93:13:93:32 | call to Get | stdlib.go:94:3:94:8 | target | provenance | | | stdlib.go:94:3:94:8 | target | stdlib.go:94:3:94:25 | ... += ... | provenance | Config | | stdlib.go:94:3:94:25 | ... += ... | stdlib.go:96:23:96:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | provenance | | -| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | stdlib.go:115:6:115:6 | r [pointer, URL] | provenance | | -| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | provenance | | -| stdlib.go:115:6:115:6 | r [pointer, URL] | stdlib.go:116:4:116:4 | r [pointer, URL] | provenance | | -| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | provenance | | -| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | | -| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:111:54:111:54 | definition of r [pointer, URL] | provenance | | -| stdlib.go:116:4:116:4 | implicit dereference [URL] | stdlib.go:116:4:116:8 | selection of URL | provenance | | -| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | | -| stdlib.go:116:4:116:4 | r [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance | | -| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL | provenance | Config | -| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [pointer] | provenance | | -| stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:4 | implicit dereference [URL] | provenance | Src:MaD:4 | +| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | provenance | | +| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | stdlib.go:117:24:117:24 | r [pointer, URL] | provenance | | +| stdlib.go:116:4:116:8 | implicit dereference | stdlib.go:116:4:116:8 | selection of URL [postupdate] | provenance | Config | | stdlib.go:116:4:116:8 | selection of URL | stdlib.go:116:4:116:8 | implicit dereference | provenance | Src:MaD:4 Config | -| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | provenance | | -| stdlib.go:116:4:116:8 | selection of URL [pointer] | stdlib.go:116:4:116:8 | implicit dereference | provenance | | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | provenance | | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | stdlib.go:116:4:116:8 | implicit dereference | provenance | Config | | stdlib.go:117:24:117:24 | implicit dereference [URL] | stdlib.go:117:24:117:28 | selection of URL | provenance | | | stdlib.go:117:24:117:24 | r [pointer, URL] | stdlib.go:117:24:117:24 | implicit dereference [URL] | provenance | | | stdlib.go:117:24:117:28 | selection of URL | stdlib.go:117:24:117:37 | call to String | provenance | Src:MaD:4 Config Sink:MaD:1 | | stdlib.go:150:13:150:18 | selection of Form | stdlib.go:150:13:150:32 | call to Get | provenance | Src:MaD:2 Config | | stdlib.go:150:13:150:32 | call to Get | stdlib.go:156:23:156:28 | target | provenance | Sink:MaD:1 | -| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL | provenance | Config | +| stdlib.go:163:10:163:15 | star expression | stdlib.go:163:11:163:15 | selection of URL [postupdate] | provenance | Config | | stdlib.go:163:10:163:15 | star expression | stdlib.go:166:24:166:26 | url | provenance | | | stdlib.go:163:11:163:15 | selection of URL | stdlib.go:163:10:163:15 | star expression | provenance | Src:MaD:4 Config | +| stdlib.go:163:11:163:15 | selection of URL [postupdate] | stdlib.go:163:10:163:15 | star expression | provenance | Config | | stdlib.go:166:24:166:26 | url | stdlib.go:166:24:166:35 | call to String | provenance | Config Sink:MaD:1 | | stdlib.go:177:35:177:39 | selection of URL | stdlib.go:177:35:177:52 | call to RequestURI | provenance | Src:MaD:4 Config | | stdlib.go:177:35:177:52 | call to RequestURI | stdlib.go:177:24:177:52 | ...+... | provenance | Config Sink:MaD:1 | | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | provenance | Src:MaD:3 Sink:MaD:1 | -| stdlib.go:194:3:194:8 | definition of target | stdlib.go:196:23:196:28 | target | provenance | | -| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:194:3:194:8 | definition of target | provenance | | +| stdlib.go:194:3:194:57 | ... := ...[0] | stdlib.go:196:23:196:28 | target | provenance | | | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:194:3:194:57 | ... := ...[0] | provenance | Src:MaD:3 Config | -| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:194:3:194:8 | definition of target | provenance | Config | +| stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:28 | target [postupdate] | provenance | Config | | stdlib.go:196:23:196:28 | implicit dereference | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | +| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance | | | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | @@ -98,17 +89,11 @@ nodes | stdlib.go:94:3:94:8 | target | semmle.label | target | | stdlib.go:94:3:94:25 | ... += ... | semmle.label | ... += ... | | stdlib.go:96:23:96:28 | target | semmle.label | target | -| stdlib.go:111:54:111:54 | definition of r [pointer, URL, pointer] | semmle.label | definition of r [pointer, URL, pointer] | -| stdlib.go:111:54:111:54 | definition of r [pointer, URL] | semmle.label | definition of r [pointer, URL] | -| stdlib.go:115:6:115:6 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | -| stdlib.go:115:6:115:6 | r [pointer, URL] | semmle.label | r [pointer, URL] | -| stdlib.go:116:4:116:4 | implicit dereference [URL, pointer] | semmle.label | implicit dereference [URL, pointer] | -| stdlib.go:116:4:116:4 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | -| stdlib.go:116:4:116:4 | r [pointer, URL, pointer] | semmle.label | r [pointer, URL, pointer] | -| stdlib.go:116:4:116:4 | r [pointer, URL] | semmle.label | r [pointer, URL] | +| stdlib.go:116:4:116:4 | implicit dereference [postupdate] [URL] | semmle.label | implicit dereference [postupdate] [URL] | +| stdlib.go:116:4:116:4 | r [postupdate] [pointer, URL] | semmle.label | r [postupdate] [pointer, URL] | | stdlib.go:116:4:116:8 | implicit dereference | semmle.label | implicit dereference | | stdlib.go:116:4:116:8 | selection of URL | semmle.label | selection of URL | -| stdlib.go:116:4:116:8 | selection of URL [pointer] | semmle.label | selection of URL [pointer] | +| stdlib.go:116:4:116:8 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | | stdlib.go:117:24:117:24 | implicit dereference [URL] | semmle.label | implicit dereference [URL] | | stdlib.go:117:24:117:24 | r [pointer, URL] | semmle.label | r [pointer, URL] | | stdlib.go:117:24:117:28 | selection of URL | semmle.label | selection of URL | @@ -118,6 +103,7 @@ nodes | stdlib.go:156:23:156:28 | target | semmle.label | target | | stdlib.go:163:10:163:15 | star expression | semmle.label | star expression | | stdlib.go:163:11:163:15 | selection of URL | semmle.label | selection of URL | +| stdlib.go:163:11:163:15 | selection of URL [postupdate] | semmle.label | selection of URL [postupdate] | | stdlib.go:166:24:166:26 | url | semmle.label | url | | stdlib.go:166:24:166:35 | call to String | semmle.label | call to String | | stdlib.go:177:24:177:52 | ...+... | semmle.label | ...+... | @@ -125,11 +111,11 @@ nodes | stdlib.go:177:35:177:52 | call to RequestURI | semmle.label | call to RequestURI | | stdlib.go:186:13:186:33 | call to FormValue | semmle.label | call to FormValue | | stdlib.go:188:23:188:28 | target | semmle.label | target | -| stdlib.go:194:3:194:8 | definition of target | semmle.label | definition of target | | stdlib.go:194:3:194:57 | ... := ...[0] | semmle.label | ... := ...[0] | | stdlib.go:194:36:194:56 | call to FormValue | semmle.label | call to FormValue | | stdlib.go:196:23:196:28 | implicit dereference | semmle.label | implicit dereference | | stdlib.go:196:23:196:28 | target | semmle.label | target | +| stdlib.go:196:23:196:28 | target [postupdate] | semmle.label | target [postupdate] | | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path | | stdlib.go:198:23:198:28 | target | semmle.label | target | | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath | diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 1fa5431811bd..188abc9c7f9c 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -37,12 +37,7 @@ edges | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 | | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 | | tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 | -| tst.go:46:2:46:2 | definition of u [pointer] | tst.go:47:2:47:2 | u [pointer] | provenance | | -| tst.go:47:2:47:2 | implicit dereference | tst.go:46:2:46:2 | definition of u [pointer] | provenance | | -| tst.go:47:2:47:2 | implicit dereference | tst.go:47:2:47:2 | u | provenance | | -| tst.go:47:2:47:2 | u | tst.go:47:2:47:2 | implicit dereference | provenance | | | tst.go:47:2:47:2 | u | tst.go:48:11:48:11 | u | provenance | | -| tst.go:47:2:47:2 | u [pointer] | tst.go:47:2:47:2 | implicit dereference | provenance | | | tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u | provenance | Config | | tst.go:47:11:47:18 | tainted2 | tst.go:48:11:48:11 | u | provenance | Config | | tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 | @@ -75,10 +70,7 @@ nodes | tst.go:36:18:36:24 | tainted | semmle.label | tainted | | tst.go:38:11:38:29 | ...+... | semmle.label | ...+... | | tst.go:40:11:40:40 | ...+... | semmle.label | ...+... | -| tst.go:46:2:46:2 | definition of u [pointer] | semmle.label | definition of u [pointer] | -| tst.go:47:2:47:2 | implicit dereference | semmle.label | implicit dereference | | tst.go:47:2:47:2 | u | semmle.label | u | -| tst.go:47:2:47:2 | u [pointer] | semmle.label | u [pointer] | | tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 | | tst.go:48:11:48:11 | u | semmle.label | u | | tst.go:48:11:48:20 | call to String | semmle.label | call to String | From ac71f9cd8e861176f5f2e057c6ca775274333cf1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 16 Sep 2025 16:42:47 +0100 Subject: [PATCH 162/307] Expected change in test output These sources are now modeled using models-as-data, which (probably correctly) uses the post-update node as the source. But the deprecated QL models still exist, so we get two test results for each of these calls. --- .../semmle/go/frameworks/Fasthttp/fasthttp.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go index c25c9d010588..061f50355d54 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Fasthttp/fasthttp.go @@ -169,10 +169,10 @@ func fasthttpServer() { fmt.Println(body1, body2, body3, body4) requestCtx.Request.BodyStream() // $ RemoteFlowSource="call to BodyStream" - requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..." - requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." - requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..." - requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." + requestCtx.Request.ReadBody(&bufio.Reader{}, 100, 1000) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ReadLimitBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ContinueReadBodyStream(&bufio.Reader{}, 100, true) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" + requestCtx.Request.ContinueReadBody(&bufio.Reader{}, 100) // $ RemoteFlowSource="&..." RemoteFlowSource="&... [postupdate]" // Response methods // Xss Sinks Related method From 3229630598724aa70de5417c2f5d323827ea7edf Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 16 Sep 2025 21:57:40 +0100 Subject: [PATCH 163/307] Make store step to send stmt's channel use post-update node --- .../semmle/go/dataflow/internal/ContainerFlow.qll | 6 ++++-- .../semmle/go/dataflow/ChannelField/test.expected | 14 +++----------- 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index 9f07693b7ea2..8a17ed1a78f9 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -36,8 +36,10 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { ) or c instanceof CollectionContent and - exists(SendStmt send | - send.getChannel() = node2.(ExprNode).asExpr() and send.getValue() = node1.(ExprNode).asExpr() + exists(SendStmt send, Node channelExprNode | + send.getChannel() = channelExprNode.(ExprNode).asExpr() and + node2.(PostUpdateNode).getPreUpdateNode() = channelExprNode and + send.getValue() = node1.(ExprNode).asExpr() ) or c instanceof MapKeyContent and diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected index 547c7b25da13..6936b333cf18 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ChannelField/test.expected @@ -1,22 +1,14 @@ invalidModelRow edges | test.go:9:9:9:11 | selection of c [collection] | test.go:9:7:9:11 | <-... | provenance | | -| test.go:13:16:13:16 | definition of s [pointer, c, collection] | test.go:16:2:16:2 | s [pointer, c, collection] | provenance | | | test.go:15:10:15:17 | call to source | test.go:16:9:16:12 | data | provenance | | -| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:13:16:13:16 | definition of s [pointer, c, collection] | provenance | | -| test.go:16:2:16:2 | implicit dereference [c, collection] | test.go:16:2:16:4 | selection of c [collection] | provenance | | -| test.go:16:2:16:2 | s [pointer, c, collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | | -| test.go:16:2:16:4 | selection of c [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | | -| test.go:16:2:16:4 | selection of c [collection] | test.go:16:2:16:2 | implicit dereference [c, collection] | provenance | | -| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [collection] | provenance | | +| test.go:16:2:16:4 | selection of c [postupdate] [collection] | test.go:9:9:9:11 | selection of c [collection] | provenance | | +| test.go:16:9:16:12 | data | test.go:16:2:16:4 | selection of c [postupdate] [collection] | provenance | | nodes | test.go:9:7:9:11 | <-... | semmle.label | <-... | | test.go:9:9:9:11 | selection of c [collection] | semmle.label | selection of c [collection] | -| test.go:13:16:13:16 | definition of s [pointer, c, collection] | semmle.label | definition of s [pointer, c, collection] | | test.go:15:10:15:17 | call to source | semmle.label | call to source | -| test.go:16:2:16:2 | implicit dereference [c, collection] | semmle.label | implicit dereference [c, collection] | -| test.go:16:2:16:2 | s [pointer, c, collection] | semmle.label | s [pointer, c, collection] | -| test.go:16:2:16:4 | selection of c [collection] | semmle.label | selection of c [collection] | +| test.go:16:2:16:4 | selection of c [postupdate] [collection] | semmle.label | selection of c [postupdate] [collection] | | test.go:16:9:16:12 | data | semmle.label | data | subpaths #select From 8a3bd8408bd6532993a30b1470011d5a03787739 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 16 Sep 2025 22:03:22 +0100 Subject: [PATCH 164/307] Fix test expectations for Cleartext Logging One spurious alert was removed, one missing alert was added, and some source locations changed. --- .../CWE-312/CleartextLogging.expected | 79 +++++++------------ .../test/query-tests/Security/CWE-312/main.go | 4 +- .../query-tests/Security/CWE-312/overrides.go | 4 +- .../query-tests/Security/CWE-312/passwords.go | 22 +++--- .../query-tests/Security/CWE-312/protobuf.go | 4 +- 5 files changed, 45 insertions(+), 68 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 90d182b144bf..2b96941ce1a5 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -41,7 +41,6 @@ | passwords.go:34:14:34:35 | ...+... | passwords.go:21:2:21:9 | definition of password | passwords.go:34:14:34:35 | ...+... | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:39:14:39:17 | obj1 | passwords.go:37:13:37:13 | x | passwords.go:39:14:39:17 | obj1 | $@ flows to a logging call. | passwords.go:37:13:37:13 | x | Sensitive data returned by an access to password | | passwords.go:44:14:44:17 | obj2 | passwords.go:21:2:21:9 | definition of password | passwords.go:44:14:44:17 | obj2 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | -| passwords.go:47:14:47:17 | obj3 | passwords.go:21:2:21:9 | definition of password | passwords.go:47:14:47:17 | obj3 | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | | passwords.go:51:14:51:27 | fixed_password | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | $@ flows to a logging call. | passwords.go:50:2:50:15 | definition of fixed_password | Sensitive data returned by an access to fixed_password | | passwords.go:89:14:89:26 | utilityObject | passwords.go:87:16:87:36 | call to make | passwords.go:89:14:89:26 | utilityObject | $@ flows to a logging call. | passwords.go:87:16:87:36 | call to make | Sensitive data returned by an access to passwordSet | | passwords.go:92:23:92:28 | secret | passwords.go:21:2:21:9 | definition of password | passwords.go:92:23:92:28 | secret | $@ flows to a logging call. | passwords.go:21:2:21:9 | definition of password | Sensitive data returned by an access to password | @@ -175,8 +174,8 @@ edges | main.go:80:17:80:24 | password | main.go:82:12:82:19 | password | provenance | | | main.go:80:17:80:24 | password | main.go:83:17:83:24 | password | provenance | | | main.go:80:17:80:24 | password | main.go:86:19:86:26 | password | provenance | | -| main.go:85:2:85:7 | definition of fields | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 | -| main.go:86:19:86:26 | password | main.go:85:2:85:7 | definition of fields | provenance | Config | +| main.go:86:2:86:7 | fields [postupdate] | main.go:87:29:87:34 | fields | provenance | Sink:MaD:2 | +| main.go:86:19:86:26 | password | main.go:86:2:86:7 | fields [postupdate] | provenance | Config | | main.go:86:19:86:26 | password | main.go:90:35:90:42 | password | provenance | Sink:MaD:1 | | overrides.go:8:2:8:9 | definition of password | overrides.go:9:9:9:16 | password | provenance | | | overrides.go:9:9:9:16 | password | overrides.go:13:14:13:23 | call to String | provenance | | @@ -188,21 +187,19 @@ edges | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | | passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | | -| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | -| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | +| passwords.go:36:10:38:2 | struct literal [postupdate] | passwords.go:39:14:39:17 | obj1 | provenance | | +| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:41:10:43:2 | struct literal [postupdate] | passwords.go:44:14:44:17 | obj2 | provenance | | +| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal [postupdate] | provenance | Config | | passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | | -| passwords.go:46:6:46:9 | definition of obj3 | passwords.go:47:14:47:17 | obj3 | provenance | | -| passwords.go:48:11:48:18 | password | passwords.go:46:6:46:9 | definition of obj3 | provenance | Config | | passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:108:34:108:41 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | | | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | | -| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | | -| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config | +| passwords.go:86:19:88:2 | struct literal [postupdate] | passwords.go:89:14:89:26 | utilityObject | provenance | | +| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal [postupdate] | provenance | Config | | passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config | | passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | | | passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | | @@ -215,22 +212,20 @@ edges | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | | | passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config | | passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config | -| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | | -| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | | -| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | | -| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config | -| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config | -| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | | -| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config | -| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | | +| passwords.go:120:12:125:2 | struct literal [postupdate] | passwords.go:127:14:127:19 | config | provenance | | +| passwords.go:120:12:125:2 | struct literal [postupdate] [x] | passwords.go:128:14:128:19 | config [x] | provenance | | +| passwords.go:120:12:125:2 | struct literal [postupdate] [y] | passwords.go:129:14:129:19 | config [y] | provenance | | +| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [postupdate] [x] | provenance | | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [postupdate] [y] | provenance | | | passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | | | passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | | | protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | protobuf.go:12:2:12:6 | query [pointer, Description] | provenance | | -| protobuf.go:12:2:12:6 | implicit dereference [Description] | protobuf.go:11:2:11:6 | definition of query [pointer, Description] | provenance | | -| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | -| protobuf.go:12:2:12:6 | query [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | -| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [Description] | provenance | | +| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | provenance | | +| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | protobuf.go:14:14:14:18 | query [pointer, Description] | provenance | | +| protobuf.go:12:22:12:29 | password | protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protobuf.go:14:14:14:35 | call to GetDescription | provenance | | | protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | provenance | | | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:10 | x [pointer, Description] | provenance | | @@ -298,7 +293,7 @@ nodes | main.go:80:17:80:24 | password | semmle.label | password | | main.go:82:12:82:19 | password | semmle.label | password | | main.go:83:17:83:24 | password | semmle.label | password | -| main.go:85:2:85:7 | definition of fields | semmle.label | definition of fields | +| main.go:86:2:86:7 | fields [postupdate] | semmle.label | fields [postupdate] | | main.go:86:19:86:26 | password | semmle.label | password | | main.go:87:29:87:34 | fields | semmle.label | fields | | main.go:90:35:90:42 | password | semmle.label | password | @@ -316,18 +311,16 @@ nodes | passwords.go:32:12:32:19 | password | semmle.label | password | | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... | | passwords.go:34:28:34:35 | password | semmle.label | password | -| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal | +| passwords.go:36:10:38:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | | passwords.go:37:13:37:13 | x | semmle.label | x | | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | -| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal | +| passwords.go:41:10:43:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | | passwords.go:42:6:42:13 | password | semmle.label | password | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | -| passwords.go:46:6:46:9 | definition of obj3 | semmle.label | definition of obj3 | -| passwords.go:47:14:47:17 | obj3 | semmle.label | obj3 | | passwords.go:48:11:48:18 | password | semmle.label | password | | passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal | +| passwords.go:86:19:88:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | | passwords.go:87:16:87:36 | call to make | semmle.label | call to make | | passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject | | passwords.go:92:23:92:28 | secret | semmle.label | secret | @@ -341,9 +334,9 @@ nodes | passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... | | passwords.go:117:28:117:36 | password1 | semmle.label | password1 | | passwords.go:117:28:117:45 | call to String | semmle.label | call to String | -| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal | -| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] | -| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] | +| passwords.go:120:12:125:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | +| passwords.go:120:12:125:2 | struct literal [postupdate] [x] | semmle.label | struct literal [postupdate] [x] | +| passwords.go:120:12:125:2 | struct literal [postupdate] [y] | semmle.label | struct literal [postupdate] [y] | | passwords.go:121:13:121:14 | x3 | semmle.label | x3 | | passwords.go:123:13:123:20 | password | semmle.label | password | | passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword | @@ -353,9 +346,8 @@ nodes | passwords.go:129:14:129:19 | config [y] | semmle.label | config [y] | | passwords.go:129:14:129:21 | selection of y | semmle.label | selection of y | | protobuf.go:9:2:9:9 | definition of password | semmle.label | definition of password | -| protobuf.go:11:2:11:6 | definition of query [pointer, Description] | semmle.label | definition of query [pointer, Description] | -| protobuf.go:12:2:12:6 | implicit dereference [Description] | semmle.label | implicit dereference [Description] | -| protobuf.go:12:2:12:6 | query [pointer, Description] | semmle.label | query [pointer, Description] | +| protobuf.go:12:2:12:6 | implicit dereference [postupdate] [Description] | semmle.label | implicit dereference [postupdate] [Description] | +| protobuf.go:12:2:12:6 | query [postupdate] [pointer, Description] | semmle.label | query [postupdate] [pointer, Description] | | protobuf.go:12:22:12:29 | password | semmle.label | password | | protobuf.go:14:14:14:18 | query [pointer, Description] | semmle.label | query [pointer, Description] | | protobuf.go:14:14:14:35 | call to GetDescription | semmle.label | call to GetDescription | @@ -365,18 +357,3 @@ nodes | protos/query/query.pb.go:119:10:119:22 | selection of Description | semmle.label | selection of Description | subpaths | protobuf.go:14:14:14:18 | query [pointer, Description] | protos/query/query.pb.go:117:7:117:7 | definition of x [pointer, Description] | protos/query/query.pb.go:119:10:119:22 | selection of Description | protobuf.go:14:14:14:35 | call to GetDescription | -testFailures -| main.go:17:2:17:9 | definition of password | Unexpected result: Source | -| main.go:87:29:87:34 | fields | Unexpected result: Alert | -| overrides.go:8:2:8:9 | definition of password | Unexpected result: Source | -| overrides.go:9:18:9:28 | comment | Missing result: Source | -| passwords.go:21:2:21:9 | definition of password | Unexpected result: Source | -| passwords.go:30:18:30:28 | comment | Missing result: Source | -| passwords.go:42:16:42:26 | comment | Missing result: Source | -| passwords.go:48:20:48:30 | comment | Missing result: Source | -| passwords.go:50:2:50:15 | definition of fixed_password | Unexpected result: Source | -| passwords.go:91:31:91:41 | comment | Missing result: Source | -| passwords.go:116:6:116:14 | definition of password1 | Unexpected result: Source | -| passwords.go:123:28:123:38 | comment | Missing result: Source | -| protobuf.go:9:2:9:9 | definition of password | Unexpected result: Source | -| protobuf.go:12:31:12:41 | comment | Missing result: Source | diff --git a/go/ql/test/query-tests/Security/CWE-312/main.go b/go/ql/test/query-tests/Security/CWE-312/main.go index 0372fc2df14b..e30a81822655 100644 --- a/go/ql/test/query-tests/Security/CWE-312/main.go +++ b/go/ql/test/query-tests/Security/CWE-312/main.go @@ -14,7 +14,7 @@ import ( var i int = rand.Int() func main() { - password := "P4ssw0rd" + password := "P4ssw0rd" // $ Source log.Print(password) // $ Alert log.Printf("%s", password) // $ Alert @@ -84,7 +84,7 @@ func main() { fields := make(logrus.Fields) fields["pass"] = password - entry := logrus.WithFields(fields) + entry := logrus.WithFields(fields) // $ Alert entry.Errorf("") entry = logrus.WithField("pass", password) // $ Alert diff --git a/go/ql/test/query-tests/Security/CWE-312/overrides.go b/go/ql/test/query-tests/Security/CWE-312/overrides.go index 98fbdad9e77d..4ac9401d2c01 100644 --- a/go/ql/test/query-tests/Security/CWE-312/overrides.go +++ b/go/ql/test/query-tests/Security/CWE-312/overrides.go @@ -5,8 +5,8 @@ import "fmt" type s struct{} func (_ s) String() string { - password := "horsebatterystaplecorrect" - return password // $ Source + password := "horsebatterystaplecorrect" // $ Source + return password } func overrideTest(x s, y fmt.Stringer) { diff --git a/go/ql/test/query-tests/Security/CWE-312/passwords.go b/go/ql/test/query-tests/Security/CWE-312/passwords.go index 6be68be7265a..38c977e41b83 100644 --- a/go/ql/test/query-tests/Security/CWE-312/passwords.go +++ b/go/ql/test/query-tests/Security/CWE-312/passwords.go @@ -18,7 +18,7 @@ func redact(kind, value string) string { func test() { name := "user" - password := "P@ssw0rd" + password := "P@ssw0rd" // $ Source x := "horsebatterystapleincorrect" var o passStruct @@ -27,7 +27,7 @@ func test() { log.Println(getPassword()) // $ Alert log.Println(o.getPassword()) // $ Alert - myLog(password) // $ Source + myLog(password) log.Panic(password) // $ Alert @@ -39,16 +39,16 @@ func test() { log.Println(obj1) // $ Alert obj2 := xStruct{ - x: password, // $ Source + x: password, } log.Println(obj2) // $ Alert var obj3 xStruct - log.Println(obj3) // $ SPURIOUS: Alert // caught because of the below line and def-use flow - obj3.x = password // $ Source + log.Println(obj3) + obj3.x = password - fixed_password := "cowbatterystaplecorrect" - log.Println(fixed_password) // $ Alert // Probably OK + fixed_password := "cowbatterystaplecorrect" // $ Source + log.Println(fixed_password) // $ Alert // Probably OK log.Println(IncorrectPasswordError) // OK @@ -88,7 +88,7 @@ func test() { } log.Println(utilityObject) // $ Alert - secret := password // $ Source + secret := password log.Printf("pw: %s", secret) // $ Alert log.Println("Password is: " + redact("password", password)) @@ -113,14 +113,14 @@ func test() { log.Println("Password is: " + password) // $ SPURIOUS: Alert } - var password1 stringable = stringable{"arstneio"} - log.Println(name + ", " + password1.String()) // $ Alert + var password1 stringable = stringable{"arstneio"} // $ Source + log.Println(name + ", " + password1.String()) // $ Alert x3 := "sheepbatterystaplecorrect" config := Config{ password: x3, // $ Source hostname: "tarski", - x: password, // $ Source + x: password, y: getPassword(), // $ Source } log.Println(config.hostname) // OK diff --git a/go/ql/test/query-tests/Security/CWE-312/protobuf.go b/go/ql/test/query-tests/Security/CWE-312/protobuf.go index a995f0d7cb8b..3609410e2b08 100644 --- a/go/ql/test/query-tests/Security/CWE-312/protobuf.go +++ b/go/ql/test/query-tests/Security/CWE-312/protobuf.go @@ -6,10 +6,10 @@ import ( ) func testProtobuf() { - password := "P@ssw0rd" + password := "P@ssw0rd" // $ Source query := &query.Query{} - query.Description = password // $ Source + query.Description = password log.Println(query.GetDescription()) // $ Alert log.Println(query.GetId()) // OK From cf6cfe2a1e2e1ced3108d3eb3d876c528346a031 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 17 Sep 2025 16:43:07 +0100 Subject: [PATCH 165/307] Non-initializing writes should target post-update nodes --- .../go/controlflow/ControlFlowGraph.qll | 40 +++++-- go/ql/lib/semmle/go/controlflow/IR.qll | 14 ++- .../go/dataflow/internal/ContainerFlow.qll | 6 +- .../go/dataflow/internal/DataFlowPrivate.qll | 2 +- .../go/dataflow/internal/FlowSummaryImpl.qll | 11 +- .../dataflow/internal/TaintTrackingUtil.qll | 2 +- go/ql/lib/semmle/go/frameworks/GinCors.qll | 44 +++++--- go/ql/lib/semmle/go/frameworks/NoSQL.qll | 5 +- go/ql/lib/semmle/go/frameworks/Protobuf.qll | 12 +- go/ql/lib/semmle/go/frameworks/RsCors.qll | 33 ++++-- .../semmle/go/frameworks/stdlib/NetHttp.qll | 8 +- .../semmle/go/security/CleartextLogging.qll | 4 +- .../semmle/go/security/OpenUrlRedirect.qll | 6 +- .../OpenUrlRedirectCustomizations.qll | 5 +- .../lib/semmle/go/security/RequestForgery.qll | 8 +- go/ql/lib/semmle/go/security/SafeUrlFlow.qll | 15 ++- go/ql/src/RedundantCode/DeadStoreOfField.ql | 5 +- .../CWE-295/DisabledCertificateCheck.ql | 2 +- .../CWE-322/InsecureHostKeyCallback.ql | 11 +- go/ql/src/Security/CWE-327/InsecureTLS.ql | 12 +- .../Security/CWE-352/ConstantOauth2State.ql | 2 +- .../src/experimental/CWE-1004/AuthCookie.qll | 19 ++-- go/ql/src/experimental/CWE-918/SSRF.qll | 8 +- .../example-tests/snippets/typeinfo.expected | 1 + .../CWE-1004/CookieWithoutHttpOnly.expected | 105 ++++++++---------- .../dataflow/FlowSteps/LocalFlowStep.expected | 15 +++ .../FlowSteps/LocalTaintStep.expected | 6 +- .../PromotedFields/LocalFlowStep.expected | 30 +++++ .../ReadsAndWrites/writesElement.expected | 6 +- .../ReadsAndWrites/writesField.expected | 6 +- .../go/frameworks/Email/EmailData.expected | 3 + .../frameworks/GoMicro/LogInjection.expected | 18 --- .../frameworks/TaintSteps/TaintStep.expected | 14 +-- .../CWE-078/CommandInjection.expected | 36 +++--- .../Security/CWE-089/SqlInjection.expected | 57 ++++------ .../CWE-295/DisabledCertificateCheck/main.go | 21 +++- .../CWE-312/CleartextLogging.expected | 40 +++---- 37 files changed, 374 insertions(+), 258 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index 37be62f37105..58a3ae3d44ea 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -118,6 +118,8 @@ module ControlFlow { /** Gets the left-hand side of this write. */ IR::WriteTarget getLhs() { result = super.getLhs() } + private predicate isInitialization() { super.isInitialization() } + /** Gets the right-hand side of this write. */ DataFlow::Node getRhs() { super.getRhs() = result.asInstruction() } @@ -134,13 +136,20 @@ module ControlFlow { * Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to * `rhs`. * - * For example, for the assignment `x.width = newWidth`, `base` is either the data-flow node - * corresponding to `x` or (if `x` is a pointer) the data-flow node corresponding to the - * implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the data-flow - * node corresponding to `newWidth`. + * For example, for the assignment `x.width = newWidth`, `base` is the post-update node of + * either the data-flow node corresponding to `x` or (if `x` is a pointer) the data-flow node + * corresponding to the implicit dereference `*x`, `f` is the field referenced by `width`, and + * `rhs` is the data-flow node corresponding to `newWidth`. If this `WriteNode` is a struct + * initialization then there is no need for a post-update node and `base` is the struct literal + * being initialized. */ predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) { - this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction()) + exists(DataFlow::Node b | this.writesFieldInsn(b.asInstruction(), f, rhs.asInstruction()) | + this.isInitialization() and base = b + or + not this.isInitialization() and + b = base.(DataFlow::PostUpdateNode).getPreUpdateNode() + ) } private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { @@ -158,13 +167,22 @@ module ControlFlow { * Holds if this node sets the value of element `index` on `base` (or its implicit dereference) * to `rhs`. * - * For example, for the assignment `xs[i] = v`, `base` is either the data-flow node - * corresponding to `xs` or (if `xs` is a pointer) the data-flow node corresponding to the - * implicit dereference `*xs`, `index` is the data-flow node corresponding to `i`, and `rhs` - * is the data-flow node corresponding to `base`. + * For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow + * node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index` + * is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to + * `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then + * there is no need for a post-update node and `base` is the array/slice/map literal being + * initialized. */ predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { - this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction()) + exists(DataFlow::Node b | + this.writesElementInsn(b.asInstruction(), index.asInstruction(), rhs.asInstruction()) + | + this.isInitialization() and base = b + or + not this.isInitialization() and + b = base.(DataFlow::PostUpdateNode).getPreUpdateNode() + ) } private predicate writesElementInsn( @@ -184,7 +202,7 @@ module ControlFlow { * Holds if this node sets any field or element of `base` to `rhs`. */ predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { - this.writesComponentInstruction(base.asInstruction(), rhs.asInstruction()) + this.writesElement(base, _, rhs) or this.writesField(base, _, rhs) } /** diff --git a/go/ql/lib/semmle/go/controlflow/IR.qll b/go/ql/lib/semmle/go/controlflow/IR.qll index 1a56dfcf2dc9..2b8a30437bbb 100644 --- a/go/ql/lib/semmle/go/controlflow/IR.qll +++ b/go/ql/lib/semmle/go/controlflow/IR.qll @@ -430,18 +430,24 @@ module IR { */ class WriteInstruction extends Instruction { WriteTarget lhs; + Boolean initialization; WriteInstruction() { - lhs = MkLhs(this, _) - or - lhs = MkLiteralElementTarget(this) + ( + lhs = MkLhs(this, _) + or + lhs = MkResultWriteTarget(this) + ) and + initialization = false or - lhs = MkResultWriteTarget(this) + lhs = MkLiteralElementTarget(this) and initialization = true } /** Gets the target to which this instruction writes. */ WriteTarget getLhs() { result = lhs } + predicate isInitialization() { initialization = true } + /** Gets the instruction computing the value this instruction writes. */ Instruction getRhs() { none() } diff --git a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll index 8a17ed1a78f9..e978cb3e5874 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/ContainerFlow.qll @@ -22,7 +22,7 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { t instanceof SliceType ) and ( - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1)) + exists(Write w | w.writesElement(node2, _, node1)) or node1 = node2.(ImplicitVarargsSlice).getCallNode().getAnImplicitVarargsArgument() or @@ -44,11 +44,11 @@ predicate containerStoreStep(Node node1, Node node2, Content c) { or c instanceof MapKeyContent and t instanceof MapType and - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), node1, _)) + exists(Write w | w.writesElement(node2, node1, _)) or c instanceof MapValueContent and t instanceof MapType and - exists(Write w | w.writesElement(node2.(PostUpdateNode).getPreUpdateNode(), _, node1)) + exists(Write w | w.writesElement(node2, _, node1)) ) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 7ca942fdf59f..613441f98681 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -156,7 +156,7 @@ predicate storeStep(Node node1, ContentSet cs, Node node2) { // which in turn flows into the pointer content of `p` exists(Write w, Field f, DataFlow::Node base, DataFlow::Node rhs | w.writesField(base, f, rhs) | node1 = rhs and - node2.(PostUpdateNode).getPreUpdateNode() = base and + node2 = base and c = any(DataFlow::FieldContent fc | fc.getField() = f) or node1 = base and diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 496870286e95..a7dfbab15c2b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -437,13 +437,20 @@ module SourceSinkInterpretationInput implements mid.asCallable() = getNodeEnclosingCallable(ret) ) or - exists(SourceOrSinkElement e, DataFlow::Write fw, DataFlow::Node base, Field f | + exists( + SourceOrSinkElement e, DataFlow::Write fw, DataFlow::Node base, DataFlow::Node qual, Field f + | e = mid.asElement() and f = e.asFieldEntity() | c = "" and fw.writesField(base, f, node.asNode()) and - pragma[only_bind_into](e) = getElementWithQualifier(f, base) + pragma[only_bind_into](e) = getElementWithQualifier(f, qual) and + ( + qual = base.(PostUpdateNode).getPreUpdateNode() + or + not base instanceof PostUpdateNode and qual = base + ) ) or // A package-scope (or universe-scope) variable diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index 05cb663f7be4..ff5b4f74e77e 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -144,7 +144,7 @@ predicate referenceStep(DataFlow::Node pred, DataFlow::Node succ) { * `succ`. */ predicate elementWriteStep(DataFlow::Node pred, DataFlow::Node succ) { - any(DataFlow::Write w).writesElement(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, pred) + any(DataFlow::Write w).writesElement(succ, _, pred) or FlowSummaryImpl::Private::Steps::summaryStoreStep(pred.(DataFlowPrivate::FlowSummaryNode) .getSummaryNode(), any(DataFlow::ArrayContent ac).asContentSet(), diff --git a/go/ql/lib/semmle/go/frameworks/GinCors.qll b/go/ql/lib/semmle/go/frameworks/GinCors.qll index 582ea368073b..a26ab2eaa126 100644 --- a/go/ql/lib/semmle/go/frameworks/GinCors.qll +++ b/go/ql/lib/semmle/go/frameworks/GinCors.qll @@ -25,10 +25,15 @@ module GinCors { DataFlow::Node base; AllowCredentialsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Config", "AllowCredentials") and - w.writesField(base, f, this) and - this.getType() instanceof BoolType + w.writesField(n, f, this) and + this.getType() instanceof BoolType and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } @@ -59,10 +64,15 @@ module GinCors { DataFlow::Node base; AllowOriginsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Config", "AllowOrigins") and - w.writesField(base, f, this) and - this.asExpr() instanceof SliceLit + w.writesField(n, f, this) and + this.asExpr() instanceof SliceLit and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } @@ -93,10 +103,15 @@ module GinCors { DataFlow::Node base; AllowAllOriginsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Config", "AllowAllOrigins") and - w.writesField(base, f, this) and - this.getType() instanceof BoolType + w.writesField(n, f, this) and + this.getType() instanceof BoolType and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } @@ -109,14 +124,9 @@ module GinCors { * Get config variable holding header values */ override GinConfig getConfig() { - exists(GinConfig gc | - ( - gc.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = - base.asInstruction() or - gc.getV().getAUse() = base - ) and - result = gc - ) + result.getV().getBaseVariable().getDefinition().(SsaExplicitDefinition).getRhs() = + base.asInstruction() or + result.getV().getAUse() = base } } diff --git a/go/ql/lib/semmle/go/frameworks/NoSQL.qll b/go/ql/lib/semmle/go/frameworks/NoSQL.qll index 36932149628e..5fa155395fc8 100644 --- a/go/ql/lib/semmle/go/frameworks/NoSQL.qll +++ b/go/ql/lib/semmle/go/frameworks/NoSQL.qll @@ -38,9 +38,8 @@ module NoSql { */ predicate isAdditionalMongoTaintStep(DataFlow::Node pred, DataFlow::Node succ) { // Taint an entry if the `Value` is tainted - exists(Write w, DataFlow::Node base, Field f | w.writesField(base, f, pred) | - base = succ.(DataFlow::PostUpdateNode).getPreUpdateNode() and - base.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and + exists(Write w, Field f | w.writesField(succ, f, pred) | + succ.getType().hasQualifiedName(package("go.mongodb.org/mongo-driver", "bson/primitive"), "E") and f.getName() = "Value" ) } diff --git a/go/ql/lib/semmle/go/frameworks/Protobuf.qll b/go/ql/lib/semmle/go/frameworks/Protobuf.qll index 550f99175604..4103815e7d22 100644 --- a/go/ql/lib/semmle/go/frameworks/Protobuf.qll +++ b/go/ql/lib/semmle/go/frameworks/Protobuf.qll @@ -64,11 +64,10 @@ module Protobuf { */ private class MarshalStateStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { - exists(DataFlow::PostUpdateNode marshalInput, DataFlow::CallNode marshalStateCall | + exists(DataFlow::Node marshalInput, DataFlow::CallNode marshalStateCall | marshalStateCall = marshalStateMethod().getACall() and // pred -> marshalInput.Message - any(DataFlow::Write w) - .writesField(marshalInput.getPreUpdateNode(), inputMessageField(), pred) and + any(DataFlow::Write w).writesField(marshalInput, inputMessageField(), pred) and // marshalInput -> marshalStateCall marshalStateCall.getArgument(0) = globalValueNumber(marshalInput).getANode() and // marshalStateCall -> succ @@ -142,10 +141,13 @@ module Protobuf { private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { [succ.getType(), succ.getType().getPointerType()] instanceof MessageType and - exists(DataFlow::ReadNode base | + exists(DataFlow::Node n, DataFlow::ReadNode base | succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base) | - any(DataFlow::Write w).writesComponent(base, pred) + any(DataFlow::Write w).writesComponent(n, pred) and + // The below line only works because `base`'s type, `DataFlow::ReadNode`, + // is incompatible with `DataFlow::PostUpdateNode`. + base = [n, n.(DataFlow::PostUpdateNode).getPreUpdateNode()] ) } } diff --git a/go/ql/lib/semmle/go/frameworks/RsCors.qll b/go/ql/lib/semmle/go/frameworks/RsCors.qll index b9cee2aa459b..aa49df3c4323 100644 --- a/go/ql/lib/semmle/go/frameworks/RsCors.qll +++ b/go/ql/lib/semmle/go/frameworks/RsCors.qll @@ -52,10 +52,15 @@ module RsCors { DataFlow::Node base; AllowCredentialsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and - w.writesField(base, f, this) and - this.getType() instanceof BoolType + w.writesField(n, f, this) and + this.getType() instanceof BoolType and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } @@ -80,10 +85,15 @@ module RsCors { DataFlow::Node base; AllowOriginsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and - w.writesField(base, f, this) and - this.asExpr() instanceof SliceLit + w.writesField(n, f, this) and + this.asExpr() instanceof SliceLit and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } @@ -111,10 +121,15 @@ module RsCors { DataFlow::Node base; AllowAllOriginsWrite() { - exists(Field f, Write w | + exists(Field f, Write w, DataFlow::Node n | f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and - w.writesField(base, f, this) and - this.getType() instanceof BoolType + w.writesField(n, f, this) and + this.getType() instanceof BoolType and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) ) } diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 9a917f05ff5c..0ba122006e69 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -52,7 +52,13 @@ module NetHttp { MapWrite() { this.getType().hasQualifiedName("net/http", "Header") and - any(Write write).writesElement(this, index, rhs) + exists(Write write, DataFlow::Node base | + write.writesElement(base, index, rhs) and + // The following line works because `Http::HeaderWrite::Range` extends + // `DataFlow::ExprNode`, which is incompatible with + // `DataFlow::PostUpdateNode`. + this = [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] + ) } override DataFlow::Node getName() { result = index } diff --git a/go/ql/lib/semmle/go/security/CleartextLogging.qll b/go/ql/lib/semmle/go/security/CleartextLogging.qll index 5218d03d9081..5254b3e3a298 100644 --- a/go/ql/lib/semmle/go/security/CleartextLogging.qll +++ b/go/ql/lib/semmle/go/security/CleartextLogging.qll @@ -35,9 +35,7 @@ module CleartextLogging { predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { // A taint propagating data-flow edge through structs: a tainted write taints the entire struct. - exists(Write write | - write.writesField(trg.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, src) - ) + exists(Write write | write.writesField(trg, _, src)) or // taint steps that do not include flow through fields. Field reads would produce FPs due to // the additional taint step above that taints whole structs from individual field writes. diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll index 1d2d7a1c60bb..e2495055fdc1 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll @@ -33,8 +33,8 @@ module OpenUrlRedirect { any(AdditionalStep s).hasTaintStep(pred, succ) or // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, pred) and succ = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(succ, f, pred) ) or // propagate out of most URL fields, but not `ForceQuery` and `Scheme` @@ -49,7 +49,7 @@ module OpenUrlRedirect { predicate isBarrierOut(DataFlow::Node node) { // block propagation of this unsafe value when its host is overwritten exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(node.getASuccessor(), f, _) + w.writesField(node.(DataFlow::PostUpdateNode).getPreUpdateNode(), f, _) ) or hostnameSanitizingPrefixEdge(node, _) diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index c278bdf58c5d..48d027d49faf 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -90,9 +90,10 @@ module OpenUrlRedirect { */ class PathAssignmentBarrier extends Barrier, Read { PathAssignmentBarrier() { - exists(Write w, SsaWithFields var | + exists(Write w, DataFlow::Node base, SsaWithFields var | hasHostnameSanitizingSubstring(w.getRhs()) and - w.writesField(var.getAUse(), any(Field f | f.getName() = "Path"), _) and + w.writesField(base, any(Field f | f.getName() = "Path"), _) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = var.getAUse() and useIsDominated(var, w, this) ) } diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index 176b67403e6e..8508d0dda968 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -27,8 +27,12 @@ module RequestForgery { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, pred) and succ = v.getAUse() + exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | + f.hasQualifiedName("net/url", "URL", "Host") + | + w.writesField(base, f, pred) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + succ = v.getAUse() ) } diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index 1fc39072dfbf..e53214955d5e 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -23,17 +23,20 @@ module SafeUrlFlow { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse() + exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | + f.hasQualifiedName("net/url", "URL", "Host") + | + w.writesField(base, f, node1) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + node2 = v.getAUse() ) } predicate isBarrierOut(DataFlow::Node node) { // block propagation of this safe value when its host is overwritten - exists(Write w, DataFlow::Node b, Field f | - f.hasQualifiedName("net/url", "URL", "Host") and - b = node.getASuccessor() and - w.writesField(b, f, _) + exists(Write w, DataFlow::Node base, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(base, f, _) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = node.getASuccessor() ) or node instanceof SanitizerEdge diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index be3a77d3ac78..3f757cd8b543 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -86,10 +86,11 @@ Type getTypeEmbeddedViaPointer(Type t) { result = getEmbeddedType*(getEmbeddedType(getEmbeddedType*(t), true)) } -from Write w, LocalVariable v, Field f +from Write w, DataFlow::Node base, LocalVariable v, Field f where // `w` writes `f` on `v` - w.writesField(v.getARead(), f, _) and + w.writesField(base, f, _) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getARead() and // but `f` is never read on `v` not exists(Read r | r.readsField(v.getARead(), f)) and // exclude pointer-typed `v`; there may be reads through an alias diff --git a/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql b/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql index ae83fbce8bc3..bc05c8cf4aa8 100644 --- a/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql +++ b/go/ql/src/Security/CWE-295/DisabledCertificateCheck.ql @@ -34,7 +34,7 @@ predicate becomesPartOf(DataFlow::Node part, DataFlow::Node whole) { or whole.(DataFlow::AddressOperationNode).getOperand() = part or - exists(Write w | w.writesField(whole.(DataFlow::PostUpdateNode).getPreUpdateNode(), _, part)) + exists(Write w | w.writesField(whole, _, part)) } /** diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql index 5fef19007131..e88b7bf0f956 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql @@ -98,8 +98,15 @@ predicate hostCheckReachesSink(Flow::PathNode sink) { Flow::flowPath(source, otherSink) and Config::writeIsSink(sink.getNode(), sinkWrite) and Config::writeIsSink(otherSink.getNode(), otherSinkWrite) and - sinkWrite.writesField(sinkAccessPath.getAUse(), _, sink.getNode()) and - otherSinkWrite.writesField(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and + exists(DataFlow::Node base1 | + sinkWrite.writesField(base1, _, sink.getNode()) and + [base1, base1.(DataFlow::PostUpdateNode).getPreUpdateNode()] = sinkAccessPath.getAUse() + ) and + exists(DataFlow::Node base2 | + otherSinkWrite.writesField(base2, _, otherSink.getNode()) and + [base2, base2.(DataFlow::PostUpdateNode).getPreUpdateNode()] = + otherSinkAccessPath.getAUse() + ) and otherSinkAccessPath = sinkAccessPath.similar() ) ) diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql index dba6f2d54ca9..66e516a85eb5 100644 --- a/go/ql/src/Security/CWE-327/InsecureTLS.ql +++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql @@ -65,7 +65,11 @@ module TlsVersionFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", ["MinVersion", "MaxVersion"]) and - fieldWrite.writesField(base, fld, sink) + exists(DataFlow::Node n | fieldWrite.writesField(n, fld, sink) | + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) } predicate isSource(DataFlow::Node source) { intIsSource(source, _) } @@ -190,7 +194,11 @@ module TlsInsecureCipherSuitesFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", "CipherSuites") and - fieldWrite.writesField(base, fld, sink) + exists(DataFlow::Node n | fieldWrite.writesField(n, fld, sink) | + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) } predicate isSink(DataFlow::Node sink) { isSink(sink, _, _, _) } diff --git a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql index 8898a6bb1018..501eb6109c71 100644 --- a/go/ql/src/Security/CWE-352/ConstantOauth2State.ql +++ b/go/ql/src/Security/CWE-352/ConstantOauth2State.ql @@ -61,7 +61,7 @@ predicate isUrlTaintingConfigStep(DataFlow::Node pred, DataFlow::Node succ) { exists(Write w, Field f | f.hasQualifiedName(package("golang.org/x/oauth2", ""), "Config", "RedirectURL") | - w.writesField(succ.(DataFlow::PostUpdateNode).getPreUpdateNode(), f, pred) + w.writesField(succ, f, pred) ) } diff --git a/go/ql/src/experimental/CWE-1004/AuthCookie.qll b/go/ql/src/experimental/CWE-1004/AuthCookie.qll index b16f09ac1858..2cf8577ac5a5 100644 --- a/go/ql/src/experimental/CWE-1004/AuthCookie.qll +++ b/go/ql/src/experimental/CWE-1004/AuthCookie.qll @@ -26,9 +26,14 @@ private class GorillaSessionOptionsField extends Field { * This should cover most typical patterns... */ private DataFlow::Node getValueForFieldWrite(StructLit sl, string field) { - exists(Write w, DataFlow::Node base, Field f | + exists(Write w, DataFlow::Node base, DataFlow::Node n, Field f | f.getName() = field and - w.writesField(base, f, result) and + w.writesField(n, f, result) and + ( + base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() + or + not n instanceof DataFlow::PostUpdateNode and base = n + ) and ( sl = base.asExpr() or @@ -209,10 +214,7 @@ private module GorillaSessionOptionsTrackingConfig implements DataFlow::ConfigSi predicate isSink(DataFlow::Node sink) { sink instanceof GorillaSessionSaveSink } predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base | - w.writesField(base, f, pred) and - succ = base - ) + exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred)) } } @@ -236,10 +238,7 @@ private module BoolToGorillaSessionOptionsTrackingConfig implements DataFlow::Co sl = succ.asExpr() ) or - exists(GorillaSessionOptionsField f, DataFlow::Write w, DataFlow::Node base | - w.writesField(base, f, pred) and - succ = base - ) + exists(GorillaSessionOptionsField f, DataFlow::Write w | w.writesField(succ, f, pred)) } } diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index 05abe7bf8e47..aa4bccb45995 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -22,8 +22,12 @@ module ServerSideRequestForgery { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(v.getAUse(), f, node1) and node2 = v.getAUse() + exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | + f.hasQualifiedName("net/url", "URL", "Host") + | + w.writesField(base, f, node1) and + [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + node2 = v.getAUse() ) } diff --git a/go/ql/test/example-tests/snippets/typeinfo.expected b/go/ql/test/example-tests/snippets/typeinfo.expected index 728a1dfc6f7e..91ea716693f0 100644 --- a/go/ql/test/example-tests/snippets/typeinfo.expected +++ b/go/ql/test/example-tests/snippets/typeinfo.expected @@ -5,3 +5,4 @@ | main.go:18:12:18:14 | argument corresponding to req | | main.go:18:12:18:14 | definition of req | | main.go:20:5:20:7 | req | +| main.go:20:5:20:7 | req [postupdate] | diff --git a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected index 7e8c64062116..355c0a62b1b7 100644 --- a/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected +++ b/go/ql/test/experimental/CWE-1004/CookieWithoutHttpOnly.expected @@ -154,51 +154,46 @@ edges | CookieWithoutHttpOnly.go:133:14:133:18 | false | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:134:16:134:20 | store | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:142:2:142:8 | session | provenance | | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:137:20:140:2 | &... | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | CookieWithoutHttpOnly.go:137:20:140:2 | &... | provenance | | | CookieWithoutHttpOnly.go:139:13:139:20 | httpOnly | CookieWithoutHttpOnly.go:137:21:140:2 | struct literal | provenance | Config | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:146:16:146:20 | store | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:149:2:149:8 | session | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:153:2:153:8 | session | provenance | | -| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session | provenance | Config | +| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:149:20:151:2 | &... | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | CookieWithoutHttpOnly.go:149:20:151:2 | &... | provenance | | | CookieWithoutHttpOnly.go:157:2:157:9 | definition of httpOnly | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:157:14:157:17 | true | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:158:16:158:20 | store | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:166:2:166:8 | session | provenance | | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:161:20:164:2 | &... | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | CookieWithoutHttpOnly.go:161:20:164:2 | &... | provenance | | | CookieWithoutHttpOnly.go:163:13:163:20 | httpOnly | CookieWithoutHttpOnly.go:161:21:164:2 | struct literal | provenance | Config | @@ -206,20 +201,18 @@ edges | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | provenance | | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:170:16:170:20 | store | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | provenance | Config | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | CookieWithoutHttpOnly.go:178:2:178:8 | session | provenance | | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | -| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config | +| CookieWithoutHttpOnly.go:173:20:176:2 | &... | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | provenance | Config | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | CookieWithoutHttpOnly.go:173:20:176:2 | &... | provenance | | | CookieWithoutHttpOnly.go:175:13:175:20 | httpOnly | CookieWithoutHttpOnly.go:173:21:176:2 | struct literal | provenance | Config | @@ -356,10 +349,10 @@ nodes | CookieWithoutHttpOnly.go:133:14:133:18 | false | semmle.label | false | | CookieWithoutHttpOnly.go:134:2:134:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:134:16:134:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:137:2:137:8 | session | semmle.label | session | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] | semmle.label | session [postupdate] | | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:137:2:137:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:137:20:140:2 | &... | semmle.label | &... | @@ -372,8 +365,8 @@ nodes | CookieWithoutHttpOnly.go:142:2:142:8 | session | semmle.label | session | | CookieWithoutHttpOnly.go:146:2:146:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:146:16:146:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:149:2:149:8 | session | semmle.label | session | +| CookieWithoutHttpOnly.go:149:2:149:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] | semmle.label | session [postupdate] | | CookieWithoutHttpOnly.go:149:2:149:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:149:20:151:2 | &... | semmle.label | &... | | CookieWithoutHttpOnly.go:149:21:151:2 | struct literal | semmle.label | struct literal | @@ -383,10 +376,10 @@ nodes | CookieWithoutHttpOnly.go:157:14:157:17 | true | semmle.label | true | | CookieWithoutHttpOnly.go:158:2:158:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:158:16:158:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:161:2:161:8 | session | semmle.label | session | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] | semmle.label | session [postupdate] | | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:161:2:161:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:161:20:164:2 | &... | semmle.label | &... | @@ -401,10 +394,10 @@ nodes | CookieWithoutHttpOnly.go:169:56:169:63 | definition of httpOnly | semmle.label | definition of httpOnly | | CookieWithoutHttpOnly.go:170:2:170:43 | ... := ...[0] | semmle.label | ... := ...[0] | | CookieWithoutHttpOnly.go:170:16:170:20 | store | semmle.label | store | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference | semmle.label | implicit dereference | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | -| CookieWithoutHttpOnly.go:173:2:173:8 | session | semmle.label | session | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] | +| CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] | semmle.label | session [postupdate] | | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:173:2:173:8 | session [postupdate] [pointer] | semmle.label | session [postupdate] [pointer] | | CookieWithoutHttpOnly.go:173:20:176:2 | &... | semmle.label | &... | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected index cf8a278a9030..fcbb78716a46 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalFlowStep.expected @@ -85,12 +85,15 @@ | main.go:26:11:26:11 | x | main.go:26:2:26:17 | ... := ...[0] | | main.go:38:2:38:2 | definition of s | main.go:39:15:39:15 | s | | main.go:38:7:38:20 | slice literal | main.go:38:2:38:2 | definition of s | +| main.go:38:7:38:20 | slice literal [postupdate] | main.go:38:2:38:2 | definition of s | | main.go:39:2:39:3 | definition of s1 | main.go:40:18:40:19 | s1 | | main.go:39:8:39:25 | call to append | main.go:39:2:39:3 | definition of s1 | | main.go:39:15:39:15 | s | main.go:40:15:40:15 | s | +| main.go:39:15:39:15 | s [postupdate] | main.go:40:15:40:15 | s | | main.go:40:2:40:3 | definition of s2 | main.go:43:9:43:10 | s2 | | main.go:40:8:40:23 | call to append | main.go:40:2:40:3 | definition of s2 | | main.go:40:15:40:15 | s | main.go:42:7:42:7 | s | +| main.go:40:15:40:15 | s [postupdate] | main.go:42:7:42:7 | s | | main.go:41:2:41:3 | definition of s4 | main.go:42:10:42:11 | s4 | | main.go:41:8:41:21 | call to make | main.go:41:2:41:3 | definition of s4 | | main.go:46:13:46:14 | argument corresponding to xs | main.go:46:13:46:14 | definition of xs | @@ -114,6 +117,7 @@ | main.go:55:6:55:7 | definition of ch | main.go:56:2:56:3 | ch | | main.go:55:6:55:7 | zero value for ch | main.go:55:6:55:7 | definition of ch | | main.go:56:2:56:3 | ch | main.go:57:4:57:5 | ch | +| main.go:56:2:56:3 | ch [postupdate] | main.go:57:4:57:5 | ch | | main.go:61:2:61:2 | definition of x | main.go:64:11:64:11 | x | | main.go:61:7:61:7 | 1 | main.go:61:2:61:2 | definition of x | | main.go:62:2:62:2 | definition of y | main.go:64:14:64:14 | y | @@ -165,30 +169,41 @@ | url.go:27:2:27:2 | definition of u | url.go:28:14:28:14 | u | | url.go:27:2:27:30 | ... = ...[0] | url.go:27:2:27:2 | definition of u | | url.go:28:14:28:14 | u | url.go:29:14:29:14 | u | +| url.go:28:14:28:14 | u [postupdate] | url.go:29:14:29:14 | u | | url.go:29:14:29:14 | u | url.go:30:11:30:11 | u | +| url.go:29:14:29:14 | u [postupdate] | url.go:30:11:30:11 | u | | url.go:30:2:30:3 | definition of bs | url.go:31:14:31:15 | bs | | url.go:30:2:30:27 | ... := ...[0] | url.go:30:2:30:3 | definition of bs | | url.go:30:11:30:11 | u | url.go:32:9:32:9 | u | +| url.go:30:11:30:11 | u [postupdate] | url.go:32:9:32:9 | u | | url.go:32:2:32:2 | definition of u | url.go:33:14:33:14 | u | | url.go:32:2:32:23 | ... = ...[0] | url.go:32:2:32:2 | definition of u | | url.go:33:14:33:14 | u | url.go:34:14:34:14 | u | +| url.go:33:14:33:14 | u [postupdate] | url.go:34:14:34:14 | u | | url.go:34:14:34:14 | u | url.go:35:14:35:14 | u | +| url.go:34:14:34:14 | u [postupdate] | url.go:35:14:35:14 | u | | url.go:35:14:35:14 | u | url.go:36:6:36:6 | u | +| url.go:35:14:35:14 | u [postupdate] | url.go:36:6:36:6 | u | | url.go:36:2:36:2 | definition of u | url.go:37:9:37:9 | u | | url.go:36:6:36:6 | u | url.go:36:25:36:25 | u | +| url.go:36:6:36:6 | u [postupdate] | url.go:36:25:36:25 | u | | url.go:36:6:36:26 | call to ResolveReference | url.go:36:2:36:2 | definition of u | | url.go:42:2:42:3 | definition of ui | url.go:43:11:43:12 | ui | | url.go:42:7:42:38 | call to UserPassword | url.go:42:2:42:3 | definition of ui | | url.go:43:2:43:3 | definition of pw | url.go:44:14:44:15 | pw | | url.go:43:2:43:23 | ... := ...[0] | url.go:43:2:43:3 | definition of pw | | url.go:43:11:43:12 | ui | url.go:45:14:45:15 | ui | +| url.go:43:11:43:12 | ui [postupdate] | url.go:45:14:45:15 | ui | | url.go:45:14:45:15 | ui | url.go:46:9:46:10 | ui | +| url.go:45:14:45:15 | ui [postupdate] | url.go:46:9:46:10 | ui | | url.go:49:12:49:12 | argument corresponding to q | url.go:49:12:49:12 | definition of q | | url.go:49:12:49:12 | definition of q | url.go:50:25:50:25 | q | | url.go:50:2:50:2 | definition of v | url.go:51:14:51:14 | v | | url.go:50:2:50:26 | ... := ...[0] | url.go:50:2:50:2 | definition of v | | url.go:51:14:51:14 | v | url.go:52:14:52:14 | v | +| url.go:51:14:51:14 | v [postupdate] | url.go:52:14:52:14 | v | | url.go:52:14:52:14 | v | url.go:53:9:53:9 | v | +| url.go:52:14:52:14 | v [postupdate] | url.go:53:9:53:9 | v | | url.go:56:12:56:12 | argument corresponding to q | url.go:56:12:56:12 | definition of q | | url.go:56:12:56:12 | definition of q | url.go:57:29:57:29 | q | | url.go:57:2:57:8 | definition of joined1 | url.go:58:38:58:44 | joined1 | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected index 11b73b0915d1..667845624969 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected @@ -1,8 +1,8 @@ | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] | | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] | -| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal [postupdate] | -| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal [postupdate] | -| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal [postupdate] | +| main.go:38:13:38:13 | 1 | main.go:38:7:38:20 | slice literal | +| main.go:38:16:38:16 | 2 | main.go:38:7:38:20 | slice literal | +| main.go:38:19:38:19 | 3 | main.go:38:7:38:20 | slice literal | | main.go:39:8:39:25 | []type{args} | main.go:39:8:39:25 | call to append | | main.go:39:15:39:15 | s | main.go:39:8:39:25 | call to append | | main.go:40:15:40:15 | s | main.go:40:8:40:23 | call to append | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected index a74e39db2f1a..5908aa8d113e 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/PromotedFields/LocalFlowStep.expected @@ -80,105 +80,135 @@ | main.go:7:6:7:9 | function sink | main.go:150:2:150:5 | sink | | main.go:22:2:22:6 | definition of outer | main.go:25:7:25:11 | outer | | main.go:22:11:24:2 | struct literal | main.go:22:2:22:6 | definition of outer | +| main.go:22:11:24:2 | struct literal [postupdate] | main.go:22:2:22:6 | definition of outer | | main.go:25:7:25:11 | outer | main.go:26:7:26:11 | outer | | main.go:26:7:26:11 | outer | main.go:27:7:27:11 | outer | | main.go:27:7:27:11 | outer | main.go:28:7:28:11 | outer | | main.go:30:2:30:7 | definition of outerp | main.go:33:7:33:12 | outerp | | main.go:30:12:32:2 | &... | main.go:30:2:30:7 | definition of outerp | +| main.go:30:12:32:2 | &... [postupdate] | main.go:30:2:30:7 | definition of outerp | | main.go:33:7:33:12 | outerp | main.go:34:7:34:12 | outerp | +| main.go:33:7:33:12 | outerp [postupdate] | main.go:34:7:34:12 | outerp | | main.go:34:7:34:12 | outerp | main.go:35:7:35:12 | outerp | +| main.go:34:7:34:12 | outerp [postupdate] | main.go:35:7:35:12 | outerp | | main.go:35:7:35:12 | outerp | main.go:36:7:36:12 | outerp | +| main.go:35:7:35:12 | outerp [postupdate] | main.go:36:7:36:12 | outerp | | main.go:40:2:40:6 | definition of outer | main.go:41:7:41:11 | outer | | main.go:40:11:40:40 | struct literal | main.go:40:2:40:6 | definition of outer | +| main.go:40:11:40:40 | struct literal [postupdate] | main.go:40:2:40:6 | definition of outer | | main.go:41:7:41:11 | outer | main.go:42:7:42:11 | outer | | main.go:42:7:42:11 | outer | main.go:43:7:43:11 | outer | | main.go:43:7:43:11 | outer | main.go:44:7:44:11 | outer | | main.go:46:2:46:7 | definition of outerp | main.go:47:7:47:12 | outerp | | main.go:46:12:46:42 | &... | main.go:46:2:46:7 | definition of outerp | +| main.go:46:12:46:42 | &... [postupdate] | main.go:46:2:46:7 | definition of outerp | | main.go:47:7:47:12 | outerp | main.go:48:7:48:12 | outerp | +| main.go:47:7:47:12 | outerp [postupdate] | main.go:48:7:48:12 | outerp | | main.go:48:7:48:12 | outerp | main.go:49:7:49:12 | outerp | +| main.go:48:7:48:12 | outerp [postupdate] | main.go:49:7:49:12 | outerp | | main.go:49:7:49:12 | outerp | main.go:50:7:50:12 | outerp | +| main.go:49:7:49:12 | outerp [postupdate] | main.go:50:7:50:12 | outerp | | main.go:54:2:54:6 | definition of inner | main.go:55:19:55:23 | inner | | main.go:54:11:54:25 | struct literal | main.go:54:2:54:6 | definition of inner | +| main.go:54:11:54:25 | struct literal [postupdate] | main.go:54:2:54:6 | definition of inner | | main.go:55:2:55:7 | definition of middle | main.go:56:17:56:22 | middle | | main.go:55:12:55:24 | struct literal | main.go:55:2:55:7 | definition of middle | +| main.go:55:12:55:24 | struct literal [postupdate] | main.go:55:2:55:7 | definition of middle | | main.go:56:2:56:6 | definition of outer | main.go:57:7:57:11 | outer | | main.go:56:11:56:23 | struct literal | main.go:56:2:56:6 | definition of outer | +| main.go:56:11:56:23 | struct literal [postupdate] | main.go:56:2:56:6 | definition of outer | | main.go:57:7:57:11 | outer | main.go:58:7:58:11 | outer | | main.go:58:7:58:11 | outer | main.go:59:7:59:11 | outer | | main.go:59:7:59:11 | outer | main.go:60:7:60:11 | outer | | main.go:62:2:62:7 | definition of innerp | main.go:63:20:63:25 | innerp | | main.go:62:12:62:26 | struct literal | main.go:62:2:62:7 | definition of innerp | +| main.go:62:12:62:26 | struct literal [postupdate] | main.go:62:2:62:7 | definition of innerp | | main.go:63:2:63:8 | definition of middlep | main.go:64:18:64:24 | middlep | | main.go:63:13:63:26 | struct literal | main.go:63:2:63:8 | definition of middlep | +| main.go:63:13:63:26 | struct literal [postupdate] | main.go:63:2:63:8 | definition of middlep | | main.go:64:2:64:7 | definition of outerp | main.go:65:7:65:12 | outerp | | main.go:64:12:64:25 | struct literal | main.go:64:2:64:7 | definition of outerp | +| main.go:64:12:64:25 | struct literal [postupdate] | main.go:64:2:64:7 | definition of outerp | | main.go:65:7:65:12 | outerp | main.go:66:7:66:12 | outerp | | main.go:66:7:66:12 | outerp | main.go:67:7:67:12 | outerp | | main.go:67:7:67:12 | outerp | main.go:68:7:68:12 | outerp | | main.go:72:2:72:6 | definition of inner | main.go:73:26:73:30 | inner | | main.go:72:11:72:25 | struct literal | main.go:72:2:72:6 | definition of inner | +| main.go:72:11:72:25 | struct literal [postupdate] | main.go:72:2:72:6 | definition of inner | | main.go:73:2:73:7 | definition of middle | main.go:74:25:74:30 | middle | | main.go:73:12:73:31 | struct literal | main.go:73:2:73:7 | definition of middle | +| main.go:73:12:73:31 | struct literal [postupdate] | main.go:73:2:73:7 | definition of middle | | main.go:74:2:74:6 | definition of outer | main.go:75:7:75:11 | outer | | main.go:74:11:74:31 | struct literal | main.go:74:2:74:6 | definition of outer | +| main.go:74:11:74:31 | struct literal [postupdate] | main.go:74:2:74:6 | definition of outer | | main.go:75:7:75:11 | outer | main.go:76:7:76:11 | outer | | main.go:76:7:76:11 | outer | main.go:77:7:77:11 | outer | | main.go:77:7:77:11 | outer | main.go:78:7:78:11 | outer | | main.go:80:2:80:7 | definition of innerp | main.go:81:27:81:32 | innerp | | main.go:80:12:80:26 | struct literal | main.go:80:2:80:7 | definition of innerp | +| main.go:80:12:80:26 | struct literal [postupdate] | main.go:80:2:80:7 | definition of innerp | | main.go:81:2:81:8 | definition of middlep | main.go:82:26:82:32 | middlep | | main.go:81:13:81:33 | struct literal | main.go:81:2:81:8 | definition of middlep | +| main.go:81:13:81:33 | struct literal [postupdate] | main.go:81:2:81:8 | definition of middlep | | main.go:82:2:82:7 | definition of outerp | main.go:83:7:83:12 | outerp | | main.go:82:12:82:33 | struct literal | main.go:82:2:82:7 | definition of outerp | +| main.go:82:12:82:33 | struct literal [postupdate] | main.go:82:2:82:7 | definition of outerp | | main.go:83:7:83:12 | outerp | main.go:84:7:84:12 | outerp | | main.go:84:7:84:12 | outerp | main.go:85:7:85:12 | outerp | | main.go:85:7:85:12 | outerp | main.go:86:7:86:12 | outerp | | main.go:90:6:90:10 | definition of outer | main.go:91:2:91:6 | outer | | main.go:90:6:90:10 | zero value for outer | main.go:90:6:90:10 | definition of outer | | main.go:91:2:91:6 | outer | main.go:92:7:92:11 | outer | +| main.go:91:2:91:6 | outer [postupdate] | main.go:92:7:92:11 | outer | | main.go:92:7:92:11 | outer | main.go:93:7:93:11 | outer | | main.go:93:7:93:11 | outer | main.go:94:7:94:11 | outer | | main.go:94:7:94:11 | outer | main.go:95:7:95:11 | outer | | main.go:97:6:97:11 | definition of outerp | main.go:98:2:98:7 | outerp | | main.go:97:6:97:11 | zero value for outerp | main.go:97:6:97:11 | definition of outerp | | main.go:98:2:98:7 | outerp | main.go:99:7:99:12 | outerp | +| main.go:98:2:98:7 | outerp [postupdate] | main.go:99:7:99:12 | outerp | | main.go:99:7:99:12 | outerp | main.go:100:7:100:12 | outerp | | main.go:100:7:100:12 | outerp | main.go:101:7:101:12 | outerp | | main.go:101:7:101:12 | outerp | main.go:102:7:102:12 | outerp | | main.go:106:6:106:10 | definition of outer | main.go:107:2:107:6 | outer | | main.go:106:6:106:10 | zero value for outer | main.go:106:6:106:10 | definition of outer | | main.go:107:2:107:6 | outer | main.go:108:7:108:11 | outer | +| main.go:107:2:107:6 | outer [postupdate] | main.go:108:7:108:11 | outer | | main.go:108:7:108:11 | outer | main.go:109:7:109:11 | outer | | main.go:109:7:109:11 | outer | main.go:110:7:110:11 | outer | | main.go:110:7:110:11 | outer | main.go:111:7:111:11 | outer | | main.go:113:6:113:11 | definition of outerp | main.go:114:2:114:7 | outerp | | main.go:113:6:113:11 | zero value for outerp | main.go:113:6:113:11 | definition of outerp | | main.go:114:2:114:7 | outerp | main.go:115:7:115:12 | outerp | +| main.go:114:2:114:7 | outerp [postupdate] | main.go:115:7:115:12 | outerp | | main.go:115:7:115:12 | outerp | main.go:116:7:116:12 | outerp | | main.go:116:7:116:12 | outerp | main.go:117:7:117:12 | outerp | | main.go:117:7:117:12 | outerp | main.go:118:7:118:12 | outerp | | main.go:122:6:122:10 | definition of outer | main.go:123:2:123:6 | outer | | main.go:122:6:122:10 | zero value for outer | main.go:122:6:122:10 | definition of outer | | main.go:123:2:123:6 | outer | main.go:124:7:124:11 | outer | +| main.go:123:2:123:6 | outer [postupdate] | main.go:124:7:124:11 | outer | | main.go:124:7:124:11 | outer | main.go:125:7:125:11 | outer | | main.go:125:7:125:11 | outer | main.go:126:7:126:11 | outer | | main.go:126:7:126:11 | outer | main.go:127:7:127:11 | outer | | main.go:129:6:129:11 | definition of outerp | main.go:130:2:130:7 | outerp | | main.go:129:6:129:11 | zero value for outerp | main.go:129:6:129:11 | definition of outerp | | main.go:130:2:130:7 | outerp | main.go:131:7:131:12 | outerp | +| main.go:130:2:130:7 | outerp [postupdate] | main.go:131:7:131:12 | outerp | | main.go:131:7:131:12 | outerp | main.go:132:7:132:12 | outerp | | main.go:132:7:132:12 | outerp | main.go:133:7:133:12 | outerp | | main.go:133:7:133:12 | outerp | main.go:134:7:134:12 | outerp | | main.go:138:6:138:10 | definition of outer | main.go:139:2:139:6 | outer | | main.go:138:6:138:10 | zero value for outer | main.go:138:6:138:10 | definition of outer | | main.go:139:2:139:6 | outer | main.go:140:7:140:11 | outer | +| main.go:139:2:139:6 | outer [postupdate] | main.go:140:7:140:11 | outer | | main.go:140:7:140:11 | outer | main.go:141:7:141:11 | outer | | main.go:141:7:141:11 | outer | main.go:142:7:142:11 | outer | | main.go:142:7:142:11 | outer | main.go:143:7:143:11 | outer | | main.go:145:6:145:11 | definition of outerp | main.go:146:2:146:7 | outerp | | main.go:145:6:145:11 | zero value for outerp | main.go:145:6:145:11 | definition of outerp | | main.go:146:2:146:7 | outerp | main.go:147:7:147:12 | outerp | +| main.go:146:2:146:7 | outerp [postupdate] | main.go:147:7:147:12 | outerp | | main.go:147:7:147:12 | outerp | main.go:148:7:148:12 | outerp | | main.go:148:7:148:12 | outerp | main.go:149:7:149:12 | outerp | | main.go:149:7:149:12 | outerp | main.go:150:7:150:12 | outerp | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected index 77bb562d3f5c..44792aa3d299 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesElement.expected @@ -1,3 +1,3 @@ -| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression | -| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | -| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | +| tst.go:19:2:19:6 | assignment to element | tst.go:19:2:19:3 | xs [postupdate] | tst.go:19:5:19:5 | 0 | tst.go:19:10:19:14 | index expression | +| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | implicit dereference [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | +| tst.go:20:2:20:6 | assignment to element | tst.go:20:2:20:3 | ps [postupdate] | tst.go:20:5:20:5 | 0 | tst.go:20:10:20:14 | index expression | diff --git a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected index 8e71670f8c11..7862b2d61b3d 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected +++ b/go/ql/test/library-tests/semmle/go/dataflow/ReadsAndWrites/writesField.expected @@ -1,3 +1,3 @@ -| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | -| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | -| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... | +| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | implicit dereference [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | +| tst.go:8:2:8:4 | assignment to field f | tst.go:8:2:8:2 | t [postupdate] | tst.go:4:2:4:2 | f | tst.go:8:8:8:14 | ...+... | +| tst.go:17:2:17:4 | assignment to field f | tst.go:17:2:17:2 | x [postupdate] | tst.go:4:2:4:2 | f | tst.go:17:8:17:14 | ...+... | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected index 99b33b4a7809..070800dab637 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected @@ -1,5 +1,8 @@ | mail.go:15:73:15:94 | type conversion | | mail.go:18:19:18:23 | definition of write | +| mail.go:18:19:18:38 | ... := ...[0] | +| mail.go:20:17:20:21 | write | +| mail.go:20:17:20:21 | write [postupdate] | | mail.go:26:49:26:52 | text | | mail.go:26:76:26:79 | text | | mail.go:27:20:27:23 | text | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected index 8e113c12ef73..703066d64494 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/LogInjection.expected @@ -1,26 +1,8 @@ edges -| main.go:18:46:18:48 | definition of req | main.go:18:46:18:48 | definition of req [Return] | provenance | | | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | | -| main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | provenance | | -| main.go:18:46:18:48 | definition of req [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | proto/Hello.pb.micro.go:86:37:86:38 | in | provenance | | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | main.go:18:46:18:48 | definition of req | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | -| proto/Hello.pb.micro.go:86:37:86:38 | in | proto/Hello.pb.micro.go:85:53:85:54 | definition of in | provenance | | nodes | main.go:18:46:18:48 | definition of req | semmle.label | definition of req | -| main.go:18:46:18:48 | definition of req | semmle.label | definition of req | -| main.go:18:46:18:48 | definition of req [Return] | semmle.label | definition of req [Return] | | main.go:21:28:21:31 | name | semmle.label | name | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in | semmle.label | definition of in | -| proto/Hello.pb.micro.go:85:53:85:54 | definition of in [Return] | semmle.label | definition of in [Return] | -| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in | -| proto/Hello.pb.micro.go:86:37:86:38 | in | semmle.label | in | subpaths #select | main.go:21:28:21:31 | name | main.go:18:46:18:48 | definition of req | main.go:21:28:21:31 | name | This log entry depends on a $@. | main.go:18:46:18:48 | definition of req | user-provided value | diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index 8209afc7b50e..3bccd586d749 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -86,16 +86,16 @@ invalidModelRow | main.go:13:33:13:33 | v | main.go:13:2:13:52 | ... := ...[0] | | main.go:13:36:13:45 | "/*JSON*/" | main.go:13:2:13:52 | ... := ...[0] | | main.go:13:48:13:51 | " " | main.go:13:2:13:52 | ... := ...[0] | -| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal [postupdate] | -| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal [postupdate] | -| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal [postupdate] | -| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal [postupdate] | +| main.go:14:25:14:25 | b | main.go:14:9:14:41 | slice literal | +| main.go:14:28:14:30 | err | main.go:14:9:14:41 | slice literal | +| main.go:14:33:14:34 | b2 | main.go:14:9:14:41 | slice literal | +| main.go:14:37:14:40 | err2 | main.go:14:9:14:41 | slice literal | | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[0] | | main.go:19:18:19:42 | call to DecodeString | main.go:19:2:19:42 | ... := ...[1] | | main.go:19:35:19:41 | encoded | main.go:19:2:19:42 | ... := ...[0] | -| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal [postupdate] | -| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal [postupdate] | -| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal [postupdate] | +| main.go:23:25:23:31 | decoded | main.go:23:9:23:48 | slice literal | +| main.go:23:34:23:36 | err | main.go:23:9:23:48 | slice literal | +| main.go:23:39:23:47 | reEncoded | main.go:23:9:23:48 | slice literal | | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:4 | req [postupdate] | | main.go:28:2:28:4 | implicit dereference | main.go:28:2:28:9 | selection of Body | | main.go:28:2:28:4 | req | main.go:28:2:28:4 | implicit dereference | diff --git a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected index 22dec49d4845..78dde84a9475 100644 --- a/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-078/CommandInjection.expected @@ -56,8 +56,8 @@ edges | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | SanitizingDoubleDash.go:80:23:80:29 | tainted | provenance | Config | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | SanitizingDoubleDash.go:9:13:9:27 | call to Query | provenance | Src:MaD:2 MaD:7 | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | provenance | | -| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:13:25:13:31 | tainted | SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | provenance | | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | SanitizingDoubleDash.go:14:23:14:33 | slice element node | provenance | | | SanitizingDoubleDash.go:14:23:14:33 | slice element node | SanitizingDoubleDash.go:14:23:14:33 | slice expression | provenance | | | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | SanitizingDoubleDash.go:39:14:39:44 | call to append | provenance | MaD:5 | @@ -65,8 +65,8 @@ edges | SanitizingDoubleDash.go:39:14:39:44 | call to append | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:39:31:39:37 | tainted | SanitizingDoubleDash.go:39:14:39:44 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | SanitizingDoubleDash.go:53:21:53:28 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:52:24:52:30 | tainted | SanitizingDoubleDash.go:53:21:53:28 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | SanitizingDoubleDash.go:54:23:54:30 | arrayLit | provenance | | @@ -99,16 +99,16 @@ edges | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:142:31:142:37 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:148:30:148:36 | tainted | provenance | | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | SanitizingDoubleDash.go:152:24:152:30 | tainted | provenance | | -| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:95:25:95:31 | tainted | SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | provenance | | | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | SanitizingDoubleDash.go:96:24:96:34 | slice element node | provenance | | | SanitizingDoubleDash.go:96:24:96:34 | slice element node | SanitizingDoubleDash.go:96:24:96:34 | slice expression | provenance | | -| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:100:31:100:37 | tainted | SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | provenance | | | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | SanitizingDoubleDash.go:101:24:101:34 | slice element node | provenance | | | SanitizingDoubleDash.go:101:24:101:34 | slice element node | SanitizingDoubleDash.go:101:24:101:34 | slice expression | provenance | | -| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | -| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | provenance | | +| SanitizingDoubleDash.go:105:30:105:36 | tainted | SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append | provenance | MaD:5 | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | SanitizingDoubleDash.go:111:14:111:44 | call to append [array] | provenance | MaD:5 | | SanitizingDoubleDash.go:111:14:111:44 | call to append | SanitizingDoubleDash.go:112:24:112:31 | arrayLit | provenance | | @@ -124,8 +124,8 @@ edges | SanitizingDoubleDash.go:123:14:123:38 | call to append | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:123:31:123:37 | tainted | SanitizingDoubleDash.go:123:14:123:38 | []type{args} [array] | provenance | | -| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance | | -| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | provenance | | +| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | SanitizingDoubleDash.go:129:21:129:28 | arrayLit [array] | provenance | | +| SanitizingDoubleDash.go:128:24:128:30 | tainted | SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | SanitizingDoubleDash.go:130:24:130:31 | arrayLit | provenance | | | SanitizingDoubleDash.go:129:21:129:28 | arrayLit | SanitizingDoubleDash.go:129:14:129:35 | call to append | provenance | MaD:4 | @@ -184,7 +184,7 @@ nodes | SanitizingDoubleDash.go:9:2:9:8 | definition of tainted | semmle.label | definition of tainted | | SanitizingDoubleDash.go:9:13:9:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:9:13:9:27 | call to Query | semmle.label | call to Query | -| SanitizingDoubleDash.go:13:15:13:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | +| SanitizingDoubleDash.go:13:15:13:32 | array literal [array] | semmle.label | array literal [array] | | SanitizingDoubleDash.go:13:25:13:31 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:14:23:14:30 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:14:23:14:33 | slice element node | semmle.label | slice element node | @@ -194,7 +194,7 @@ nodes | SanitizingDoubleDash.go:39:14:39:44 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:39:31:39:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:40:23:40:30 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:52:15:52:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | +| SanitizingDoubleDash.go:52:15:52:31 | slice literal [array] | semmle.label | slice literal [array] | | SanitizingDoubleDash.go:52:24:52:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:53:14:53:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:53:14:53:35 | call to append [array] | semmle.label | call to append [array] | @@ -213,17 +213,17 @@ nodes | SanitizingDoubleDash.go:80:23:80:29 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:92:13:92:19 | selection of URL | semmle.label | selection of URL | | SanitizingDoubleDash.go:92:13:92:27 | call to Query | semmle.label | call to Query | -| SanitizingDoubleDash.go:95:15:95:32 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | +| SanitizingDoubleDash.go:95:15:95:32 | array literal [array] | semmle.label | array literal [array] | | SanitizingDoubleDash.go:95:25:95:31 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:96:24:96:31 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:96:24:96:34 | slice element node | semmle.label | slice element node | | SanitizingDoubleDash.go:96:24:96:34 | slice expression | semmle.label | slice expression | -| SanitizingDoubleDash.go:100:15:100:38 | array literal [postupdate] [array] | semmle.label | array literal [postupdate] [array] | +| SanitizingDoubleDash.go:100:15:100:38 | array literal [array] | semmle.label | array literal [array] | | SanitizingDoubleDash.go:100:31:100:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:101:24:101:31 | arrayLit [array] | semmle.label | arrayLit [array] | | SanitizingDoubleDash.go:101:24:101:34 | slice element node | semmle.label | slice element node | | SanitizingDoubleDash.go:101:24:101:34 | slice expression | semmle.label | slice expression | -| SanitizingDoubleDash.go:105:15:105:37 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | +| SanitizingDoubleDash.go:105:15:105:37 | slice literal [array] | semmle.label | slice literal [array] | | SanitizingDoubleDash.go:105:30:105:36 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:106:24:106:31 | arrayLit | semmle.label | arrayLit | | SanitizingDoubleDash.go:111:14:111:44 | []type{args} [array] | semmle.label | []type{args} [array] | @@ -241,7 +241,7 @@ nodes | SanitizingDoubleDash.go:123:14:123:38 | call to append [array] | semmle.label | call to append [array] | | SanitizingDoubleDash.go:123:31:123:37 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:124:24:124:31 | arrayLit | semmle.label | arrayLit | -| SanitizingDoubleDash.go:128:15:128:31 | slice literal [postupdate] [array] | semmle.label | slice literal [postupdate] [array] | +| SanitizingDoubleDash.go:128:15:128:31 | slice literal [array] | semmle.label | slice literal [array] | | SanitizingDoubleDash.go:128:24:128:30 | tainted | semmle.label | tainted | | SanitizingDoubleDash.go:129:14:129:35 | call to append | semmle.label | call to append | | SanitizingDoubleDash.go:129:14:129:35 | call to append [array] | semmle.label | call to append [array] | diff --git a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected index 542f1b5b89c2..e8c6848b5695 100644 --- a/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-089/SqlInjection.expected @@ -33,24 +33,24 @@ edges | SqlInjection.go:11:3:11:29 | index expression | SqlInjection.go:10:7:11:30 | call to Sprintf | provenance | FunctionModel | | issue48.go:17:2:17:33 | ... := ...[0] | issue48.go:18:17:18:17 | b | provenance | | | issue48.go:17:25:17:32 | selection of Body | issue48.go:17:2:17:33 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | -| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... | provenance | MaD:22 | -| issue48.go:18:20:18:39 | &... | issue48.go:21:3:21:33 | index expression | provenance | | +| issue48.go:18:17:18:17 | b | issue48.go:18:20:18:39 | &... [postupdate] | provenance | MaD:22 | +| issue48.go:18:20:18:39 | &... [postupdate] | issue48.go:21:3:21:33 | index expression | provenance | | | issue48.go:20:8:21:34 | []type{args} [array] | issue48.go:20:8:21:34 | call to Sprintf | provenance | MaD:23 | | issue48.go:20:8:21:34 | call to Sprintf | issue48.go:22:11:22:12 | q3 | provenance | Sink:MaD:1 | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | []type{args} [array] | provenance | | | issue48.go:21:3:21:33 | index expression | issue48.go:20:8:21:34 | call to Sprintf | provenance | FunctionModel | | issue48.go:27:2:27:34 | ... := ...[0] | issue48.go:28:17:28:18 | b2 | provenance | | | issue48.go:27:26:27:33 | selection of Body | issue48.go:27:2:27:34 | ... := ...[0] | provenance | Src:MaD:17 MaD:24 | -| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... | provenance | MaD:22 | -| issue48.go:28:21:28:41 | &... | issue48.go:31:3:31:31 | selection of Category | provenance | | +| issue48.go:28:17:28:18 | b2 | issue48.go:28:21:28:41 | &... [postupdate] | provenance | MaD:22 | +| issue48.go:28:21:28:41 | &... [postupdate] | issue48.go:31:3:31:31 | selection of Category | provenance | | | issue48.go:30:8:31:32 | []type{args} [array] | issue48.go:30:8:31:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:30:8:31:32 | call to Sprintf | issue48.go:32:11:32:12 | q4 | provenance | Sink:MaD:1 | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | []type{args} [array] | provenance | | | issue48.go:31:3:31:31 | selection of Category | issue48.go:30:8:31:32 | call to Sprintf | provenance | FunctionModel | -| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... | provenance | MaD:22 | +| issue48.go:37:17:37:50 | type conversion | issue48.go:37:53:37:73 | &... [postupdate] | provenance | MaD:22 | | issue48.go:37:24:37:30 | selection of URL | issue48.go:37:24:37:38 | call to Query | provenance | Src:MaD:21 MaD:26 | | issue48.go:37:24:37:38 | call to Query | issue48.go:37:17:37:50 | type conversion | provenance | | -| issue48.go:37:53:37:73 | &... | issue48.go:40:3:40:31 | selection of Category | provenance | | +| issue48.go:37:53:37:73 | &... [postupdate] | issue48.go:40:3:40:31 | selection of Category | provenance | | | issue48.go:39:8:40:32 | []type{args} [array] | issue48.go:39:8:40:32 | call to Sprintf | provenance | MaD:23 | | issue48.go:39:8:40:32 | call to Sprintf | issue48.go:41:11:41:12 | q5 | provenance | Sink:MaD:1 | | issue48.go:40:3:40:31 | selection of Category | issue48.go:39:8:40:32 | []type{args} [array] | provenance | | @@ -76,39 +76,33 @@ edges | main.go:34:3:34:13 | implicit dereference [Category] | main.go:34:3:34:22 | selection of Category | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | []type{args} [array] | provenance | | | main.go:34:3:34:22 | selection of Category | main.go:33:7:34:23 | call to Sprintf | provenance | FunctionModel | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:40:2:40:12 | RequestData [pointer, Category] | provenance | | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | -| main.go:40:2:40:12 | RequestData [pointer, Category] | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | -| main.go:40:2:40:12 | implicit dereference [Category] | main.go:39:2:39:12 | definition of RequestData [pointer, Category] | provenance | | +| main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | main.go:43:3:43:13 | RequestData [pointer, Category] | provenance | | +| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | provenance | | | main.go:40:25:40:31 | selection of URL | main.go:40:25:40:39 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:40:25:40:39 | call to Query | main.go:40:25:40:51 | index expression | provenance | | -| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [Category] | provenance | | +| main.go:40:25:40:51 | index expression | main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | provenance | | | main.go:42:7:43:23 | []type{args} [array] | main.go:42:7:43:23 | call to Sprintf | provenance | MaD:23 | | main.go:42:7:43:23 | call to Sprintf | main.go:44:11:44:11 | q | provenance | Sink:MaD:1 | | main.go:43:3:43:13 | RequestData [pointer, Category] | main.go:43:3:43:13 | implicit dereference [Category] | provenance | | | main.go:43:3:43:13 | implicit dereference [Category] | main.go:43:3:43:22 | selection of Category | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | []type{args} [array] | provenance | | | main.go:43:3:43:22 | selection of Category | main.go:42:7:43:23 | call to Sprintf | provenance | FunctionModel | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:49:4:49:14 | RequestData [pointer, Category] | provenance | | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | -| main.go:49:3:49:14 | star expression [Category] | main.go:48:2:48:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:49:4:49:14 | RequestData [pointer, Category] | main.go:49:3:49:14 | star expression [Category] | provenance | | +| main.go:49:3:49:14 | star expression [postupdate] [Category] | main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | provenance | | +| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | main.go:52:3:52:13 | RequestData [pointer, Category] | provenance | | | main.go:49:28:49:34 | selection of URL | main.go:49:28:49:42 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:49:28:49:42 | call to Query | main.go:49:28:49:54 | index expression | provenance | | -| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [Category] | provenance | | +| main.go:49:28:49:54 | index expression | main.go:49:3:49:14 | star expression [postupdate] [Category] | provenance | | | main.go:51:7:52:23 | []type{args} [array] | main.go:51:7:52:23 | call to Sprintf | provenance | MaD:23 | | main.go:51:7:52:23 | call to Sprintf | main.go:53:11:53:11 | q | provenance | Sink:MaD:1 | | main.go:52:3:52:13 | RequestData [pointer, Category] | main.go:52:3:52:13 | implicit dereference [Category] | provenance | | | main.go:52:3:52:13 | implicit dereference [Category] | main.go:52:3:52:22 | selection of Category | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | []type{args} [array] | provenance | | | main.go:52:3:52:22 | selection of Category | main.go:51:7:52:23 | call to Sprintf | provenance | FunctionModel | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:58:4:58:14 | RequestData [pointer, Category] | provenance | | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | -| main.go:58:3:58:14 | star expression [Category] | main.go:57:2:57:12 | definition of RequestData [pointer, Category] | provenance | | -| main.go:58:4:58:14 | RequestData [pointer, Category] | main.go:58:3:58:14 | star expression [Category] | provenance | | +| main.go:58:3:58:14 | star expression [postupdate] [Category] | main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | provenance | | +| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | main.go:61:5:61:15 | RequestData [pointer, Category] | provenance | | | main.go:58:28:58:34 | selection of URL | main.go:58:28:58:42 | call to Query | provenance | Src:MaD:21 MaD:26 | | main.go:58:28:58:42 | call to Query | main.go:58:28:58:54 | index expression | provenance | | -| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [Category] | provenance | | +| main.go:58:28:58:54 | index expression | main.go:58:3:58:14 | star expression [postupdate] [Category] | provenance | | | main.go:60:7:61:26 | []type{args} [array] | main.go:60:7:61:26 | call to Sprintf | provenance | MaD:23 | | main.go:60:7:61:26 | call to Sprintf | main.go:62:11:62:11 | q | provenance | Sink:MaD:1 | | main.go:61:3:61:25 | selection of Category | main.go:60:7:61:26 | []type{args} [array] | provenance | | @@ -170,7 +164,7 @@ nodes | issue48.go:17:2:17:33 | ... := ...[0] | semmle.label | ... := ...[0] | | issue48.go:17:25:17:32 | selection of Body | semmle.label | selection of Body | | issue48.go:18:17:18:17 | b | semmle.label | b | -| issue48.go:18:20:18:39 | &... | semmle.label | &... | +| issue48.go:18:20:18:39 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:20:8:21:34 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:20:8:21:34 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:21:3:21:33 | index expression | semmle.label | index expression | @@ -178,7 +172,7 @@ nodes | issue48.go:27:2:27:34 | ... := ...[0] | semmle.label | ... := ...[0] | | issue48.go:27:26:27:33 | selection of Body | semmle.label | selection of Body | | issue48.go:28:17:28:18 | b2 | semmle.label | b2 | -| issue48.go:28:21:28:41 | &... | semmle.label | &... | +| issue48.go:28:21:28:41 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:30:8:31:32 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:30:8:31:32 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:31:3:31:31 | selection of Category | semmle.label | selection of Category | @@ -186,7 +180,7 @@ nodes | issue48.go:37:17:37:50 | type conversion | semmle.label | type conversion | | issue48.go:37:24:37:30 | selection of URL | semmle.label | selection of URL | | issue48.go:37:24:37:38 | call to Query | semmle.label | call to Query | -| issue48.go:37:53:37:73 | &... | semmle.label | &... | +| issue48.go:37:53:37:73 | &... [postupdate] | semmle.label | &... [postupdate] | | issue48.go:39:8:40:32 | []type{args} [array] | semmle.label | []type{args} [array] | | issue48.go:39:8:40:32 | call to Sprintf | semmle.label | call to Sprintf | | issue48.go:40:3:40:31 | selection of Category | semmle.label | selection of Category | @@ -213,9 +207,8 @@ nodes | main.go:34:3:34:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:34:3:34:22 | selection of Category | semmle.label | selection of Category | | main.go:35:11:35:11 | q | semmle.label | q | -| main.go:39:2:39:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:40:2:40:12 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | -| main.go:40:2:40:12 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | +| main.go:40:2:40:12 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | +| main.go:40:2:40:12 | implicit dereference [postupdate] [Category] | semmle.label | implicit dereference [postupdate] [Category] | | main.go:40:25:40:31 | selection of URL | semmle.label | selection of URL | | main.go:40:25:40:39 | call to Query | semmle.label | call to Query | | main.go:40:25:40:51 | index expression | semmle.label | index expression | @@ -225,9 +218,8 @@ nodes | main.go:43:3:43:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:43:3:43:22 | selection of Category | semmle.label | selection of Category | | main.go:44:11:44:11 | q | semmle.label | q | -| main.go:48:2:48:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:49:3:49:14 | star expression [Category] | semmle.label | star expression [Category] | -| main.go:49:4:49:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | +| main.go:49:3:49:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] | +| main.go:49:4:49:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | | main.go:49:28:49:34 | selection of URL | semmle.label | selection of URL | | main.go:49:28:49:42 | call to Query | semmle.label | call to Query | | main.go:49:28:49:54 | index expression | semmle.label | index expression | @@ -237,9 +229,8 @@ nodes | main.go:52:3:52:13 | implicit dereference [Category] | semmle.label | implicit dereference [Category] | | main.go:52:3:52:22 | selection of Category | semmle.label | selection of Category | | main.go:53:11:53:11 | q | semmle.label | q | -| main.go:57:2:57:12 | definition of RequestData [pointer, Category] | semmle.label | definition of RequestData [pointer, Category] | -| main.go:58:3:58:14 | star expression [Category] | semmle.label | star expression [Category] | -| main.go:58:4:58:14 | RequestData [pointer, Category] | semmle.label | RequestData [pointer, Category] | +| main.go:58:3:58:14 | star expression [postupdate] [Category] | semmle.label | star expression [postupdate] [Category] | +| main.go:58:4:58:14 | RequestData [postupdate] [pointer, Category] | semmle.label | RequestData [postupdate] [pointer, Category] | | main.go:58:28:58:34 | selection of URL | semmle.label | selection of URL | | main.go:58:28:58:42 | call to Query | semmle.label | call to Query | | main.go:58:28:58:54 | index expression | semmle.label | index expression | diff --git a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go index 027a88b9bb68..3cb5d107a70a 100644 --- a/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go +++ b/go/ql/test/query-tests/Security/CWE-295/DisabledCertificateCheck/main.go @@ -64,9 +64,22 @@ func bad3() *http.Transport { return transport } -func good3() *http.Transport { - insecureTransport := &http.Transport{ - TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // OK +func good3(i int) *http.Transport { + if i == 0 { + insecureTransport := &http.Transport{ + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, // OK + } + return insecureTransport + } else if i == 1 { + temp1 := tls.Config{InsecureSkipVerify: true} + temp2 := &temp1 + selfSignConfig := &http.Transport{TLSClientConfig: temp2} // OK + return selfSignConfig + } else if i == 2 { + temp1 := tls.Config{} + temp1.InsecureSkipVerify = true + untrustedTransport := &http.Transport{TLSClientConfig: &temp1} // OK + return untrustedTransport } - return insecureTransport + return nil } diff --git a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 2b96941ce1a5..f748c7a77738 100644 --- a/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/go/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -187,10 +187,10 @@ edges | passwords.go:30:8:30:15 | password | passwords.go:8:12:8:12 | definition of x | provenance | | | passwords.go:34:28:34:35 | password | passwords.go:34:14:34:35 | ...+... | provenance | Config | | passwords.go:34:28:34:35 | password | passwords.go:42:6:42:13 | password | provenance | | -| passwords.go:36:10:38:2 | struct literal [postupdate] | passwords.go:39:14:39:17 | obj1 | provenance | | -| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal [postupdate] | provenance | Config | -| passwords.go:41:10:43:2 | struct literal [postupdate] | passwords.go:44:14:44:17 | obj2 | provenance | | -| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:36:10:38:2 | struct literal | passwords.go:39:14:39:17 | obj1 | provenance | | +| passwords.go:37:13:37:13 | x | passwords.go:36:10:38:2 | struct literal | provenance | Config | +| passwords.go:41:10:43:2 | struct literal | passwords.go:44:14:44:17 | obj2 | provenance | | +| passwords.go:42:6:42:13 | password | passwords.go:41:10:43:2 | struct literal | provenance | Config | | passwords.go:42:6:42:13 | password | passwords.go:48:11:48:18 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:92:23:92:28 | secret | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:102:33:102:40 | password | provenance | | @@ -198,8 +198,8 @@ edges | passwords.go:48:11:48:18 | password | passwords.go:113:33:113:40 | password | provenance | | | passwords.go:48:11:48:18 | password | passwords.go:123:13:123:20 | password | provenance | | | passwords.go:50:2:50:15 | definition of fixed_password | passwords.go:51:14:51:27 | fixed_password | provenance | | -| passwords.go:86:19:88:2 | struct literal [postupdate] | passwords.go:89:14:89:26 | utilityObject | provenance | | -| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal [postupdate] | provenance | Config | +| passwords.go:86:19:88:2 | struct literal | passwords.go:89:14:89:26 | utilityObject | provenance | | +| passwords.go:87:16:87:36 | call to make | passwords.go:86:19:88:2 | struct literal | provenance | Config | | passwords.go:102:33:102:40 | password | passwords.go:102:15:102:40 | ...+... | provenance | Config | | passwords.go:102:33:102:40 | password | passwords.go:108:34:108:41 | password | provenance | | | passwords.go:102:33:102:40 | password | passwords.go:113:33:113:40 | password | provenance | | @@ -212,14 +212,14 @@ edges | passwords.go:116:6:116:14 | definition of password1 | passwords.go:117:28:117:36 | password1 | provenance | | | passwords.go:117:28:117:36 | password1 | passwords.go:117:28:117:45 | call to String | provenance | Config | | passwords.go:117:28:117:45 | call to String | passwords.go:117:14:117:45 | ...+... | provenance | Config | -| passwords.go:120:12:125:2 | struct literal [postupdate] | passwords.go:127:14:127:19 | config | provenance | | -| passwords.go:120:12:125:2 | struct literal [postupdate] [x] | passwords.go:128:14:128:19 | config [x] | provenance | | -| passwords.go:120:12:125:2 | struct literal [postupdate] [y] | passwords.go:129:14:129:19 | config [y] | provenance | | -| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | -| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | -| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [postupdate] [x] | provenance | | -| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [postupdate] | provenance | Config | -| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [postupdate] [y] | provenance | | +| passwords.go:120:12:125:2 | struct literal | passwords.go:127:14:127:19 | config | provenance | | +| passwords.go:120:12:125:2 | struct literal [x] | passwords.go:128:14:128:19 | config [x] | provenance | | +| passwords.go:120:12:125:2 | struct literal [y] | passwords.go:129:14:129:19 | config [y] | provenance | | +| passwords.go:121:13:121:14 | x3 | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:123:13:123:20 | password | passwords.go:120:12:125:2 | struct literal [x] | provenance | | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal | provenance | Config | +| passwords.go:124:13:124:25 | call to getPassword | passwords.go:120:12:125:2 | struct literal [y] | provenance | | | passwords.go:128:14:128:19 | config [x] | passwords.go:128:14:128:21 | selection of x | provenance | | | passwords.go:129:14:129:19 | config [y] | passwords.go:129:14:129:21 | selection of y | provenance | | | protobuf.go:9:2:9:9 | definition of password | protobuf.go:12:22:12:29 | password | provenance | | @@ -311,16 +311,16 @@ nodes | passwords.go:32:12:32:19 | password | semmle.label | password | | passwords.go:34:14:34:35 | ...+... | semmle.label | ...+... | | passwords.go:34:28:34:35 | password | semmle.label | password | -| passwords.go:36:10:38:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | +| passwords.go:36:10:38:2 | struct literal | semmle.label | struct literal | | passwords.go:37:13:37:13 | x | semmle.label | x | | passwords.go:39:14:39:17 | obj1 | semmle.label | obj1 | -| passwords.go:41:10:43:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | +| passwords.go:41:10:43:2 | struct literal | semmle.label | struct literal | | passwords.go:42:6:42:13 | password | semmle.label | password | | passwords.go:44:14:44:17 | obj2 | semmle.label | obj2 | | passwords.go:48:11:48:18 | password | semmle.label | password | | passwords.go:50:2:50:15 | definition of fixed_password | semmle.label | definition of fixed_password | | passwords.go:51:14:51:27 | fixed_password | semmle.label | fixed_password | -| passwords.go:86:19:88:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | +| passwords.go:86:19:88:2 | struct literal | semmle.label | struct literal | | passwords.go:87:16:87:36 | call to make | semmle.label | call to make | | passwords.go:89:14:89:26 | utilityObject | semmle.label | utilityObject | | passwords.go:92:23:92:28 | secret | semmle.label | secret | @@ -334,9 +334,9 @@ nodes | passwords.go:117:14:117:45 | ...+... | semmle.label | ...+... | | passwords.go:117:28:117:36 | password1 | semmle.label | password1 | | passwords.go:117:28:117:45 | call to String | semmle.label | call to String | -| passwords.go:120:12:125:2 | struct literal [postupdate] | semmle.label | struct literal [postupdate] | -| passwords.go:120:12:125:2 | struct literal [postupdate] [x] | semmle.label | struct literal [postupdate] [x] | -| passwords.go:120:12:125:2 | struct literal [postupdate] [y] | semmle.label | struct literal [postupdate] [y] | +| passwords.go:120:12:125:2 | struct literal | semmle.label | struct literal | +| passwords.go:120:12:125:2 | struct literal [x] | semmle.label | struct literal [x] | +| passwords.go:120:12:125:2 | struct literal [y] | semmle.label | struct literal [y] | | passwords.go:121:13:121:14 | x3 | semmle.label | x3 | | passwords.go:123:13:123:20 | password | semmle.label | password | | passwords.go:124:13:124:25 | call to getPassword | semmle.label | call to getPassword | From 748c53a7919d8668f6d7cdc4446ceb2cb673ab02 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 18 Sep 2025 14:35:43 +0100 Subject: [PATCH 166/307] Refactor: Create `writesFieldOnSsaWithFields` --- go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll | 9 +++++++++ .../go/security/OpenUrlRedirectCustomizations.qll | 5 ++--- go/ql/lib/semmle/go/security/RequestForgery.qll | 7 ++----- go/ql/lib/semmle/go/security/SafeUrlFlow.qll | 7 ++----- go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql | 11 ++--------- go/ql/src/experimental/CWE-918/SSRF.qll | 7 ++----- 6 files changed, 19 insertions(+), 27 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index 58a3ae3d44ea..7d38fbe934db 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -152,6 +152,15 @@ module ControlFlow { ) } + /** + * Holds if this node sets the value of field `f` on `v` to `rhs`. + */ + predicate writesFieldOnSsaWithFields(SsaWithFields v, Field f, DataFlow::Node rhs) { + exists(IR::Instruction insn | this.writesFieldInsn(insn, f, rhs.asInstruction()) | + v.getAUse().asInstruction() = insn + ) + } + private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { exists(IR::FieldTarget trg | trg = super.getLhs() | ( diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 48d027d49faf..6121d716abf5 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -90,10 +90,9 @@ module OpenUrlRedirect { */ class PathAssignmentBarrier extends Barrier, Read { PathAssignmentBarrier() { - exists(Write w, DataFlow::Node base, SsaWithFields var | + exists(Write w, SsaWithFields var | hasHostnameSanitizingSubstring(w.getRhs()) and - w.writesField(base, any(Field f | f.getName() = "Path"), _) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = var.getAUse() and + w.writesFieldOnSsaWithFields(var, any(Field f | f.getName() = "Path"), _) and useIsDominated(var, w, this) ) } diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index 8508d0dda968..9497f5280047 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -27,11 +27,8 @@ module RequestForgery { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // propagate to a URL when its host is assigned to - exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | - f.hasQualifiedName("net/url", "URL", "Host") - | - w.writesField(base, f, pred) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesFieldOnSsaWithFields(v, f, pred) and succ = v.getAUse() ) } diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index e53214955d5e..a1f5ad7051bc 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -23,11 +23,8 @@ module SafeUrlFlow { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | - f.hasQualifiedName("net/url", "URL", "Host") - | - w.writesField(base, f, node1) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesFieldOnSsaWithFields(v, f, node1) and node2 = v.getAUse() ) } diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql index e88b7bf0f956..f7c35b78d876 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql @@ -98,15 +98,8 @@ predicate hostCheckReachesSink(Flow::PathNode sink) { Flow::flowPath(source, otherSink) and Config::writeIsSink(sink.getNode(), sinkWrite) and Config::writeIsSink(otherSink.getNode(), otherSinkWrite) and - exists(DataFlow::Node base1 | - sinkWrite.writesField(base1, _, sink.getNode()) and - [base1, base1.(DataFlow::PostUpdateNode).getPreUpdateNode()] = sinkAccessPath.getAUse() - ) and - exists(DataFlow::Node base2 | - otherSinkWrite.writesField(base2, _, otherSink.getNode()) and - [base2, base2.(DataFlow::PostUpdateNode).getPreUpdateNode()] = - otherSinkAccessPath.getAUse() - ) and + sinkWrite.writesFieldOnSsaWithFields(sinkAccessPath, _, sink.getNode()) and + otherSinkWrite.writesFieldOnSsaWithFields(otherSinkAccessPath, _, otherSink.getNode()) and otherSinkAccessPath = sinkAccessPath.similar() ) ) diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index aa4bccb45995..0879534d6663 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -22,11 +22,8 @@ module ServerSideRequestForgery { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, DataFlow::Node base, Field f, SsaWithFields v | - f.hasQualifiedName("net/url", "URL", "Host") - | - w.writesField(base, f, node1) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getAUse() and + exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesFieldOnSsaWithFields(v, f, node1) and node2 = v.getAUse() ) } From 62155876c59c4d0c757a970351adc8ad435c3e0d Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 18 Sep 2025 16:31:29 +0100 Subject: [PATCH 167/307] Fix flow to variable capture The jump step to a `SsaCaptureVariable` should start at the last use before it, rather than from the previous definition. --- .../go/dataflow/internal/DataFlowPrivate.qll | 15 ++++++++--- .../frameworks/Twirp/RequestForgery.expected | 26 +++++-------------- 2 files changed, 17 insertions(+), 24 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 613441f98681..57ca5bea1101 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -120,11 +120,18 @@ predicate jumpStep(Node n1, Node n2) { n2 = v.getARead() ) or - exists(SsaDefinition pred, SsaDefinition succ | - succ.(SsaVariableCapture).getSourceVariable() = pred.(SsaExplicitDefinition).getSourceVariable() - | - n1 = ssaNode(pred) and + exists(SsaExplicitDefinition def, SsaVariableCapture succ | + succ.getSourceVariable() = def.getSourceVariable() and n2 = ssaNode(succ) + | + not exists(def.getAFirstUse()) and n1 = ssaNode(def) + or + exists(IR::Instruction lastUse | + lastUse = getAnAdjacentUse*(def.getAFirstUse()) and + not exists(getAnAdjacentUse(lastUse)) + | + [n1, n1.(DataFlow::PostUpdateNode).getPreUpdateNode()] = instructionNode(lastUse) + ) ) or // If a channel-typed field is referenced exactly once in the context of diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected index 6bda68257ef4..7b1fa1a31215 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Twirp/RequestForgery.expected @@ -3,42 +3,28 @@ | server/main.go:30:38:30:48 | selection of Text | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | The $@ of this request depends on a $@. | server/main.go:30:38:30:48 | selection of Text | URL | server/main.go:19:56:19:61 | definition of params | user-provided value | edges | client/main.go:16:35:16:78 | &... | server/main.go:19:56:19:61 | definition of params | provenance | | -| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | rpc/notes/service.twirp.go:477:44:477:51 | typedReq | provenance | | -| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | -| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | rpc/notes/service.twirp.go:495:35:495:44 | reqContent | provenance | | -| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | +| client/main.go:16:35:16:78 | &... [postupdate] | client/main.go:16:35:16:78 | &... | provenance | | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | rpc/notes/service.twirp.go:544:27:544:29 | buf | provenance | | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | provenance | Src:MaD:1 MaD:3 | -| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | -| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | provenance | MaD:2 | -| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | rpc/notes/service.twirp.go:558:44:558:51 | typedReq | provenance | | -| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | server/main.go:19:56:19:61 | definition of params | provenance | | +| rpc/notes/service.twirp.go:544:27:544:29 | buf | rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | provenance | MaD:2 | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | provenance | | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | server/main.go:19:56:19:61 | definition of params | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:19:56:19:61 | definition of params [Return] | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | | server/main.go:19:56:19:61 | definition of params | server/main.go:30:38:30:48 | selection of Text | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | provenance | | -| server/main.go:19:56:19:61 | definition of params [Return] | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | provenance | | +| server/main.go:19:56:19:61 | definition of params [Return] | client/main.go:16:35:16:78 | &... [postupdate] | provenance | | models | 1 | Source: net/http; Request; true; Body; ; ; ; remote; manual | | 2 | Summary: google.golang.org/protobuf/proto; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | | 3 | Summary: io; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | nodes | client/main.go:16:35:16:78 | &... | semmle.label | &... | -| rpc/notes/service.twirp.go:473:6:473:13 | definition of typedReq | semmle.label | definition of typedReq | -| rpc/notes/service.twirp.go:477:44:477:51 | typedReq | semmle.label | typedReq | -| rpc/notes/service.twirp.go:493:2:496:2 | capture variable reqContent | semmle.label | capture variable reqContent | -| rpc/notes/service.twirp.go:495:35:495:44 | reqContent | semmle.label | reqContent | +| client/main.go:16:35:16:78 | &... [postupdate] | semmle.label | &... [postupdate] | | rpc/notes/service.twirp.go:538:2:538:33 | ... := ...[0] | semmle.label | ... := ...[0] | | rpc/notes/service.twirp.go:538:25:538:32 | selection of Body | semmle.label | selection of Body | -| rpc/notes/service.twirp.go:543:2:543:11 | definition of reqContent | semmle.label | definition of reqContent | | rpc/notes/service.twirp.go:544:27:544:29 | buf | semmle.label | buf | -| rpc/notes/service.twirp.go:554:6:554:13 | definition of typedReq | semmle.label | definition of typedReq | -| rpc/notes/service.twirp.go:558:44:558:51 | typedReq | semmle.label | typedReq | +| rpc/notes/service.twirp.go:544:32:544:41 | reqContent [postupdate] | semmle.label | reqContent [postupdate] | | rpc/notes/service.twirp.go:574:2:577:2 | capture variable reqContent | semmle.label | capture variable reqContent | | rpc/notes/service.twirp.go:576:35:576:44 | reqContent | semmle.label | reqContent | | server/main.go:19:56:19:61 | definition of params | semmle.label | definition of params | From 3906f2560d356a822b11d0147ec7d9f58fec074e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 18 Sep 2025 17:02:40 +0100 Subject: [PATCH 168/307] Adjust Stack Exposure test so it passes A minor bug in our CFG means that we evaluate the base of a SliceExpr before the bounds. Since the bounds may have side effects, as in this case, it would be better to evaluate them first. But in the short term I am just adjusting the test to make it work. --- .../Security/CWE-209/StackTraceExposure.expected | 8 ++++---- go/ql/test/query-tests/Security/CWE-209/test.go | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index c62c6126648c..732b9cd5caed 100644 --- a/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/go/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,8 +1,8 @@ edges -| test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | provenance | | +| test.go:15:28:15:30 | buf [postupdate] | test.go:18:10:18:12 | buf | provenance | | nodes -| test.go:14:2:14:4 | definition of buf | semmle.label | definition of buf | -| test.go:17:10:17:12 | buf | semmle.label | buf | +| test.go:15:28:15:30 | buf [postupdate] | semmle.label | buf [postupdate] | +| test.go:18:10:18:12 | buf | semmle.label | buf | subpaths #select -| test.go:17:10:17:12 | buf | test.go:14:2:14:4 | definition of buf | test.go:17:10:17:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:14:2:14:4 | definition of buf | stack trace information | +| test.go:18:10:18:12 | buf | test.go:15:28:15:30 | buf [postupdate] | test.go:18:10:18:12 | buf | HTTP response depends on $@ and may be exposed to an external user. | test.go:15:28:15:30 | buf [postupdate] | stack trace information | diff --git a/go/ql/test/query-tests/Security/CWE-209/test.go b/go/ql/test/query-tests/Security/CWE-209/test.go index 2ad356800486..77df73b8046c 100644 --- a/go/ql/test/query-tests/Security/CWE-209/test.go +++ b/go/ql/test/query-tests/Security/CWE-209/test.go @@ -12,7 +12,8 @@ var logger log.Logger func handlePanic(w http.ResponseWriter, r *http.Request) { buf := make([]byte, 2<<16) - buf = buf[:runtime.Stack(buf, true)] + stackLen := runtime.Stack(buf, true) + buf = buf[:stackLen] // BAD: printing a stack trace back to the response w.Write(buf) // GOOD: logging the response to the server and sending From 5efc8ac1a45b6fffa78bdb1ec64dc50c4876ceff Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 23 Sep 2025 22:06:42 +0100 Subject: [PATCH 169/307] Fix backwards flow through TaintTracking::FunctionModel We only do this for taint models as there isn't any backwards flow through data flow function models. --- .../dataflow/internal/TaintTrackingUtil.qll | 64 +++++++++++++++---- .../frameworks/TaintSteps/TaintStep.expected | 6 +- .../Security/CWE-640/EmailInjection.expected | 33 +++++----- 3 files changed, 71 insertions(+), 32 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index ff5b4f74e77e..dc350eac5a60 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -83,11 +83,9 @@ class AdditionalTaintStep extends Unit { abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); } -/** - * Holds if the additional step from `pred` to `succ` should be included in all - * global taint flow configurations. - */ -predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { +private predicate localAdditionalForwardTaintStep( + DataFlow::Node pred, DataFlow::Node succ, string model +) { exists(DataFlow::Node pred2 | pred2 = pred or @@ -103,7 +101,7 @@ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, str ) and model = "" or - any(FunctionModel fm).taintStep(pred, succ) and model = "FunctionModel" + any(FunctionModel fm).forwardTaintStep(pred, succ) and model = "FunctionModel" or any(AdditionalTaintStep a).step(pred, succ) and model = "AdditionalTaintStep" or @@ -111,6 +109,37 @@ predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, str .getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model) } +private predicate localForwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + DataFlow::localFlow(pred, succ) or + localAdditionalForwardTaintStep(pred, succ, _) or + // Simple flow through library code is included in the exposed local + // step relation, even though flow is technically inter-procedural + FlowSummaryImpl::Private::Steps::summaryThroughStepTaint(pred, succ, _) +} + +/** + * Holds if taint flows backwards from `pred` to `succ` via a function model. + */ +private predicate localAdditionalBackwardTaintStep( + DataFlow::Node pred, DataFlow::Node succ, string model +) { + // backward step through function model + exists(FunctionModel m, DataFlow::Node resultNode | + m.backwardTaintStep(resultNode, succ) and + localForwardTaintStep+(resultNode, pred.(DataFlow::PostUpdateNode).getPreUpdateNode()) + ) and + model = "FunctionModel" +} + +/** + * Holds if the additional step from `pred` to `succ` should be included in all + * global taint flow configurations. + */ +predicate localAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ, string model) { + localAdditionalForwardTaintStep(pred, succ, model) or + localAdditionalBackwardTaintStep(pred, succ, model) +} + /** * Holds if taint flows from `pred` to `succ` via a reference or dereference. * @@ -199,23 +228,36 @@ abstract class FunctionModel extends Function { abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output); /** Gets an input node for this model for the call `c`. */ - DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c) } + DataFlow::Node getAnInputNode(DataFlow::CallNode c) { this.taintStepForCall(result, _, c, _) } /** Gets an output node for this model for the call `c`. */ - DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c) } + DataFlow::Node getAnOutputNode(DataFlow::CallNode c) { this.taintStepForCall(_, result, c, _) } /** Holds if this function model causes taint to flow from `pred` to `succ` for the call `c`. */ - predicate taintStepForCall(DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c) { + predicate taintStepForCall( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::CallNode c, Boolean forward + ) { c = this.getACall() and exists(FunctionInput inp, FunctionOutput outp | this.hasTaintFlow(inp, outp) | pred = pragma[only_bind_out](inp).getNode(c) and - succ = pragma[only_bind_out](outp).getNode(c) + succ = pragma[only_bind_out](outp).getNode(c) and + if inp.isResult() or inp.isResult(_) then forward = false else forward = true ) } /** Holds if this function model causes taint to flow from `pred` to `succ`. */ predicate taintStep(DataFlow::Node pred, DataFlow::Node succ) { - this.taintStepForCall(pred, succ, _) + this.taintStepForCall(pred, succ, _, _) + } + + /** Holds if this function model causes taint to flow forward from `pred` to `succ`. */ + predicate forwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + this.taintStepForCall(pred, succ, _, true) + } + + /** Holds if this function model causes taint to flow backwards from `pred` to `succ`. */ + predicate backwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + this.taintStepForCall(pred, succ, _, false) } } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected index 3bccd586d749..cfbbc771f777 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/TaintSteps/TaintStep.expected @@ -8,8 +8,6 @@ invalidModelRow | crypto.go:11:18:11:57 | call to Open | crypto.go:11:2:11:57 | ... := ...[1] | | crypto.go:11:42:11:51 | ciphertext | crypto.go:11:2:11:57 | ... := ...[0] | | io.go:14:31:14:43 | "some string" | io.go:14:13:14:44 | call to NewReader | -| io.go:16:3:16:3 | definition of w | io.go:16:23:16:27 | &... [postupdate] | -| io.go:16:3:16:3 | definition of w | io.go:16:30:16:34 | &... [postupdate] | | io.go:16:23:16:27 | &... | io.go:16:24:16:27 | buf1 [postupdate] | | io.go:16:23:16:27 | &... [postupdate] | io.go:16:24:16:27 | buf1 [postupdate] | | io.go:16:24:16:27 | buf1 | io.go:16:23:16:27 | &... | @@ -18,6 +16,8 @@ invalidModelRow | io.go:16:30:16:34 | &... [postupdate] | io.go:16:31:16:34 | buf2 [postupdate] | | io.go:16:31:16:34 | buf2 | io.go:16:30:16:34 | &... | | io.go:16:31:16:34 | buf2 [postupdate] | io.go:16:30:16:34 | &... | +| io.go:18:11:18:11 | w [postupdate] | io.go:16:23:16:27 | &... [postupdate] | +| io.go:18:11:18:11 | w [postupdate] | io.go:16:30:16:34 | &... [postupdate] | | io.go:18:14:18:19 | reader | io.go:18:11:18:11 | w [postupdate] | | io.go:22:31:22:43 | "some string" | io.go:22:13:22:44 | call to NewReader | | io.go:25:19:25:23 | &... | io.go:25:20:25:23 | buf1 [postupdate] | @@ -31,9 +31,9 @@ invalidModelRow | io.go:33:20:33:23 | buf1 | io.go:33:19:33:23 | &... | | io.go:33:20:33:23 | buf1 [postupdate] | io.go:33:19:33:23 | &... | | io.go:35:16:35:21 | reader | io.go:35:12:35:13 | w2 [postupdate] | -| io.go:39:6:39:6 | definition of w | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[0] | | io.go:39:11:39:19 | call to Pipe | io.go:39:3:39:19 | ... := ...[1] | +| io.go:40:14:40:14 | w [postupdate] | io.go:39:3:39:19 | ... := ...[0] | | io.go:40:17:40:31 | "some string\\n" | io.go:40:14:40:14 | w [postupdate] | | io.go:43:16:43:16 | r | io.go:43:3:43:5 | buf [postupdate] | | io.go:44:13:44:15 | buf | io.go:44:13:44:24 | call to String | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index c56e35fa7a86..06f61ee8956e 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,7 +1,6 @@ #select | EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input | | main.go:33:57:33:78 | type conversion | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | Email content may contain $@. | main.go:31:21:31:31 | call to Referer | untrusted input | -| main.go:42:3:42:7 | definition of write | main.go:39:21:39:31 | call to Referer | main.go:42:3:42:7 | definition of write | Email content may contain $@. | main.go:39:21:39:31 | call to Referer | untrusted input | | main.go:54:46:54:59 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | | main.go:55:52:55:65 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | | main.go:65:16:65:22 | content | main.go:60:21:60:31 | call to Referer | main.go:65:16:65:22 | content | Email content may contain $@. | main.go:60:21:60:31 | call to Referer | untrusted input | @@ -16,8 +15,6 @@ edges | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:7 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | provenance | Src:MaD:2 | -| main.go:39:21:39:31 | call to Referer | main.go:43:25:43:38 | untrustedInput | provenance | Src:MaD:2 | -| main.go:43:25:43:38 | untrustedInput | main.go:42:3:42:7 | definition of write | provenance | MaD:5 | | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | provenance | Src:MaD:2 | | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | provenance | Src:MaD:2 | | main.go:60:21:60:31 | call to Referer | main.go:62:47:62:60 | untrustedInput | provenance | Src:MaD:2 | @@ -33,15 +30,15 @@ edges | main.go:93:15:93:62 | call to NewContent | main.go:95:16:95:23 | content2 | provenance | | | main.go:93:48:93:61 | untrustedInput | main.go:93:15:93:62 | call to NewContent | provenance | MaD:4 | | main.go:113:21:113:31 | call to Referer | main.go:119:28:119:41 | untrustedInput | provenance | Src:MaD:2 | -| main.go:116:3:116:4 | definition of mw | main.go:116:29:116:30 | &... | provenance | FunctionModel | -| main.go:116:29:116:30 | &... | main.go:124:57:124:57 | b | provenance | | -| main.go:119:28:119:41 | untrustedInput | main.go:116:3:116:4 | definition of mw | provenance | MaD:6 | +| main.go:116:29:116:30 | &... [postupdate] | main.go:124:57:124:57 | b | provenance | | +| main.go:119:3:119:4 | mw [postupdate] | main.go:116:29:116:30 | &... [postupdate] | provenance | FunctionModel | +| main.go:119:28:119:41 | untrustedInput | main.go:119:3:119:4 | mw [postupdate] | provenance | MaD:6 | | main.go:124:57:124:57 | b | main.go:124:57:124:65 | call to Bytes | provenance | MaD:3 | | main.go:129:21:129:31 | call to Referer | main.go:136:30:136:43 | untrustedInput | provenance | Src:MaD:2 | -| main.go:132:3:132:4 | definition of mw | main.go:132:29:132:30 | &... | provenance | FunctionModel | -| main.go:132:29:132:30 | &... | main.go:141:57:141:57 | b | provenance | | -| main.go:135:3:135:12 | definition of formWriter | main.go:132:3:132:4 | definition of mw | provenance | FunctionModel | -| main.go:136:30:136:43 | untrustedInput | main.go:135:3:135:12 | definition of formWriter | provenance | MaD:5 | +| main.go:132:29:132:30 | &... [postupdate] | main.go:141:57:141:57 | b | provenance | | +| main.go:135:20:135:21 | mw [postupdate] | main.go:132:29:132:30 | &... [postupdate] | provenance | FunctionModel | +| main.go:136:18:136:27 | formWriter [postupdate] | main.go:135:20:135:21 | mw [postupdate] | provenance | FunctionModel | +| main.go:136:30:136:43 | untrustedInput | main.go:136:18:136:27 | formWriter [postupdate] | provenance | MaD:5 | | main.go:141:57:141:57 | b | main.go:141:57:141:65 | call to Bytes | provenance | MaD:3 | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | @@ -57,9 +54,6 @@ nodes | EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion | | main.go:31:21:31:31 | call to Referer | semmle.label | call to Referer | | main.go:33:57:33:78 | type conversion | semmle.label | type conversion | -| main.go:39:21:39:31 | call to Referer | semmle.label | call to Referer | -| main.go:42:3:42:7 | definition of write | semmle.label | definition of write | -| main.go:43:25:43:38 | untrustedInput | semmle.label | untrustedInput | | main.go:48:21:48:31 | call to Referer | semmle.label | call to Referer | | main.go:54:46:54:59 | untrustedInput | semmle.label | untrustedInput | | main.go:55:52:55:65 | untrustedInput | semmle.label | untrustedInput | @@ -79,16 +73,19 @@ nodes | main.go:93:48:93:61 | untrustedInput | semmle.label | untrustedInput | | main.go:95:16:95:23 | content2 | semmle.label | content2 | | main.go:113:21:113:31 | call to Referer | semmle.label | call to Referer | -| main.go:116:3:116:4 | definition of mw | semmle.label | definition of mw | -| main.go:116:29:116:30 | &... | semmle.label | &... | +| main.go:116:29:116:30 | &... [postupdate] | semmle.label | &... [postupdate] | +| main.go:119:3:119:4 | mw [postupdate] | semmle.label | mw [postupdate] | | main.go:119:28:119:41 | untrustedInput | semmle.label | untrustedInput | | main.go:124:57:124:57 | b | semmle.label | b | | main.go:124:57:124:65 | call to Bytes | semmle.label | call to Bytes | | main.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | -| main.go:132:3:132:4 | definition of mw | semmle.label | definition of mw | -| main.go:132:29:132:30 | &... | semmle.label | &... | -| main.go:135:3:135:12 | definition of formWriter | semmle.label | definition of formWriter | +| main.go:132:29:132:30 | &... [postupdate] | semmle.label | &... [postupdate] | +| main.go:135:20:135:21 | mw [postupdate] | semmle.label | mw [postupdate] | +| main.go:136:18:136:27 | formWriter [postupdate] | semmle.label | formWriter [postupdate] | | main.go:136:30:136:43 | untrustedInput | semmle.label | untrustedInput | | main.go:141:57:141:57 | b | semmle.label | b | | main.go:141:57:141:65 | call to Bytes | semmle.label | call to Bytes | subpaths +testFailures +| main.go:39:33:39:43 | comment | Missing result: Source | +| main.go:42:24:42:33 | comment | Missing result: Alert | From 6cb69535a555936ce44ef4c8ff3d0f50acaccfd4 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 19 Sep 2025 09:34:51 +0100 Subject: [PATCH 170/307] Add missing qldocs --- go/ql/lib/semmle/go/controlflow/IR.qll | 1 + go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll | 1 + 2 files changed, 2 insertions(+) diff --git a/go/ql/lib/semmle/go/controlflow/IR.qll b/go/ql/lib/semmle/go/controlflow/IR.qll index 2b8a30437bbb..2c8b673184ea 100644 --- a/go/ql/lib/semmle/go/controlflow/IR.qll +++ b/go/ql/lib/semmle/go/controlflow/IR.qll @@ -446,6 +446,7 @@ module IR { /** Gets the target to which this instruction writes. */ WriteTarget getLhs() { result = lhs } + /** Holds if this instruction initializes a literal. */ predicate isInitialization() { initialization = true } /** Gets the instruction computing the value this instruction writes. */ diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll index 5e9cc7f6b740..d48335d299f4 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll @@ -817,6 +817,7 @@ module Public { abstract Node getPreUpdateNode(); } + /** Holds if the node corresponding to `insn` has a post-update node. */ predicate insnHasPostUpdateNode(IR::Instruction insn) { exists(Expr e | insn.(IR::EvalInstruction).getExpr() = e | e instanceof AddressExpr or From a9420d46c895a404925fe0b65bc8e2c1d4923b36 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 19 Sep 2025 15:22:12 +0100 Subject: [PATCH 171/307] Fix bad join order --- go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 57ca5bea1101..df352dc03d8d 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -103,6 +103,10 @@ private Field getASparselyUsedChannelTypedField() { count(result.getARead()) = 2 } +bindingset[v] +pragma[inline_late] +private predicate jumpStepHelper(ValueEntity v, Node n) { n = v.getARead() } + /** * Holds if data can flow from `node1` to `node2` in a way that loses the * calling context. For example, this would happen with flow through a @@ -117,7 +121,7 @@ predicate jumpStep(Node n1, Node n2) { or n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead() ) and - n2 = v.getARead() + jumpStepHelper(v, n2) ) or exists(SsaExplicitDefinition def, SsaVariableCapture succ | From 52b65396970f61a93853c36aa51022718d38dd81 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> Date: Fri, 19 Sep 2025 15:47:03 +0100 Subject: [PATCH 172/307] Typo Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go index a15fb819ccc5..4a9f4e161f62 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Echo/test.go @@ -178,7 +178,7 @@ func testLocalRedirects(ctx echo.Context) error { param := ctx.Param("someParam") param2 := param param3 := param - // Gratuitious copy because sanitization of uses propagates to subsequent uses + // Gratuitous copy because sanitization of uses propagates to subsequent uses // GOOD: local redirects are unproblematic ctx.Redirect(301, "/local"+param) // BAD: this could be a non-local redirect From f5f6d64d9d35843e71c63711fafc3d2b258de912 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 19 Sep 2025 16:46:18 +0100 Subject: [PATCH 173/307] Add change notes --- go/ql/lib/change-notes/2025-09-19-api-changes.md | 6 ++++++ .../2025-09-19-use-use-flow-proper-post-update-nodes.md | 4 ++++ 2 files changed, 10 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-09-19-api-changes.md create mode 100644 go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md diff --git a/go/ql/lib/change-notes/2025-09-19-api-changes.md b/go/ql/lib/change-notes/2025-09-19-api-changes.md new file mode 100644 index 000000000000..44f070fb1d7d --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-19-api-changes.md @@ -0,0 +1,6 @@ +--- +category: breaking +--- +* The member predicate `writesField(DataFlow::Node base, Field f, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldOnSsaWithFields(SsaWithFields v, Field f, DataFlow::Node rhs)` has been added for the case of writes to a SsaWithFields node. +* The member predicate `writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. +* The member predicate `writesComponent(DataFlow::Node base, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct/array/slice/map literal. diff --git a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md new file mode 100644 index 000000000000..e0ffe72002b7 --- /dev/null +++ b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* Previously, data flow used def-use flow and a node's post-update node was either its definition or the node itself. This caused some problems with false positives caused by steps backwards from a node to its definition. Now, data flow has been changed to use-use flow with proper post-update nodes. This should improve accuracy and reduce false positives in the analysis. The main effect on queries is that sanitization works differently - if you sanitize a node then flow will not reach any uses after the sanitized node. Where this is not desired it maybe be necessary to add an additional flow step to propagate the flow forward. From 25f182302d5bdabcd22b201193395bfb4aaaa714 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 18 Sep 2025 11:58:09 +0100 Subject: [PATCH 174/307] Fix email injection sink that needs local flow --- go/ql/lib/semmle/go/frameworks/Email.qll | 24 +++++++++++++-- .../go/frameworks/Email/EmailData.expected | 3 -- .../Security/CWE-640/EmailInjection.expected | 30 ++++++++++++++----- .../test/query-tests/Security/CWE-640/main.go | 17 +++++++++-- 4 files changed, 60 insertions(+), 14 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/Email.qll b/go/ql/lib/semmle/go/frameworks/Email.qll index a1d43d3c3971..d7744951c08f 100644 --- a/go/ql/lib/semmle/go/frameworks/Email.qll +++ b/go/ql/lib/semmle/go/frameworks/Email.qll @@ -26,9 +26,14 @@ module EmailData { private class SmtpData extends Range { SmtpData() { // func (c *Client) Data() (io.WriteCloser, error) - exists(Method data | + exists(Method data, DataFlow::Node n | data.hasQualifiedName("net/smtp", "Client", "Data") and - this.(DataFlow::SsaNode).getInit() = data.getACall().getResult(0) + // Deal with cases like + // w, _ := s.Data() + // io.WriteString(w, source()) // $ Alert + // w.Write(source()) // $ Alert + DataFlow::localFlow(data.getACall().getResult(0), n) and + this.(DataFlow::PostUpdateNode).getPreUpdateNode() = n ) or // func SendMail(addr string, a Auth, from string, to []string, msg []byte) error @@ -98,3 +103,18 @@ private class MultipartNewWriterModel extends TaintTracking::FunctionModel { input.isResult() and output.isParameter(0) } } +// /** +// * A taint model of the `Data` method of `Client` from `net/smtp`. +// * +// * If tainted data is written to the writer created by this method, the client +// * should be considered tainted as well. +// */ +// private class SmtpClientDataModel extends TaintTracking::FunctionModel, Method { +// SmtpClientDataModel() { +// // func (c *Client) Data() (io.WriteCloser, error) +// this.hasQualifiedName("net/smtp", "Client", "Data") +// } +// override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { +// input.isResult(0) and output.isReceiver() +// } +// } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected index 070800dab637..3324ee56033a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/EmailData.expected @@ -1,7 +1,4 @@ | mail.go:15:73:15:94 | type conversion | -| mail.go:18:19:18:23 | definition of write | -| mail.go:18:19:18:38 | ... := ...[0] | -| mail.go:20:17:20:21 | write | | mail.go:20:17:20:21 | write [postupdate] | | mail.go:26:49:26:52 | text | | mail.go:26:76:26:79 | text | diff --git a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected index 06f61ee8956e..aa4b4914c180 100644 --- a/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected +++ b/go/ql/test/query-tests/Security/CWE-640/EmailInjection.expected @@ -1,6 +1,7 @@ #select | EmailBad.go:12:56:12:67 | type conversion | EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:12:56:12:67 | type conversion | Email content may contain $@. | EmailBad.go:9:10:9:17 | selection of Header | untrusted input | | main.go:33:57:33:78 | type conversion | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | Email content may contain $@. | main.go:31:21:31:31 | call to Referer | untrusted input | +| main.go:43:18:43:22 | write [postupdate] | main.go:39:21:39:31 | call to Referer | main.go:43:18:43:22 | write [postupdate] | Email content may contain $@. | main.go:39:21:39:31 | call to Referer | untrusted input | | main.go:54:46:54:59 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | | main.go:55:52:55:65 | untrustedInput | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | Email content may contain $@. | main.go:48:21:48:31 | call to Referer | untrusted input | | main.go:65:16:65:22 | content | main.go:60:21:60:31 | call to Referer | main.go:65:16:65:22 | content | Email content may contain $@. | main.go:60:21:60:31 | call to Referer | untrusted input | @@ -11,10 +12,14 @@ | main.go:95:16:95:23 | content2 | main.go:84:21:84:31 | call to Referer | main.go:95:16:95:23 | content2 | Email content may contain $@. | main.go:84:21:84:31 | call to Referer | untrusted input | | main.go:124:57:124:65 | call to Bytes | main.go:113:21:113:31 | call to Referer | main.go:124:57:124:65 | call to Bytes | Email content may contain $@. | main.go:113:21:113:31 | call to Referer | untrusted input | | main.go:141:57:141:65 | call to Bytes | main.go:129:21:129:31 | call to Referer | main.go:141:57:141:65 | call to Bytes | Email content may contain $@. | main.go:129:21:129:31 | call to Referer | untrusted input | +| main.go:151:3:151:3 | w [postupdate] | main.go:146:22:146:32 | call to Referer | main.go:151:3:151:3 | w [postupdate] | Email content may contain $@. | main.go:146:22:146:32 | call to Referer | untrusted input | +| main.go:152:3:152:3 | w [postupdate] | main.go:147:22:147:32 | call to Referer | main.go:152:3:152:3 | w [postupdate] | Email content may contain $@. | main.go:147:22:147:32 | call to Referer | untrusted input | edges -| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:7 | +| EmailBad.go:9:10:9:17 | selection of Header | EmailBad.go:9:10:9:29 | call to Get | provenance | Src:MaD:1 MaD:8 | | EmailBad.go:9:10:9:29 | call to Get | EmailBad.go:12:56:12:67 | type conversion | provenance | | | main.go:31:21:31:31 | call to Referer | main.go:33:57:33:78 | type conversion | provenance | Src:MaD:2 | +| main.go:39:21:39:31 | call to Referer | main.go:43:25:43:38 | untrustedInput | provenance | Src:MaD:2 | +| main.go:43:25:43:38 | untrustedInput | main.go:43:18:43:22 | write [postupdate] | provenance | MaD:5 | | main.go:48:21:48:31 | call to Referer | main.go:54:46:54:59 | untrustedInput | provenance | Src:MaD:2 | | main.go:48:21:48:31 | call to Referer | main.go:55:52:55:65 | untrustedInput | provenance | Src:MaD:2 | | main.go:60:21:60:31 | call to Referer | main.go:62:47:62:60 | untrustedInput | provenance | Src:MaD:2 | @@ -32,7 +37,7 @@ edges | main.go:113:21:113:31 | call to Referer | main.go:119:28:119:41 | untrustedInput | provenance | Src:MaD:2 | | main.go:116:29:116:30 | &... [postupdate] | main.go:124:57:124:57 | b | provenance | | | main.go:119:3:119:4 | mw [postupdate] | main.go:116:29:116:30 | &... [postupdate] | provenance | FunctionModel | -| main.go:119:28:119:41 | untrustedInput | main.go:119:3:119:4 | mw [postupdate] | provenance | MaD:6 | +| main.go:119:28:119:41 | untrustedInput | main.go:119:3:119:4 | mw [postupdate] | provenance | MaD:7 | | main.go:124:57:124:57 | b | main.go:124:57:124:65 | call to Bytes | provenance | MaD:3 | | main.go:129:21:129:31 | call to Referer | main.go:136:30:136:43 | untrustedInput | provenance | Src:MaD:2 | | main.go:132:29:132:30 | &... [postupdate] | main.go:141:57:141:57 | b | provenance | | @@ -40,20 +45,28 @@ edges | main.go:136:18:136:27 | formWriter [postupdate] | main.go:135:20:135:21 | mw [postupdate] | provenance | FunctionModel | | main.go:136:30:136:43 | untrustedInput | main.go:136:18:136:27 | formWriter [postupdate] | provenance | MaD:5 | | main.go:141:57:141:57 | b | main.go:141:57:141:65 | call to Bytes | provenance | MaD:3 | +| main.go:146:22:146:32 | call to Referer | main.go:151:11:151:33 | type conversion | provenance | Src:MaD:2 | +| main.go:147:22:147:32 | call to Referer | main.go:152:11:152:33 | type conversion | provenance | Src:MaD:2 | +| main.go:151:11:151:33 | type conversion | main.go:151:3:151:3 | w [postupdate] | provenance | MaD:6 | +| main.go:152:11:152:33 | type conversion | main.go:152:3:152:3 | w [postupdate] | provenance | MaD:6 | models | 1 | Source: net/http; Request; true; Header; ; ; ; remote; manual | | 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | | 3 | Summary: bytes; Buffer; true; Bytes; ; ; Argument[receiver]; ReturnValue; taint; manual | | 4 | Summary: github.com/sendgrid/sendgrid-go/helpers/mail; ; false; NewContent; ; ; Argument[1]; ReturnValue; taint; manual | | 5 | Summary: io; ; false; WriteString; ; ; Argument[1]; Argument[0]; taint; manual | -| 6 | Summary: mime/multipart; Writer; true; WriteField; ; ; Argument[0..1]; Argument[receiver]; taint; manual | -| 7 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 6 | Summary: io; Writer; true; Write; ; ; Argument[0]; Argument[receiver]; taint; manual | +| 7 | Summary: mime/multipart; Writer; true; WriteField; ; ; Argument[0..1]; Argument[receiver]; taint; manual | +| 8 | Summary: net/http; Header; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | EmailBad.go:9:10:9:17 | selection of Header | semmle.label | selection of Header | | EmailBad.go:9:10:9:29 | call to Get | semmle.label | call to Get | | EmailBad.go:12:56:12:67 | type conversion | semmle.label | type conversion | | main.go:31:21:31:31 | call to Referer | semmle.label | call to Referer | | main.go:33:57:33:78 | type conversion | semmle.label | type conversion | +| main.go:39:21:39:31 | call to Referer | semmle.label | call to Referer | +| main.go:43:18:43:22 | write [postupdate] | semmle.label | write [postupdate] | +| main.go:43:25:43:38 | untrustedInput | semmle.label | untrustedInput | | main.go:48:21:48:31 | call to Referer | semmle.label | call to Referer | | main.go:54:46:54:59 | untrustedInput | semmle.label | untrustedInput | | main.go:55:52:55:65 | untrustedInput | semmle.label | untrustedInput | @@ -85,7 +98,10 @@ nodes | main.go:136:30:136:43 | untrustedInput | semmle.label | untrustedInput | | main.go:141:57:141:57 | b | semmle.label | b | | main.go:141:57:141:65 | call to Bytes | semmle.label | call to Bytes | +| main.go:146:22:146:32 | call to Referer | semmle.label | call to Referer | +| main.go:147:22:147:32 | call to Referer | semmle.label | call to Referer | +| main.go:151:3:151:3 | w [postupdate] | semmle.label | w [postupdate] | +| main.go:151:11:151:33 | type conversion | semmle.label | type conversion | +| main.go:152:3:152:3 | w [postupdate] | semmle.label | w [postupdate] | +| main.go:152:11:152:33 | type conversion | semmle.label | type conversion | subpaths -testFailures -| main.go:39:33:39:43 | comment | Missing result: Source | -| main.go:42:24:42:33 | comment | Missing result: Alert | diff --git a/go/ql/test/query-tests/Security/CWE-640/main.go b/go/ql/test/query-tests/Security/CWE-640/main.go index f83b413ebc45..73ff8f6b1fb2 100644 --- a/go/ql/test/query-tests/Security/CWE-640/main.go +++ b/go/ql/test/query-tests/Security/CWE-640/main.go @@ -39,8 +39,8 @@ func main() { untrustedInput := r.Referer() // $ Source s, _ := smtp.Dial("test.test") - write, _ := s.Data() // $ Alert - io.WriteString(write, untrustedInput) + write, _ := s.Data() + io.WriteString(write, untrustedInput) // $ Alert }) // Not OK @@ -141,6 +141,19 @@ func main() { smtp.SendMail("test.test", nil, "from@from.com", nil, b.Bytes()) // $ Alert }) + // Not OK - check only one result when sink is Client.Data() from net/smtp + { + untrustedInput1 := r.Referer() // $ Source=s1 + untrustedInput2 := r.Referer() // $ Source=s2 + c, _ := smtp.Dial("mail.example.com:smtp") + w, _ := c.Data() + w.Write([]byte("safe text")) + w.Write([]byte(untrustedInput1)) // $ Alert=s1 + w.Write([]byte(untrustedInput2)) // $ Alert=s2 + w.Close() + c.Quit() + } + log.Println(http.ListenAndServe(":80", nil)) } From 4ee236d73fd566d5c1c51b22e2f9c70731381e1f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 11:34:27 +0100 Subject: [PATCH 175/307] Delete commented out code --- go/ql/lib/semmle/go/frameworks/Email.qll | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/Email.qll b/go/ql/lib/semmle/go/frameworks/Email.qll index d7744951c08f..ba4cf8be4155 100644 --- a/go/ql/lib/semmle/go/frameworks/Email.qll +++ b/go/ql/lib/semmle/go/frameworks/Email.qll @@ -103,18 +103,3 @@ private class MultipartNewWriterModel extends TaintTracking::FunctionModel { input.isResult() and output.isParameter(0) } } -// /** -// * A taint model of the `Data` method of `Client` from `net/smtp`. -// * -// * If tainted data is written to the writer created by this method, the client -// * should be considered tainted as well. -// */ -// private class SmtpClientDataModel extends TaintTracking::FunctionModel, Method { -// SmtpClientDataModel() { -// // func (c *Client) Data() (io.WriteCloser, error) -// this.hasQualifiedName("net/smtp", "Client", "Data") -// } -// override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { -// input.isResult(0) and output.isReceiver() -// } -// } From 1d9a93a7313ed1ce9006f5fd96fc4f147416e45e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 11:27:28 +0100 Subject: [PATCH 176/307] Rename helper predicate --- go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index df352dc03d8d..cd54bb5f1cee 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -105,7 +105,7 @@ private Field getASparselyUsedChannelTypedField() { bindingset[v] pragma[inline_late] -private predicate jumpStepHelper(ValueEntity v, Node n) { n = v.getARead() } +private predicate isValueEntityRead(ValueEntity v, Node n) { n = v.getARead() } /** * Holds if data can flow from `node1` to `node2` in a way that loses the @@ -121,7 +121,7 @@ predicate jumpStep(Node n1, Node n2) { or n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = v.getARead() ) and - jumpStepHelper(v, n2) + isValueEntityRead(v, n2) ) or exists(SsaExplicitDefinition def, SsaVariableCapture succ | From b1bcbec37d5662ec16a3dcf9c7766dc87b630ec6 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 11:31:53 +0100 Subject: [PATCH 177/307] Use slightly less confusing syntax --- go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index cd54bb5f1cee..3f2efd3b492d 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -134,7 +134,8 @@ predicate jumpStep(Node n1, Node n2) { lastUse = getAnAdjacentUse*(def.getAFirstUse()) and not exists(getAnAdjacentUse(lastUse)) | - [n1, n1.(DataFlow::PostUpdateNode).getPreUpdateNode()] = instructionNode(lastUse) + n1 = instructionNode(lastUse) or + n1.(DataFlow::PostUpdateNode).getPreUpdateNode() = instructionNode(lastUse) ) ) or From 630a8446ad5ded8a0ea2eda15b1f42ea88921318 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 12:33:42 +0100 Subject: [PATCH 178/307] Rename confusing predicate and add qldoc --- .../semmle/go/dataflow/internal/TaintTrackingUtil.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll index dc350eac5a60..af28f7f40200 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll @@ -109,7 +109,13 @@ private predicate localAdditionalForwardTaintStep( .getSummaryNode(), succ.(DataFlowPrivate::FlowSummaryNode).getSummaryNode(), false, model) } -private predicate localForwardTaintStep(DataFlow::Node pred, DataFlow::Node succ) { +/** + * This is a helper predicate for `localAdditionalBackwardTaintStep`. It mixes + * local data flow with local forward taint steps. It should only ever be used + * via its transitive closure, which gives local forward taint flow, that is + * with backward steps excluded. + */ +private predicate partialLocalForwardTaintFlow(DataFlow::Node pred, DataFlow::Node succ) { DataFlow::localFlow(pred, succ) or localAdditionalForwardTaintStep(pred, succ, _) or // Simple flow through library code is included in the exposed local @@ -126,7 +132,7 @@ private predicate localAdditionalBackwardTaintStep( // backward step through function model exists(FunctionModel m, DataFlow::Node resultNode | m.backwardTaintStep(resultNode, succ) and - localForwardTaintStep+(resultNode, pred.(DataFlow::PostUpdateNode).getPreUpdateNode()) + partialLocalForwardTaintFlow+(resultNode, pred.(DataFlow::PostUpdateNode).getPreUpdateNode()) ) and model = "FunctionModel" } From 7b426186aadd2730fa8f0cb90f99e5a53a797e87 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 12:53:55 +0100 Subject: [PATCH 179/307] Rephrase change note to avoid technical terms --- .../2025-09-19-use-use-flow-proper-post-update-nodes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md index e0ffe72002b7..607f23dfb03e 100644 --- a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md +++ b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md @@ -1,4 +1,4 @@ --- category: majorAnalysis --- -* Previously, data flow used def-use flow and a node's post-update node was either its definition or the node itself. This caused some problems with false positives caused by steps backwards from a node to its definition. Now, data flow has been changed to use-use flow with proper post-update nodes. This should improve accuracy and reduce false positives in the analysis. The main effect on queries is that sanitization works differently - if you sanitize a node then flow will not reach any uses after the sanitized node. Where this is not desired it maybe be necessary to add an additional flow step to propagate the flow forward. +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. From 1144bb99b4d9419ef400218252d0bf817efb4321 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 16:13:31 +0100 Subject: [PATCH 180/307] Convert OpenUrlRedirect tests to InlineExpectations --- .../OpenUrlRedirect/OpenUrlRedirect.go | 2 +- .../OpenUrlRedirect/OpenUrlRedirect.qlref | 4 +- .../CWE-601/OpenUrlRedirect/stdlib.go | 38 +++++++++---------- 3 files changed, 23 insertions(+), 21 deletions(-) diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go index 606b5d43ac01..752cf47decc9 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.go @@ -7,6 +7,6 @@ import ( func serve() { http.HandleFunc("/redir", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - http.Redirect(w, r, r.Form.Get("target"), 302) + http.Redirect(w, r, r.Form.Get("target"), 302) // $ Alert }) } diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref index 867dd7665618..13add930f517 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.qlref @@ -1,2 +1,4 @@ query: Security/CWE-601/OpenUrlRedirect.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go index f6cd1e5576f2..80eb8c970b1c 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go @@ -10,18 +10,18 @@ func serveStdlib() { http.HandleFunc("/ex", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // BAD: a request parameter is incorporated without validation into a URL redirect - w.Header().Set("Location", target) + w.Header().Set("Location", target) // $ Alert w.WriteHeader(302) }) http.HandleFunc("/ex1", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // Probably OK because the status is set to 500, but we catch it anyway - w.Header().Set("Location", target) + w.Header().Set("Location", target) // $ Alert w.WriteHeader(500) }) @@ -30,13 +30,13 @@ func serveStdlib() { // Taking gratuitous copies of target so that sanitizing the use in // the first request doesn't also sanitize other uses - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source target2 := target target3 := target // GOOD: local redirects are unproblematic w.Header().Set("Location", "/local"+target) // BAD: this could be a non-local redirect - w.Header().Set("Location", "/"+target2) + w.Header().Set("Location", "/"+target2) // $ Alert // GOOD: localhost redirects are unproblematic w.Header().Set("Location", "//localhost/"+target3) w.WriteHeader(302) @@ -45,9 +45,9 @@ func serveStdlib() { http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // BAD: using the utility function - http.Redirect(w, r, target, 301) + http.Redirect(w, r, target, 301) // $ Alert }) http.HandleFunc("/ex4", func(w http.ResponseWriter, r *http.Request) { @@ -65,10 +65,10 @@ func serveStdlib() { http.HandleFunc("/ex5", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source me := "me" // BAD: may be a global redirection - http.Redirect(w, r, target+"?from="+me, 301) + http.Redirect(w, r, target+"?from="+me, 301) // $ Alert }) http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) { @@ -90,10 +90,10 @@ func serveStdlib() { http.HandleFunc("/ex7", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source target += "/index.html" // BAD - http.Redirect(w, r, target, 302) + http.Redirect(w, r, target, 302) // $ Alert }) http.HandleFunc("/ex7", func(w http.ResponseWriter, r *http.Request) { @@ -147,13 +147,13 @@ func serveStdlib() { http.HandleFunc("/ex9", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.Form.Get("target") + target := r.Form.Get("target") // $ Source // GOOD, but we catch this anyway: a check is done on the URL if !isValidRedirect(target) { target = "/" } - http.Redirect(w, r, target, 302) + http.Redirect(w, r, target, 302) // $ SPURIOUS: Alert }) http.HandleFunc("/ex8", func(w http.ResponseWriter, r *http.Request) { @@ -183,19 +183,19 @@ func serveStdlib() { http.HandleFunc("/ex9", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target := r.FormValue("target") + target := r.FormValue("target") // $ Source // BAD: a request parameter is incorporated without validation into a URL redirect - http.Redirect(w, r, target, 301) + http.Redirect(w, r, target, 301) // $ Alert }) http.HandleFunc("/ex10", func(w http.ResponseWriter, r *http.Request) { r.ParseForm() - target, _ := url.ParseRequestURI(r.FormValue("target")) + target, _ := url.ParseRequestURI(r.FormValue("target")) // $ Source // BAD: Path could start with `//` - http.Redirect(w, r, target.Path, 301) + http.Redirect(w, r, target.Path, 301) // $ Alert // BAD: EscapedPath() does not help with that - http.Redirect(w, r, target.EscapedPath(), 301) + http.Redirect(w, r, target.EscapedPath(), 301) // $ Alert }) http.HandleFunc("/ex11", func(w http.ResponseWriter, r *http.Request) { From 414bab1f3068ac2d9316d16fb4bfdae6eee09548 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 15:57:14 +0100 Subject: [PATCH 181/307] Add OpenUrlRedirect tests for Url.Host field --- .../OpenUrlRedirect/OpenUrlRedirect.expected | 60 +++++++++++++++++++ .../CWE-601/OpenUrlRedirect/stdlib.go | 16 +++++ 2 files changed, 76 insertions(+) diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index b091d0343d80..7986b0a7e8c8 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -10,6 +10,10 @@ | stdlib.go:188:23:188:28 | target | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:186:13:186:33 | call to FormValue | user-provided value | | stdlib.go:196:23:196:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:196:23:196:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | | stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:201:23:201:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:201:23:201:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:203:23:203:37 | call to String | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:203:23:203:37 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | +| stdlib.go:212:23:212:28 | selection of Path | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:212:23:212:28 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | +| stdlib.go:214:23:214:32 | call to String | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:214:23:214:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | edges | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:2 Config Sink:MaD:1 | | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:2 Config | @@ -55,9 +59,41 @@ edges | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:196:23:196:28 | target | stdlib.go:199:3:199:8 | target | provenance | | | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance | | +| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:199:3:199:8 | target | provenance | | | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | +| stdlib.go:199:3:199:8 | implicit dereference | stdlib.go:199:3:199:8 | target [postupdate] | provenance | Config | +| stdlib.go:199:3:199:8 | target | stdlib.go:199:3:199:8 | implicit dereference | provenance | Config | +| stdlib.go:199:3:199:8 | target | stdlib.go:201:23:201:28 | target | provenance | | +| stdlib.go:199:3:199:8 | target [postupdate] | stdlib.go:199:3:199:8 | implicit dereference | provenance | Config | +| stdlib.go:199:3:199:8 | target [postupdate] | stdlib.go:201:23:201:28 | target | provenance | | +| stdlib.go:201:23:201:28 | implicit dereference | stdlib.go:201:23:201:28 | target [postupdate] | provenance | Config | +| stdlib.go:201:23:201:28 | implicit dereference | stdlib.go:201:23:201:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:201:23:201:28 | target | stdlib.go:201:23:201:28 | implicit dereference | provenance | Config | +| stdlib.go:201:23:201:28 | target | stdlib.go:201:23:201:33 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:201:23:201:28 | target | stdlib.go:203:23:203:28 | target | provenance | | +| stdlib.go:201:23:201:28 | target [postupdate] | stdlib.go:201:23:201:28 | implicit dereference | provenance | Config | +| stdlib.go:201:23:201:28 | target [postupdate] | stdlib.go:203:23:203:28 | target | provenance | | +| stdlib.go:203:23:203:28 | target | stdlib.go:203:23:203:37 | call to String | provenance | Config Sink:MaD:1 | +| stdlib.go:210:3:210:3 | implicit dereference | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance | | +| stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:210:3:210:3 | implicit dereference | provenance | Config | +| stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:212:23:212:23 | u | provenance | | +| stdlib.go:210:3:210:3 | u [postupdate] [pointer] | stdlib.go:212:23:212:23 | u [pointer] | provenance | | +| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:23 | u [postupdate] | provenance | Config | +| stdlib.go:212:23:212:23 | implicit dereference | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config | +| stdlib.go:212:23:212:23 | u | stdlib.go:212:23:212:28 | selection of Path | provenance | Config Sink:MaD:1 | +| stdlib.go:212:23:212:23 | u | stdlib.go:214:23:214:23 | u | provenance | | +| stdlib.go:212:23:212:23 | u [pointer] | stdlib.go:212:23:212:23 | implicit dereference | provenance | | +| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config | +| stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:214:23:214:23 | u | provenance | | +| stdlib.go:214:23:214:23 | u | stdlib.go:214:23:214:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; Form; ; ; ; remote; manual | @@ -119,4 +155,28 @@ nodes | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path | | stdlib.go:198:23:198:28 | target | semmle.label | target | | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath | +| stdlib.go:199:3:199:8 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:199:3:199:8 | target | semmle.label | target | +| stdlib.go:199:3:199:8 | target [postupdate] | semmle.label | target [postupdate] | +| stdlib.go:201:23:201:28 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:201:23:201:28 | target | semmle.label | target | +| stdlib.go:201:23:201:28 | target [postupdate] | semmle.label | target [postupdate] | +| stdlib.go:201:23:201:33 | selection of Path | semmle.label | selection of Path | +| stdlib.go:203:23:203:28 | target | semmle.label | target | +| stdlib.go:203:23:203:37 | call to String | semmle.label | call to String | +| stdlib.go:210:3:210:3 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:210:3:210:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| stdlib.go:210:3:210:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:210:3:210:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] | +| stdlib.go:210:12:210:30 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:212:23:212:23 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:212:23:212:23 | u | semmle.label | u | +| stdlib.go:212:23:212:23 | u [pointer] | semmle.label | u [pointer] | +| stdlib.go:212:23:212:23 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:212:23:212:28 | selection of Path | semmle.label | selection of Path | +| stdlib.go:214:23:214:23 | u | semmle.label | u | +| stdlib.go:214:23:214:32 | call to String | semmle.label | call to String | subpaths +testFailures +| stdlib.go:201:23:201:33 | selection of Path | Fixed missing result: Alert | +| stdlib.go:203:23:203:37 | call to String | Unexpected result: Alert | diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go index 80eb8c970b1c..c32661f66884 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go @@ -196,9 +196,25 @@ func serveStdlib() { http.Redirect(w, r, target.Path, 301) // $ Alert // BAD: EscapedPath() does not help with that http.Redirect(w, r, target.EscapedPath(), 301) // $ Alert + target.Host = "example.com" + // BAD: Host field was overwritten but Path field remains untrusted + http.Redirect(w, r, target.Path, 301) // $ MISSING: Alert + // GOOD: untrusted Host field was overwritten + http.Redirect(w, r, target.String(), 301) }) http.HandleFunc("/ex11", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://bing.com/search?q=dotnet") + u.Host = r.FormValue("host") // $ Source + // GOOD: Path field is trusted + http.Redirect(w, r, u.Path, 301) // $ SPURIOUS: Alert + // BAD: Host field is untrusted + http.Redirect(w, r, u.String(), 301) // $ Alert + }) + + http.HandleFunc("/ex12", func(w http.ResponseWriter, r *http.Request) { // GOOD: all these fields and methods are disregarded for OpenRedirect attacks: buf := make([]byte, 100) r.Body.Read(buf) From c9a2816bfe49c5ad4f97e44564d9a23b2a876dba Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 16:13:43 +0100 Subject: [PATCH 182/307] Fix OpenUrlRedirect barrier for write to Url.Host --- .../semmle/go/security/OpenUrlRedirect.qll | 6 ++-- .../OpenUrlRedirect/OpenUrlRedirect.expected | 32 ------------------- 2 files changed, 4 insertions(+), 34 deletions(-) diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll index e2495055fdc1..eb651c3b69fc 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirect.qll @@ -48,8 +48,10 @@ module OpenUrlRedirect { predicate isBarrierOut(DataFlow::Node node) { // block propagation of this unsafe value when its host is overwritten - exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(node.(DataFlow::PostUpdateNode).getPreUpdateNode(), f, _) + exists(Write w, Field f, DataFlow::Node base | + f.hasQualifiedName("net/url", "URL", "Host") and + w.writesField(base, f, _) and + base.(DataFlow::PostUpdateNode).getPreUpdateNode() = node ) or hostnameSanitizingPrefixEdge(node, _) diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index 7986b0a7e8c8..1d302f911cdd 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -10,8 +10,6 @@ | stdlib.go:188:23:188:28 | target | stdlib.go:186:13:186:33 | call to FormValue | stdlib.go:188:23:188:28 | target | This path to an untrusted URL redirection depends on a $@. | stdlib.go:186:13:186:33 | call to FormValue | user-provided value | | stdlib.go:196:23:196:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:196:23:196:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | | stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | -| stdlib.go:201:23:201:33 | selection of Path | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:201:23:201:33 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | -| stdlib.go:203:23:203:37 | call to String | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:203:23:203:37 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | | stdlib.go:212:23:212:28 | selection of Path | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:212:23:212:28 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | | stdlib.go:214:23:214:32 | call to String | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:214:23:214:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | edges @@ -59,28 +57,11 @@ edges | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | | stdlib.go:196:23:196:28 | target | stdlib.go:196:23:196:33 | selection of Path | provenance | Config Sink:MaD:1 | | stdlib.go:196:23:196:28 | target | stdlib.go:198:23:198:28 | target | provenance | | -| stdlib.go:196:23:196:28 | target | stdlib.go:199:3:199:8 | target | provenance | | | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:196:23:196:28 | implicit dereference | provenance | Config | | stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:198:23:198:28 | target | provenance | | -| stdlib.go:196:23:196:28 | target [postupdate] | stdlib.go:199:3:199:8 | target | provenance | | | stdlib.go:198:23:198:28 | target | stdlib.go:198:23:198:42 | call to EscapedPath | provenance | Config Sink:MaD:1 | -| stdlib.go:199:3:199:8 | implicit dereference | stdlib.go:199:3:199:8 | target [postupdate] | provenance | Config | -| stdlib.go:199:3:199:8 | target | stdlib.go:199:3:199:8 | implicit dereference | provenance | Config | -| stdlib.go:199:3:199:8 | target | stdlib.go:201:23:201:28 | target | provenance | | -| stdlib.go:199:3:199:8 | target [postupdate] | stdlib.go:199:3:199:8 | implicit dereference | provenance | Config | -| stdlib.go:199:3:199:8 | target [postupdate] | stdlib.go:201:23:201:28 | target | provenance | | -| stdlib.go:201:23:201:28 | implicit dereference | stdlib.go:201:23:201:28 | target [postupdate] | provenance | Config | -| stdlib.go:201:23:201:28 | implicit dereference | stdlib.go:201:23:201:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:201:23:201:28 | target | stdlib.go:201:23:201:28 | implicit dereference | provenance | Config | -| stdlib.go:201:23:201:28 | target | stdlib.go:201:23:201:33 | selection of Path | provenance | Config Sink:MaD:1 | -| stdlib.go:201:23:201:28 | target | stdlib.go:203:23:203:28 | target | provenance | | -| stdlib.go:201:23:201:28 | target [postupdate] | stdlib.go:201:23:201:28 | implicit dereference | provenance | Config | -| stdlib.go:201:23:201:28 | target [postupdate] | stdlib.go:203:23:203:28 | target | provenance | | -| stdlib.go:203:23:203:28 | target | stdlib.go:203:23:203:37 | call to String | provenance | Config Sink:MaD:1 | -| stdlib.go:210:3:210:3 | implicit dereference | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config | | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] | provenance | Config | | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | provenance | | -| stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:210:3:210:3 | implicit dereference | provenance | Config | | stdlib.go:210:3:210:3 | u [postupdate] | stdlib.go:212:23:212:23 | u | provenance | | | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | stdlib.go:212:23:212:23 | u [pointer] | provenance | | | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config | @@ -155,16 +136,6 @@ nodes | stdlib.go:196:23:196:33 | selection of Path | semmle.label | selection of Path | | stdlib.go:198:23:198:28 | target | semmle.label | target | | stdlib.go:198:23:198:42 | call to EscapedPath | semmle.label | call to EscapedPath | -| stdlib.go:199:3:199:8 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:199:3:199:8 | target | semmle.label | target | -| stdlib.go:199:3:199:8 | target [postupdate] | semmle.label | target [postupdate] | -| stdlib.go:201:23:201:28 | implicit dereference | semmle.label | implicit dereference | -| stdlib.go:201:23:201:28 | target | semmle.label | target | -| stdlib.go:201:23:201:28 | target [postupdate] | semmle.label | target [postupdate] | -| stdlib.go:201:23:201:33 | selection of Path | semmle.label | selection of Path | -| stdlib.go:203:23:203:28 | target | semmle.label | target | -| stdlib.go:203:23:203:37 | call to String | semmle.label | call to String | -| stdlib.go:210:3:210:3 | implicit dereference | semmle.label | implicit dereference | | stdlib.go:210:3:210:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | | stdlib.go:210:3:210:3 | u [postupdate] | semmle.label | u [postupdate] | | stdlib.go:210:3:210:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] | @@ -177,6 +148,3 @@ nodes | stdlib.go:214:23:214:23 | u | semmle.label | u | | stdlib.go:214:23:214:32 | call to String | semmle.label | call to String | subpaths -testFailures -| stdlib.go:201:23:201:33 | selection of Path | Fixed missing result: Alert | -| stdlib.go:203:23:203:37 | call to String | Unexpected result: Alert | From 489b8431eaddb900b5316868054d04ae48fc2437 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 16:59:32 +0100 Subject: [PATCH 183/307] Add and use `WriteNode.writesFieldPreUpdate` --- .../go/controlflow/ControlFlowGraph.qll | 25 ++++++++++---- .../go/dataflow/internal/FlowSummaryImpl.qll | 13 ++------ go/ql/lib/semmle/go/frameworks/GinCors.qll | 33 +++++-------------- go/ql/lib/semmle/go/frameworks/RsCors.qll | 33 +++++-------------- go/ql/src/RedundantCode/DeadStoreOfField.ql | 5 ++- go/ql/src/Security/CWE-327/InsecureTLS.ql | 12 ++----- .../src/experimental/CWE-1004/AuthCookie.qll | 9 ++--- 7 files changed, 45 insertions(+), 85 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index 7d38fbe934db..e66feeadaac3 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -134,17 +134,17 @@ module ControlFlow { /** * Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to - * `rhs`. + * `rhs`, where `base` represents the post-update value. * * For example, for the assignment `x.width = newWidth`, `base` is the post-update node of * either the data-flow node corresponding to `x` or (if `x` is a pointer) the data-flow node * corresponding to the implicit dereference `*x`, `f` is the field referenced by `width`, and * `rhs` is the data-flow node corresponding to `newWidth`. If this `WriteNode` is a struct - * initialization then there is no need for a post-update node and `base` is the struct literal - * being initialized. + * initialization then there is no post-update node and `base` is the struct literal being + * initialized. */ predicate writesField(DataFlow::Node base, Field f, DataFlow::Node rhs) { - exists(DataFlow::Node b | this.writesFieldInsn(b.asInstruction(), f, rhs.asInstruction()) | + exists(DataFlow::Node b | this.writesFieldPreUpdate(b, f, rhs) | this.isInitialization() and base = b or not this.isInitialization() and @@ -152,13 +152,24 @@ module ControlFlow { ) } + /** + * Holds if this node sets the value of field `f` on `base` (or its implicit dereference) to + * `rhs`, where `base` represents the pre-update value. + * + * For example, for the assignment `x.width = newWidth`, `base` is either the data-flow node + * corresponding to `x` or (if `x` is a pointer) the data-flow node corresponding to the + * implicit dereference `*x`, `f` is the field referenced by `width`, and `rhs` is the + * data-flow node corresponding to `newWidth`. + */ + predicate writesFieldPreUpdate(DataFlow::Node base, Field f, DataFlow::Node rhs) { + this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction()) + } + /** * Holds if this node sets the value of field `f` on `v` to `rhs`. */ predicate writesFieldOnSsaWithFields(SsaWithFields v, Field f, DataFlow::Node rhs) { - exists(IR::Instruction insn | this.writesFieldInsn(insn, f, rhs.asInstruction()) | - v.getAUse().asInstruction() = insn - ) + this.writesFieldPreUpdate(v.getAUse(), f, rhs) } private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index a7dfbab15c2b..f12c9e6eeb1b 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -437,20 +437,13 @@ module SourceSinkInterpretationInput implements mid.asCallable() = getNodeEnclosingCallable(ret) ) or - exists( - SourceOrSinkElement e, DataFlow::Write fw, DataFlow::Node base, DataFlow::Node qual, Field f - | + exists(SourceOrSinkElement e, DataFlow::Write fw, DataFlow::Node base, Field f | e = mid.asElement() and f = e.asFieldEntity() | c = "" and - fw.writesField(base, f, node.asNode()) and - pragma[only_bind_into](e) = getElementWithQualifier(f, qual) and - ( - qual = base.(PostUpdateNode).getPreUpdateNode() - or - not base instanceof PostUpdateNode and qual = base - ) + fw.writesFieldPreUpdate(base, f, node.asNode()) and + pragma[only_bind_into](e) = getElementWithQualifier(f, base) ) or // A package-scope (or universe-scope) variable diff --git a/go/ql/lib/semmle/go/frameworks/GinCors.qll b/go/ql/lib/semmle/go/frameworks/GinCors.qll index a26ab2eaa126..cc993ea4dee3 100644 --- a/go/ql/lib/semmle/go/frameworks/GinCors.qll +++ b/go/ql/lib/semmle/go/frameworks/GinCors.qll @@ -25,15 +25,10 @@ module GinCors { DataFlow::Node base; AllowCredentialsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowCredentials") and - w.writesField(n, f, this) and - this.getType() instanceof BoolType and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.getType() instanceof BoolType ) } @@ -64,15 +59,10 @@ module GinCors { DataFlow::Node base; AllowOriginsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowOrigins") and - w.writesField(n, f, this) and - this.asExpr() instanceof SliceLit and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.asExpr() instanceof SliceLit ) } @@ -103,15 +93,10 @@ module GinCors { DataFlow::Node base; AllowAllOriginsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Config", "AllowAllOrigins") and - w.writesField(n, f, this) and - this.getType() instanceof BoolType and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.getType() instanceof BoolType ) } diff --git a/go/ql/lib/semmle/go/frameworks/RsCors.qll b/go/ql/lib/semmle/go/frameworks/RsCors.qll index aa49df3c4323..52b4a7fe6d03 100644 --- a/go/ql/lib/semmle/go/frameworks/RsCors.qll +++ b/go/ql/lib/semmle/go/frameworks/RsCors.qll @@ -52,15 +52,10 @@ module RsCors { DataFlow::Node base; AllowCredentialsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowCredentials") and - w.writesField(n, f, this) and - this.getType() instanceof BoolType and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.getType() instanceof BoolType ) } @@ -85,15 +80,10 @@ module RsCors { DataFlow::Node base; AllowOriginsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowedOrigins") and - w.writesField(n, f, this) and - this.asExpr() instanceof SliceLit and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.asExpr() instanceof SliceLit ) } @@ -121,15 +111,10 @@ module RsCors { DataFlow::Node base; AllowAllOriginsWrite() { - exists(Field f, Write w, DataFlow::Node n | + exists(Field f, Write w | f.hasQualifiedName(packagePath(), "Options", "AllowAllOrigins") and - w.writesField(n, f, this) and - this.getType() instanceof BoolType and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + w.writesFieldPreUpdate(base, f, this) and + this.getType() instanceof BoolType ) } diff --git a/go/ql/src/RedundantCode/DeadStoreOfField.ql b/go/ql/src/RedundantCode/DeadStoreOfField.ql index 3f757cd8b543..4a971343823b 100644 --- a/go/ql/src/RedundantCode/DeadStoreOfField.ql +++ b/go/ql/src/RedundantCode/DeadStoreOfField.ql @@ -86,11 +86,10 @@ Type getTypeEmbeddedViaPointer(Type t) { result = getEmbeddedType*(getEmbeddedType(getEmbeddedType*(t), true)) } -from Write w, DataFlow::Node base, LocalVariable v, Field f +from Write w, LocalVariable v, Field f where // `w` writes `f` on `v` - w.writesField(base, f, _) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = v.getARead() and + w.writesFieldPreUpdate(v.getARead(), f, _) and // but `f` is never read on `v` not exists(Read r | r.readsField(v.getARead(), f)) and // exclude pointer-typed `v`; there may be reads through an alias diff --git a/go/ql/src/Security/CWE-327/InsecureTLS.ql b/go/ql/src/Security/CWE-327/InsecureTLS.ql index 66e516a85eb5..b5d8a81f3d82 100644 --- a/go/ql/src/Security/CWE-327/InsecureTLS.ql +++ b/go/ql/src/Security/CWE-327/InsecureTLS.ql @@ -65,11 +65,7 @@ module TlsVersionFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", ["MinVersion", "MaxVersion"]) and - exists(DataFlow::Node n | fieldWrite.writesField(n, fld, sink) | - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + fieldWrite.writesFieldPreUpdate(base, fld, sink) } predicate isSource(DataFlow::Node source) { intIsSource(source, _) } @@ -194,11 +190,7 @@ module TlsInsecureCipherSuitesFlowConfig implements DataFlow::ConfigSig { */ additional predicate isSink(DataFlow::Node sink, Field fld, DataFlow::Node base, Write fieldWrite) { fld.hasQualifiedName("crypto/tls", "Config", "CipherSuites") and - exists(DataFlow::Node n | fieldWrite.writesField(n, fld, sink) | - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) + fieldWrite.writesFieldPreUpdate(base, fld, sink) } predicate isSink(DataFlow::Node sink) { isSink(sink, _, _, _) } diff --git a/go/ql/src/experimental/CWE-1004/AuthCookie.qll b/go/ql/src/experimental/CWE-1004/AuthCookie.qll index 2cf8577ac5a5..58c9f8642b3f 100644 --- a/go/ql/src/experimental/CWE-1004/AuthCookie.qll +++ b/go/ql/src/experimental/CWE-1004/AuthCookie.qll @@ -26,14 +26,9 @@ private class GorillaSessionOptionsField extends Field { * This should cover most typical patterns... */ private DataFlow::Node getValueForFieldWrite(StructLit sl, string field) { - exists(Write w, DataFlow::Node base, DataFlow::Node n, Field f | + exists(Write w, DataFlow::Node base, Field f | f.getName() = field and - w.writesField(n, f, result) and - ( - base = n.(DataFlow::PostUpdateNode).getPreUpdateNode() - or - not n instanceof DataFlow::PostUpdateNode and base = n - ) and + w.writesFieldPreUpdate(base, f, result) and ( sl = base.asExpr() or From 2ffb638b7e6bb00ac322d4d31a4b80558489dd53 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 25 Sep 2025 17:09:08 +0100 Subject: [PATCH 184/307] Delete `WriteNode.writesFieldOnSsaWithFields` This can be easily expressed in terms of `WriteNode.writesFieldPreUpdate`. --- go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll | 7 ------- .../semmle/go/security/OpenUrlRedirectCustomizations.qll | 2 +- go/ql/lib/semmle/go/security/RequestForgery.qll | 2 +- go/ql/lib/semmle/go/security/SafeUrlFlow.qll | 2 +- go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql | 4 ++-- go/ql/src/experimental/CWE-918/SSRF.qll | 2 +- 6 files changed, 6 insertions(+), 13 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index e66feeadaac3..9cf9633daa23 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -165,13 +165,6 @@ module ControlFlow { this.writesFieldInsn(base.asInstruction(), f, rhs.asInstruction()) } - /** - * Holds if this node sets the value of field `f` on `v` to `rhs`. - */ - predicate writesFieldOnSsaWithFields(SsaWithFields v, Field f, DataFlow::Node rhs) { - this.writesFieldPreUpdate(v.getAUse(), f, rhs) - } - private predicate writesFieldInsn(IR::Instruction base, Field f, IR::Instruction rhs) { exists(IR::FieldTarget trg | trg = super.getLhs() | ( diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index 6121d716abf5..da5110a2ef55 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -92,7 +92,7 @@ module OpenUrlRedirect { PathAssignmentBarrier() { exists(Write w, SsaWithFields var | hasHostnameSanitizingSubstring(w.getRhs()) and - w.writesFieldOnSsaWithFields(var, any(Field f | f.getName() = "Path"), _) and + w.writesFieldPreUpdate(var.getAUse(), any(Field f | f.getName() = "Path"), _) and useIsDominated(var, w, this) ) } diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index 9497f5280047..0cd86b12abba 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -28,7 +28,7 @@ module RequestForgery { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // propagate to a URL when its host is assigned to exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldOnSsaWithFields(v, f, pred) and + w.writesFieldPreUpdate(v.getAUse(), f, pred) and succ = v.getAUse() ) } diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index a1f5ad7051bc..d88c2c852aef 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -24,7 +24,7 @@ module SafeUrlFlow { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldOnSsaWithFields(v, f, node1) and + w.writesFieldPreUpdate(v.getAUse(), f, node1) and node2 = v.getAUse() ) } diff --git a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql index f7c35b78d876..87c5a2184b04 100644 --- a/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql +++ b/go/ql/src/Security/CWE-322/InsecureHostKeyCallback.ql @@ -98,8 +98,8 @@ predicate hostCheckReachesSink(Flow::PathNode sink) { Flow::flowPath(source, otherSink) and Config::writeIsSink(sink.getNode(), sinkWrite) and Config::writeIsSink(otherSink.getNode(), otherSinkWrite) and - sinkWrite.writesFieldOnSsaWithFields(sinkAccessPath, _, sink.getNode()) and - otherSinkWrite.writesFieldOnSsaWithFields(otherSinkAccessPath, _, otherSink.getNode()) and + sinkWrite.writesFieldPreUpdate(sinkAccessPath.getAUse(), _, sink.getNode()) and + otherSinkWrite.writesFieldPreUpdate(otherSinkAccessPath.getAUse(), _, otherSink.getNode()) and otherSinkAccessPath = sinkAccessPath.similar() ) ) diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index 0879534d6663..ae041415dfe3 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -23,7 +23,7 @@ module ServerSideRequestForgery { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldOnSsaWithFields(v, f, node1) and + w.writesFieldPreUpdate(v.getAUse(), f, node1) and node2 = v.getAUse() ) } From 6fcd35885e21bb58afebe218e85df1fdc104a98f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 26 Sep 2025 15:27:58 +0100 Subject: [PATCH 185/307] Fix pointer content store step for write to field of pointer dereference --- go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll index 3f2efd3b492d..94609d1c1113 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll @@ -164,15 +164,17 @@ predicate jumpStep(Node n1, Node n2) { */ predicate storeStep(Node node1, ContentSet cs, Node node2) { exists(Content c | cs.asOneContent() = c | - // a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of `(*p)`, - // which in turn flows into the pointer content of `p` + // a write `(*p).f = rhs` is modeled as two store steps: `rhs` is flows into field `f` of the + // post-update node of `(*p)`, which in turn flows into the pointer content of the post-update + // node of `p` exists(Write w, Field f, DataFlow::Node base, DataFlow::Node rhs | w.writesField(base, f, rhs) | node1 = rhs and node2 = base and c = any(DataFlow::FieldContent fc | fc.getField() = f) or node1 = base and - node2.(PostUpdateNode).getPreUpdateNode() = node1.(PointerDereferenceNode).getOperand() and + node2.(PostUpdateNode).getPreUpdateNode() = + node1.(PostUpdateNode).getPreUpdateNode().(PointerDereferenceNode).getOperand() and c = any(DataFlow::PointerContent pc | pc.getPointerType() = node2.getType()) ) or From 59e3c14a5e3f5ebc005c4bc21fbd4c54e0108211 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 29 Sep 2025 17:20:11 +0100 Subject: [PATCH 186/307] Add and use `WriteNode.writesElementPreUpdate` --- .../go/controlflow/ControlFlowGraph.qll | 19 ++++++++++++++++--- .../semmle/go/frameworks/stdlib/NetHttp.qll | 8 +------- 2 files changed, 17 insertions(+), 10 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index 9cf9633daa23..df9a025915e1 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -188,9 +188,7 @@ module ControlFlow { * initialized. */ predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { - exists(DataFlow::Node b | - this.writesElementInsn(b.asInstruction(), index.asInstruction(), rhs.asInstruction()) - | + exists(DataFlow::Node b | this.writesElementPreUpdate(b, index, rhs) | this.isInitialization() and base = b or not this.isInitialization() and @@ -198,6 +196,21 @@ module ControlFlow { ) } + /** + * Holds if this node sets the value of element `index` on `base` (or its implicit dereference) + * to `rhs`. + * + * For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow + * node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index` + * is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to + * `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then + * there is no need for a post-update node and `base` is the array/slice/map literal being + * initialized. + */ + predicate writesElementPreUpdate(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { + this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction()) + } + private predicate writesElementInsn( IR::Instruction base, IR::Instruction index, IR::Instruction rhs ) { diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll index 0ba122006e69..88c9605502f6 100644 --- a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll +++ b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll @@ -52,13 +52,7 @@ module NetHttp { MapWrite() { this.getType().hasQualifiedName("net/http", "Header") and - exists(Write write, DataFlow::Node base | - write.writesElement(base, index, rhs) and - // The following line works because `Http::HeaderWrite::Range` extends - // `DataFlow::ExprNode`, which is incompatible with - // `DataFlow::PostUpdateNode`. - this = [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] - ) + any(Write write).writesElementPreUpdate(this, index, rhs) } override DataFlow::Node getName() { result = index } From 8a21a4ff924b55dc3b132a39e095d8cd52a6d747 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 29 Sep 2025 17:22:01 +0100 Subject: [PATCH 187/307] Deprecate `WriteNode.writesComponent` --- go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll | 4 +++- go/ql/lib/semmle/go/frameworks/Protobuf.qll | 9 +++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index df9a025915e1..d527a650b9d4 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -225,9 +225,11 @@ module ControlFlow { } /** + * DEPRECATED: Use the disjunct of `writesElement` and `writesField` instead. + * * Holds if this node sets any field or element of `base` to `rhs`. */ - predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { + deprecated predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { this.writesElement(base, _, rhs) or this.writesField(base, _, rhs) } diff --git a/go/ql/lib/semmle/go/frameworks/Protobuf.qll b/go/ql/lib/semmle/go/frameworks/Protobuf.qll index 4103815e7d22..62443eb46af7 100644 --- a/go/ql/lib/semmle/go/frameworks/Protobuf.qll +++ b/go/ql/lib/semmle/go/frameworks/Protobuf.qll @@ -141,13 +141,10 @@ module Protobuf { private class WriteMessageFieldStep extends TaintTracking::AdditionalTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { [succ.getType(), succ.getType().getPointerType()] instanceof MessageType and - exists(DataFlow::Node n, DataFlow::ReadNode base | - succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base) + exists(DataFlow::Write w, DataFlow::ReadNode base | + w.writesElementPreUpdate(base, _, pred) or w.writesFieldPreUpdate(base, _, pred) | - any(DataFlow::Write w).writesComponent(n, pred) and - // The below line only works because `base`'s type, `DataFlow::ReadNode`, - // is incompatible with `DataFlow::PostUpdateNode`. - base = [n, n.(DataFlow::PostUpdateNode).getPreUpdateNode()] + succ.(DataFlow::PostUpdateNode).getPreUpdateNode() = getUnderlyingNode(base) ) } } From 92dac0341cb78428e62c3bc293d86a646edd8a8e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 1 Oct 2025 11:13:37 -0400 Subject: [PATCH 188/307] Crypto: Adding necessary model interfaces for MacOperationCall in JCA. --- java/ql/lib/experimental/quantum/JCA.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index f6f5ba71ec2a..bfe1786b8d4a 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1581,6 +1581,18 @@ module JCAModel { result.asExpr() = super.getArgument(0) and super.getMethod().getParameterType(0).hasName("byte[]") } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { result.asExpr() = output } + + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { none() } + + override predicate hasHashAlgorithmConsumer() { none() } + + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { + result instanceof Crypto::TMacMode + } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { none() } } /* From 620ae33e0c53bdee1cbeda7131e0c8dc6ffcfa75 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 16:33:56 +0100 Subject: [PATCH 189/307] Make SafeUrlFlow test more comprehensive (failing) --- .../security/SafeUrlFlow/SafeUrlFlow.expected | 51 +++++++++++-------- .../go/security/SafeUrlFlow/SafeUrlFlow.go | 8 +-- 2 files changed, 32 insertions(+), 27 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected index 79e0c9145fe9..7182e118ff1c 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -16,17 +16,19 @@ | SafeUrlFlow.go:70:39:70:54 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | | SafeUrlFlow.go:74:70:74:85 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | | SafeUrlFlow.go:78:40:78:55 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | -| SafeUrlFlow.go:89:24:89:41 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:89:24:89:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | -| SafeUrlFlow.go:109:11:109:23 | reconstructed | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | -| SafeUrlFlow.go:112:24:112:50 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | -| SafeUrlFlow.go:113:29:113:58 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | -| SafeUrlFlow.go:114:12:114:42 | ...+... | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | -| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:100:13:100:19 | selection of URL | here | +| SafeUrlFlow.go:92:11:92:28 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:92:11:92:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | +| SafeUrlFlow.go:105:11:105:23 | reconstructed | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:108:24:108:50 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:109:29:109:58 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:110:12:110:42 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | +| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | edges | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:11:24:11:50 | ...+... | provenance | Sink:MaD:1 | | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:17:19:17:26 | safeHost | provenance | | | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | safeURL | provenance | Src:MaD:2 | | SafeUrlFlow.go:14:29:14:35 | safeURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:17:2:17:10 | targetURL | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | | +| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:17:2:17:10 | targetURL | provenance | Config | | SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | | SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | @@ -55,13 +57,15 @@ edges | SafeUrlFlow.go:74:70:74:76 | safeURL | SafeUrlFlow.go:74:70:74:85 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:78:40:78:46 | safeURL | SafeUrlFlow.go:78:40:78:55 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:87:19:87:26 | safeHost | provenance | | -| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | Config | -| SafeUrlFlow.go:89:24:89:32 | targetURL | SafeUrlFlow.go:89:24:89:41 | call to String | provenance | MaD:3 Sink:MaD:1 | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:109:11:109:23 | reconstructed | provenance | Src:MaD:2 | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:112:24:112:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:113:29:113:58 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:114:12:114:42 | ...+... | provenance | Src:MaD:2 | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | provenance | Src:MaD:2 | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:91:2:91:10 | targetURL | provenance | Config | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:92:11:92:19 | targetURL | provenance | Config | +| SafeUrlFlow.go:91:2:91:10 | targetURL | SafeUrlFlow.go:92:11:92:19 | targetURL | provenance | | +| SafeUrlFlow.go:92:11:92:19 | targetURL | SafeUrlFlow.go:92:11:92:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:110:12:110:42 | ...+... | provenance | Src:MaD:2 | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | provenance | Src:MaD:2 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; URL; ; ; ; remote; manual | @@ -72,6 +76,7 @@ nodes | SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL | | SafeUrlFlow.go:14:29:14:35 | safeURL | semmle.label | safeURL | | SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:17:2:17:10 | targetURL | semmle.label | targetURL | | SafeUrlFlow.go:17:19:17:26 | safeHost | semmle.label | safeHost | | SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | | SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | @@ -104,12 +109,16 @@ nodes | SafeUrlFlow.go:78:40:78:55 | call to String | semmle.label | call to String | | SafeUrlFlow.go:84:14:84:21 | selection of Host | semmle.label | selection of Host | | SafeUrlFlow.go:87:19:87:26 | safeHost | semmle.label | safeHost | -| SafeUrlFlow.go:89:24:89:32 | targetURL | semmle.label | targetURL | -| SafeUrlFlow.go:89:24:89:41 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:100:13:100:19 | selection of URL | semmle.label | selection of URL | -| SafeUrlFlow.go:109:11:109:23 | reconstructed | semmle.label | reconstructed | -| SafeUrlFlow.go:112:24:112:50 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:113:29:113:58 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:114:12:114:42 | ...+... | semmle.label | ...+... | -| SafeUrlFlow.go:115:12:115:25 | safeOpaquePart | semmle.label | safeOpaquePart | +| SafeUrlFlow.go:91:2:91:10 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:92:11:92:19 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:92:11:92:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:96:13:96:19 | selection of URL | semmle.label | selection of URL | +| SafeUrlFlow.go:105:11:105:23 | reconstructed | semmle.label | reconstructed | +| SafeUrlFlow.go:108:24:108:50 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:109:29:109:58 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:110:12:110:42 | ...+... | semmle.label | ...+... | +| SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | semmle.label | safeOpaquePart | subpaths +testFailures +| SafeUrlFlow.go:89:62:89:71 | comment | Missing result: Alert | +| SafeUrlFlow.go:92:11:92:28 | call to String | Unexpected result: Alert | diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go index 9a1b2e5677ef..4718b9738442 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.go @@ -87,13 +87,9 @@ func testHostFieldAssignmentFlow(w http.ResponseWriter, req *http.Request) { targetURL.Host = safeHost // URL is safe if Host is safe http.Redirect(w, req, targetURL.String(), http.StatusFound) // $ Alert -} - -func testHostFieldOverwritten(w http.ResponseWriter, req *http.Request) { - safeURL := req.URL - safeURL.Host = "something.else.com" // safeURL is not guaranteed to be safe now that Host is overwritten - http.Get(safeURL.String()) // not guaranteed to be safe + targetURL.Host = "something.else.com" // targetURL is not guaranteed to be safe now that Host is overwritten + http.Get(targetURL.String()) } func testFieldAccess(w http.ResponseWriter, req *http.Request) { From 6e4dbe8e223336c4a24685225d7db745b457354e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 30 Sep 2025 21:07:12 +0100 Subject: [PATCH 190/307] Fix SafeUrlFlow so test passes --- go/ql/lib/semmle/go/security/SafeUrlFlow.qll | 17 ++++++----- .../security/SafeUrlFlow/SafeUrlFlow.expected | 28 +++++++++---------- 2 files changed, 23 insertions(+), 22 deletions(-) diff --git a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll index d88c2c852aef..7144614c3052 100644 --- a/go/ql/lib/semmle/go/security/SafeUrlFlow.qll +++ b/go/ql/lib/semmle/go/security/SafeUrlFlow.qll @@ -22,18 +22,21 @@ module SafeUrlFlow { predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { - // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldPreUpdate(v.getAUse(), f, node1) and - node2 = v.getAUse() + // propagate taint to the post-update node of a URL when its host is + // assigned to + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(node2, f, node1) ) } predicate isBarrierOut(DataFlow::Node node) { // block propagation of this safe value when its host is overwritten - exists(Write w, DataFlow::Node base, Field f | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesField(base, f, _) and - [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()] = node.getASuccessor() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + // We sanitize the pre-update node to block flow from previous value. + // This fits in with the additional flow step above propagating taint + // from the value written to the Host field to the post-update node of + // the URL. + w.writesFieldPreUpdate(node, f, _) ) or node instanceof SanitizerEdge diff --git a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected index 7182e118ff1c..c2f82841d83c 100644 --- a/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected +++ b/go/ql/test/library-tests/semmle/go/security/SafeUrlFlow/SafeUrlFlow.expected @@ -16,7 +16,7 @@ | SafeUrlFlow.go:70:39:70:54 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:70:39:70:54 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | | SafeUrlFlow.go:74:70:74:85 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:74:70:74:85 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | | SafeUrlFlow.go:78:40:78:55 | call to String | SafeUrlFlow.go:54:13:54:19 | selection of URL | SafeUrlFlow.go:78:40:78:55 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:54:13:54:19 | selection of URL | here | -| SafeUrlFlow.go:92:11:92:28 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:92:11:92:28 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | +| SafeUrlFlow.go:89:24:89:41 | call to String | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:89:24:89:41 | call to String | A safe URL flows here from $@. | SafeUrlFlow.go:84:14:84:21 | selection of Host | here | | SafeUrlFlow.go:105:11:105:23 | reconstructed | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | | SafeUrlFlow.go:108:24:108:50 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | | SafeUrlFlow.go:109:29:109:58 | ...+... | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | A safe URL flows here from $@. | SafeUrlFlow.go:96:13:96:19 | selection of URL | here | @@ -27,9 +27,8 @@ edges | SafeUrlFlow.go:10:14:10:21 | selection of Host | SafeUrlFlow.go:17:19:17:26 | safeHost | provenance | | | SafeUrlFlow.go:13:13:13:19 | selection of URL | SafeUrlFlow.go:14:29:14:35 | safeURL | provenance | Src:MaD:2 | | SafeUrlFlow.go:14:29:14:35 | safeURL | SafeUrlFlow.go:14:29:14:44 | call to String | provenance | MaD:3 | -| SafeUrlFlow.go:17:2:17:10 | targetURL | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | | -| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:17:2:17:10 | targetURL | provenance | Config | -| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | Config | +| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | SafeUrlFlow.go:18:11:18:19 | targetURL | provenance | | +| SafeUrlFlow.go:17:19:17:26 | safeHost | SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | provenance | Config | | SafeUrlFlow.go:18:11:18:19 | targetURL | SafeUrlFlow.go:18:11:18:28 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:45:24:45:61 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | | SafeUrlFlow.go:37:13:37:19 | selection of URL | SafeUrlFlow.go:46:29:46:55 | ...+... | provenance | Src:MaD:2 | @@ -57,10 +56,11 @@ edges | SafeUrlFlow.go:74:70:74:76 | safeURL | SafeUrlFlow.go:74:70:74:85 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:78:40:78:46 | safeURL | SafeUrlFlow.go:78:40:78:55 | call to String | provenance | MaD:3 | | SafeUrlFlow.go:84:14:84:21 | selection of Host | SafeUrlFlow.go:87:19:87:26 | safeHost | provenance | | -| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:91:2:91:10 | targetURL | provenance | Config | -| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:92:11:92:19 | targetURL | provenance | Config | -| SafeUrlFlow.go:91:2:91:10 | targetURL | SafeUrlFlow.go:92:11:92:19 | targetURL | provenance | | -| SafeUrlFlow.go:92:11:92:19 | targetURL | SafeUrlFlow.go:92:11:92:28 | call to String | provenance | MaD:3 | +| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | | +| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | SafeUrlFlow.go:89:24:89:32 | targetURL | provenance | | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | provenance | Config | +| SafeUrlFlow.go:87:19:87:26 | safeHost | SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | provenance | Config | +| SafeUrlFlow.go:89:24:89:32 | targetURL | SafeUrlFlow.go:89:24:89:41 | call to String | provenance | MaD:3 Sink:MaD:1 | | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:105:11:105:23 | reconstructed | provenance | Src:MaD:2 | | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:108:24:108:50 | ...+... | provenance | Src:MaD:2 Sink:MaD:1 | | SafeUrlFlow.go:96:13:96:19 | selection of URL | SafeUrlFlow.go:109:29:109:58 | ...+... | provenance | Src:MaD:2 | @@ -76,7 +76,7 @@ nodes | SafeUrlFlow.go:13:13:13:19 | selection of URL | semmle.label | selection of URL | | SafeUrlFlow.go:14:29:14:35 | safeURL | semmle.label | safeURL | | SafeUrlFlow.go:14:29:14:44 | call to String | semmle.label | call to String | -| SafeUrlFlow.go:17:2:17:10 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:17:2:17:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] | | SafeUrlFlow.go:17:19:17:26 | safeHost | semmle.label | safeHost | | SafeUrlFlow.go:18:11:18:19 | targetURL | semmle.label | targetURL | | SafeUrlFlow.go:18:11:18:28 | call to String | semmle.label | call to String | @@ -108,10 +108,11 @@ nodes | SafeUrlFlow.go:78:40:78:46 | safeURL | semmle.label | safeURL | | SafeUrlFlow.go:78:40:78:55 | call to String | semmle.label | call to String | | SafeUrlFlow.go:84:14:84:21 | selection of Host | semmle.label | selection of Host | +| SafeUrlFlow.go:87:2:87:10 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| SafeUrlFlow.go:87:2:87:10 | targetURL [postupdate] | semmle.label | targetURL [postupdate] | | SafeUrlFlow.go:87:19:87:26 | safeHost | semmle.label | safeHost | -| SafeUrlFlow.go:91:2:91:10 | targetURL | semmle.label | targetURL | -| SafeUrlFlow.go:92:11:92:19 | targetURL | semmle.label | targetURL | -| SafeUrlFlow.go:92:11:92:28 | call to String | semmle.label | call to String | +| SafeUrlFlow.go:89:24:89:32 | targetURL | semmle.label | targetURL | +| SafeUrlFlow.go:89:24:89:41 | call to String | semmle.label | call to String | | SafeUrlFlow.go:96:13:96:19 | selection of URL | semmle.label | selection of URL | | SafeUrlFlow.go:105:11:105:23 | reconstructed | semmle.label | reconstructed | | SafeUrlFlow.go:108:24:108:50 | ...+... | semmle.label | ...+... | @@ -119,6 +120,3 @@ nodes | SafeUrlFlow.go:110:12:110:42 | ...+... | semmle.label | ...+... | | SafeUrlFlow.go:111:12:111:25 | safeOpaquePart | semmle.label | safeOpaquePart | subpaths -testFailures -| SafeUrlFlow.go:89:62:89:71 | comment | Missing result: Alert | -| SafeUrlFlow.go:92:11:92:28 | call to String | Unexpected result: Alert | From 8160ef6e8127f117cba6df2d5c67d8daeb7e02e4 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 13:46:51 +0100 Subject: [PATCH 191/307] update annotation docs to reference signatures --- docs/codeql/ql-language-reference/annotations.rst | 9 ++++++--- docs/codeql/ql-language-reference/signatures.rst | 12 ++++++++++++ 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index cffbbf73c71a..a177f71d5007 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -126,7 +126,7 @@ body must also be annotated with ``cached``, otherwise a compiler error is repor ``deprecated`` ============== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases| +**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``deprecated`` annotation is applied to names that are outdated and scheduled for removal in a future release of QL. @@ -235,7 +235,7 @@ warning. ``private`` =========== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases| +**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``private`` annotation is used to prevent names from being exported. @@ -461,7 +461,7 @@ For more information, see ":ref:`monotonic-aggregates`." Binding sets ============ -**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates| +**Available for**: |classes|, |characteristic predicates|, |member predicates|, |non-member predicates|, |predicate signatures|, |type signatures| ``bindingset[...]`` ------------------- @@ -491,3 +491,6 @@ The ``bindingset`` annotation takes a comma-separated list of variables. .. |type-aliases| replace:: :ref:`type aliases ` .. |algebraic datatypes| replace:: :ref:`algebraic datatypes ` .. |expressions| replace:: :ref:`expressions ` +.. |signatures| replace:: :ref:`signatures ` +.. |predicate signatures| replace:: :ref:`predicate signatures ` +.. |type signatures| replace:: :ref:`type signatures ` diff --git a/docs/codeql/ql-language-reference/signatures.rst b/docs/codeql/ql-language-reference/signatures.rst index e80c54c47e41..f0fb8c03d7f5 100644 --- a/docs/codeql/ql-language-reference/signatures.rst +++ b/docs/codeql/ql-language-reference/signatures.rst @@ -10,6 +10,10 @@ Signatures Parameterized modules use signatures as a type system for their parameters. There are three categories of signatures: **predicate signatures**, **type signatures**, and **module signatures**. +.. index:: predicate signature + +.. _predicate-signatures: + Predicate signatures ==================== @@ -36,6 +40,10 @@ For example: signature int operator(int lhs, int rhs); +.. index:: type signature + +.. _type-signatures: + Type signatures =============== @@ -66,6 +74,10 @@ For example: string toString(); } +.. index:: module signature + +.. _module-signatures: + Module signatures ================= From 7893768cb27bd6acdc95c962eac7059e33dd8604 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 13:48:46 +0100 Subject: [PATCH 192/307] update annotation docs to reference type unions --- docs/codeql/ql-language-reference/annotations.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index a177f71d5007..7bcc85356895 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -103,7 +103,7 @@ own body, or they must inherit from another class that overrides ``isSource``: ``cached`` ========== -**Available for**: |classes|, |algebraic datatypes|, |characteristic predicates|, |member predicates|, |non-member predicates|, |modules| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |characteristic predicates|, |member predicates|, |non-member predicates|, |modules| The ``cached`` annotation indicates that an entity should be evaluated in its entirety and stored in the evaluation cache. All later references to this entity will use the @@ -126,7 +126,7 @@ body must also be annotated with ``cached``, otherwise a compiler error is repor ``deprecated`` ============== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``deprecated`` annotation is applied to names that are outdated and scheduled for removal in a future release of QL. @@ -235,7 +235,7 @@ warning. ``private`` =========== -**Available for**: |classes|, |algebraic datatypes|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |member predicates|, |non-member predicates|, |imports|, |fields|, |modules|, |aliases|, |signatures| The ``private`` annotation is used to prevent names from being exported. @@ -490,6 +490,7 @@ The ``bindingset`` annotation takes a comma-separated list of variables. .. |aliases| replace:: :ref:`aliases ` .. |type-aliases| replace:: :ref:`type aliases ` .. |algebraic datatypes| replace:: :ref:`algebraic datatypes ` +.. |type unions| replace:: :ref:`type unions ` .. |expressions| replace:: :ref:`expressions ` .. |signatures| replace:: :ref:`signatures ` .. |predicate signatures| replace:: :ref:`predicate signatures ` From 8b04d0a2b9f7e41836475e51def398ede92a4f78 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 10:06:12 +0100 Subject: [PATCH 193/307] Convert SSRF tests to inline expectations tests --- go/ql/test/experimental/CWE-918/SSRF.qlref | 4 +- go/ql/test/experimental/CWE-918/builtin.go | 22 +++++------ go/ql/test/experimental/CWE-918/new-tests.go | 40 ++++++++++---------- 3 files changed, 34 insertions(+), 32 deletions(-) diff --git a/go/ql/test/experimental/CWE-918/SSRF.qlref b/go/ql/test/experimental/CWE-918/SSRF.qlref index 7cba541836f7..d68094fa2a04 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.qlref +++ b/go/ql/test/experimental/CWE-918/SSRF.qlref @@ -1,2 +1,4 @@ query: experimental/CWE-918/SSRF.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/go/ql/test/experimental/CWE-918/builtin.go b/go/ql/test/experimental/CWE-918/builtin.go index 5c65bc9d3ded..463f4b3d09b9 100644 --- a/go/ql/test/experimental/CWE-918/builtin.go +++ b/go/ql/test/experimental/CWE-918/builtin.go @@ -16,10 +16,10 @@ import ( ) func handler(w http.ResponseWriter, req *http.Request) { - target := req.FormValue("target") + target := req.FormValue("target") // $ Source // BAD: `target` is controlled by the attacker - _, err := http.Get("https://" + target + ".example.com/data/") + _, err := http.Get("https://" + target + ".example.com/data/") // $ Alert if err != nil { // error handling } @@ -80,12 +80,12 @@ func test() { // x net websocket dial bad http.HandleFunc("/ex2", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source origin := "http://localhost/" // bad as input is directly passed to dial function - ws, _ := websocket.Dial(untrustedInput, "", origin) // SSRF + ws, _ := websocket.Dial(untrustedInput, "", origin) // $ Alert var msg = make([]byte, 512) var n int n, _ = ws.Read(msg) @@ -94,12 +94,12 @@ func test() { // x net websocket dialConfig bad http.HandleFunc("/ex3", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source origin := "http://localhost/" // bad as input is directly used - config, _ := websocket.NewConfig(untrustedInput, origin) // SSRF - ws2, _ := websocket.DialConfig(config) + config, _ := websocket.NewConfig(untrustedInput, origin) // $ Sink + ws2, _ := websocket.DialConfig(config) // $ Alert var msg = make([]byte, 512) var n int n, _ = ws2.Read(msg) @@ -108,10 +108,10 @@ func test() { // gorilla websocket Dialer.Dial bad http.HandleFunc("/ex6", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source dialer := gorilla.Dialer{} - dialer.Dial(untrustedInput, r.Header) //SSRF + dialer.Dial(untrustedInput, r.Header) // $ Alert }) // gorilla websocket Dialer.Dial good @@ -126,10 +126,10 @@ func test() { // gorilla websocket Dialer.DialContext bad http.HandleFunc("/ex8", func(w http.ResponseWriter, r *http.Request) { - untrustedInput := r.Referer() + untrustedInput := r.Referer() // $ Source dialer := gorilla.Dialer{} - dialer.DialContext(context.TODO(), untrustedInput, r.Header) //SSRF + dialer.DialContext(context.TODO(), untrustedInput, r.Header) // $ Alert }) // gorilla websocket Dialer.DialContext good diff --git a/go/ql/test/experimental/CWE-918/new-tests.go b/go/ql/test/experimental/CWE-918/new-tests.go index 040bad485968..ddf94daa09e4 100644 --- a/go/ql/test/experimental/CWE-918/new-tests.go +++ b/go/ql/test/experimental/CWE-918/new-tests.go @@ -23,20 +23,20 @@ func HandlerGin(c *gin.Context) { safe string `binding:"alphanum"` } - err := c.ShouldBindJSON(&body) + err := c.ShouldBindJSON(&body) // $ Source http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF - http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert + http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert if err == nil { - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK } - taintedParam := c.Param("id") + taintedParam := c.Param("id") // $ Source validate := validator.New() err = validate.Var(taintedParam, "alpha") @@ -44,10 +44,10 @@ func HandlerGin(c *gin.Context) { http.Get("http://example.com/" + taintedParam) // OK } - http.Get("http://example.com/" + taintedParam) //SSRF + http.Get("http://example.com/" + taintedParam) // $ Alert - taintedQuery := c.Query("id") - http.Get("http://example.com/" + taintedQuery) //SSRF + taintedQuery := c.Query("id") // $ Source + http.Get("http://example.com/" + taintedQuery) // $ Alert } func HandlerHttp(req *http.Request) { @@ -59,41 +59,41 @@ func HandlerHttp(req *http.Request) { word string safe string `validate:"alphanum"` } - reqBody, _ := ioutil.ReadAll(req.Body) + reqBody, _ := ioutil.ReadAll(req.Body) // $ Source json.Unmarshal(reqBody, &body) http.Get(fmt.Sprintf("http://example.com/%d", body.integer)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.float)) // OK http.Get(fmt.Sprintf("http://example.com/%v", body.boolean)) // OK - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF - http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert + http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // $ Alert validate := validator.New() err := validate.Struct(body) if err == nil { - http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // SSRF + http.Get(fmt.Sprintf("http://example.com/%s", body.word)) // $ Alert http.Get(fmt.Sprintf("http://example.com/%s", body.safe)) // OK } - taintedQuery := req.URL.Query().Get("param1") - http.Get("http://example.com/" + taintedQuery) // SSRF + taintedQuery := req.URL.Query().Get("param1") // $ Source + http.Get("http://example.com/" + taintedQuery) // $ Alert - taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/") - http.Get("http://example.com/" + taintedParam) // SSRF + taintedParam := strings.TrimPrefix(req.URL.Path, "/example-path/") // $ Source + http.Get("http://example.com/" + taintedParam) // $ Alert } func HandlerMux(r *http.Request) { - vars := mux.Vars(r) + vars := mux.Vars(r) // $ Source taintedParam := vars["id"] - http.Get("http://example.com/" + taintedParam) // SSRF + http.Get("http://example.com/" + taintedParam) // $ Alert numericID, _ := strconv.Atoi(taintedParam) http.Get(fmt.Sprintf("http://example.com/%d", numericID)) // OK } func HandlerChi(r *http.Request) { - taintedParam := chi.URLParam(r, "articleID") - http.Get("http://example.com/" + taintedParam) // SSRF + taintedParam := chi.URLParam(r, "articleID") // $ Source + http.Get("http://example.com/" + taintedParam) // $ Alert b, _ := strconv.ParseBool(taintedParam) http.Get(fmt.Sprintf("http://example.com/%t", b)) // OK From c9ce2c804314ea4c3c1a7cd380218258180a069c Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 10:18:52 +0100 Subject: [PATCH 194/307] Add test for assignment to Url.Host field --- go/ql/test/experimental/CWE-918/SSRF.expected | 71 +++++++++++-------- go/ql/test/experimental/CWE-918/builtin.go | 14 ++++ 2 files changed, 57 insertions(+), 28 deletions(-) diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index a947101b354f..a14339943d51 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -1,9 +1,10 @@ #select -| builtin.go:22:12:22:63 | call to Get | builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | The URL of this request depends on a user-provided value. | -| builtin.go:88:12:88:53 | call to Dial | builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:102:13:102:40 | call to DialConfig | builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:114:3:114:39 | call to Dial | builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | The URL of this request depends on a user-provided value. | -| builtin.go:132:3:132:62 | call to DialContext | builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:23:12:23:63 | call to Get | builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | The URL of this request depends on a user-provided value. | +| builtin.go:89:12:89:53 | call to Dial | builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:103:13:103:40 | call to DialConfig | builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:115:3:115:39 | call to Dial | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:133:3:133:62 | call to DialContext | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | The URL of this request depends on a user-provided value. | +| builtin.go:156:12:156:33 | call to Get | builtin.go:151:16:151:36 | call to FormValue | builtin.go:156:21:156:32 | call to String | The URL of this request depends on a user-provided value. | | new-tests.go:31:2:31:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:11:31:57 | call to Sprintf | The URL of this request depends on a user-provided value. | | new-tests.go:32:2:32:58 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:11:32:57 | call to Sprintf | The URL of this request depends on a user-provided value. | | new-tests.go:35:3:35:59 | call to Get | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:12:35:58 | call to Sprintf | The URL of this request depends on a user-provided value. | @@ -17,11 +18,18 @@ | new-tests.go:88:2:88:47 | call to Get | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | The URL of this request depends on a user-provided value. | | new-tests.go:96:2:96:47 | call to Get | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | The URL of this request depends on a user-provided value. | edges -| builtin.go:19:12:19:34 | call to FormValue | builtin.go:22:21:22:62 | ...+... | provenance | Src:MaD:7 | -| builtin.go:83:21:83:31 | call to Referer | builtin.go:88:27:88:40 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:97:21:97:31 | call to Referer | builtin.go:101:36:101:49 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:111:21:111:31 | call to Referer | builtin.go:114:15:114:28 | untrustedInput | provenance | Src:MaD:8 | -| builtin.go:129:21:129:31 | call to Referer | builtin.go:132:38:132:51 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:20:12:20:34 | call to FormValue | builtin.go:23:21:23:62 | ...+... | provenance | Src:MaD:7 | +| builtin.go:84:21:84:31 | call to Referer | builtin.go:89:27:89:40 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:98:21:98:31 | call to Referer | builtin.go:102:36:102:49 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8 | +| builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7 | +| builtin.go:154:2:154:4 | implicit dereference | builtin.go:156:21:156:23 | url | provenance | | +| builtin.go:154:2:154:4 | url | builtin.go:154:2:154:4 | implicit dereference | provenance | | +| builtin.go:154:2:154:4 | url | builtin.go:156:21:156:23 | url | provenance | | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference | provenance | Config | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url | provenance | Config | +| builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 | | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:35:49:35:57 | selection of word | provenance | Src:MaD:3 | @@ -37,7 +45,7 @@ edges | new-tests.go:39:18:39:30 | call to Param | new-tests.go:47:11:47:46 | ...+... | provenance | Src:MaD:1 | | new-tests.go:49:18:49:30 | call to Query | new-tests.go:50:11:50:46 | ...+... | provenance | Src:MaD:2 | | new-tests.go:62:2:62:39 | ... := ...[0] | new-tests.go:63:17:63:23 | reqBody | provenance | | -| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:12 | +| new-tests.go:62:31:62:38 | selection of Body | new-tests.go:62:2:62:39 | ... := ...[0] | provenance | Src:MaD:6 MaD:13 | | new-tests.go:63:17:63:23 | reqBody | new-tests.go:63:26:63:30 | &... [postupdate] | provenance | MaD:10 | | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:68:48:68:56 | selection of word | provenance | | | new-tests.go:63:26:63:30 | &... [postupdate] | new-tests.go:69:48:69:56 | selection of safe | provenance | | @@ -51,12 +59,12 @@ edges | new-tests.go:74:12:74:58 | []type{args} [array] | new-tests.go:74:12:74:58 | call to Sprintf | provenance | MaD:11 | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | []type{args} [array] | provenance | | | new-tests.go:74:49:74:57 | selection of word | new-tests.go:74:12:74:58 | call to Sprintf | provenance | FunctionModel | -| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:13 | -| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:14 | +| new-tests.go:78:18:78:24 | selection of URL | new-tests.go:78:18:78:32 | call to Query | provenance | Src:MaD:9 MaD:14 | +| new-tests.go:78:18:78:32 | call to Query | new-tests.go:78:18:78:46 | call to Get | provenance | MaD:15 | | new-tests.go:78:18:78:46 | call to Get | new-tests.go:79:11:79:46 | ...+... | provenance | | | new-tests.go:81:18:81:67 | call to TrimPrefix | new-tests.go:82:11:82:46 | ...+... | provenance | | | new-tests.go:81:37:81:43 | selection of URL | new-tests.go:81:37:81:48 | selection of Path | provenance | Src:MaD:9 | -| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:15 | +| new-tests.go:81:37:81:48 | selection of Path | new-tests.go:81:18:81:67 | call to TrimPrefix | provenance | MaD:16 | | new-tests.go:86:10:86:20 | call to Vars | new-tests.go:88:11:88:46 | ...+... | provenance | Src:MaD:5 | | new-tests.go:95:18:95:45 | call to URLParam | new-tests.go:96:11:96:46 | ...+... | provenance | Src:MaD:4 | models @@ -71,21 +79,28 @@ models | 9 | Source: net/http; Request; true; URL; ; ; ; remote; manual | | 10 | Summary: encoding/json; ; false; Unmarshal; ; ; Argument[0]; Argument[1]; taint; manual | | 11 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | -| 12 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | -| 13 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 14 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | -| 15 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual | +| 12 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 13 | Summary: io/ioutil; ; false; ReadAll; ; ; Argument[0]; ReturnValue[0]; taint; manual | +| 14 | Summary: net/url; URL; true; Query; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 15 | Summary: net/url; Values; true; Get; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 16 | Summary: strings; ; false; TrimPrefix; ; ; Argument[0]; ReturnValue; taint; manual | nodes -| builtin.go:19:12:19:34 | call to FormValue | semmle.label | call to FormValue | -| builtin.go:22:21:22:62 | ...+... | semmle.label | ...+... | -| builtin.go:83:21:83:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:88:27:88:40 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:97:21:97:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:101:36:101:49 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:111:21:111:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:114:15:114:28 | untrustedInput | semmle.label | untrustedInput | -| builtin.go:129:21:129:31 | call to Referer | semmle.label | call to Referer | -| builtin.go:132:38:132:51 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:20:12:20:34 | call to FormValue | semmle.label | call to FormValue | +| builtin.go:23:21:23:62 | ...+... | semmle.label | ...+... | +| builtin.go:84:21:84:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:89:27:89:40 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:98:21:98:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:102:36:102:49 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:112:21:112:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:115:15:115:28 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer | +| builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput | +| builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue | +| builtin.go:154:2:154:4 | implicit dereference | semmle.label | implicit dereference | +| builtin.go:154:2:154:4 | url | semmle.label | url | +| builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost | +| builtin.go:156:21:156:23 | url | semmle.label | url | +| builtin.go:156:21:156:32 | call to String | semmle.label | call to String | | new-tests.go:26:26:26:30 | &... [postupdate] | semmle.label | &... [postupdate] | | new-tests.go:31:11:31:57 | []type{args} [array] | semmle.label | []type{args} [array] | | new-tests.go:31:11:31:57 | call to Sprintf | semmle.label | call to Sprintf | diff --git a/go/ql/test/experimental/CWE-918/builtin.go b/go/ql/test/experimental/CWE-918/builtin.go index 463f4b3d09b9..6c39f24dc471 100644 --- a/go/ql/test/experimental/CWE-918/builtin.go +++ b/go/ql/test/experimental/CWE-918/builtin.go @@ -8,6 +8,7 @@ import ( "fmt" "log" "net/http" + "net/url" "regexp" "strings" @@ -145,3 +146,16 @@ func test() { log.Println(http.ListenAndServe(":80", nil)) } + +func handler2(w http.ResponseWriter, req *http.Request) { + unsafehost := req.FormValue("host") // $ Source + + url, _ := url.Parse("http://example.com/data") + url.Host = unsafehost + // BAD: `target` is controlled by the attacker + _, err := http.Get(url.String()) // $ Alert + if err != nil { + // error handling + } + // process request response +} From bd3bcf981a8d75d54ad08e32b044bcc9c8ae92c7 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 13:33:48 +0100 Subject: [PATCH 195/307] language reference section on 'additional' annotation --- docs/codeql/ql-language-reference/annotations.rst | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index 7bcc85356895..1983a57f1010 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -97,6 +97,20 @@ own body, or they must inherit from another class that overrides ``isSource``: // doesn't need to override `isSource`, because it inherits it from ConfigA } +.. index:: additional +.. _additional: + +``additional`` +============== + +**Available for**: |classes|, |algebraic datatypes|, |type unions|, |non-member predicates|, |modules|, |aliases|, |signatures| + +The ``additional`` annotation can be used on declarations directly inside of modules that implement |module signatures|. +All declarations in such modules that are not required by a module signature must be annotated with ``additional``. + +Omitting ``additional`` on such declarations, or using the annotation in any other context, will result in a compiler error. +Other than that, the annotation has no effect. + .. index:: cached .. _cached: @@ -495,3 +509,4 @@ The ``bindingset`` annotation takes a comma-separated list of variables. .. |signatures| replace:: :ref:`signatures ` .. |predicate signatures| replace:: :ref:`predicate signatures ` .. |type signatures| replace:: :ref:`type signatures ` +.. |module signatures| replace:: :ref:`module signatures ` From f0f5fc7eac40fc5dc0ce35a3fe7cc5e320921f4f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 10:03:20 +0100 Subject: [PATCH 196/307] Improve SSRF additional flow step --- go/ql/src/experimental/CWE-918/SSRF.qll | 5 ++--- go/ql/test/experimental/CWE-918/SSRF.expected | 13 ++++++------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/go/ql/src/experimental/CWE-918/SSRF.qll b/go/ql/src/experimental/CWE-918/SSRF.qll index ae041415dfe3..f0d3cc935a14 100644 --- a/go/ql/src/experimental/CWE-918/SSRF.qll +++ b/go/ql/src/experimental/CWE-918/SSRF.qll @@ -22,9 +22,8 @@ module ServerSideRequestForgery { predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldPreUpdate(v.getAUse(), f, node1) and - node2 = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(node2, f, node1) ) } diff --git a/go/ql/test/experimental/CWE-918/SSRF.expected b/go/ql/test/experimental/CWE-918/SSRF.expected index a14339943d51..5c8d1832ac19 100644 --- a/go/ql/test/experimental/CWE-918/SSRF.expected +++ b/go/ql/test/experimental/CWE-918/SSRF.expected @@ -24,11 +24,10 @@ edges | builtin.go:112:21:112:31 | call to Referer | builtin.go:115:15:115:28 | untrustedInput | provenance | Src:MaD:8 | | builtin.go:130:21:130:31 | call to Referer | builtin.go:133:38:133:51 | untrustedInput | provenance | Src:MaD:8 | | builtin.go:151:16:151:36 | call to FormValue | builtin.go:154:13:154:22 | unsafehost | provenance | Src:MaD:7 | -| builtin.go:154:2:154:4 | implicit dereference | builtin.go:156:21:156:23 | url | provenance | | -| builtin.go:154:2:154:4 | url | builtin.go:154:2:154:4 | implicit dereference | provenance | | -| builtin.go:154:2:154:4 | url | builtin.go:156:21:156:23 | url | provenance | | -| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference | provenance | Config | -| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url | provenance | Config | +| builtin.go:154:2:154:4 | implicit dereference [postupdate] | builtin.go:154:2:154:4 | url [postupdate] | provenance | | +| builtin.go:154:2:154:4 | url [postupdate] | builtin.go:156:21:156:23 | url | provenance | | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | implicit dereference [postupdate] | provenance | Config | +| builtin.go:154:13:154:22 | unsafehost | builtin.go:154:2:154:4 | url [postupdate] | provenance | Config | | builtin.go:156:21:156:23 | url | builtin.go:156:21:156:32 | call to String | provenance | MaD:12 | | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:31:48:31:56 | selection of word | provenance | Src:MaD:3 | | new-tests.go:26:26:26:30 | &... [postupdate] | new-tests.go:32:48:32:56 | selection of safe | provenance | Src:MaD:3 | @@ -96,8 +95,8 @@ nodes | builtin.go:130:21:130:31 | call to Referer | semmle.label | call to Referer | | builtin.go:133:38:133:51 | untrustedInput | semmle.label | untrustedInput | | builtin.go:151:16:151:36 | call to FormValue | semmle.label | call to FormValue | -| builtin.go:154:2:154:4 | implicit dereference | semmle.label | implicit dereference | -| builtin.go:154:2:154:4 | url | semmle.label | url | +| builtin.go:154:2:154:4 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| builtin.go:154:2:154:4 | url [postupdate] | semmle.label | url [postupdate] | | builtin.go:154:13:154:22 | unsafehost | semmle.label | unsafehost | | builtin.go:156:21:156:23 | url | semmle.label | url | | builtin.go:156:21:156:32 | call to String | semmle.label | call to String | From 341a1191a382c158e2df1b7f5f5f41d9601f8350 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 15:38:14 +0100 Subject: [PATCH 197/307] language reference section on 'extensible' annotation --- docs/codeql/ql-language-reference/annotations.rst | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index 1983a57f1010..a9d5642e73da 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -165,6 +165,16 @@ For example, the name ``DataFlowNode`` is deprecated and has the following QLDoc This QLDoc comment appears when you use the name ``DataFlowNode`` in a QL editor. +.. index:: extensible +.. _extensible: + +``extensible`` +============== + +**Available for**: |non-member predicates| + +The ``extensible`` annotation is used to mark predicates that are populated at evaluation time through data extensions. + .. index:: external .. _external: From 6d6852fb8d38f5a1aa44270b87a41a94fc7b50a1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 12:36:16 +0100 Subject: [PATCH 198/307] Test PathAssignmentBarrier for OpenUrlRedirect --- .../OpenUrlRedirect/OpenUrlRedirect.expected | 24 +++++++++++++++++++ .../CWE-601/OpenUrlRedirect/stdlib.go | 22 +++++++++++++++++ 2 files changed, 46 insertions(+) diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected index 1d302f911cdd..d9f24369ca2a 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/OpenUrlRedirect.expected @@ -12,6 +12,7 @@ | stdlib.go:198:23:198:42 | call to EscapedPath | stdlib.go:194:36:194:56 | call to FormValue | stdlib.go:198:23:198:42 | call to EscapedPath | This path to an untrusted URL redirection depends on a $@. | stdlib.go:194:36:194:56 | call to FormValue | user-provided value | | stdlib.go:212:23:212:28 | selection of Path | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:212:23:212:28 | selection of Path | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | | stdlib.go:214:23:214:32 | call to String | stdlib.go:210:12:210:30 | call to FormValue | stdlib.go:214:23:214:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:210:12:210:30 | call to FormValue | user-provided value | +| stdlib.go:261:23:261:32 | call to String | stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:261:23:261:32 | call to String | This path to an untrusted URL redirection depends on a $@. | stdlib.go:257:12:257:30 | call to FormValue | user-provided value | edges | OpenUrlRedirect.go:10:23:10:28 | selection of Form | OpenUrlRedirect.go:10:23:10:42 | call to Get | provenance | Src:MaD:2 Config Sink:MaD:1 | | stdlib.go:13:13:13:18 | selection of Form | stdlib.go:13:13:13:32 | call to Get | provenance | Src:MaD:2 Config | @@ -75,6 +76,19 @@ edges | stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:212:23:212:23 | implicit dereference | provenance | Config | | stdlib.go:212:23:212:23 | u [postupdate] | stdlib.go:214:23:214:23 | u | provenance | | | stdlib.go:214:23:214:23 | u | stdlib.go:214:23:214:32 | call to String | provenance | Config Sink:MaD:1 | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Config | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | stdlib.go:257:3:257:3 | u [postupdate] [pointer] | provenance | | +| stdlib.go:257:3:257:3 | u [postupdate] | stdlib.go:260:3:260:3 | u | provenance | | +| stdlib.go:257:3:257:3 | u [postupdate] [pointer] | stdlib.go:260:3:260:3 | u [pointer] | provenance | | +| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | implicit dereference [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:257:12:257:30 | call to FormValue | stdlib.go:257:3:257:3 | u [postupdate] | provenance | Src:MaD:3 Config | +| stdlib.go:260:3:260:3 | implicit dereference | stdlib.go:260:3:260:3 | u [postupdate] | provenance | Config | +| stdlib.go:260:3:260:3 | u | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config | +| stdlib.go:260:3:260:3 | u | stdlib.go:261:23:261:23 | u | provenance | | +| stdlib.go:260:3:260:3 | u [pointer] | stdlib.go:260:3:260:3 | implicit dereference | provenance | | +| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:260:3:260:3 | implicit dereference | provenance | Config | +| stdlib.go:260:3:260:3 | u [postupdate] | stdlib.go:261:23:261:23 | u | provenance | | +| stdlib.go:261:23:261:23 | u | stdlib.go:261:23:261:32 | call to String | provenance | Config Sink:MaD:1 | models | 1 | Sink: net/http; ; false; Redirect; ; ; Argument[2]; url-redirection[0]; manual | | 2 | Source: net/http; Request; true; Form; ; ; ; remote; manual | @@ -147,4 +161,14 @@ nodes | stdlib.go:212:23:212:28 | selection of Path | semmle.label | selection of Path | | stdlib.go:214:23:214:23 | u | semmle.label | u | | stdlib.go:214:23:214:32 | call to String | semmle.label | call to String | +| stdlib.go:257:3:257:3 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| stdlib.go:257:3:257:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:257:3:257:3 | u [postupdate] [pointer] | semmle.label | u [postupdate] [pointer] | +| stdlib.go:257:12:257:30 | call to FormValue | semmle.label | call to FormValue | +| stdlib.go:260:3:260:3 | implicit dereference | semmle.label | implicit dereference | +| stdlib.go:260:3:260:3 | u | semmle.label | u | +| stdlib.go:260:3:260:3 | u [pointer] | semmle.label | u [pointer] | +| stdlib.go:260:3:260:3 | u [postupdate] | semmle.label | u [postupdate] | +| stdlib.go:261:23:261:23 | u | semmle.label | u | +| stdlib.go:261:23:261:32 | call to String | semmle.label | call to String | subpaths diff --git a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go index c32661f66884..57f2964288c0 100644 --- a/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go +++ b/go/ql/test/query-tests/Security/CWE-601/OpenUrlRedirect/stdlib.go @@ -239,5 +239,27 @@ func serveStdlib() { http.Redirect(w, r, string(buf), 301) }) + http.HandleFunc("/ex13", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://example.com") + u.Host = r.FormValue("host") + // GOOD: Path field is assigned a value with a hostname-sanitizing substring, + // so subsequent uses of u are sanitized by PathAssignmentBarrier + u.Path = "/safe/" + r.FormValue("path") + http.Redirect(w, r, u.String(), 301) + }) + + http.HandleFunc("/ex14", func(w http.ResponseWriter, r *http.Request) { + r.ParseForm() + + u, _ := url.Parse("http://example.com") + u.Host = r.FormValue("host") // $ Source + // BAD: Path field is assigned but without a hostname-sanitizing substring, + // so the Host field remains untrusted + u.Path = r.FormValue("path") + http.Redirect(w, r, u.String(), 301) // $ Alert + }) + http.ListenAndServe(":80", nil) } From 3159b299f75fd621a7f49f5fcadb1979a091a8aa Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 15:44:25 +0100 Subject: [PATCH 199/307] member predicates cannot be 'external' --- docs/codeql/ql-language-reference/ql-language-specification.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index f834949c3cde..f384c680d1d5 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -1053,7 +1053,7 @@ A member predicate ``p`` with enclosing class ``C`` *shadows* a member predicate Member predicates have one or more *root definitions*. If a member predicate overrides no other member predicate, then it is its own root definition. Otherwise, its root definitions are those of any member predicate that it overrides. -A valid member predicate must have a body unless it is abstract or external, in which case it must not have a body. +A valid member predicate must have a body unless it is abstract, in which case it must not have a body. A valid member predicate must override another member predicate if it is annotated override. From c006777714409119d256be5ba076cef0aa3904b4 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 13:06:24 +0100 Subject: [PATCH 200/307] Simplify PathAssignmentBarrier --- .../OpenUrlRedirectCustomizations.qll | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll index da5110a2ef55..248276ba3965 100644 --- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll +++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll @@ -75,25 +75,18 @@ module OpenUrlRedirect { } } - bindingset[var, w] - pragma[inline_late] - private predicate useIsDominated(SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead) { - w.dominatesNode(sanitizedRead.asInstruction()) and - sanitizedRead = var.getAUse() - } - /** - * An access to a variable that is preceded by an assignment to its `Path` field. + * An assignment of a safe value to the field `Path`, considered as a barrier for sanitizing + * untrusted URLs. * * This is overapproximate; this will currently remove flow through all `Url.Path` assignments * which contain a substring that could sanitize data. */ - class PathAssignmentBarrier extends Barrier, Read { + class PathAssignmentBarrier extends Barrier { PathAssignmentBarrier() { - exists(Write w, SsaWithFields var | - hasHostnameSanitizingSubstring(w.getRhs()) and - w.writesFieldPreUpdate(var.getAUse(), any(Field f | f.getName() = "Path"), _) and - useIsDominated(var, w, this) + exists(Write w, DataFlow::Node rhs | + hasHostnameSanitizingSubstring(rhs) and + w.writesFieldPreUpdate(this, any(Field f | f.getName() = "Path"), rhs) ) } } From f0b39099e3441c48c255227e4da50d3d125512e7 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Wed, 1 Oct 2025 15:43:09 +0100 Subject: [PATCH 201/307] discuss 'extensible' whenever the spec mentions 'external' --- .../ql-language-reference/ql-language-specification.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/codeql/ql-language-reference/ql-language-specification.rst b/docs/codeql/ql-language-reference/ql-language-specification.rst index f384c680d1d5..1d84cc31c739 100644 --- a/docs/codeql/ql-language-reference/ql-language-specification.rst +++ b/docs/codeql/ql-language-reference/ql-language-specification.rst @@ -36,7 +36,7 @@ Architecture A *QL program* consists of a query module defined in a QL file and a number of library modules defined in QLL files that it imports (see "`Import directives <#import-directives>`__"). The module in the QL file includes one or more queries (see "`Queries <#queries>`__"). A module may also include *import directives* (see "`Import directives <#import-directives>`__"), non-member predicates (see "`Non-member predicates <#non-member-predicates>`__"), class definitions (see "`Classes <#classes>`__"), and module definitions (see "`Modules <#modules>`__"). -QL programs are interpreted in the context of a *database* and a *library path* . The database provides a number of definitions: database types (see "`Types <#types>`__"), entities (see "`Values <#values>`__"), built-in predicates (see "`Built-ins <#built-ins>`__"), and the *database content* of built-in predicates and external predicates (see "`Evaluation <#evaluation>`__"). The library path is a sequence of file-system directories that hold QLL files. +QL programs are interpreted in the context of a *database* and a *library path* . The database provides a number of definitions: database types (see "`Types <#types>`__"), entities (see "`Values <#values>`__"), built-in predicates (see "`Built-ins <#built-ins>`__"), and the *database content* of built-in predicates, external predicates, and extensible predicates (see "`Evaluation <#evaluation>`__"). The library path is a sequence of file-system directories that hold QLL files. A QL program can be *evaluated* (see "`Evaluation <#evaluation>`__") to produce a set of tuples of values (see "`Values <#values>`__"). @@ -935,6 +935,7 @@ When a predicate is a top-level clause in a module, it is called a non-member pr A valid non-member predicate can be annotated with ``additional``, ``cached``, ``deprecated``, ``extensible``, ``external``, ``transient``, ``private``, and ``query``. Note, the ``transient`` annotation can only be applied if the non-member predicate is also annotated with ``external``. +Note, the annotations ``extensible`` and ``external`` cannot both be used on the same non-member predicate. The head of the predicate gives a name, an optional *result type*, and a sequence of variables declarations that are *arguments*: @@ -952,7 +953,7 @@ The body of a predicate is of one of three forms: In the first form, with just a semicolon, the predicate is said to not have a body. In the second form, the body of the predicate is the given formula (see "`Formulas <#formulas>`__"). In the third form, the body is a higher-order relation. -A valid non-member predicate must have a body, either a formula or a higher-order relation, unless it is external, in which case it must not have a body. +A valid non-member predicate must have a body, either a formula or a higher-order relation, unless it is external or extensible, in which case it must not have a body. The typing environment for the body of the formula, if present, maps the variables in the head of the predicate to their associated types. If the predicate has a result type, then the typing environment also maps ``result`` to the result type. @@ -2180,7 +2181,7 @@ If a QL program has no valid stratification, then the program itself is not vali Layer evaluation ~~~~~~~~~~~~~~~~ -The store is first initialized with the *database content* of all built-in predicates and external predicates. The database content of a predicate is a set of ordered tuples that are included in the database. +The store is first initialized with the *database content* of all built-in predicates, external predicates, and extensible predicates. The database content of a predicate is a set of ordered tuples that are included in the database. Each layer of the stratification is *populated* in order. To populate a layer, each predicate in the layer is repeatedly populated until the store stops changing. The way that a predicate is populated is as follows: From 2629369c9358c320a72a0ee104392f32889e31ef Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 1 Oct 2025 13:12:24 +0100 Subject: [PATCH 202/307] Improve additional flow step for Host field --- go/ql/lib/semmle/go/security/RequestForgery.qll | 5 ++--- .../Security/CWE-918/RequestForgery.expected | 10 ++++++---- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/go/ql/lib/semmle/go/security/RequestForgery.qll b/go/ql/lib/semmle/go/security/RequestForgery.qll index 0cd86b12abba..03b6f9ac0b00 100644 --- a/go/ql/lib/semmle/go/security/RequestForgery.qll +++ b/go/ql/lib/semmle/go/security/RequestForgery.qll @@ -27,9 +27,8 @@ module RequestForgery { predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // propagate to a URL when its host is assigned to - exists(Write w, Field f, SsaWithFields v | f.hasQualifiedName("net/url", "URL", "Host") | - w.writesFieldPreUpdate(v.getAUse(), f, pred) and - succ = v.getAUse() + exists(Write w, Field f | f.hasQualifiedName("net/url", "URL", "Host") | + w.writesField(succ, f, pred) ) } diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 188abc9c7f9c..129613a3f1ab 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -37,9 +37,10 @@ edges | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 | | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 | | tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 | -| tst.go:47:2:47:2 | u | tst.go:48:11:48:11 | u | provenance | | -| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u | provenance | Config | -| tst.go:47:11:47:18 | tainted2 | tst.go:48:11:48:11 | u | provenance | Config | +| tst.go:47:2:47:2 | implicit dereference [postupdate] | tst.go:47:2:47:2 | u [postupdate] | provenance | | +| tst.go:47:2:47:2 | u [postupdate] | tst.go:48:11:48:11 | u | provenance | | +| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | implicit dereference [postupdate] | provenance | Config | +| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u [postupdate] | provenance | Config | | tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 | | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 | | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 | @@ -70,7 +71,8 @@ nodes | tst.go:36:18:36:24 | tainted | semmle.label | tainted | | tst.go:38:11:38:29 | ...+... | semmle.label | ...+... | | tst.go:40:11:40:40 | ...+... | semmle.label | ...+... | -| tst.go:47:2:47:2 | u | semmle.label | u | +| tst.go:47:2:47:2 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| tst.go:47:2:47:2 | u [postupdate] | semmle.label | u [postupdate] | | tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 | | tst.go:48:11:48:11 | u | semmle.label | u | | tst.go:48:11:48:20 | call to String | semmle.label | call to String | From d49efefefa0171898c2daab9e833095de7c4b1a3 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 1 Oct 2025 14:36:26 -0400 Subject: [PATCH 203/307] Crypto: Fix for non-monotonic recursion in JCA --- java/ql/lib/experimental/quantum/JCA.qll | 78 +++++++++++++++++------- 1 file changed, 57 insertions(+), 21 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index bfe1786b8d4a..cad5a42b1125 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -119,15 +119,15 @@ module JCAModel { bindingset[name] Crypto::HashType hash_name_to_type_known(string name, int digestLength) { - name = "SHA-1" and result instanceof Crypto::SHA1 and digestLength = 160 + name in ["SHA-1", "SHA1"] and result instanceof Crypto::SHA1 and digestLength = 160 or - name = ["SHA-256", "SHA-384", "SHA-512"] and + name in ["SHA-256", "SHA-384", "SHA-512", "SHA256", "SHA384", "SHA512"] and result instanceof Crypto::SHA2 and - digestLength = name.splitAt("-", 1).toInt() + digestLength = name.replaceAll("-", "").splitAt("SHA", 1).toInt() or - name = ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512"] and + name in ["SHA3-224", "SHA3-256", "SHA3-384", "SHA3-512", "SHA3256", "SHA3384", "SHA3512"] and result instanceof Crypto::SHA3 and - digestLength = name.splitAt("-", 1).toInt() + digestLength = name.replaceAll("-", "").splitAt("SHA3", 1).toInt() or ( name.matches("BLAKE2b%") and @@ -1222,37 +1222,73 @@ module JCAModel { SecretKeyFactoryKDFAlgorithmValueConsumer getConsumer() { result = consumer } } - class Pbkdf2AlgorithmStringLiteral extends KdfAlgorithmStringLiteral, - Crypto::Pbkdf2AlgorithmInstance, Crypto::HmacAlgorithmInstance, Crypto::HashAlgorithmInstance, - Crypto::AlgorithmValueConsumer + class PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { - Pbkdf2AlgorithmStringLiteral() { super.getKdfType() instanceof Crypto::PBKDF2 } - - override Crypto::ConsumerInputDataFlowNode getInputNode() { none() } + PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral() { + this.(StringLiteral).getValue().toUpperCase().matches(["PBKDF2WithHmac%"].toUpperCase()) + } - override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result = this } + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } - override Crypto::THashType getHashFamily() { - result = hash_name_to_type_known(this.getRawHashAlgorithmName(), _) + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() } - override int getFixedDigestLength() { - exists(hash_name_to_type_known(this.getRawHashAlgorithmName(), result)) + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() } - override string getRawMacAlgorithmName() { - result = super.getRawKdfAlgorithmName().splitAt("PBKDF2With", 1) + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + + override string getRawAlgorithmName() { + // Note: hardcoding "hmac" since that should be the only option + result = "Hmac" } + } - override string getRawHashAlgorithmName() { - result = super.getRawKdfAlgorithmName().splitAt("WithHmac", 1) + class PBKDF2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral + { + string hashName; + + PBKDF2WithHmac_HashAlgorithmStringLiteral() { + hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) } - override Crypto::MacType getMacType() { result = Crypto::HMAC() } + override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + + override Crypto::THashType getHashFamily() { result = hash_name_to_type_known(hashName, _) } + + override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } + } + + //TODO: handle PBE + class Pbkdf2AlgorithmStringLiteral extends KdfAlgorithmStringLiteral, + Crypto::Pbkdf2AlgorithmInstance, Crypto::HmacAlgorithmInstance + { + Pbkdf2AlgorithmStringLiteral() { super.getKdfType() instanceof Crypto::PBKDF2 } override Crypto::AlgorithmValueConsumer getHmacAlgorithmValueConsumer() { result = this } override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { result = this } + + override int getKeySizeFixed() { none() } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() } + + override string getRawAlgorithmName() { + // Note: hard coding "hmac" since that should be the only option + result = "Hmac" + } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + result = KeyOpAlg::TMac(KeyOpAlg::HMAC()) + } } class SecretKeyFactoryKDFAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer instanceof Expr From 191dae47fd2f86d3042426eaa9359b25adc0b21b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 29 Sep 2025 09:32:34 +0200 Subject: [PATCH 204/307] C#: Add a stub for the System.Uri class for the CWE-611 test. --- .../query-tests/Security Features/CWE-611/stubs.cs | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs index 04c39623cacd..6375ac035c12 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/stubs.cs @@ -1,3 +1,9 @@ -namespace System.Web; +namespace System +{ + public class Uri { } -public interface IHtmlString { } + namespace Web + { + public interface IHtmlString { } + } +} From a2d31be1523f00cfe468987f890c1371529bf6e1 Mon Sep 17 00:00:00 2001 From: Philip Ginsbach Date: Thu, 2 Oct 2025 09:02:20 +0100 Subject: [PATCH 205/307] improve the wording based on PR review feedback --- docs/codeql/ql-language-reference/annotations.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/ql-language-reference/annotations.rst b/docs/codeql/ql-language-reference/annotations.rst index a9d5642e73da..b792e807c931 100644 --- a/docs/codeql/ql-language-reference/annotations.rst +++ b/docs/codeql/ql-language-reference/annotations.rst @@ -105,8 +105,8 @@ own body, or they must inherit from another class that overrides ``isSource``: **Available for**: |classes|, |algebraic datatypes|, |type unions|, |non-member predicates|, |modules|, |aliases|, |signatures| -The ``additional`` annotation can be used on declarations directly inside of modules that implement |module signatures|. -All declarations in such modules that are not required by a module signature must be annotated with ``additional``. +The ``additional`` annotation can be used on declarations in explicit modules. +All declarations that are not required by a module signature in modules that implement |module signatures| must be annotated with ``additional``. Omitting ``additional`` on such declarations, or using the annotation in any other context, will result in a compiler error. Other than that, the annotation has no effect. From f8b104d174082c3a2edfbf2d46af43acd4a15f2f Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 2 Oct 2025 11:22:56 +0200 Subject: [PATCH 206/307] Rust: Use `doubleBoundedFastTC` for resolving `$crate` paths --- .../codeql/rust/internal/PathResolution.qll | 76 +++++++++++-------- 1 file changed, 44 insertions(+), 32 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 2bd581564035..8f55a4215384 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -1666,39 +1666,51 @@ module TraitIsVisible { } } -pragma[nomagic] -private predicate isDollarCrateSupportedMacroExpansion(Path macroDefPath, AstNode expansion) { - exists(MacroCall mc | - expansion = mc.getMacroCallExpansion() and - macroDefPath = mc.getPath() - ) - or - exists(ItemNode adt | - expansion = adt.(Adt).getDeriveMacroExpansion(_) and - macroDefPath = adt.getAttr("derive").getMeta().getPath() - ) -} +private module DollarCrateResolution { + pragma[nomagic] + private predicate isDollarCrateSupportedMacroExpansion(Path macroDefPath, AstNode expansion) { + exists(MacroCall mc | + expansion = mc.getMacroCallExpansion() and + macroDefPath = mc.getPath() + ) + or + exists(ItemNode adt | + expansion = adt.(Adt).getDeriveMacroExpansion(_) and + macroDefPath = adt.getAttr("derive").getMeta().getPath() + ) + } -pragma[nomagic] -predicate isInDollarCrateSupportedMacroExpansion(File macroDefFile, AstNode n) { - exists(Path macroDefPath | - isDollarCrateSupportedMacroExpansion(macroDefPath, n) and - macroDefFile = resolvePathCand(macroDefPath).getFile() - ) - or - isInDollarCrateSupportedMacroExpansion(macroDefFile, n.getParentNode()) -} + private predicate hasParent(AstNode child, AstNode parent) { parent = child.getParentNode() } -/** - * Holds if `n` is a `$crate` path, and it may resolve to `crate`. - * - * The reason why we cannot be sure is that we need to consider all ancestor macro - * calls. - */ -pragma[nomagic] -predicate resolveDollarCrate(RelevantPath p, CrateItemNode crate) { - p.isDollarCrate() and - isInDollarCrateSupportedMacroExpansion(crate.getASourceFile().getFile(), p) + private predicate isDollarCrateSupportedMacroExpansion(AstNode expansion) { + isDollarCrateSupportedMacroExpansion(_, expansion) + } + + private predicate isDollarCratePath(RelevantPath p) { p.isDollarCrate() } + + private predicate isInDollarCrateMacroExpansion(RelevantPath p, AstNode expansion) = + doublyBoundedFastTC(hasParent/2, isDollarCratePath/1, isDollarCrateSupportedMacroExpansion/1)(p, + expansion) + + pragma[nomagic] + private predicate isInDollarCrateMacroExpansionFromFile(File macroDefFile, RelevantPath p) { + exists(Path macroDefPath, AstNode expansion | + isDollarCrateSupportedMacroExpansion(macroDefPath, expansion) and + isInDollarCrateMacroExpansion(p, expansion) and + macroDefFile = resolvePathCand(macroDefPath).getFile() + ) + } + + /** + * Holds if `p` is a `$crate` path, and it may resolve to `crate`. + * + * The reason why we cannot be sure is that we need to consider all ancestor macro + * calls. + */ + pragma[nomagic] + predicate resolveDollarCrate(RelevantPath p, CrateItemNode crate) { + isInDollarCrateMacroExpansionFromFile(crate.getASourceFile().getFile(), p) + } } pragma[nomagic] @@ -1713,7 +1725,7 @@ private ItemNode resolvePathCand0(RelevantPath path, Namespace ns) { else result = res ) or - resolveDollarCrate(path, result) and + DollarCrateResolution::resolveDollarCrate(path, result) and ns = result.getNamespace() or result = resolvePathCandQualified(_, _, path, ns) From 57efa05215b137f3aa20bdd8d4b413b5f6dca663 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 2 Oct 2025 11:34:14 +0200 Subject: [PATCH 207/307] C#: Add change note. --- csharp/ql/lib/change-notes/2025-10-02-entity-locations.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-10-02-entity-locations.md diff --git a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md new file mode 100644 index 000000000000..dd13aab6292e --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. From 7fdda87b06ab34bf4ff8cc083d42cbaf7df005eb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 2 Oct 2025 12:34:58 +0100 Subject: [PATCH 208/307] Fix `go/impossible-interface-nil-check` for separate post-update nodes When tracing back from nil checks on interfaces, ignore post-update nodes. There will always be a corresponding pre-update node that contains the information we want. --- go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql b/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql index c5aeb287358a..c8ff9c345f69 100644 --- a/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql +++ b/go/ql/src/RedundantCode/ImpossibleInterfaceNilCheck.ql @@ -35,7 +35,9 @@ predicate flowsToInterfaceNilCheck(DataFlow::Node nd) { */ predicate nonNilWrapper(DataFlow::Node nd) { flowsToInterfaceNilCheck(nd) and - forex(DataFlow::Node pred | pred = nd.getAPredecessor() | + forex(DataFlow::Node pred | + pred = nd.getAPredecessor() and not pred instanceof DataFlow::PostUpdateNode + | exists(Type predtp | predtp = pred.getType().getUnderlyingType() | not predtp instanceof InterfaceType and not predtp instanceof NilLiteralType and From 329a7dee1cd2d45c1a63fc2a7892114aedb22d9c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 09:02:17 -0400 Subject: [PATCH 209/307] Crypto: Fixing JCA class naming casing for PBKDF2 classes. --- java/ql/lib/experimental/quantum/JCA.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index cad5a42b1125..9b15ad56141c 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1222,9 +1222,9 @@ module JCAModel { SecretKeyFactoryKDFAlgorithmValueConsumer getConsumer() { result = consumer } } - class PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral + class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { - PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral() { + Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { this.(StringLiteral).getValue().toUpperCase().matches(["PBKDF2WithHmac%"].toUpperCase()) } @@ -1252,11 +1252,11 @@ module JCAModel { } } - class PBKDF2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral + class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral { string hashName; - PBKDF2WithHmac_HashAlgorithmStringLiteral() { + Pbkdf2WithHmac_HashAlgorithmStringLiteral() { hashName = this.(StringLiteral).getValue().splitAt("WithHmac", 1) } From 38421cec94a3100e85f9da218ee32b0623308412 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 09:04:23 -0400 Subject: [PATCH 210/307] Crypto: Missing casing fix for JCA classes --- java/ql/lib/experimental/quantum/JCA.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 9b15ad56141c..53e71e492dc0 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1252,7 +1252,7 @@ module JCAModel { } } - class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof PBKDF2WithHmac_KeyOperationAlgorithmStringLiteral + class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral { string hashName; From b08533b32221d7d33abb2577ef44002afed155cf Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 09:10:50 -0400 Subject: [PATCH 211/307] Crypto: Fix missing output variable --- java/ql/lib/experimental/quantum/JCA.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index f1c010ec823a..f5eee990f90e 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1584,9 +1584,11 @@ module JCAModel { } class MacOperationCall extends Crypto::MacOperationInstance instanceof MethodCall { + Expr output; + MacOperationCall() { super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and - exists(Expr output | + ( super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output or super.getMethod().hasStringSignature("doFinal(byte[], int)") and From 850c1ec12df48d5803ed75a69459ba26bd94a307 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 09:20:40 -0400 Subject: [PATCH 212/307] Crypto: Fix use of a member where a singleton set literal exists --- java/ql/lib/experimental/quantum/JCA.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index f5eee990f90e..de2afdc49aa4 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1223,7 +1223,7 @@ module JCAModel { class Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral extends Crypto::KeyOperationAlgorithmInstance instanceof KdfAlgorithmStringLiteral { Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral() { - this.(StringLiteral).getValue().toUpperCase().matches(["PBKDF2WithHmac%"].toUpperCase()) + this.(StringLiteral).getValue().toUpperCase().matches("PBKDF2WithHmac%".toUpperCase()) } override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { From d8891e34d10fd7bf374f7c38cd5dfa55b7c06811 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 2 Oct 2025 15:15:51 +0100 Subject: [PATCH 213/307] Small improvement to `go/unhandled-writable-file-close` --- go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql index 3fd09ac040e3..48e4f98fdb22 100644 --- a/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql +++ b/go/ql/src/InconsistentCode/UnhandledCloseWritableHandle.ql @@ -70,8 +70,8 @@ predicate unhandledCall(DataFlow::CallNode call) { */ predicate isWritableFileHandle(DataFlow::Node source, DataFlow::CallNode call) { exists(OpenFileFun f, DataFlow::Node flags, QualifiedName flag | - // check that the source is a result of the call - source = call.getAResult() and + // check that the source is the first result of the call + source = call.getResult(0) and // find a call to the os.OpenFile function f.getACall() = call and // get the flags expression used for opening the file From 704a06e1fa5d706fa1a06af33a1e67b8d8b76935 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 11:45:13 -0400 Subject: [PATCH 214/307] Crypto: Update JCA PBKDF2 modeling: 1) add further inheritance structures to make the inheritance decomposition and caveats clearer, and 2) use getConsumer to establish the hash and hmac consumer. Update the Model to expect hash node types specifically for HMAC getHashALgorithmOrUnknown. --- java/ql/lib/experimental/quantum/JCA.qll | 38 +++++++++++++------ .../codeql/quantum/experimental/Model.qll | 2 +- 2 files changed, 28 insertions(+), 12 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index de2afdc49aa4..a79210c6d239 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1265,23 +1265,39 @@ module JCAModel { override int getFixedDigestLength() { exists(hash_name_to_type_known(hashName, result)) } } - //TODO: handle PBE - class Pbkdf2AlgorithmStringLiteral extends KdfAlgorithmStringLiteral, - Crypto::Pbkdf2AlgorithmInstance, Crypto::HmacAlgorithmInstance + //TODO: handle PBE "with" cases + class Pbkdf2WithHmac_Pbkdf2AlgorithmInstance extends Crypto::Pbkdf2AlgorithmInstance, + KdfAlgorithmStringLiteral, // this is a parent already, but extending to have immediate access to 'getConsumer()' + Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral { - Pbkdf2AlgorithmStringLiteral() { super.getKdfType() instanceof Crypto::PBKDF2 } - - override Crypto::AlgorithmValueConsumer getHmacAlgorithmValueConsumer() { result = this } + override Crypto::AlgorithmValueConsumer getHmacAlgorithmValueConsumer() { + result = this.getConsumer() + } + } - override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { result = this } + // NOTE: must use instanceof to avoid non-monotonic recursion + class Pbkdf2WithHmac_HmacAlgorithmInstance extends Crypto::HmacAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral + { + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + result = this.(KdfAlgorithmStringLiteral).getConsumer() + } - override int getKeySizeFixed() { none() } + override int getKeySizeFixed() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeFixed() + } - override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { none() } + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getKeySizeConsumer() + } override string getRawAlgorithmName() { - // Note: hard coding "hmac" since that should be the only option - result = "Hmac" + // already defined by parent key operation algorithm, but extending an instance + // still requires we override this method + result = super.getRawAlgorithmName() } override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index 218b1e020017..a09b96cd550e 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1633,7 +1633,7 @@ module CryptographyBase Input> { override string getInternalType() { result = "HMACAlgorithm" } - NodeBase getHashAlgorithmOrUnknown() { + HashAlgorithmNode getHashAlgorithmOrUnknown() { result.asElement() = hmacInstance.getHashAlgorithmValueConsumer().getASource() } From 9673b816778d70e0b09f563bf21dd05b37aef65e Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 11:49:23 -0400 Subject: [PATCH 215/307] Crypto: Update JCA 'wihHmac" raw name to be the entire raw string, not just "Hmac" --- java/ql/lib/experimental/quantum/JCA.qll | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index a79210c6d239..b97000aea7f2 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1244,10 +1244,7 @@ module JCAModel { override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } - override string getRawAlgorithmName() { - // Note: hardcoding "hmac" since that should be the only option - result = "Hmac" - } + override string getRawAlgorithmName() { result = this.(StringLiteral).getValue() } } class Pbkdf2WithHmac_HashAlgorithmStringLiteral extends Crypto::HashAlgorithmInstance instanceof Pbkdf2WithHmac_KeyOperationAlgorithmStringLiteral From 4d4862899e36dafdf32c6a7686f01bacdf23b2e0 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 2 Oct 2025 16:50:18 +0100 Subject: [PATCH 216/307] Preserve old behaviour of `Write.writesComponent` --- go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll index d527a650b9d4..1e66bc61dc45 100644 --- a/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll +++ b/go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll @@ -225,12 +225,14 @@ module ControlFlow { } /** - * DEPRECATED: Use the disjunct of `writesElement` and `writesField` instead. + * DEPRECATED: Use the disjunct of `writesElement` and `writesField`, or `writesFieldPreUpdate` + * and `writesElementPreUpdate`, instead. * - * Holds if this node sets any field or element of `base` to `rhs`. + * Holds if this node sets any field or element of `base` (or its implicit dereference) to + * `rhs`, where `base` represents the pre-update value. */ deprecated predicate writesComponent(DataFlow::Node base, DataFlow::Node rhs) { - this.writesElement(base, _, rhs) or this.writesField(base, _, rhs) + this.writesElementPreUpdate(base, _, rhs) or this.writesFieldPreUpdate(base, _, rhs) } /** From cce44b1f5486130ac3b4486b4d35657598875717 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 2 Oct 2025 16:52:16 +0100 Subject: [PATCH 217/307] Update change notes for api changes --- go/ql/lib/change-notes/2025-09-19-api-changes.md | 5 ++--- .../2025-10-02-writenode-writescomponent-deprecated.md | 4 ++++ 2 files changed, 6 insertions(+), 3 deletions(-) create mode 100644 go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md diff --git a/go/ql/lib/change-notes/2025-09-19-api-changes.md b/go/ql/lib/change-notes/2025-09-19-api-changes.md index 44f070fb1d7d..071ec2719b3f 100644 --- a/go/ql/lib/change-notes/2025-09-19-api-changes.md +++ b/go/ql/lib/change-notes/2025-09-19-api-changes.md @@ -1,6 +1,5 @@ --- category: breaking --- -* The member predicate `writesField(DataFlow::Node base, Field f, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldOnSsaWithFields(SsaWithFields v, Field f, DataFlow::Node rhs)` has been added for the case of writes to a SsaWithFields node. -* The member predicate `writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. -* The member predicate `writesComponent(DataFlow::Node base, DataFlow::Node rhs)` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct/array/slice/map literal. +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. diff --git a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md new file mode 100644 index 000000000000..834266e36b96 --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. From f35d28de45b540b1f9e90a8ff54f555ad87fbb5f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 2 Oct 2025 17:03:55 +0100 Subject: [PATCH 218/307] Change note for bug fix in `go/unvalidated-url-redirection` --- .../2025-10-02-unvalidated-url-redirection-struct-init-fix.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md diff --git a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md new file mode 100644 index 000000000000..9e5d5aa14a2f --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. From bc0b87632dab87a12f4f7cb0b413f3719d875e99 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Oct 2025 17:36:21 +0100 Subject: [PATCH 219/307] C++: Fix bad magic on `Element.getFile` when running on InconsistentCheckReturnNull.qll: Evaluated non-recursive predicate Element::Element.getFile/0#dispred#536cb5f3#bb@f6f5329i in 182326ms (size: 50437). Evaluated relational algebra for predicate Element::Element.getFile/0#dispred#536cb5f3#bb@f6f5329i with tuple counts: 2029351 ~0% {2} r1 = SCAN `Expr::Expr.getLocation/0#dispred#0a3d90c6` OUTPUT In.1, In.0 2029351 ~0% {2} | JOIN WITH `Location::Location.getStartLine/0#d54f9e6c` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 1168789 ~0% {2} | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 5533128288 ~0% {3} | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0 50413 ~0% {2} | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2 3043 ~0% {2} r2 = JOIN `project#InconsistentCheckReturnNull::relevantFunctionCall/2#d18cd566` WITH `Expr::Expr.getLocation/0#dispred#0a3d90c6` ON FIRST 1 OUTPUT Rhs.1, Lhs.0 3043 ~0% {2} r3 = JOIN r2 WITH locations_default ON FIRST 1 OUTPUT Rhs.4, Lhs.1 1945 ~3% {2} | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 9106248 ~2% {3} | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0 0 ~0% {2} | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2 3043 ~0% {3} r4 = JOIN r2 WITH locations_default ON FIRST 1 OUTPUT _, Lhs.1, Rhs.4 3043 ~0% {2} | REWRITE WITH Tmp.0 := 1, Out.0 := (In.2 + Tmp.0) KEEPING 2 2013 ~0% {2} | JOIN WITH `InconsistentCheckReturnNull::assertInvocation/2#b2a4c9e3_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 9621327 ~0% {3} | JOIN WITH `Location::Location.getContainer/0#9edabfb6_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.0 24 ~3% {2} | JOIN WITH `Element::Element.getLocation/0#dispred#6c3f5b09#bf` ON FIRST 2 OUTPUT Lhs.0, Lhs.2 50437 ~0% {2} r5 = r1 UNION r3 UNION r4 return r5 --- cpp/ql/lib/semmle/code/cpp/Element.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/lib/semmle/code/cpp/Element.qll b/cpp/ql/lib/semmle/code/cpp/Element.qll index 1cf75aa8a842..b30503d2c94c 100644 --- a/cpp/ql/lib/semmle/code/cpp/Element.qll +++ b/cpp/ql/lib/semmle/code/cpp/Element.qll @@ -87,6 +87,7 @@ class ElementBase extends @element { */ class Element extends ElementBase { /** Gets the primary file where this element occurs. */ + pragma[nomagic] File getFile() { result = this.getLocation().getFile() } /** From 4901cdf929aebd0193795980a7f1d157bda31167 Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Thu, 2 Oct 2025 18:43:38 +0200 Subject: [PATCH 220/307] Crypto: Refactor and change casts to `super` --- cpp/ql/lib/experimental/quantum/Language.qll | 5 ++- .../HashAlgorithmValueConsumer.qll | 6 +-- java/ql/lib/experimental/quantum/JCA.qll | 40 +++++-------------- 3 files changed, 18 insertions(+), 33 deletions(-) diff --git a/cpp/ql/lib/experimental/quantum/Language.qll b/cpp/ql/lib/experimental/quantum/Language.qll index e9c14245da87..d3feb3fe0d98 100644 --- a/cpp/ql/lib/experimental/quantum/Language.qll +++ b/cpp/ql/lib/experimental/quantum/Language.qll @@ -94,7 +94,10 @@ module GenericDataSourceFlow = TaintTracking::Global Date: Thu, 2 Oct 2025 18:21:52 +0100 Subject: [PATCH 221/307] Rust: Remove the experimental note in supported-frameworks.rst. --- docs/codeql/reusables/supported-frameworks.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 8e00d32a7297..e9981014ef5f 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -313,7 +313,6 @@ Rust built-in support Provided by the current versions of the CodeQL query pack ``codeql/rust-queries`` (`changelog `__, `source `__) and the CodeQL library pack ``codeql/rust-all`` (`changelog `__, `source `__). -All support is experimental. .. csv-table:: :header-rows: 1 From 3b1d6cd3d93e3abba44bd167cf9be2e7019d56ff Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 2 Oct 2025 18:31:26 +0100 Subject: [PATCH 222/307] Rust: Add missing link (to existing doc). --- docs/codeql/writing-codeql-queries/creating-path-queries.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index 7e178f94b44f..e21092e3aba8 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -33,6 +33,7 @@ For more language-specific information on analyzing data flow, see: - ":ref:`Analyzing data flow in JavaScript/TypeScript `" - ":ref:`Analyzing data flow in Python `" - ":ref:`Analyzing data flow in Ruby `" +- ":ref:`Analyzing data flow in Rust `" - ":ref:`Analyzing data flow in Swift `" Path query examples From fb738f2d020b697812b7e42b1f1d87ff6423eed8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 2 Oct 2025 18:36:39 +0100 Subject: [PATCH 223/307] Rust: Update creating-path-queries.rst. --- .../codeql/writing-codeql-queries/creating-path-queries.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index e21092e3aba8..750085e839ea 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -60,7 +60,7 @@ You should use the following template: */ import - // For some languages (Java/C++/Python/Swift) you need to explicitly import the data flow library, such as + // For some languages (Java/C++/Python/Rust/Swift) you need to explicitly import the data flow library, such as // import semmle.code.java.dataflow.DataFlow or import codeql.swift.dataflow.DataFlow ... @@ -125,7 +125,7 @@ Declaring sources and sinks You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring. The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate. -If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, or Ruby code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. +If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, Ruby or Rust code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. For example: .. code-block:: ql @@ -146,7 +146,7 @@ The configuration module must be defined to include definitions of sources and s - ``isSource()`` defines where data may flow from. - ``isSink()`` defines where data may flow to. -For more information on using the configuration class in your analysis see the sections on global data flow in ":ref:`Analyzing data flow in C/C++ `," ":ref:`Analyzing data flow in C# `," and ":ref:`Analyzing data flow in Python `." +For more information on using the configuration class in your analysis see the sections on global data flow in ":ref:`Analyzing data flow in C/C++ `," ":ref:`Analyzing data flow in C# `," ":ref:`Analyzing data flow in Python `," and ":ref:`Analyzing data flow in Rust `." You can also create a configuration for different frameworks and environments by extending the ``Configuration`` class. For more information, see ":ref:`Types `" in the QL language reference. From 479e735e77a1316557c3e0795119276441ed1559 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 2 Oct 2025 18:43:17 +0100 Subject: [PATCH 224/307] Rust: Mirror information from supported-versions-compilers.rst in system-requirements.rst. --- docs/codeql/codeql-overview/system-requirements.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst index cc46db60c35b..8e1820d2123e 100644 --- a/docs/codeql/codeql-overview/system-requirements.rst +++ b/docs/codeql/codeql-overview/system-requirements.rst @@ -42,6 +42,10 @@ For Ruby extraction: - On Windows, the ``msvcp140.dll`` must be installed and available on the system. This can be installed by downloading the appropriate Microsoft Visual C++ Redistributable for Visual Studio. +For Rust extraction: + +- Requires ``rustup`` and ``cargo`` to be installed. + For Java extraction: - There must be a ``java`` or ``java.exe`` executable available on the ``PATH``, and the ``JAVA_HOME`` environment variable must point to the corresponding JDK's home directory. From 507174e44fe5209fc5cef00ce4a710ac6fc5bf48 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 15:20:59 -0400 Subject: [PATCH 225/307] Crypto: Fix bug in MacOperationNode constructor with detecting if the operation is also used for signatures. --- shared/quantum/codeql/quantum/experimental/Model.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shared/quantum/codeql/quantum/experimental/Model.qll b/shared/quantum/codeql/quantum/experimental/Model.qll index a09b96cd550e..5ee0d1eb2982 100644 --- a/shared/quantum/codeql/quantum/experimental/Model.qll +++ b/shared/quantum/codeql/quantum/experimental/Model.qll @@ -1597,8 +1597,8 @@ module CryptographyBase Input> { final class MacOperationNode extends SignatureOrMacOperationNode { MacOperationNode() { this.getKeyOperationSubtype() = TMacMode() and - // If the type could be a mac, then we will not consider it a mac operation exclusively. - not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TMacMode()) + // If the type could be a signature, then we will not consider it a mac operation exclusively. + not exists(KeyOperationSubtype t | t = this.getKeyOperationSubtype() and t = TSignMode()) } final override string getInternalType() { result = "MACOperation" } From a46bd4c4ca0a7f677719991b8eff94768fddce94 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Thu, 2 Oct 2025 15:21:28 -0400 Subject: [PATCH 226/307] Crypto: JCA random number generation model. --- java/ql/lib/experimental/quantum/JCA.qll | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 6cfe54c5ef8a..b8c703e39b85 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -1047,6 +1047,21 @@ module JCAModel { } } + /** + * An instance of `java.security.SecureRandom.nextBytes(byte[])` call. + * This is already generally modeled for Java in CodeQL, but + * we model it again as part of the crypto API model to have a cohesive model. + */ + class JavaSecuritySecureRandom extends Crypto::RandomNumberGenerationInstance instanceof Call { + JavaSecuritySecureRandom() { + this.getCallee().hasQualifiedName("java.security", "SecureRandom", "nextBytes") + } + + override Crypto::DataFlowNode getOutputNode() { result.asExpr() = this.(Call).getArgument(0) } + + override string getGeneratorName() { result = this.(Call).getCallee().getName() } + } + class KeyGeneratorGenerateCall extends Crypto::KeyGenerationOperationInstance instanceof MethodCall { Crypto::KeyArtifactType type; From 2e9e357d7e6c6e2be218f087af2c83763cb96c2b Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 3 Oct 2025 10:52:52 +0200 Subject: [PATCH 227/307] Rangeanalysis: Fix a join-order. --- .../codeql/rangeanalysis/RangeAnalysis.qll | 56 +++++++++---------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll index 1d17ad8346c4..ff17f9b5405a 100644 --- a/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll +++ b/shared/rangeanalysis/codeql/rangeanalysis/RangeAnalysis.qll @@ -923,17 +923,18 @@ module RangeStage< } /** - * Holds if `b + delta` is a valid bound for `inp` when used as an input to - * `phi` along `edge`. + * Holds if `b + delta` is a valid bound for the input `inp` to `phi` along + * the edge with rank `rix`. * - `upper = true` : `inp <= b + delta` * - `upper = false` : `inp >= b + delta` */ private predicate boundedPhiInp( - Sem::SsaPhiNode phi, Sem::SsaVariable inp, SsaReadPositionPhiInputEdge edge, SemBound b, - D::Delta delta, boolean upper, boolean fromBackEdge, D::Delta origdelta, SemReason reason + Sem::SsaPhiNode phi, int rix, SemBound b, D::Delta delta, boolean upper, boolean fromBackEdge, + D::Delta origdelta, SemReason reason ) { - edge.phiInput(phi, inp) and - exists(D::Delta d, boolean fromBackEdge0 | + exists( + D::Delta d, boolean fromBackEdge0, Sem::SsaVariable inp, SsaReadPositionPhiInputEdge edge + | boundedSsa(inp, b, d, edge, upper, fromBackEdge0, origdelta, reason) or boundedPhi(inp, b, d, upper, fromBackEdge0, origdelta, reason) @@ -945,6 +946,7 @@ module RangeStage< origdelta = D::fromFloat(0) and reason = TSemNoReason() | + rankedPhiInput(phi, inp, edge, rix) and if backEdge(phi, inp, edge) then fromBackEdge = true and @@ -963,33 +965,30 @@ module RangeStage< } /** - * Holds if `b + delta` is a valid bound for `inp` when used as an input to - * `phi` along `edge`. + * Holds if `b + delta` is a valid bound for the input `inp` to `phi` along + * the edge with rank `rix`. * - `upper = true` : `inp <= b + delta` * - `upper = false` : `inp >= b + delta` * - * Equivalent to `boundedPhiInp(phi, inp, edge, b, delta, upper, _, _, _)`. + * Equivalent to `boundedPhiInp(phi, rix, b, delta, upper, _, _, _)`. */ pragma[noinline] private predicate boundedPhiInp1( - Sem::SsaPhiNode phi, SemBound b, boolean upper, Sem::SsaVariable inp, - SsaReadPositionPhiInputEdge edge, D::Delta delta + Sem::SsaPhiNode phi, SemBound b, boolean upper, int rix, D::Delta delta ) { - boundedPhiInp(phi, inp, edge, b, delta, upper, _, _, _) + boundedPhiInp(phi, rix, b, delta, upper, _, _, _) } /** - * Holds if `phi` is a valid bound for `inp` when used as an input to `phi` - * along `edge`. + * Holds if `phi` is a valid bound for the input `inp` to `phi` along the + * edge with rank `rix`. * - `upper = true` : `inp <= phi` * - `upper = false` : `inp >= phi` */ - private predicate selfBoundedPhiInp( - Sem::SsaPhiNode phi, Sem::SsaVariable inp, SsaReadPositionPhiInputEdge edge, boolean upper - ) { + private predicate selfBoundedPhiInp(Sem::SsaPhiNode phi, int rix, boolean upper) { exists(D::Delta d, SemSsaBound phibound | phibound.getVariable() = phi and - boundedPhiInp(phi, inp, edge, phibound, d, upper, _, _, _) and + boundedPhiInp(phi, rix, phibound, d, upper, _, _, _) and ( upper = true and D::toFloat(d) <= 0 or @@ -1009,33 +1008,34 @@ module RangeStage< Sem::SsaPhiNode phi, boolean upper, SemBound b, D::Delta delta, boolean fromBackEdge, D::Delta origdelta, SemReason reason ) { - boundedPhiInp(phi, _, _, b, delta, upper, fromBackEdge, origdelta, reason) + boundedPhiInp(phi, _, b, delta, upper, fromBackEdge, origdelta, reason) } /** * Holds if the candidate bound `b + delta` for `phi` is valid for the phi input - * `inp` along `edge`. + * along the edge with rank `rix`. */ private predicate boundedPhiCandValidForEdge( Sem::SsaPhiNode phi, SemBound b, D::Delta delta, boolean upper, boolean fromBackEdge, - D::Delta origdelta, SemReason reason, Sem::SsaVariable inp, SsaReadPositionPhiInputEdge edge + D::Delta origdelta, SemReason reason, int rix ) { boundedPhiCand(phi, upper, b, delta, fromBackEdge, origdelta, reason) and ( - exists(D::Delta d | boundedPhiInp1(phi, b, upper, inp, edge, d) | + exists(D::Delta d | boundedPhiInp1(phi, b, upper, rix, d) | upper = true and D::toFloat(d) <= D::toFloat(delta) ) or - exists(D::Delta d | boundedPhiInp1(phi, b, upper, inp, edge, d) | + exists(D::Delta d | boundedPhiInp1(phi, b, upper, rix, d) | upper = false and D::toFloat(d) >= D::toFloat(delta) ) or - selfBoundedPhiInp(phi, inp, edge, upper) + selfBoundedPhiInp(phi, rix, upper) ) } /** - * Holds if `b + delta` is a valid bound for `phi`'s `rix`th input edge. + * Holds if `b + delta` is a valid bound for `phi` when accounting for the + * input edges ranked 1 through `rix`. * - `upper = true` : `phi <= b + delta` * - `upper = false` : `phi >= b + delta` */ @@ -1044,10 +1044,8 @@ module RangeStage< Sem::SsaPhiNode phi, SemBound b, D::Delta delta, boolean upper, boolean fromBackEdge, D::Delta origdelta, SemReason reason, int rix ) { - exists(Sem::SsaVariable inp, SsaReadPositionPhiInputEdge edge | - rankedPhiInput(phi, inp, edge, rix) and - boundedPhiCandValidForEdge(phi, b, delta, upper, fromBackEdge, origdelta, reason, inp, edge) - | + boundedPhiCandValidForEdge(phi, b, delta, upper, fromBackEdge, origdelta, reason, rix) and + ( rix = 1 or boundedPhiRankStep(phi, b, delta, upper, fromBackEdge, origdelta, reason, rix - 1) From ef1fe6cabcbadc79d9091f788904e8d057efd2ee Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 3 Oct 2025 10:40:45 +0100 Subject: [PATCH 228/307] Add code owners for `/shared/` --- CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/CODEOWNERS b/CODEOWNERS index 7233623d4528..9b3e04029e07 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -9,6 +9,7 @@ /python/ @github/codeql-python /ruby/ @github/codeql-ruby /rust/ @github/codeql-rust +/shared/ @aschackmull @hvitved @owen-mc /swift/ @github/codeql-swift /misc/codegen/ @github/codeql-swift /java/kotlin-extractor/ @github/codeql-kotlin From f1eb6511a7b825f0bedbb644cc43f524bb8724c9 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 3 Oct 2025 12:07:37 -0400 Subject: [PATCH 229/307] Crypto: Add modeling for JCA signatures. Make consistent use of "unknown" or "other" for unrecognized types. --- java/ql/lib/experimental/quantum/JCA.qll | 219 +++++++++++++++++- .../quantum/experimental/Standardization.qll | 10 +- 2 files changed, 223 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index b8c703e39b85..a0ea566b268d 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -18,6 +18,8 @@ module JCAModel { abstract class KeyAgreementAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + abstract class SignatureAlgorithmValueConsumer extends Crypto::AlgorithmValueConsumer { } + // TODO: Verify that the PBEWith% case works correctly bindingset[algo] predicate cipher_names(string algo) { @@ -100,6 +102,12 @@ module JCAModel { ].toUpperCase()) } + bindingset[name] + predicate signature_names(string name) { + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA", "ECDSA", "DSA"]) + // note RSASSA-PSS is RSA with PSS where the digest is set through PSSParameterSpec + } + bindingset[name] predicate key_agreement_names(string name) { name.toUpperCase().matches(["DH", "EDH", "ECDH", "X25519", "X448"].toUpperCase()) @@ -217,6 +225,25 @@ module JCAModel { name.toUpperCase() in ["ECDH", "X25519", "X448"] } + bindingset[name] + predicate signature_name_to_type_known(Crypto::KeyOpAlg::TAlgorithm type, string name) { + name.toUpperCase().splitAt("with".toUpperCase(), 1) = "RSA" and + type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + name.toUpperCase().splitAt("with".toUpperCase(), 1) = "ECDSA" and + type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA()) + or + name.toUpperCase().splitAt("with".toUpperCase(), 1) = "DSA" and + type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) + or + name.toUpperCase().matches("RSASSA-PSS") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + } + + bindingset[name] + Crypto::HashType signature_name_to_hash_type_known(string name, int digestLength) { + result = hash_name_to_type_known(name.splitAt("with", 0), digestLength) + } + /** * A `StringLiteral` in the `"ALG/MODE/PADDING"` or `"ALG"` format */ @@ -345,7 +372,7 @@ module JCAModel { override KeyOpAlg::AlgorithmType getAlgorithmType() { if cipher_name_to_type_known(_, super.getAlgorithmName()) then cipher_name_to_type_known(result, super.getAlgorithmName()) - else result instanceof KeyOpAlg::TUnknownKeyOperationAlgorithmType + else result instanceof KeyOpAlg::TOtherKeyOperationAlgorithmType } override int getKeySizeFixed() { @@ -1639,6 +1666,196 @@ module JCAModel { override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { none() } } + /** + * Signatures + */ + module SignatureKnownAlgorithmToConsumerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src.asExpr() instanceof SignatureStringLiteral } + + predicate isSink(DataFlow::Node sink) { + sink = any(SignatureAlgorithmValueConsumer call).getInputNode() + } + } + + module SignatureKnownAlgorithmToConsumerFlow = + TaintTracking::Global; + + class SignatureGetInstanceCall extends MethodCall { + SignatureGetInstanceCall() { + this.getCallee().hasQualifiedName("java.security", "Signature", "getInstance") + } + + Expr getAlgorithmArg() { result = this.getArgument(0) } + } + + class SignatureGetInstanceAlgorithmValueConsumer extends SignatureAlgorithmValueConsumer instanceof Expr + { + SignatureGetInstanceAlgorithmValueConsumer() { + this = any(SignatureGetInstanceCall c).getAlgorithmArg() + } + + override Crypto::ConsumerInputDataFlowNode getInputNode() { result.asExpr() = this } + + override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { + result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this + } + } + + class SignatureStringLiteral extends StringLiteral { + SignatureStringLiteral() { signature_names(this.getValue()) } + } + + class SignatureStringLiteralAlgorithmInstance extends Crypto::KeyOperationAlgorithmInstance instanceof SignatureStringLiteral + { + SignatureAlgorithmValueConsumer consumer; + + SignatureStringLiteralAlgorithmInstance() { + SignatureKnownAlgorithmToConsumerFlow::flow(DataFlow::exprNode(this), consumer.getInputNode()) + } + + SignatureAlgorithmValueConsumer getConsumer() { result = consumer } + + override string getRawAlgorithmName() { result = super.getValue() } + + override Crypto::KeyOpAlg::AlgorithmType getAlgorithmType() { + if signature_name_to_type_known(_, super.getValue()) + then signature_name_to_type_known(result, super.getValue()) + else result = Crypto::KeyOpAlg::TOtherKeyOperationAlgorithmType() + } + + override Crypto::ConsumerInputDataFlowNode getKeySizeConsumer() { + // TODO: trace to any key size initializer? + none() + } + + override int getKeySizeFixed() { + // TODO: are there known fixed key sizes to consider? + none() + } + + override Crypto::ModeOfOperationAlgorithmInstance getModeOfOperationAlgorithm() { none() } + + override Crypto::PaddingAlgorithmInstance getPaddingAlgorithm() { none() } + } + + class SignatureHashAlgorithmInstance extends Crypto::HashAlgorithmInstance instanceof SignatureStringLiteralAlgorithmInstance + { + Crypto::THashType hashType; + int digestLength; + + SignatureHashAlgorithmInstance() { + hashType = signature_name_to_hash_type_known(this.(StringLiteral).getValue(), digestLength) + } + + override string getRawHashAlgorithmName() { result = this.(StringLiteral).getValue() } + + override Crypto::THashType getHashFamily() { result = hashType } + + override int getFixedDigestLength() { result = digestLength } + } + + class SignatureInitCall extends MethodCall { + SignatureInitCall() { + this.getCallee().hasQualifiedName("java.security", "Signature", ["initSign", "initVerify"]) + } + + Expr getKeyArg() { + result = this.getArgument(0) + // TODO: verify can take in a certificate too? + } + } + + private class SignatureOperationCall extends MethodCall { + SignatureOperationCall() { + this.getMethod().hasQualifiedName("java.security", "Signature", ["update", "sign", "verify"]) + } + + predicate isIntermediate() { super.getMethod().getName() = "update" } + + Expr getMsgInput() { result = this.getArgument(0) and this.getMethod().getName() = "update" } + + Expr getSignatureOutput() { + // no args, the signature is returned + result = this and this.getMethod().getName() = "sign" and not exists(this.getArgument(0)) + or + // with args, the signature is written to the arg + result = this.getArgument(0) and this.getMethod().getName() = "sign" + } + + Expr getSignatureInput() { + result = this.getArgument(0) and this.getMethod().getName() = "verify" + } + + Crypto::KeyOperationSubtype getSubtype() { + result instanceof Crypto::TSignMode and this.getMethod().getName() = "sign" + or + result instanceof Crypto::TVerifyMode and this.getMethod().getName() = "verify" + } + } + + class SignatureOperationinstance extends Crypto::SignatureOperationInstance instanceof SignatureOperationCall + { + SignatureOperationinstance() { + // exclude update (only include sign and verify) + not super.isIntermediate() + } + + SignatureGetInstanceCall getInstantiationCall() { + result = SignatureFlowAnalysisImpl::getInstantiationFromUse(this, _, _) + } + + SignatureInitCall getInitCall() { + result = SignatureFlowAnalysisImpl::getInitFromUse(this, _, _) + } + + override Crypto::ConsumerInputDataFlowNode getInputConsumer() { + result.asExpr() = super.getMsgInput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getMsgInput() + } + + override Crypto::ConsumerInputDataFlowNode getKeyConsumer() { + result.asExpr() = this.getInitCall().getKeyArg() + } + + override Crypto::AlgorithmValueConsumer getAnAlgorithmValueConsumer() { + result = this.getInstantiationCall().getAlgorithmArg() + } + + override Crypto::ArtifactOutputDataFlowNode getOutputArtifact() { + result.asExpr() = super.getSignatureOutput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getSignatureOutput() + } + + override Crypto::AlgorithmValueConsumer getHashAlgorithmValueConsumer() { + // TODO: RSASSA-PSS literal sets hashes differently, through a ParameterSpec + result = this.getInstantiationCall().getAlgorithmArg() + } + + override predicate hasHashAlgorithmConsumer() { + // All jca signature algorithms specify a hash unless explicitly set as "NONEwith..." + exists(SignatureStringLiteralAlgorithmInstance i | + i.getConsumer() = this.getAnAlgorithmValueConsumer() and + not i.getRawAlgorithmName().toUpperCase().matches("NONEwith%".toUpperCase()) + ) + } + + override Crypto::KeyOperationSubtype getKeyOperationSubtype() { result = super.getSubtype() } + + override Crypto::ConsumerInputDataFlowNode getNonceConsumer() { none() } + + override Crypto::ConsumerInputDataFlowNode getSignatureConsumer() { + result.asExpr() = super.getSignatureInput() or + result.asExpr() = + SignatureFlowAnalysisImpl::getAnIntermediateUseFromFinalUse(this, _, _).getSignatureInput() + } + } + + module SignatureFlowAnalysisImpl = + GetInstanceInitUseFlowAnalysis; + /* * Elliptic Curves (EC) */ diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index 929c92aefff1..df3cb64d4e35 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -16,7 +16,7 @@ module Types { TSignature(TSignatureAlgorithmType t) or TMac(TMacAlgorithmType t) or TKeyEncapsulation(TKemAlgorithmType t) or - TUnknownKeyOperationAlgorithmType() + TOtherKeyOperationAlgorithmType() // Parameterized algorithm types newtype TSymmetricCipherType = @@ -64,7 +64,7 @@ module Types { newtype TCipherStructureType = Block() or Stream() or - UnknownCipherStructureType() + OtherCipherStructureType() class CipherStructureType extends TCipherStructureType { string toString() { @@ -72,7 +72,7 @@ module Types { or result = "Stream" and this = Stream() or - result = "Unknown" and this = UnknownCipherStructureType() + result = "Unknown" and this = OtherCipherStructureType() } } @@ -119,7 +119,7 @@ module Types { or type = OtherSymmetricCipherType() and name = "UnknownSymmetricCipher" and - s = UnknownCipherStructureType() + s = OtherCipherStructureType() } class AlgorithmType extends TAlgorithm { @@ -157,7 +157,7 @@ module Types { this = TMac(OtherMacAlgorithmType()) and result = "UnknownMac" or // Unknown - this = TUnknownKeyOperationAlgorithmType() and result = "Unknown" + this = TOtherKeyOperationAlgorithmType() and result = "Unknown" } int getImplicitKeySize() { From f4fea6d63540a1070ec097a860d736b289ebb1b0 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 3 Oct 2025 12:10:48 -0400 Subject: [PATCH 230/307] Crypto: Fix consistency update with "other" vs "unknown" naming convetions for openssl. --- .../OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll index 94251c39b566..23efacae69b7 100644 --- a/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll +++ b/cpp/ql/lib/experimental/quantum/OpenSSL/AlgorithmInstances/CipherAlgorithmInstance.qll @@ -119,7 +119,7 @@ class KnownOpenSslCipherConstantAlgorithmInstance extends OpenSslAlgorithmInstan knownOpenSslConstantToCipherFamilyType(this, result) or not knownOpenSslConstantToCipherFamilyType(this, _) and - result = Crypto::KeyOpAlg::TUnknownKeyOperationAlgorithmType() + result = Crypto::KeyOpAlg::TOtherKeyOperationAlgorithmType() } override OpenSslAlgorithmValueConsumer getAvc() { result = getterCall } From 66e9d7671dbd3ea1c17ca2a1fb035fea2c5b9928 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 3 Oct 2025 13:32:02 -0400 Subject: [PATCH 231/307] Crypto: Add jca unit tests. --- .../quantum/jca/AesWrapAndPBEWith.java | 241 +++ ...metricEncryptionMacHybridCryptosystem.java | 339 ++++ .../quantum/jca/ChainedEncryptionTest.java | 151 ++ .../library-tests/quantum/jca/Digest.java | 257 +++ .../quantum/jca/EllipticCurve1.java | 156 ++ .../quantum/jca/EllipticCurve2.java | 288 +++ .../quantum/jca/Encryption1.java | 182 ++ .../quantum/jca/Encryption2.java | 198 ++ .../library-tests/quantum/jca/Hash.java | 341 ++++ .../library-tests/quantum/jca/IVArtifact.java | 293 +++ .../jca/KeyAgreementHybridCryptosystem.java | 292 +++ .../quantum/jca/KeyArtifact.java | 86 + .../quantum/jca/KeyDerivation1.java | 394 ++++ .../quantum/jca/KeyEncapsulation.java | 235 +++ .../quantum/jca/KeyExchange.java | 341 ++++ .../quantum/jca/MACOperation.java | 259 +++ .../library-tests/quantum/jca/Nonce.java | 115 ++ .../library-tests/quantum/jca/PrngTest.java | 166 ++ .../quantum/jca/SignEncryptCombinations.java | 369 ++++ .../quantum/jca/SignatureOperation.java | 380 ++++ .../quantum/jca/SymmetricAlgorithm.java | 364 ++++ .../quantum/jca/SymmetricModesTest.java | 144 ++ .../quantum/jca/UniversalFlowTest.java | 48 + .../library-tests/quantum/node_edges.expected | 1705 +++++++++++++++++ .../library-tests/quantum/node_edges.ql | 5 + .../quantum/node_properties.expected | 1684 ++++++++++++++++ .../library-tests/quantum/node_properties.ql | 6 + .../library-tests/quantum/nodes.expected | 1512 +++++++++++++++ .../library-tests/quantum/nodes.ql | 5 + 29 files changed, 10556 insertions(+) create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/Digest.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/Hash.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/Nonce.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java create mode 100644 java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java create mode 100644 java/ql/test/experimental/library-tests/quantum/node_edges.expected create mode 100644 java/ql/test/experimental/library-tests/quantum/node_edges.ql create mode 100644 java/ql/test/experimental/library-tests/quantum/node_properties.expected create mode 100644 java/ql/test/experimental/library-tests/quantum/node_properties.ql create mode 100644 java/ql/test/experimental/library-tests/quantum/nodes.expected create mode 100644 java/ql/test/experimental/library-tests/quantum/nodes.ql diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java new file mode 100644 index 000000000000..e920d7d550ba --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java @@ -0,0 +1,241 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; + +/** + * AesWrapAndPBEWithTest demonstrates key wrapping and password-based encryption + * using various transformations. + * + * This file includes: + * + * 1. AESWrap Examples: + * - secureAESWrap(): Uses a randomly generated wrapping key. + * - insecureAESWrap(): Uses a fixed, hard-coded wrapping key. + * + * 2. PBEWith Examples: + * - insecurePBEExample(): Uses the legacy PBEWithMD5AndDES. + * - securePBEExample(): Uses PBKDF2WithHmacSHA256. + * - additionalPBEExample(): Uses PBEWithSHA256And128BitAES-CBC-BC. + * - additionalPBEExample2(): Uses PBEWithSHA1And128BitAES-CBC-BC. + * + * 3. Dynamic PBE Encryption: + * - dynamicPBEEncryption(): Chooses the PBE transformation based on a + * configuration string. + * + * Best Practices: + * - Use secure random keys and salts. + * - Avoid legacy algorithms like PBEWithMD5AndDES. + * - Prefer modern KDFs (PBKDF2WithHmacSHA256) and secure provider-specific PBE + * transformations. + * + * SAST/CBOM Notes: + * - Insecure examples (PBEWithMD5AndDES, fixed keys) should be flagged. + * - Secure examples use random salt, high iteration counts, and strong + * algorithms. + */ +public class AesWrapAndPBEWith { + + // static { + // // Register BouncyCastle as a provider. + // Security.addProvider(new BouncyCastleProvider()); + // } + + // =========================== + // 1. AESWrap Examples + // =========================== + + /** + * Secure AES key wrapping. + * Generates a random 256-bit wrapping key to wrap a target AES key. + * + * @return The wrapped key (Base64-encoded). + * @throws Exception if an error occurs. + */ + public String secureAESWrap() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey wrappingKey = kg.generateKey(); + + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + Cipher cipher = Cipher.getInstance("AESWrap"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + /** + * Insecure AES key wrapping. + * Uses a fixed (hard-coded) wrapping key. + * + * @return The wrapped key (Base64-encoded). + * @throws Exception if an error occurs. + */ + public String insecureAESWrap() throws Exception { + byte[] fixedKeyBytes = new byte[32]; + Arrays.fill(fixedKeyBytes, (byte) 0x01); + SecretKey wrappingKey = new SecretKeySpec(fixedKeyBytes, "AES"); + + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + Cipher cipher = Cipher.getInstance("AESWrap"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + // =========================== + // 2. PBEWith Examples + // =========================== + + /** + * Insecure PBE example using PBEWithMD5AndDES. + * + * @param password The input password. + * @return The derived key (Base64-encoded). + * @throws Exception if key derivation fails. + */ + public String insecurePBEExample(String password) throws Exception { + byte[] salt = new byte[8]; + Arrays.fill(salt, (byte) 0x00); // Fixed salt (insecure) + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1000, 64); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithMD5AndDES"); + byte[] keyBytes = factory.generateSecret(spec).getEncoded(); + return Base64.getEncoder().encodeToString(keyBytes); + } + + /** + * Secure PBE example using PBKDF2WithHmacSHA256. + * + * @param password The input password. + * @return The derived 256-bit AES key (Base64-encoded). + * @throws Exception if key derivation fails. + */ + public String securePBEExample(String password) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyBytes = factory.generateSecret(spec).getEncoded(); + SecretKey aesKey = new SecretKeySpec(keyBytes, "AES"); + return Base64.getEncoder().encodeToString(aesKey.getEncoded()); + } + + /** + * Additional PBE example using PBEWithSHA256And128BitAES-CBC-BC. + * + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The IV concatenated with ciphertext (Base64-encoded). + * @throws Exception if key derivation or encryption fails. + */ + public String additionalPBEExample(String password, String plaintext) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithSHA256And128BitAES-CBC-BC"); + SecretKey pbeKey = factory.generateSecret(spec); + SecretKey aesKey = new SecretKeySpec(pbeKey.getEncoded(), "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); + byte[] output = concatenate(iv, ciphertext); + return Base64.getEncoder().encodeToString(output); + } + + /** + * Additional PBE example using PBEWithSHA1And128BitAES-CBC-BC. + * This is less preferred than PBKDF2WithHmacSHA256 but demonstrates another + * variant. + * + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The IV concatenated with ciphertext (Base64-encoded). + * @throws Exception if key derivation or encryption fails. + */ + public String additionalPBEExample2(String password, String plaintext) throws Exception { + byte[] salt = new byte[16]; + new SecureRandom().nextBytes(salt); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBEWithSHA1And128BitAES-CBC-BC"); + SecretKey pbeKey = factory.generateSecret(spec); + SecretKey aesKey = new SecretKeySpec(pbeKey.getEncoded(), "AES"); + + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext.getBytes()); + byte[] output = concatenate(iv, ciphertext); + return Base64.getEncoder().encodeToString(output); + } + + // =========================== + // 3. Dynamic PBE Encryption + // =========================== + + /** + * Dynamically selects a PBE transformation based on a configuration string. + * + * Acceptable values: + * - "PBKDF2": Uses PBKDF2WithHmacSHA256. + * - "SHA256AES": Uses PBEWithSHA256And128BitAES-CBC-BC. + * - "SHA1AES": Uses PBEWithSHA1And128BitAES-CBC-BC. + * - Otherwise, falls back to insecure PBEWithMD5AndDES. + * + * @param config The configuration string. + * @param password The input password. + * @param plaintext The plaintext to encrypt. + * @return The Base64-encoded encrypted output. + * @throws Exception if an error occurs. + */ + public String dynamicPBEEncryption(String config, String password, String plaintext) throws Exception { + if ("PBKDF2".equalsIgnoreCase(config)) { + return securePBEExample(password); + } else if ("SHA256AES".equalsIgnoreCase(config)) { + return additionalPBEExample(password, plaintext); + } else if ("SHA1AES".equalsIgnoreCase(config)) { + return additionalPBEExample2(password, plaintext); + } else { + // Fallback insecure option. + return insecurePBEExample(password); + } + } + + // =========================== + // Helper Methods + // =========================== + + /** + * Concatenates two byte arrays. + */ + private byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java new file mode 100644 index 000000000000..b08247372ef9 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java @@ -0,0 +1,339 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; + +/** + * AsymmetricEncryptionMacHybridCryptosystem demonstrates hybrid + * cryptosystems that combine asymmetric encryption with a MAC. + * + * Flows: + * 1. RSA-OAEP + HMAC: + * - Secure Flow: Uses 2048-bit RSA-OAEP (with SHA256andMGF1Padding) to + * encapsulate a freshly generated AES key; + * then encrypts using AES-GCM with a random nonce and computes HMAC-SHA256 over + * the ciphertext. + * - Insecure Flow: Uses 1024-bit RSA (RSA/ECB/PKCS1Padding), AES-GCM with a + * fixed IV, and HMAC-SHA1. + * + * 2. ECIES + HMAC: + * - Secure Flow: Uses ephemeral ECDH key pairs (secp256r1); derives a shared + * secret and applies a simple KDF (SHA-256) + * to derive a 128-bit AES key; then uses AES-GCM with a random nonce and + * computes HMAC-SHA256. + * - Insecure Flow: Reuses a static EC key pair, directly truncates the shared + * secret without a proper KDF, + * uses a fixed IV, and computes HMAC-SHA1. + * + * 3. Dynamic Hybrid Selection: + * - Chooses between flows based on a configuration string. + * + * SAST/CBOM Notes: + * - Secure flows use proper ephemeral key generation, secure key sizes, KDF + * usage, and random nonces/IVs. + * - Insecure flows (static key reuse, fixed nonces, weak key sizes, raw shared + * secret truncation, and deprecated algorithms) + * should be flagged. + */ +public class AsymmetricEncryptionMacHybridCryptosystem { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + + // ---------- Result Class ---------- + public static class HybridResult { + private final byte[] encapsulatedKey; + private final byte[] ciphertext; + private final byte[] mac; + + public HybridResult(byte[] encapsulatedKey, byte[] ciphertext, byte[] mac) { + this.encapsulatedKey = encapsulatedKey; + this.ciphertext = ciphertext; + this.mac = mac; + } + + public byte[] getEncapsulatedKey() { + return encapsulatedKey; + } + + public byte[] getCiphertext() { + return ciphertext; + } + + public byte[] getMac() { + return mac; + } + + public String toBase64String() { + return "EncapsulatedKey: " + Base64.getEncoder().encodeToString(encapsulatedKey) + + "\nCiphertext: " + Base64.getEncoder().encodeToString(ciphertext) + + "\nMAC: " + Base64.getEncoder().encodeToString(mac); + } + } + + // ---------- Helper Methods ---------- + + /** + * Generates an ephemeral ECDH key pair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an ephemeral X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the provided key agreement algorithm. + * + * @param privateKey The private key. + * @param publicKey The corresponding public key. + * @param algorithm The key agreement algorithm (e.g., "ECDH" or "X25519"). + * @return The shared secret. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, String algorithm) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance(algorithm, "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + /** + * A simple KDF that hashes the input with SHA-256 and returns the first + * numBytes. + * + * @param input The input byte array. + * @param numBytes The desired number of output bytes. + * @return The derived key material. + */ + public byte[] simpleKDF(byte[] input, int numBytes) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(input); + return Arrays.copyOf(hash, numBytes); + } + + /** + * Concatenates two byte arrays. + */ + public byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + // ===================================================== + // 1. RSA-OAEP + HMAC Hybrid Cryptosystem + // ===================================================== + + /** + * Generates a secure 2048-bit RSA key pair. + */ + public KeyPair generateRSAKeyPairGood() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(2048); + return kpg.generateKeyPair(); + } + + /** + * Generates an insecure 1024-bit RSA key pair. + */ + public KeyPair generateRSAKeyPairBad() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(1024); + return kpg.generateKeyPair(); + } + + /** + * Secure hybrid encryption using RSA-OAEP + HMAC-SHA256. + */ + public HybridResult secureRSAHybridEncryption(byte[] plaintext) throws Exception { + KeyPair rsaKP = generateRSAKeyPairGood(); + SecretKey aesKey = generateAESKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.WRAP_MODE, rsaKP.getPublic()); + byte[] encapsulatedKey = rsaCipher.wrap(aesKey); + + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = aesCipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(iv, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = secureHMACSHA256(new String(fullCiphertext), macKey); + + return new HybridResult(encapsulatedKey, fullCiphertext, mac); + } + + /** + * Insecure hybrid encryption using RSA/ECB/PKCS1Padding + HMAC-SHA1. + */ + public HybridResult insecureRSAHybridEncryption(byte[] plaintext) throws Exception { + KeyPair rsaKP = generateRSAKeyPairBad(); + SecretKey aesKey = generateAESKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + rsaCipher.init(Cipher.WRAP_MODE, rsaKP.getPublic()); + byte[] encapsulatedKey = rsaCipher.wrap(aesKey); + + byte[] fixedIV = new byte[12]; // All zeros + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, fixedIV)); + byte[] ciphertext = aesCipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(fixedIV, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = insecureHMACSHA1(new String(fullCiphertext), macKey); + + return new HybridResult(encapsulatedKey, fullCiphertext, mac); + } + + // ===================================================== + // 2. ECIES + HMAC Hybrid Cryptosystem + // ===================================================== + + /** + * Secure hybrid encryption using ECIES (via ECDH) + HMAC-SHA256. + */ + public HybridResult secureECIESHybridEncryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateECDHKeyPair(); + KeyPair bobKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = simpleKDF(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(iv, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = secureHMACSHA256(new String(fullCiphertext), macKey); + + byte[] ephemeralPubKey = aliceKP.getPublic().getEncoded(); + + return new HybridResult(ephemeralPubKey, fullCiphertext, mac); + } + + /** + * Insecure hybrid encryption using ECIES (via ECDH) + HMAC-SHA1. + */ + public HybridResult insecureECIESHybridEncryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = Arrays.copyOf(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] fixedIV = new byte[12]; // Fixed IV + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, fixedIV)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] fullCiphertext = concatenate(fixedIV, ciphertext); + + byte[] macKey = generateAESKey().getEncoded(); + byte[] mac = insecureHMACSHA1(new String(fullCiphertext), macKey); + + byte[] staticPubKey = staticKP.getPublic().getEncoded(); + + return new HybridResult(staticPubKey, fullCiphertext, mac); + } + + // ===================================================== + // 3. Dynamic Hybrid Selection + // ===================================================== + + /** + * Dynamically selects a hybrid encryption flow based on configuration. + * SAST: Dynamic selection introduces risk if insecure defaults are chosen. + * + * @param config The configuration string ("secureRSA", "insecureRSA", + * "secureECIES", "insecureECIES"). + * @param plaintext The plaintext to encrypt. + * @return A Base64-encoded string representation of the hybrid encryption + * result. + * @throws Exception if an error occurs. + */ + public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { + HybridResult result; + if ("secureRSA".equalsIgnoreCase(config)) { + result = secureRSAHybridEncryption(plaintext); + } else if ("insecureRSA".equalsIgnoreCase(config)) { + result = insecureRSAHybridEncryption(plaintext); + } else if ("secureECIES".equalsIgnoreCase(config)) { + result = secureECIESHybridEncryption(plaintext); + } else if ("insecureECIES".equalsIgnoreCase(config)) { + result = insecureECIESHybridEncryption(plaintext); + } else { + // Fallback to insecure RSA hybrid encryption. + result = insecureRSAHybridEncryption(plaintext); + } + return result.toBase64String(); + } + + // ===================================================== + // 4. Helper Methods for HMAC and Symmetric Encryption + // ===================================================== + + /** + * Secure HMAC using HMAC-SHA256. + * SAST: HMAC-SHA256 is secure. + */ + public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Insecure HMAC using HMAC-SHA1. + * SAST: HMAC-SHA1 is deprecated and insecure. + */ + public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA1", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA1"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + // ===================================================== + // 5. Helper Methods for Key/Nonce Generation + // ===================================================== + + /** + * Generates a secure 256-bit AES key. + * SAST: Uses SecureRandom for key generation. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java new file mode 100644 index 000000000000..fedd9423b89c --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java @@ -0,0 +1,151 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; + +import java.util.Arrays; +import java.util.Base64; + +public class ChainedEncryptionTest { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + // Encrypts using AES-GCM. Returns IV concatenated with ciphertext. + public static byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte nonce for AES-GCM + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + return concat(iv, ciphertext); + } + + // Decrypts AES-GCM ciphertext where IV is prepended. + public static byte[] decryptAESGCM(SecretKey key, byte[] ivCiphertext) throws Exception { + byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 12, ivCiphertext.length); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.DECRYPT_MODE, key, spec); + return cipher.doFinal(ciphertext); + } + + // Encrypts using ChaCha20-Poly1305. Returns nonce concatenated with ciphertext. + public static byte[] encryptChaCha20Poly1305(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + byte[] nonce = new byte[12]; // 12-byte nonce for ChaCha20-Poly1305 + new SecureRandom().nextBytes(nonce); + cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + return concat(nonce, ciphertext); + } + + // Decrypts ChaCha20-Poly1305 ciphertext where nonce is prepended. + public static byte[] decryptChaCha20Poly1305(SecretKey key, byte[] nonceCiphertext) throws Exception { + byte[] nonce = Arrays.copyOfRange(nonceCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(nonceCiphertext, 12, nonceCiphertext.length); + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + cipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(nonce)); + return cipher.doFinal(ciphertext); + } + + // Helper method to concatenate two byte arrays. + private static byte[] concat(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + /** + * Performs chained encryption and decryption in one function. + * First, plaintext is encrypted with AES-GCM (inner layer), + * then that ciphertext is encrypted with ChaCha20-Poly1305 (outer layer). + * The decryption process reverses these steps. + * + * @param plaintext The input plaintext. + * @return The decrypted plaintext as a String. + * @throws Exception if any cryptographic operation fails. + */ + public static String chainEncryptDecrypt(String plaintext) throws Exception { + byte[] plainBytes = plaintext.getBytes("UTF-8"); + + // Generate keys for inner and outer encryption. + KeyGenerator aesGen = KeyGenerator.getInstance("AES"); + aesGen.init(256, new SecureRandom()); + SecretKey innerKey = aesGen.generateKey(); + + KeyGenerator chachaGen = KeyGenerator.getInstance("ChaCha20", "BC"); + chachaGen.init(256, new SecureRandom()); + SecretKey outerKey = chachaGen.generateKey(); + + // Inner Encryption with AES-GCM. + byte[] aesIV = new byte[12]; // Random 12-byte IV. + new SecureRandom().nextBytes(aesIV); + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, aesIV); + aesCipher.init(Cipher.ENCRYPT_MODE, innerKey, gcmSpec); + byte[] innerCiphertext = aesCipher.doFinal(plainBytes); + + // Outer Encryption with ChaCha20-Poly1305. + byte[] chachaNonce = new byte[12]; // Random 12-byte nonce. + new SecureRandom().nextBytes(chachaNonce); + Cipher chachaCipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + chachaCipher.init(Cipher.ENCRYPT_MODE, outerKey, new IvParameterSpec(chachaNonce)); + byte[] outerCiphertext = chachaCipher.doFinal(innerCiphertext); + + // Outer Decryption. + Cipher chachaDec = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + chachaDec.init(Cipher.DECRYPT_MODE, outerKey, new IvParameterSpec(chachaNonce)); + byte[] decryptedInnerCiphertext = chachaDec.doFinal(outerCiphertext); + + // Inner Decryption. + Cipher aesDec = Cipher.getInstance("AES/GCM/NoPadding"); + aesDec.init(Cipher.DECRYPT_MODE, innerKey, new GCMParameterSpec(128, aesIV)); + byte[] decryptedPlaintext = aesDec.doFinal(decryptedInnerCiphertext); + + return new String(decryptedPlaintext, "UTF-8"); + } + + public static void main(String[] args) throws Exception { + // Generate a 256-bit AES key for the first (inner) encryption. + KeyGenerator aesGen = KeyGenerator.getInstance("AES"); + aesGen.init(256, new SecureRandom()); + SecretKey aesKey = aesGen.generateKey(); + + // Generate a 256-bit key for ChaCha20-Poly1305 (outer encryption). + KeyGenerator chaChaGen = KeyGenerator.getInstance("ChaCha20"); + chaChaGen.init(256, new SecureRandom()); + SecretKey chaChaKey = chaChaGen.generateKey(); + + String originalText = "This is a secret message."; + byte[] plaintext = originalText.getBytes(); + + // Step 1: Encrypt plaintext with AES-GCM. + byte[] innerCiphertext = encryptAESGCM(aesKey, plaintext); + + // Step 2: Encrypt the AES-GCM ciphertext with ChaCha20-Poly1305. + byte[] outerCiphertext = encryptChaCha20Poly1305(chaChaKey, innerCiphertext); + + // Now, decrypt in reverse order. + // Step 3: Decrypt the outer layer (ChaCha20-Poly1305). + byte[] decryptedInnerCiphertext = decryptChaCha20Poly1305(chaChaKey, outerCiphertext); + + // Step 4: Decrypt the inner layer (AES-GCM). + byte[] decryptedPlaintext = decryptAESGCM(aesKey, decryptedInnerCiphertext); + + System.out.println("Original: " + originalText); + System.out.println("Decrypted: " + new String(decryptedPlaintext)); + } + +} \ No newline at end of file diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Digest.java b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java new file mode 100644 index 000000000000..942178e57683 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java @@ -0,0 +1,257 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.KeyGenerator; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; + +/** + * DigestTestCase demonstrates the further use of cryptographic digests + * as inputs to more complex cryptosystems. In real-world applications, + * digest outputs are often used as keys, key material for key derivation, + * or as identifiers. This file shows several flows: + * + * 1. Basic digest generation using SHA-256 (secure) and MD5/SHA-1 (insecure). + * 2. Unsalted versus salted digest for password input. + * 3. PBKDF2 for secure key derivation. + * 4. Using a digest as direct key material for AES encryption (processDigest). + * 5. Using a digest as an identifier (alternativeDigestFlow). + * 6. **Further Use**: Deriving two separate keys (one for encryption and one + * for MAC) + * from a digest via PBKDF2 and using them in an authenticated encryption flow. + * + * SAST/CBOM notes: + * - Secure algorithms (e.g. SHA-256, HMAC-SHA256, PBKDF2WithHmacSHA256) are + * acceptable. + * - Insecure functions (e.g. MD5, SHA-1) and unsalted password digests are + * flagged. + * - Using a raw digest directly as key material is ambiguous unless produced by + * a proper KDF. + */ +public class Digest { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + // ---------- Digest Generation Flows ---------- + + /** + * Secure digest generation using SHA-256. + * SAST: SHA-256 is secure. + */ + public void simpleHashing() throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest("Simple Test Data".getBytes()); + processDigest(hash); + } + + /** + * Insecure digest generation using MD5. + * SAST: MD5 is deprecated and insecure. + */ + public void insecureMD5Hashing() throws Exception { + MessageDigest md5Digest = MessageDigest.getInstance("MD5"); + byte[] hash = md5Digest.digest("Weak Hash Example".getBytes()); + processDigest(hash); + } + + /** + * Insecure unsalted password hashing using SHA-256. + * SAST: Unsalted password hashing is vulnerable to rainbow table attacks. + */ + public void insecureUnsaltedPasswordHashing(String password) throws Exception { + MessageDigest sha256Digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = sha256Digest.digest(password.getBytes()); + processDigest(hash); + } + + /** + * Secure salted hashing using SHA-256. + * SAST: Salting the input improves security. + */ + public void secureSaltedHashing(String password) throws Exception { + byte[] salt = generateSalt(16); + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + digest.update(salt); + byte[] hash = digest.digest(password.getBytes()); + processDigest(hash); + } + + /** + * Secure key derivation using PBKDF2 with HMAC-SHA256. + * SAST: PBKDF2 with sufficient iterations is recommended. + */ + public void securePBKDF2Hashing(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] hash = factory.generateSecret(spec).getEncoded(); + processDigest(hash); + } + + /** + * Insecure digest generation using SHA-1. + * SAST: SHA-1 is deprecated due to collision vulnerabilities. + */ + public void insecureRawSHA1Hashing(String input) throws Exception { + MessageDigest sha1Digest = MessageDigest.getInstance("SHA-1"); + byte[] hash = sha1Digest.digest(input.getBytes()); + processDigest(hash); + } + + /** + * Secure MAC computation using HMAC-SHA256. + * SAST: HMAC-SHA256 is considered secure. + */ + public void secureHMACHashing(String input, byte[] key) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + hmac.init(secretKey); + byte[] hash = hmac.doFinal(input.getBytes()); + processDigest(hash); + } + + // ---------- Further Use of Digest Outputs ---------- + + /** + * Processes the digest by using it directly as key material for AES encryption. + * SAST: Using a raw digest as key material is acceptable only if the digest is + * produced + * via a secure KDF. This method is ambiguous if the digest is from an insecure + * function. + * + * @param digest The computed digest. + * @throws Exception if encryption fails. + */ + public void processDigest(byte[] digest) throws Exception { + // Derive a 128-bit AES key from the digest. + SecretKey key = new SecretKeySpec(digest, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + storeEncryptedDigest(encryptedData); + } + + /** + * Alternative flow: Uses the digest as an identifier (e.g., checksum) and + * encrypts it. + * SAST: Using a digest as an identifier is common; encryption must use secure + * primitives. + * + * @param digest The computed digest. + * @throws Exception if encryption fails. + */ + public void alternativeDigestFlow(byte[] digest) throws Exception { + byte[] identifier = Base64.getEncoder().encode(digest); + encryptAndSend(identifier); + } + + /** + * Further use: Derives two separate keys from a digest using PBKDF2, + * then uses one key for encryption and the other for computing a MAC over the + * ciphertext. + * + * SAST: This approach of key derivation and splitting is acceptable if PBKDF2 + * is used securely. + * + * @param digest The input digest (must be generated from a secure source). + * @throws Exception if key derivation or encryption fails. + */ + public void furtherUseDigestForKeyDerivation(byte[] digest) throws Exception { + // Treat the digest (in Base64) as a password input to PBKDF2. + String digestAsPassword = Base64.getEncoder().encodeToString(digest); + byte[] salt = generateSalt(16); + // Derive 256 bits (32 bytes) of key material. + PBEKeySpec spec = new PBEKeySpec(digestAsPassword.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyMaterial = factory.generateSecret(spec).getEncoded(); + // Split into two 128-bit keys. + byte[] encryptionKeyBytes = Arrays.copyOfRange(keyMaterial, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(keyMaterial, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt sample data using the derived encryption key. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal("Further Use Test Data".getBytes()); + + // Compute HMAC over the ciphertext using the derived MAC key. + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(macKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // In production, these outputs would be securely stored or transmitted. + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedDigest(output); + } + + /** + * Encrypts data using AES-GCM and simulates secure transmission or storage. + * SAST: Uses a securely generated AES key. + * + * @param data The data to encrypt. + * @throws Exception if encryption fails. + */ + public void encryptAndSend(byte[] data) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal(data); + storeEncryptedDigest(encryptedData); + } + + /** + * Simulates secure storage or transmission of an encrypted digest. + * SAST: In production, this method would implement secure storage/transmission. + * + * @param encryptedDigest The encrypted digest. + */ + public void storeEncryptedDigest(byte[] encryptedDigest) { + // For static analysis purposes, this method represents a secure output + // mechanism. + String stored = Base64.getEncoder().encodeToString(encryptedDigest); + } + + // ---------- Helper Methods ---------- + + /** + * Generates a secure 256-bit AES key. + * SAST: Key generation uses a strong RNG. + * + * @return A SecretKey for AES. + * @throws NoSuchAlgorithmException if AES is unsupported. + */ + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. + * SAST: Salting is essential for secure digest computations. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java new file mode 100644 index 000000000000..41d84640598d --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java @@ -0,0 +1,156 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.Security; +import java.util.Base64; + +/** + * EllipticCurve1 demonstrates generating EC key pairs for various curve + * categories. + * + * Curve categories covered: + * - NIST: e.g., secp256r1, secp384r1, secp521r1. + * - SEC: e.g., secp256k1 (from the Standards for Efficient Cryptography, SEC2). + * - BRAINPOOL: e.g., brainpoolP256r1. + * - CURVE25519: for key agreement (X25519) or signatures (Ed25519). + * - CURVE448: for key agreement (X448). + * - C2: Binary curves; for example, sect163r2 (if available). + * - SM2: Chinese SM2 curve, often named sm2p256v1. + * - ES: Elliptic curve signature based on EdDSA, here using Ed25519. + * - OtherEllipticCurveType: A fallback (using secp256r1). + * + * Best practices: + * - Use ephemeral key generation with a strong RNG. + * - Select curves from secure families (e.g., NIST, Brainpool, Curve25519/448, + * SM2). + * - Use a crypto provider (e.g., BouncyCastle) that supports the desired + * curves. + * + * In a production environment, the curve type may be externally configured. + */ +public class EllipticCurve1 { + + // static { + // // Register the BouncyCastle provider to access a wide range of curves. + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Generates a key pair using a NIST curve (e.g., secp256r1). + */ + public KeyPair generateNISTKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // secp256r1 is widely used (also known as P-256) + kpg.initialize(new java.security.spec.ECGenParameterSpec("secp256r1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a SEC curve (e.g., secp256k1). + */ + public KeyPair generateSECCurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // secp256k1 is commonly used in Bitcoin and other blockchain applications. + kpg.initialize(new java.security.spec.ECGenParameterSpec("secp256k1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a Brainpool curve (e.g., brainpoolP256r1). + */ + public KeyPair generateBrainpoolKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "brainpoolP256r1" is a commonly recommended Brainpool curve. + kpg.initialize(new java.security.spec.ECGenParameterSpec("brainpoolP256r1")); + return kpg.generateKeyPair(); + } + + /** + * Generates an X25519 key pair (for key agreement). + */ + public KeyPair generateCurve25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + // No further parameters are needed for X25519. + return kpg.generateKeyPair(); + } + + /** + * Generates an X448 key pair (for key agreement). + */ + public KeyPair generateCurve448KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X448", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for a binary (C2) curve. + * Example: sect163r2 is a binary field curve. + */ + public KeyPair generateC2CurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "sect163r2" is one of the binary field curves supported by BouncyCastle. + kpg.initialize(new java.security.spec.ECGenParameterSpec("sect163r2")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for the SM2 curve. + * SM2 is a Chinese cryptographic standard. + */ + public KeyPair generateSM2KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + // "sm2p256v1" is the standard SM2 curve. + kpg.initialize(new java.security.spec.ECGenParameterSpec("sm2p256v1")); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for ES (Elliptic curve signature using EdDSA). + * This example uses Ed25519. + */ + public KeyPair generateESKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for an "Other" elliptic curve type. + * This serves as a fallback example (using secp256r1). + */ + public KeyPair generateOtherEllipticCurveKeyPair() throws Exception { + return generateNISTKeyPair(); // Fallback to secp256r1 + } + + /** + * Main method demonstrating key pair generation for various curve types. + */ + public static void main(String[] args) { + try { + EllipticCurve1 examples = new EllipticCurve1(); + System.out.println("NIST (secp256r1): " + + Base64.getEncoder().encodeToString(examples.generateNISTKeyPair().getPublic().getEncoded())); + System.out.println("SEC (secp256k1): " + + Base64.getEncoder().encodeToString(examples.generateSECCurveKeyPair().getPublic().getEncoded())); + System.out.println("Brainpool (brainpoolP256r1): " + + Base64.getEncoder().encodeToString(examples.generateBrainpoolKeyPair().getPublic().getEncoded())); + System.out.println("Curve25519 (X25519): " + + Base64.getEncoder().encodeToString(examples.generateCurve25519KeyPair().getPublic().getEncoded())); + System.out.println("Curve448 (X448): " + + Base64.getEncoder().encodeToString(examples.generateCurve448KeyPair().getPublic().getEncoded())); + System.out.println("C2 (sect163r2): " + + Base64.getEncoder().encodeToString(examples.generateC2CurveKeyPair().getPublic().getEncoded())); + System.out.println("SM2 (sm2p256v1): " + + Base64.getEncoder().encodeToString(examples.generateSM2KeyPair().getPublic().getEncoded())); + System.out.println("ES (Ed25519): " + + Base64.getEncoder().encodeToString(examples.generateESKeyPair().getPublic().getEncoded())); + System.out.println("Other (Fallback, secp256r1): " + + Base64.getEncoder() + .encodeToString(examples.generateOtherEllipticCurveKeyPair().getPublic().getEncoded())); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java new file mode 100644 index 000000000000..e9bb2463d50d --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java @@ -0,0 +1,288 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; + +/** + * EllipticCurve2 demonstrates real-world uses of elliptic curve algorithms, + * including key pair generation, key agreement (ECDH), digital signatures + * (ECDSA, EdDSA), + * and a simple simulation of ECIES (using ECDH + AES-GCM). + * + * Curve types shown include: + * - NIST (e.g., secp256r1) + * - SEC (e.g., secp256k1) + * - Brainpool (e.g., brainpoolP256r1) + * - CURVE25519 (for X25519 key agreement) + * - ES (e.g., Ed25519 for signatures) + * - Other fallback (e.g., secp256r1 for “OtherEllipticCurveType”) + * + * Best practices: + * - Use ephemeral keys and a strong RNG. + * - Use proper key agreement (with a KDF if needed) and digital signature + * schemes. + * - Avoid static key reuse or using weak curves. + * + * SAST/CBOM considerations: + * - Secure implementations use ephemeral keys and modern curves. + * - Insecure practices (e.g., static keys or reusing keys) must be flagged. + */ +public class EllipticCurve2 { + + // static { + // // Register BouncyCastle provider for additional curves and algorithms. + // Security.addProvider(new BouncyCastleProvider()); + // } + + // ---------------------------- + // 1. Key Pair Generation Examples + // ---------------------------- + + /** + * Generates a key pair using a NIST curve (secp256r1). + */ + public KeyPair generateNISTKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a SEC curve (secp256k1). + */ + public KeyPair generateSECCurveKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256k1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair using a Brainpool curve (brainpoolP256r1). + */ + public KeyPair generateBrainpoolKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("brainpoolP256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates an Ed25519 key pair (used for signatures). + */ + public KeyPair generateEd25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Generates a key pair for "OtherEllipticCurveType" as a fallback (using + * secp256r1). + */ + public KeyPair generateOtherEllipticCurveKeyPair() throws Exception { + return generateNISTKeyPair(); + } + + // ---------------------------- + // 2. Key Agreement (ECDH) Examples + // ---------------------------- + + /** + * Performs ECDH key agreement using two ephemeral NIST key pairs. + * Secure Example: Uses ephemeral keys and a strong RNG. + * + * @return The shared secret. + */ + public byte[] performECDHKeyAgreement() throws Exception { + KeyPair aliceKP = generateNISTKeyPair(); + KeyPair bobKP = generateNISTKeyPair(); + + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(aliceKP.getPrivate()); + ka.doPhase(bobKP.getPublic(), true); + return ka.generateSecret(); + } + + /** + * Insecure ECDH Example: Uses a static key pair for both parties. + * SAST: Reusing the same key pair eliminates forward secrecy and is insecure. + * + * @return The (insecure) shared secret. + */ + public byte[] insecureECDHKeyAgreement() throws Exception { + KeyPair staticKP = generateNISTKeyPair(); + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(staticKP.getPrivate()); + ka.doPhase(staticKP.getPublic(), true); + return ka.generateSecret(); + } + + // ---------------------------- + // 3. Digital Signature Examples + // ---------------------------- + + /** + * Generates an ECDSA signature using a NIST key pair. + * Secure Example. + * + * @param message The message to sign. + * @return The signature. + */ + public byte[] generateECDSASignature(byte[] message) throws Exception { + KeyPair kp = generateNISTKeyPair(); + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(kp.getPrivate()); + signature.update(message); + return signature.sign(); + } + + /** + * Verifies an ECDSA signature using the corresponding NIST key pair. + * + * @param message The original message. + * @param signatureBytes The signature to verify. + * @param kp The key pair used for signing. + * @return True if the signature is valid. + */ + public boolean verifyECDSASignature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(kp.getPublic()); + signature.update(message); + return signature.verify(signatureBytes); + } + + /** + * Generates an Ed25519 signature. + * Secure Example: Ed25519 is a modern, high-performance signature scheme. + * + * @param message The message to sign. + * @return The signature. + */ + public byte[] generateEd25519Signature(byte[] message) throws Exception { + KeyPair kp = generateEd25519KeyPair(); + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initSign(kp.getPrivate()); + signature.update(message); + return signature.sign(); + } + + /** + * Verifies an Ed25519 signature. + * + * @param message The original message. + * @param signatureBytes The signature to verify. + * @param kp The key pair used for signing. + * @return True if the signature is valid. + */ + public boolean verifyEd25519Signature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initVerify(kp.getPublic()); + signature.update(message); + return signature.verify(signatureBytes); + } + + // ---------------------------- + // 4. ECIES-like Encryption (ECDH + AES-GCM) + // ---------------------------- + + /** + * A simple simulation of ECIES using ECDH for key agreement and AES-GCM for + * encryption. + * Secure Example: Uses ephemeral ECDH key pairs, a KDF to derive a symmetric + * key, + * and AES-GCM with a random nonce. + * + * @param plaintext The plaintext to encrypt. + * @return The concatenation of the ephemeral public key, IV, and ciphertext + * (Base64-encoded). + * @throws Exception if encryption fails. + */ + public String eciesEncryptionExample(byte[] plaintext) throws Exception { + // Generate ephemeral key pairs for two parties. + KeyPair senderKP = generateNISTKeyPair(); + KeyPair receiverKP = generateNISTKeyPair(); + + // Perform ECDH key agreement. + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(senderKP.getPrivate()); + ka.doPhase(receiverKP.getPublic(), true); + byte[] sharedSecret = ka.generateSecret(); + + // Derive a symmetric key from the shared secret using SHA-256 (first 16 bytes + // for AES-128). + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] derivedKey = digest.digest(sharedSecret); + derivedKey = Arrays.copyOf(derivedKey, 16); + SecretKey aesKey = new SecretKeySpec(derivedKey, "AES"); + + // Encrypt plaintext using AES-GCM with a random nonce. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + // For ECIES, include the sender's ephemeral public key with the output. + byte[] senderPub = senderKP.getPublic().getEncoded(); + byte[] output = concatenate(senderPub, concatenate(iv, ciphertext)); + + return Base64.getEncoder().encodeToString(output); + } + + // ---------------------------- + // 5. Main Method for Demonstration + // ---------------------------- + + public static void main(String[] args) { + try { + EllipticCurve2 test = new EllipticCurve2(); + + // Key Agreement Example: + byte[] sharedSecret = test.performECDHKeyAgreement(); + System.out.println("ECDH Shared Secret (Base64): " + Base64.getEncoder().encodeToString(sharedSecret)); + + // ECDSA Signature Example: + byte[] message = "Test message for ECDSA".getBytes(); + KeyPair nistKP = test.generateNISTKeyPair(); + byte[] ecdsaSig = test.generateECDSASignature(message); + boolean validSig = test.verifyECDSASignature(message, ecdsaSig, nistKP); + System.out.println("ECDSA Signature valid? " + validSig); + + // Ed25519 Signature Example: + byte[] edSig = test.generateEd25519Signature(message); + KeyPair edKP = test.generateEd25519KeyPair(); + boolean validEdSig = test.verifyEd25519Signature(message, edSig, edKP); + System.out.println("Ed25519 Signature valid? " + validEdSig); + + // ECIES-like Encryption Example: + String eciesOutput = test.eciesEncryptionExample("Secret ECIES Message".getBytes()); + System.out.println("ECIES-like Encrypted Output (Base64): " + eciesOutput); + + } catch (Exception e) { + e.printStackTrace(); + } + } + + private byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java new file mode 100644 index 000000000000..f20220e55bc3 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java @@ -0,0 +1,182 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; + +/** + * This class demonstrates several encryption schemes along with SAST/CBOM + * classification notes. + * + * Methods include: + * + * 1. simpleAESEncryption: Uses AES in GCM mode. + * - CBOM: AES-GCM is classified as secure (Parent: AEAD). + * - SAST: Secure symmetric encryption pattern; safe when used properly. + * + * 2. insecureAESWithECB: Uses AES in ECB mode. + * - CBOM: AES-ECB is classified as insecure (Parent: SymmetricEncryption). + * - SAST: Insecure encryption pattern; flagged as vulnerable due to lack of IV + * and predictable structure. + * + * 3. rsaOaepEncryption / rsaOaepDecryption: Use RSA with OAEP padding. + * - CBOM: RSA-OAEP is classified as secure for public-key encryption (Parent: + * Hybrid Cryptosystem). + * - SAST: Secure for small payloads/key encapsulation; must only encrypt small + * data blocks. + * + * 4. rsaKemEncryption: Demonstrates a key encapsulation mechanism (KEM) using + * RSA-OAEP. + * - CBOM: RSA-KEM is recognized as secure (Parent: RSA-OAEP based KEM). + * - SAST: Secure when used to encapsulate symmetric keys in a hybrid system. + * + * 5. hybridEncryption: Combines RSA-OAEP for key encapsulation with AES-GCM for + * data encryption. + * - CBOM: Hybrid encryption (Parent: RSA-OAEP + AES-GCM) is classified as + * secure. + * - SAST: Secure hybrid encryption pattern; recommended for large data + * encryption. + */ +public class Encryption1 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Simple AES-GCM encryption. + * + * SAST/CBOM Notes: + * - Algorithm: AES/GCM/NoPadding with a 256-bit key. + * - Parent Classification: AEAD (Authenticated Encryption with Associated + * Data). + * - SAST: Considered safe when properly implemented (uses IV and tag). + */ + public void simpleAESEncryption() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + System.out.println("AES-GCM Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * Insecure AES encryption using ECB mode. + * + * SAST/CBOM Notes: + * - Algorithm: AES/ECB/NoPadding with a 256-bit key. + * - Parent Classification: SymmetricEncryption (ECB mode is inherently + * insecure). + * - SAST: Flagged as vulnerable; ECB mode does not use an IV and reveals data + * patterns. + */ + public void insecureAESWithECB() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + // AES/ECB mode is insecure due to the deterministic nature of the block cipher + // without an IV. + Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + System.out.println("AES-ECB Encrypted Data (Insecure): " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * RSA encryption using OAEP with SHA-256 and MGF1 padding. + * + * SAST/CBOM Notes: + * - Algorithm: RSA/ECB/OAEPWithSHA-256AndMGF1Padding. + * - Parent Classification: Hybrid Cryptosystem. RSA-OAEP is commonly used in + * hybrid schemes. + * - SAST: Secure for encrypting small payloads or for key encapsulation; + * caution when encrypting large data. + */ + public void rsaOaepEncryption(PublicKey publicKey, String data) throws Exception { + Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + cipher.init(Cipher.ENCRYPT_MODE, publicKey); + byte[] encryptedData = cipher.doFinal(data.getBytes()); + System.out.println("RSA-OAEP Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * RSA decryption using OAEP with SHA-256 and MGF1 padding. + * + * SAST/CBOM Notes: + * - Algorithm: RSA/ECB/OAEPWithSHA-256AndMGF1Padding. + * - Parent Classification: Hybrid Cryptosystem. + * - SAST: Secure when used with the correct corresponding private key. + */ + public void rsaOaepDecryption(PrivateKey privateKey, byte[] encryptedData) throws Exception { + Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + cipher.init(Cipher.DECRYPT_MODE, privateKey); + byte[] decryptedData = cipher.doFinal(encryptedData); + System.out.println("Decrypted RSA-OAEP Data: " + new String(decryptedData)); + } + + /** + * RSA-KEM encryption: encapsulates an AES key using RSA-OAEP. + * + * SAST/CBOM Notes: + * - Algorithm: RSA-OAEP used as a Key Encapsulation Mechanism (KEM) for an AES + * key. + * - Parent Classification: RSA-OAEP based KEM. + * - SAST: Recognized as a secure key encapsulation pattern; used as part of + * hybrid encryption schemes. + */ + public void rsaKemEncryption(PublicKey rsaPublicKey) throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey aesKey = keyGen.generateKey(); + + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey); + byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded()); + + System.out.println("RSA-KEM Encrypted AES Key: " + Base64.getEncoder().encodeToString(encryptedAesKey)); + } + + /** + * Hybrid encryption: combines RSA-OAEP for key encapsulation with AES-GCM for + * data encryption. + * + * SAST/CBOM Notes: + * - Algorithms: RSA-OAEP (for encrypting the AES key) and AES-GCM (for + * encrypting the data). + * - Parent Classification: Hybrid Cryptosystem (RSA-OAEP + AES-GCM). + * - SAST: This pattern is considered secure when implemented correctly; + * recommended for large data encryption. + */ + public void hybridEncryption(PublicKey rsaPublicKey, String data) throws Exception { + // Generate a 256-bit AES key for symmetric encryption. + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKey = keyGen.generateKey(); + + // Encrypt the AES key using RSA-OAEP. + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPublicKey); + byte[] encryptedAesKey = rsaCipher.doFinal(aesKey.getEncoded()); + + // Encrypt the actual data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal(data.getBytes()); + + System.out.println( + "Hybrid Encryption - Encrypted AES Key: " + Base64.getEncoder().encodeToString(encryptedAesKey)); + System.out.println("Hybrid Encryption - Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java new file mode 100644 index 000000000000..8c2b9777655b --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java @@ -0,0 +1,198 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; +import java.util.Arrays; +import javax.crypto.Mac; + +/** + * This class demonstrates encryption schemes using elliptic-curve + * Diffie-Hellman (ECDH) + * and hybrid encryption methods, including a post-quantum hybrid scheme. + * + * SAST/CBOM Classification: + * + * 1. EC Key Generation & ECDH Key Agreement: + * - Parent Classification: Asymmetric Key Generation / Key Agreement. + * - SAST: Secure when using established curves (secp256r1) and reputable + * providers (BouncyCastle). + * + * 2. ECDH Hybrid Encryption: + * - Parent Classification: Hybrid Cryptosystem (ECDH + AEAD). + * - SAST: Uses ECDH for key agreement and AES/GCM for encryption. However, the + * derivation of an AES key + * by applying a single SHA-256 hash to the shared secret may be flagged as a + * weak key derivation method. + * A dedicated KDF (e.g., HKDF) is recommended. + * + * 3. Post-Quantum Hybrid Encryption: + * - Parent Classification: Hybrid Cryptosystem (Classical ECDH + Post-Quantum + * Secret + KDF + AEAD). + * - SAST: Combining classical and post-quantum components is advanced and + * secure if implemented properly. + * The custom HKDF expand function provided here is simplistic and may be + * flagged in a CBOM analysis; + * a standard HKDF library should be used in production. + */ +public class Encryption2 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Generates an Elliptic Curve (EC) key pair using the secp256r1 curve. + * + * SAST/CBOM Notes: + * - Algorithm: EC key pair generation. + * - Parent Classification: Asymmetric Key Generation. + * - SAST: Considered secure when using strong randomness and a reputable + * provider. + * + * @return an EC KeyPair. + */ + public KeyPair generateECKeyPair() throws Exception { + KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", "BC"); + keyPairGenerator.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return keyPairGenerator.generateKeyPair(); + } + + /** + * Derives a shared secret using Elliptic Curve Diffie-Hellman (ECDH). + * + * SAST/CBOM Notes: + * - Algorithm: ECDH key agreement. + * - Parent Classification: Asymmetric Key Agreement. + * - SAST: Secure when both parties use strong EC keys and proper randomness. + * + * @param privateKey the private key of one party. + * @param publicKey the public key of the other party. + * @return the derived shared secret as a byte array. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement keyAgreement = KeyAgreement.getInstance("ECDH", "BC"); + keyAgreement.init(privateKey); + keyAgreement.doPhase(publicKey, true); + return keyAgreement.generateSecret(); + } + + /** + * Performs hybrid encryption using ECDH to derive a shared secret, then derives + * an AES key + * by hashing the shared secret with SHA-256, and finally encrypts the data with + * AES-GCM. + * + * SAST/CBOM Notes: + * - Parent Classification: Hybrid Cryptosystem (ECDH + AES-GCM). + * - SAST: While ECDH and AES-GCM are secure, the key derivation method here (a + * single SHA-256 hash) + * is not as robust as using a dedicated KDF. This approach may be flagged and + * is recommended for + * improvement. + * + * @param recipientPublicKey the recipient's public EC key. + * @param data the plaintext data to encrypt. + */ + public void ecdhHybridEncryption(PublicKey recipientPublicKey, String data) throws Exception { + // Generate an ephemeral EC key pair for the sender. + KeyPair senderKeyPair = generateECKeyPair(); + // Derive the shared secret using ECDH. + byte[] sharedSecret = deriveSharedSecret(senderKeyPair.getPrivate(), recipientPublicKey); + + // Derive an AES key by hashing the shared secret with SHA-256. + // SAST Note: Using a direct hash for key derivation is simplistic and may be + // flagged. + MessageDigest sha256 = MessageDigest.getInstance("SHA-256"); + byte[] aesKeyBytes = sha256.digest(sharedSecret); + // Use the first 16 bytes (128 bits) as the AES key. + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, 0, 16, "AES"); + + // Encrypt the data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal(data.getBytes()); + + System.out.println( + "ECDH Hybrid Encryption - Encrypted Data: " + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * Performs post-quantum hybrid encryption by combining a classical ECDH-derived + * secret with a + * post-quantum shared secret. The two secrets are combined using a custom HKDF + * expansion, and the + * derived key is used to encrypt data with AES-GCM. + * + * SAST/CBOM Notes: + * - Parent Classification: Hybrid Cryptosystem (Classical ECDH + Post-Quantum + * Secret + KDF + AES-GCM). + * - SAST: The combination of classical and post-quantum secrets is a modern + * approach. However, the + * custom HKDF expand function is simplistic and may be flagged as insecure. Use + * a standard HKDF + * implementation in production. + * + * @param ecPublicKey the recipient's EC public key. + * @param pqSharedSecret the post-quantum shared secret from a separate + * algorithm. + */ + public void postQuantumHybridEncryption(PublicKey ecPublicKey, byte[] pqSharedSecret) throws Exception { + // Step 1: Perform classical ECDH key agreement to derive a shared secret. + byte[] ecdhSharedSecret = deriveSharedSecret(generateECKeyPair().getPrivate(), ecPublicKey); + + // Step 2: Combine the ECDH secret and the post-quantum secret using a + // simplified HKDF expansion. + // SAST Note: This custom HKDF implementation is minimal and does not follow the + // full HKDF spec. + byte[] combinedSecret = hkdfExpand(ecdhSharedSecret, pqSharedSecret, 32); + // Use the first 16 bytes as the AES key (128-bit key). + SecretKey aesKey = new SecretKeySpec(combinedSecret, 0, 16, "AES"); + + // Step 3: Encrypt the data using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] encryptedData = aesCipher.doFinal("Post-Quantum Hybrid Encryption Data".getBytes()); + + System.out.println("Post-Quantum Hybrid Encryption - Encrypted Data: " + + Base64.getEncoder().encodeToString(encryptedData)); + } + + /** + * A simplified HKDF expansion function that uses HMAC-SHA256 to derive a key of + * a desired length. + * + * SAST/CBOM Notes: + * - Parent Classification: Key Derivation Function (KDF). + * - SAST: Custom KDF implementations are risky if not thoroughly vetted. This + * simple HKDF expand + * function lacks the full HKDF mechanism (e.g., multiple iterations, info, and + * context parameters) + * and may be flagged. It is recommended to use a standardized HKDF library. + * + * @param inputKey the input key material. + * @param salt a salt value (here, the post-quantum shared secret is used as + * the salt). + * @param length the desired length of the derived key. + * @return a derived key of the specified length. + */ + private byte[] hkdfExpand(byte[] inputKey, byte[] salt, int length) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(salt, "HmacSHA256"); + hmac.init(secretKey); + byte[] extractedKey = hmac.doFinal(inputKey); + return Arrays.copyOf(extractedKey, length); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Hash.java b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java new file mode 100644 index 000000000000..703bfe4ca8cb --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java @@ -0,0 +1,341 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.crypto.digests.SHA3Digest; +// import org.bouncycastle.crypto.digests.Blake2bDigest; +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.*; +import java.util.Base64; +import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.SecretKeySpec; +import javax.crypto.spec.PBEKeySpec; + +/** + * This class demonstrates various hashing, HMAC, and password hashing + * techniques. + * + * SAST/CBOM Classification Notes: + * + * 1. simpleSHA256Hash: + * - Parent Classification: Cryptographic Hash Function. + * - SAST: Uses SHA-256, which is widely regarded as secure. + * + * 2. insecureMD5Hash: + * - Parent Classification: Cryptographic Hash Function. + * - SAST: MD5 is cryptographically broken and should be flagged as insecure. + * + * 3. hashWithBouncyCastleSHA3: + * - Parent Classification: Cryptographic Hash Function (SHA3). + * - SAST: Uses SHA3-256 from BouncyCastle; considered secure. + * + * 4. hashWithBouncyCastleBlake2b: + * - Parent Classification: Cryptographic Hash Function (BLAKE2). + * - SAST: Uses BLAKE2b-512; considered secure if used correctly. + * + * 5. hashAndSign & verifyHashSignature: + * - Parent Classification: Digital Signature (RSA-based). + * - SAST: Uses SHA256withRSA for signing and verification; secure if key + * management is proper. + * + * 6. hashForDataIntegrityCheck: + * - Parent Classification: Data Integrity Check. + * - SAST: Uses SHA-256 to verify integrity; considered secure. + * + * 7. hashWithVariousAlgorithms: + * - Parent Classification: Cryptographic Hash Function. + * - SAST: Iterates through multiple algorithms; insecure algorithms (MD5, + * SHA-1) may be flagged. + * + * 8. hmacWithVariousAlgorithms: + * - Parent Classification: Message Authentication Code (MAC). + * - SAST: Iterates through various HMAC algorithms; HmacSHA1 is considered + * weaker than SHA256 and above. + * + * 9. hashForPasswordStorage: + * - Parent Classification: Password-Based Key Derivation Function (PBKDF). + * - SAST: Uses PBKDF2WithHmacSHA256 with salt and iteration count; considered + * secure, + * though iteration counts should be reviewed against current standards. + * + * 10. hashFromUnknownConfig: + * - Parent Classification: Dynamic Cryptographic Hash Function. + * - SAST: Loading the hash algorithm from an external configuration introduces + * risk of misconfiguration. + * + * 11. insecureHashBasedRNG: + * - Parent Classification: Pseudo-Random Number Generator (PRNG) using hash. + * - SAST: Uses a fixed seed with various hash algorithms; flagged as insecure + * due to predictability. + */ +public class Hash { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + /** + * Computes a SHA-256 hash of static test data. + * + * CBOM/SAST Classification: + * - Uses SHA-256: Classified as secure. + */ + public void simpleSHA256Hash() throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest("Simple Test Data".getBytes()); + System.out.println("SHA-256 Hash: " + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Computes an MD5 hash of static data. + * + * CBOM/SAST Classification: + * - Uses MD5: Classified as insecure. + * - SAST: MD5 is deprecated for cryptographic purposes due to collision + * vulnerabilities. + */ + public void insecureMD5Hash() throws Exception { + MessageDigest md5Digest = MessageDigest.getInstance("MD5"); + byte[] hash = md5Digest.digest("Weak Hash Example".getBytes()); + System.out.println("MD5 Hash (Insecure): " + Base64.getEncoder().encodeToString(hash)); + } + + // /** + // * Computes a SHA3-256 hash using BouncyCastle's SHA3Digest. + // * + // * CBOM/SAST Classification: + // * - Uses SHA3-256: Classified as secure. + // * - SAST: BouncyCastle's implementation is considered reliable. + // */ + // public void hashWithBouncyCastleSHA3(String input) { + // SHA3Digest digest = new SHA3Digest(256); + // byte[] inputBytes = input.getBytes(); + // digest.update(inputBytes, 0, inputBytes.length); + // byte[] hash = new byte[digest.getDigestSize()]; + // digest.doFinal(hash, 0); + // System.out.println("SHA3-256 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); + // } + + + // /** + // * Computes a BLAKE2b-512 hash using BouncyCastle's Blake2bDigest. + // * + // * CBOM/SAST Classification: + // * - Uses BLAKE2b-512: Classified as secure. + // * - SAST: BLAKE2b is modern and fast, considered secure when used correctly. + // */ + // public void hashWithBouncyCastleBlake2b(String input) { + // Blake2bDigest digest = new Blake2bDigest(512); + // byte[] inputBytes = input.getBytes(); + // digest.update(inputBytes, 0, inputBytes.length); + // byte[] hash = new byte[digest.getDigestSize()]; + // digest.doFinal(hash, 0); + // System.out.println("BLAKE2b-512 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); + // } + + /** + * Signs the hash of the input using SHA256withRSA. + * + * CBOM/SAST Classification: + * - Digital Signature (RSA): Classified as secure if keys are managed + * correctly. + * - SAST: The combination of SHA256 and RSA is a standard and secure pattern. + * + * @param input The input data to be signed. + * @param privateKey The RSA private key used for signing. + */ + public void hashAndSign(String input, PrivateKey privateKey) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSA"); + signature.initSign(privateKey); + signature.update(input.getBytes()); + byte[] signedData = signature.sign(); + System.out.println("Signed Hash: " + Base64.getEncoder().encodeToString(signedData)); + } + + /** + * Verifies the signature of the input data. + * + * CBOM/SAST Classification: + * - Digital Signature Verification: Classified as secure when using + * SHA256withRSA. + * - SAST: Should correctly verify that the signed hash matches the input. + * + * @param input The original input data. + * @param signedHash The signed hash to verify. + * @param publicKey The RSA public key corresponding to the private key that + * signed the data. + * @return true if the signature is valid, false otherwise. + */ + public boolean verifyHashSignature(String input, byte[] signedHash, PublicKey publicKey) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSA"); + signature.initVerify(publicKey); + signature.update(input.getBytes()); + return signature.verify(signedHash); + } + + /** + * Computes a SHA-256 hash for data integrity checking and compares it with an + * expected hash. + * + * CBOM/SAST Classification: + * - Data Integrity: Uses SHA-256 for integrity checks, which is secure. + * - SAST: A correct implementation for verifying data has not been tampered + * with. + * + * @param data The input data. + * @param expectedHash The expected Base64-encoded hash. + */ + public void hashForDataIntegrityCheck(String data, String expectedHash) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(data.getBytes()); + String computedHash = Base64.getEncoder().encodeToString(hash); + System.out.println("Computed Hash: " + computedHash); + System.out.println("Validation: " + (computedHash.equals(expectedHash) ? "Pass" : "Fail")); + } + + /** + * Computes hashes of the input data using various algorithms. + * + * CBOM/SAST Classification: + * - Cryptographic Hash Functions: Iterates through multiple hash functions. + * - SAST: While many are secure (e.g., SHA-256, SHA-512, SHA3), MD5 and SHA-1 + * are insecure + * and should be flagged if used in security-critical contexts. + * + * @param input The input data to hash. + */ + public void hashWithVariousAlgorithms(String input) throws Exception { + String[] algorithms = { "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-512", + "BLAKE2B-512", "BLAKE2S-256", "MD5" }; + for (String algorithm : algorithms) { + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] hash = digest.digest(input.getBytes()); + System.out.println(algorithm + " Hash: " + Base64.getEncoder().encodeToString(hash)); + } + } + + /** + * Computes HMACs of the input data using various algorithms. + * + * CBOM/SAST Classification: + * - Message Authentication Code (MAC): Iterates through different HMAC + * algorithms. + * - SAST: HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-256, and HmacSHA3-512 + * are secure; + * HmacSHA1 is considered less secure and may be flagged. + * + * @param input The input data. + * @param key The secret key used for HMAC computation. + */ + public void hmacWithVariousAlgorithms(String input, byte[] key) throws Exception { + String[] algorithms = { "HmacSHA1", "HmacSHA256", "HmacSHA384", "HmacSHA512", "HmacSHA3-256", "HmacSHA3-512" }; + for (String algorithm : algorithms) { + Mac mac = Mac.getInstance(algorithm); + SecretKey secretKey = new SecretKeySpec(key, algorithm); + mac.init(secretKey); + byte[] hmac = mac.doFinal(input.getBytes()); + System.out.println(algorithm + " HMAC: " + Base64.getEncoder().encodeToString(hmac)); + } + } + + /** + * Computes a PBKDF2 hash for password storage. + * + * CBOM/SAST Classification: + * - Password-Based Key Derivation Function (PBKDF): Uses PBKDF2WithHmacSHA256. + * - SAST: Considered secure when using a strong salt and an appropriate + * iteration count. + * Note: The iteration count (10000) should be reviewed against current security + * standards. + * + * @param password The password to hash. + */ + public void hashForPasswordStorage(String password) throws Exception { + byte[] salt = generateSecureSalt(16); + // 10,000 iterations and a 256-bit derived key. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] hash = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 Hash: " + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Dynamically loads a hash algorithm from configuration and computes a hash. + * + * CBOM/SAST Classification: + * - Dynamic Cryptographic Hash Selection: Algorithm is loaded from a config + * file. + * - SAST: May be flagged as risky because an insecure or unintended algorithm + * might be chosen. + */ + public void hashFromUnknownConfig() throws Exception { + String algorithm = loadHashAlgorithmFromConfig("config.properties"); + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] hash = digest.digest("Config-based Hashing".getBytes()); + System.out.println("Dynamically Loaded Hash Algorithm (" + algorithm + "): " + + Base64.getEncoder().encodeToString(hash)); + } + + /** + * Demonstrates an insecure method for generating pseudo-random bytes by using a + * fixed seed with hash algorithms. + * + * CBOM/SAST Classification: + * - Insecure RNG: Uses a fixed seed with various hash algorithms. + * - SAST: This approach is insecure because it produces predictable output and + * should be flagged. + */ + public void insecureHashBasedRNG() throws Exception { + String[] algorithms = { "SHA-256", "SHA-512", "SHA3-256", "SHA3-512" }; + for (String algorithm : algorithms) { + MessageDigest digest = MessageDigest.getInstance(algorithm); + byte[] seed = "fixed-seed".getBytes(); // Fixed seed: insecure and predictable. + digest.update(seed); + byte[] pseudoRandomBytes = digest.digest(); + System.out.println("Insecure RNG using " + algorithm + ": " + + Base64.getEncoder().encodeToString(pseudoRandomBytes)); + } + } + + /** + * Loads the hash algorithm from an external configuration file. + * + * CBOM/SAST Classification: + * - Dynamic Configuration: External config loading. + * - SAST: The use of external configuration may introduce risks if the config + * file is compromised. + * + * @param configPath Path to the configuration file. + * @return The hash algorithm to be used (default is SHA-256). + */ + private String loadHashAlgorithmFromConfig(String configPath) { + Properties properties = new Properties(); + try (FileInputStream fis = new FileInputStream(configPath)) { + properties.load(fis); + } catch (IOException e) { + e.printStackTrace(); + } + return properties.getProperty("hash.algorithm", "SHA-256"); + } + + /** + * Generates a secure salt using a cryptographically strong random number + * generator. + * + * CBOM/SAST Classification: + * - Secure Salt Generation: Uses SecureRandom. + * - SAST: This is a best-practice approach for generating salts for password + * hashing. + * + * @param length The desired salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSecureSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java new file mode 100644 index 000000000000..30059d40c9a7 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java @@ -0,0 +1,293 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; +import java.util.random.*; +import java.util.Properties; +import java.util.Random; +import java.io.FileInputStream; +import java.io.IOException; +import java.util.Arrays; + +public class IVArtifact { + + // static { + // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available + // } + + /** + * Simple Case: Generates a secure IV and encrypts with AES/CBC/PKCS5Padding. + */ + public void simpleIVEncryption() throws Exception { + SecretKey key = generateAESKey(); + IvParameterSpec ivSpec = new IvParameterSpec(secureIV(16)); + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); + } + + public void encryptWithIV(byte[] plaintext, SecretKey key, IvParameterSpec ivSpec, String cipherAlgorithm) + throws Exception { + Cipher cipher = Cipher.getInstance(cipherAlgorithm); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + public void complexIVFlow() { + IvParameterSpec ivSpec = new IvParameterSpec(useSecureMethod() ? secureIV(16) : insecureIV(16)); + processIV(ivSpec); + + // Example dynamic cipher selection with IV usage + String cipherAlgorithm = loadCipherAlgorithm(); + try { + encryptWithIV("Sensitive Data".getBytes(), generateAESKey(), ivSpec, cipherAlgorithm); + } catch (Exception e) { + e.printStackTrace(); + } + } + + private boolean useSecureMethod() { + return System.currentTimeMillis() % 2 == 0; + } + + private void processIV(IvParameterSpec ivSpec) { + String ivBase64 = Base64.getEncoder().encodeToString(ivSpec.getIV()); + } + + private String loadCipherAlgorithm() { + Properties properties = new Properties(); + try { + properties.load(new FileInputStream("crypto-config.properties")); + } catch (IOException e) { + e.printStackTrace(); + } + return properties.getProperty("cipher.algorithm", "AES/CBC/PKCS5Padding"); + } + + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + private byte[] secureIV(int length) { + byte[] iv = new byte[length]; + new SecureRandom().nextBytes(iv); + return iv; + } + + private byte[] insecureIV(int length) { + byte[] iv = new byte[length]; + new Random().nextBytes(iv); + return iv; + } + + // ------------------------------- + // 1. Direct Fixed IV Usage + // ------------------------------- + + /** + * Encrypts plaintext using AES-GCM with a fixed IV (all zeros). + * This is an insecure practice as IV reuse in AES-GCM undermines + * confidentiality and integrity. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithFixedIV(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] fixedIV = new byte[12]; // 12-byte fixed IV (all zeros) + GCMParameterSpec spec = new GCMParameterSpec(128, fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 2. Cached IV Usage + // ------------------------------- + + // Cache an IV for reuse in multiple encryptions (insecure) + private byte[] cachedIV = null; + + /** + * Encrypts plaintext using AES-GCM with an IV cached from the first call. + * Reusing the same IV across multiple encryptions is insecure. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithCachedIV(SecretKey key, byte[] plaintext) throws Exception { + if (cachedIV == null) { + cachedIV = new byte[12]; + new SecureRandom().nextBytes(cachedIV); + } + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, cachedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 3. Indirect IV Reuse via Deterministic Derivation + // ------------------------------- + + /** + * Encrypts plaintext using AES-GCM with an IV derived deterministically from a + * constant. + * This method computes a SHA-256 hash of a constant string and uses the first + * 12 bytes as the IV. + * Such derived IVs are fixed and must not be reused. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] encryptWithDerivedIV(SecretKey key, byte[] plaintext) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] constantHash = digest.digest("fixedConstant".getBytes("UTF-8")); + byte[] derivedIV = Arrays.copyOf(constantHash, 12); // Deterministically derived IV + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, derivedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + // ------------------------------- + // 4. Reusing a Single IV Across Multiple Messages + // ------------------------------- + + /** + * Encrypts an array of plaintext messages using AES-GCM with the same IV for + * every message. + * Reusing an IV across messages is insecure in authenticated encryption + * schemes. + * + * @param key The AES key. + * @param plaintexts An array of plaintext messages. + * @return An array of ciphertexts. + * @throws Exception if encryption fails. + */ + public byte[][] encryptMultipleMessagesWithSameIV(SecretKey key, byte[][] plaintexts) throws Exception { + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); // Generate once and reuse + byte[][] ciphertexts = new byte[plaintexts.length][]; + for (int i = 0; i < plaintexts.length; i++) { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + ciphertexts[i] = cipher.doFinal(plaintexts[i]); + } + return ciphertexts; + } + + /** + * Encrypts the given plaintext using AES-GCM with the provided key and IV. + * + * @param key The AES key. + * @param ivSpec The IV specification. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (IV is not prepended here for clarity). + * @throws Exception if encryption fails. + */ + public byte[] encrypt(SecretKey key, IvParameterSpec ivSpec, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + // Use 128-bit authentication tag length. + GCMParameterSpec spec = new GCMParameterSpec(128, ivSpec.getIV()); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + return cipher.doFinal(plaintext); + } + + /** + * Example 1: Reuses the same IvParameterSpec object across two encryption + * calls. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return An array containing two ciphertexts generated with the same + * IvParameterSpec. + * @throws Exception if encryption fails. + */ + public byte[][] encryptUsingSameIvParameterSpec(SecretKey key, byte[] plaintext) throws Exception { + // Fixed IV (all zeros for demonstration purposes; insecure in production) + byte[] fixedIV = new byte[12]; + IvParameterSpec fixedIvSpec = new IvParameterSpec(fixedIV); + // Encrypt the plaintext twice using the same IvParameterSpec. + byte[] ciphertext1 = encrypt(key, fixedIvSpec, plaintext); + byte[] ciphertext2 = encrypt(key, fixedIvSpec, plaintext); + return new byte[][] { ciphertext1, ciphertext2 }; + } + + /** + * Example 2: Creates two different IvParameterSpec objects that share the same + * underlying IV array. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return An array containing two ciphertexts generated with two + * IvParameterSpec objects + * constructed from the same IV array. + * @throws Exception if encryption fails. + */ + public byte[][] encryptUsingDifferentIvSpecSameIVArray(SecretKey key, byte[] plaintext) throws Exception { + // Create a fixed IV array (all zeros for demonstration; insecure in production) + byte[] fixedIV = new byte[12]; + // Create two distinct IvParameterSpec objects from the same IV array reference. + IvParameterSpec ivSpec1 = new IvParameterSpec(fixedIV); + IvParameterSpec ivSpec2 = new IvParameterSpec(fixedIV); + // Encrypt the plaintext twice. + byte[] ciphertext1 = encrypt(key, ivSpec1, plaintext); + byte[] ciphertext2 = encrypt(key, ivSpec2, plaintext); + return new byte[][] { ciphertext1, ciphertext2 }; + } + + // ------------------------------- + // Main Method for Demonstration + // ------------------------------- + + public static void main(String[] args) { + try { + IVArtifact test = new IVArtifact(); + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey key = kg.generateKey(); + byte[] plaintext = "Sensitive Data".getBytes(); + + // Example 1: Fixed IV usage + byte[] fixedIVCipher1 = test.encryptWithFixedIV(key, plaintext); + byte[] fixedIVCipher2 = test.encryptWithFixedIV(key, plaintext); + System.out.println("Fixed IV Encryption 1: " + Base64.getEncoder().encodeToString(fixedIVCipher1)); + System.out.println("Fixed IV Encryption 2: " + Base64.getEncoder().encodeToString(fixedIVCipher2)); + + // Example 2: Cached IV usage + byte[] cachedIVCipher1 = test.encryptWithCachedIV(key, plaintext); + byte[] cachedIVCipher2 = test.encryptWithCachedIV(key, plaintext); + System.out.println("Cached IV Encryption 1: " + Base64.getEncoder().encodeToString(cachedIVCipher1)); + System.out.println("Cached IV Encryption 2: " + Base64.getEncoder().encodeToString(cachedIVCipher2)); + + // Example 3: Indirect IV (derived) + byte[] derivedIVCipher = test.encryptWithDerivedIV(key, plaintext); + System.out.println("Derived IV Encryption: " + Base64.getEncoder().encodeToString(derivedIVCipher)); + + // Example 4: Reusing the same IV across multiple messages + byte[][] messages = { "Message One".getBytes(), "Message Two".getBytes(), "Message Three".getBytes() }; + byte[][] multiCiphers = test.encryptMultipleMessagesWithSameIV(key, messages); + for (int i = 0; i < multiCiphers.length; i++) { + System.out.println("Multi-message Encryption " + (i + 1) + ": " + + Base64.getEncoder().encodeToString(multiCiphers[i])); + } + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java new file mode 100644 index 000000000000..aca75f15133d --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java @@ -0,0 +1,292 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; + +/** + * KeyAgreementHybridCryptosystem demonstrates two hybrid cryptosystems: + * + * 1. ECDH + AES-GCM: + * - Secure Flow: Uses ephemeral ECDH key pairs on secp256r1, applies a simple + * KDF (SHA-256) + * to derive a 128-bit AES key, and uses AES-GCM with a random 12-byte nonce. + * - Insecure Flow: Reuses a static key pair, uses raw shared secret truncation, + * and employs + * a fixed (zero) IV. + * + * 2. X25519 + ChaCha20-Poly1305: + * - Secure Flow: Uses ephemeral X25519 key pairs, applies a KDF (SHA-256) to + * derive a 256-bit key, + * and uses ChaCha20-Poly1305 with a random nonce. + * - Insecure Flow: Reuses a static key pair, directly truncates the shared + * secret without a proper KDF, + * and uses a fixed nonce. + * + * SAST/CBOM Notes: + * - Secure flows use proper ephemeral key generation, a simple KDF, and random + * nonces. + * - Insecure flows use static keys, fixed nonces, and raw shared secret + * truncation. + */ +public class KeyAgreementHybridCryptosystem { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + + // ---------- Helper Methods ---------- + + /** + * Generates an ephemeral ECDH key pair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC", "BC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Generates an ephemeral X25519 key pair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the provided key agreement algorithm. + */ + public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, String algorithm) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance(algorithm, "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + /** + * A simple KDF that hashes the input with SHA-256 and returns the first + * numBytes. + */ + public byte[] simpleKDF(byte[] input, int numBytes) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] hash = digest.digest(input); + return Arrays.copyOf(hash, numBytes); + } + + /** + * Concatenates two byte arrays. + */ + public byte[] concatenate(byte[] a, byte[] b) { + byte[] result = new byte[a.length + b.length]; + System.arraycopy(a, 0, result, 0, a.length); + System.arraycopy(b, 0, result, a.length, b.length); + return result; + } + + // =============================================== + // 1. ECDH + AES-GCM Flows + // =============================================== + + /** + * Secure hybrid encryption using ECDH and AES-GCM. + * Uses ephemeral key pairs, applies a simple KDF to derive a 128-bit AES key, + * and uses AES-GCM with a random 12-byte nonce. + */ + public byte[] secureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateECDHKeyPair(); + KeyPair bobKP = generateECDHKeyPair(); + byte[] aliceSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = simpleKDF(aliceSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(iv, ciphertext); + } + + /** + * Insecure hybrid encryption using ECDH and AES-GCM. + * Reuses a static key pair, uses raw shared secret truncation without a proper + * KDF, + * and employs a fixed IV (all zeros). + */ + public byte[] insecureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateECDHKeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "ECDH"); + byte[] aesKeyBytes = Arrays.copyOf(sharedSecret, 16); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + + byte[] fixedIV = new byte[12]; // fixed IV (all zeros) + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + GCMParameterSpec spec = new GCMParameterSpec(128, fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, aesKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(fixedIV, ciphertext); + } + + // =============================================== + // 2. X25519 + ChaCha20-Poly1305 Flows + // =============================================== + + /** + * Secure hybrid encryption using X25519 and ChaCha20-Poly1305. + * Uses ephemeral key pairs, applies a KDF (SHA-256) to derive a 256-bit key, + * and uses ChaCha20-Poly1305 with a random 12-byte nonce. + */ + public byte[] secureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { + KeyPair aliceKP = generateX25519KeyPair(); + KeyPair bobKP = generateX25519KeyPair(); + byte[] sharedSecret = deriveSharedSecret(aliceKP.getPrivate(), bobKP.getPublic(), "X25519"); + byte[] chachaKeyBytes = MessageDigest.getInstance("SHA-256").digest(sharedSecret); + SecretKey chachaKey = new SecretKeySpec(chachaKeyBytes, "ChaCha20"); + + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + byte[] nonce = new byte[12]; + new SecureRandom().nextBytes(nonce); + cipher.init(Cipher.ENCRYPT_MODE, chachaKey, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(nonce, ciphertext); + } + + /** + * Insecure hybrid encryption using X25519 and ChaCha20-Poly1305. + * Reuses a static key pair, directly truncates the shared secret without a + * proper KDF, + * and employs a fixed nonce. + */ + public byte[] insecureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { + KeyPair staticKP = generateX25519KeyPair(); + byte[] sharedSecret = deriveSharedSecret(staticKP.getPrivate(), staticKP.getPublic(), "X25519"); + byte[] chachaKeyBytes = Arrays.copyOf(sharedSecret, 32); + SecretKey chachaKey = new SecretKeySpec(chachaKeyBytes, "ChaCha20"); + + byte[] fixedNonce = new byte[12]; // fixed nonce (all zeros) + Cipher cipher = Cipher.getInstance("ChaCha20-Poly1305", "BC"); + cipher.init(Cipher.ENCRYPT_MODE, chachaKey, new IvParameterSpec(fixedNonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + + return concatenate(fixedNonce, ciphertext); + } + + // =============================================== + // 3. Dynamic Hybrid Selection + // =============================================== + + /** + * Dynamically selects a hybrid encryption flow based on a configuration + * property. + * If the config is unknown, defaults to an insecure flow. + */ + public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { + byte[] result; + if ("secureECDH".equalsIgnoreCase(config)) { + result = secureECDH_AESGCMEncryption(plaintext); + } else if ("insecureECDH".equalsIgnoreCase(config)) { + result = insecureECDH_AESGCMEncryption(plaintext); + } else if ("secureX25519".equalsIgnoreCase(config)) { + result = secureX25519_Chacha20Poly1305Encryption(plaintext); + } else if ("insecureX25519".equalsIgnoreCase(config)) { + result = insecureX25519_Chacha20Poly1305Encryption(plaintext); + } else { + // Fallback to insecure ECDH flow. + result = insecureECDH_AESGCMEncryption(plaintext); + } + return Base64.getEncoder().encodeToString(result); + } + + // =============================================== + // 4. Further Key Derivation from Symmetric Keys + // =============================================== + + /** + * Derives two keys from a symmetric key using PBKDF2, then uses one key for + * AES-GCM encryption + * and the other for computing a MAC over the ciphertext. + */ + public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plaintext) throws Exception { + String keyAsString = Base64.getEncoder().encodeToString(key.getEncoded()); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(keyAsString.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] derived = factory.generateSecret(spec).getEncoded(); + byte[] encKeyBytes = Arrays.copyOfRange(derived, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(derived, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec specGcm = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, specGcm); + byte[] ciphertext = cipher.doFinal(plaintext); + + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeOutput(output); + return output; + } + + // =============================================== + // 5. Output/Storage Methods + // =============================================== + + /** + * Stores the output securely. + */ + public void storeOutput(byte[] output) { + String stored = Base64.getEncoder().encodeToString(output); + // In production, this value would be stored or transmitted securely. + } + + // =============================================== + // 6. Helper Methods for Key/Nonce Generation + // =============================================== + + /** + * Generates a secure 256-bit AES key. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } + + /** + * Generates a random salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java new file mode 100644 index 000000000000..041a1fce4f08 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java @@ -0,0 +1,86 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import java.security.*; +import java.security.spec.*; +import java.util.Properties; +import java.io.FileInputStream; + +public class KeyArtifact { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + public void generateSymmetricKeys() throws NoSuchAlgorithmException { + // AES Key Generation (Default Provider) + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKeyJDK = keyGen.generateKey(); + + // AES Key Generation (BouncyCastle) + keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + SecretKey aesKeyBC = keyGen.generateKey(); + } + + public void generateAsymmetricKeys() throws NoSuchAlgorithmException { + // RSA Key Generation (JDK Default) + KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); + keyPairGen.initialize(2048); + KeyPair rsaPairJDK = keyPairGen.generateKeyPair(); + + // RSA Key Generation (BouncyCastle) + keyPairGen = KeyPairGenerator.getInstance("RSA"); + keyPairGen.initialize(2048); + KeyPair rsaPairBC = keyPairGen.generateKeyPair(); + + // EC Key Generation + keyPairGen = KeyPairGenerator.getInstance("EC"); + keyPairGen.initialize(256); + KeyPair ecPair = keyPairGen.generateKeyPair(); + } + + public void importExportRSAKeys(KeyPair keyPair) throws NoSuchAlgorithmException, InvalidKeySpecException { + // Export Public Key + byte[] pubKeyBytes = keyPair.getPublic().getEncoded(); + X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(pubKeyBytes); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + PublicKey importedPubKey = keyFactory.generatePublic(pubKeySpec); + + // Export Private Key + byte[] privKeyBytes = keyPair.getPrivate().getEncoded(); + PKCS8EncodedKeySpec privKeySpec = new PKCS8EncodedKeySpec(privKeyBytes); + PrivateKey importedPrivKey = keyFactory.generatePrivate(privKeySpec); + } + + public void dynamicAlgorithmSelection() throws Exception { + // Load algorithm from configuration + Properties properties = new Properties(); + properties.load(new FileInputStream("crypto-config.properties")); + String algorithm = properties.getProperty("key.algorithm", "AES"); + + KeyGenerator keyGen = KeyGenerator.getInstance(algorithm); + keyGen.init(256); + SecretKey dynamicKey = keyGen.generateKey(); + } + + public KeyPair generateKeyPair(String algorithm) throws NoSuchAlgorithmException { + // Wrapper for Key Generation + KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance(algorithm); + keyPairGen.initialize(2048); + return keyPairGen.generateKeyPair(); + } + + public void keySelectionFromArray() throws NoSuchAlgorithmException { + // Selecting Algorithm Dynamically from an Array + String[] algorithms = { "RSA", "EC", "Ed25519" }; + KeyPair[] keyPairs = new KeyPair[algorithms.length]; + + for (int i = 0; i < algorithms.length; i++) { + keyPairs[i] = generateKeyPair(algorithms[i]); + } + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java new file mode 100644 index 000000000000..13da3b077a22 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java @@ -0,0 +1,394 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.crypto.generators.Argon2BytesGenerator; +// import org.bouncycastle.crypto.params.Argon2Parameters; +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.io.FileInputStream; +import java.io.IOException; +import java.security.MessageDigest; +import java.security.SecureRandom; +import java.security.Security; +import java.util.Arrays; +import java.util.Base64; +import java.util.Properties; + +/** + * This class demonstrates multiple key derivation functions (KDFs) including + * PBKDF2, scrypt, Argon2, raw hash derivation, + * HKDF, and dynamic algorithm selection. + * + * SAST/CBOM Classification Notes: + * + * 1. PBKDF2 Examples: + * - Parent Classification: Password-Based Key Derivation Function (PBKDF). + * - SAST: + * * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 with 10,000 iterations – + * acceptable if parameters meet current standards. + * * pbkdf2LowIteration: Uses only 10 iterations – flagged as insecure due to + * insufficient iteration count. + * * pbkdf2HighIteration: Uses 1,000,000 iterations – secure (though performance + * may be impacted). + * * pbkdf2HmacSHA1: Uses PBKDF2WithHmacSHA1 – flagged as weaker compared to + * SHA-256, though sometimes seen in legacy systems. + * * pbkdf2HmacSHA512: Uses PBKDF2WithHmacSHA512 – classified as secure. + * + * 2. Scrypt Examples: + * - Parent Classification: Memory-Hard Key Derivation Function. + * - SAST: + * * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) – flagged as insecure. + * * scryptStrong: Uses stronger parameters (n=16384, r=8, p=1) – considered + * secure. + * + * 3. Argon2 Examples: + * - Parent Classification: Memory-Hard Key Derivation Function (Argon2id). + * - SAST: + * * argon2Derivation: Uses moderate memory and iterations – considered secure. + * * argon2HighMemory: Uses high memory (128MB) and more iterations – secure, + * though resource intensive. + * + * 4. Insecure Raw Hash Derivation: + * - Parent Classification: Raw Hash Usage for Key Derivation. + * - SAST: Using a single SHA-256 hash as a key and then using it with insecure + * AES/ECB mode is highly discouraged. + * + * 5. HKDF Examples: + * - Parent Classification: Key Derivation Function (HKDF). + * - SAST: The provided HKDF implementation is simplistic (single-block + * expansion) and may be flagged. + * + * 6. Multi-Step Hybrid Derivation: + * - Parent Classification: Composite KDF (PBKDF2 followed by HKDF). + * - SAST: Combining two KDFs is acceptable if done carefully; however, custom + * implementations should be reviewed. + * + * 7. Dynamic KDF Selection: + * - Parent Classification: Dynamic/Configurable Key Derivation. + * - SAST: Loading KDF parameters from configuration introduces ambiguity and + * risk if misconfigured. + */ +public class KeyDerivation1 { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + ////////////////////////////////////// + // 1. PBKDF2 EXAMPLES + ////////////////////////////////////// + + /** + * Basic PBKDF2 derivation using PBKDF2WithHmacSHA256. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Uses 10,000 iterations with a 256-bit key; generally acceptable. + */ + public void pbkdf2DerivationBasic(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (Basic) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation with a very low iteration count. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Iteration count is only 10, which is far below acceptable security + * standards. + * - Flagged as insecure. + */ + public void pbkdf2LowIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10, 256); // Very low iteration count. + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (Low Iteration) Key (Insecure): " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation with a high iteration count. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Uses 1,000,000 iterations; this is secure but may impact performance. + */ + public void pbkdf2HighIteration(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1_000_000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (High Iteration) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation using HmacSHA1. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Uses HMAC-SHA1, which is considered weaker than SHA-256; may be acceptable + * only for legacy systems. + */ + public void pbkdf2HmacSHA1(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 80000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (HmacSHA1) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * PBKDF2 derivation using HmacSHA512. + * + * SAST/CBOM: + * - Parent: PBKDF2. + * - Uses HMAC-SHA512 with 160,000 iterations; classified as secure. + */ + public void pbkdf2HmacSHA512(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 160000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA512"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("PBKDF2 (HmacSHA512) Key: " + Base64.getEncoder().encodeToString(key)); + } + + ////////////////////////////////////// + // 2. SCRYPT EXAMPLES + ////////////////////////////////////// + + /** + * Scrypt derivation with weak parameters. + * + * SAST/CBOM: + * - Parent: Scrypt. + * - Parameters (n=1024, r=1, p=1) are too weak and should be flagged as + * insecure. + */ + public void scryptWeak(String password) throws Exception { + byte[] salt = generateSalt(16); + // Weak parameters: low work factor. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 1024, 128); + SecretKeyFactory factory = SecretKeyFactory.getInstance("SCRYPT"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("scrypt (Weak) Key: " + Base64.getEncoder().encodeToString(key)); + } + + /** + * Scrypt derivation with stronger parameters. + * + * SAST/CBOM: + * - Parent: Scrypt. + * - Parameters (n=16384, r=8, p=1) provide a secure work factor. + */ + public void scryptStrong(String password) throws Exception { + byte[] salt = generateSalt(16); + // Strong parameters for scrypt. + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 16384, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("SCRYPT"); + byte[] key = factory.generateSecret(spec).getEncoded(); + System.out.println("scrypt (Strong) Key: " + Base64.getEncoder().encodeToString(key)); + } + + ////////////////////////////////////// + // 3. ARGON2 EXAMPLES + ////////////////////////////////////// + + // /** + // * Argon2 derivation using Argon2id with moderate memory and iterations. + // * + // * SAST/CBOM: + // * - Parent: Argon2 (Memory-Hard KDF). + // * - Parameters: memory=65536 KB, iterations=2, parallelism=2; considered + // * secure. + // */ + // public void argon2Derivation(String password) throws Exception { + // byte[] salt = generateSalt(16); + // Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id) + // .withSalt(salt) + // .withParallelism(2) + // .withMemoryAsKB(65536) + // .withIterations(2); + + // Argon2BytesGenerator gen = new Argon2BytesGenerator(); + // gen.init(builder.build()); + // byte[] hash = new byte[32]; + // gen.generateBytes(password.getBytes(), hash, 0, hash.length); + // System.out.println("Argon2 Key: " + Base64.getEncoder().encodeToString(hash)); + // } + + // /** + // * Argon2 derivation with high memory and more iterations. + // * + // * SAST/CBOM: + // * - Parent: Argon2. + // * - Uses high memory (131072 KB = 128MB) and 5 iterations; secure but resource + // * intensive. + // */ + // public void argon2HighMemory(String password) throws Exception { + // byte[] salt = generateSalt(16); + // Argon2Parameters.Builder builder = new Argon2Parameters.Builder(Argon2Parameters.ARGON2_id) + // .withSalt(salt) + // .withParallelism(4) + // .withMemoryAsKB(131072) // 128MB of memory. + // .withIterations(5); + + // Argon2BytesGenerator gen = new Argon2BytesGenerator(); + // gen.init(builder.build()); + // byte[] hash = new byte[64]; + // gen.generateBytes(password.getBytes(), hash, 0, hash.length); + // System.out.println("Argon2 (High Memory) Key: " + Base64.getEncoder().encodeToString(hash)); + // } + + ////////////////////////////////////// + // 4. INSECURE RAW HASH EXAMPLES + ////////////////////////////////////// + + /** + * Derives a key by directly hashing input with SHA-256 and uses it for + * encryption. + * + * SAST/CBOM: + * - Parent: Raw Hash-Based Key Derivation. + * - This approach is insecure since it uses a raw hash as a key and then uses + * AES in ECB mode, + * which is vulnerable to pattern analysis. + */ + public void insecureRawSHA256Derivation(String input) throws Exception { + MessageDigest digest = MessageDigest.getInstance("SHA-256"); + byte[] derivedKey = digest.digest(input.getBytes()); + System.out.println("Insecure Raw SHA-256 Key: " + Base64.getEncoder().encodeToString(derivedKey)); + + // Insecure usage: AES/ECB mode is used with a key derived from a raw hash. + SecretKey key = new SecretKeySpec(derivedKey, 0, 16, "AES"); + javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES/ECB/NoPadding"); + cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, key); + byte[] ciphertext = cipher.doFinal("SampleData16Bytes".getBytes()); + System.out.println("Insecurely Encrypted Data with Raw-SHA256 Key: " + + Base64.getEncoder().encodeToString(ciphertext)); + } + + ////////////////////////////////////// + // 5. HKDF EXAMPLES + ////////////////////////////////////// + + /** + * Derives a key using a simple HKDF expansion based on HMAC-SHA256. + * + * SAST/CBOM: + * - Parent: HKDF. + * - The implementation uses a single-block (simplistic) expansion and may be + * flagged. + * A full, standard HKDF implementation is recommended. + */ + public void hkdfDerivation(byte[] ikm) throws Exception { + byte[] salt = generateSalt(32); + byte[] derivedKey = hkdfExpand(ikm, salt, 32); + System.out.println("HKDF Derived Key: " + Base64.getEncoder().encodeToString(derivedKey)); + } + + /** + * Multi-step hybrid derivation: first using PBKDF2, then applying HKDF + * expansion. + * + * SAST/CBOM: + * - Parent: Composite KDF. + * - Combining PBKDF2 and HKDF is a non-standard approach and may be flagged; + * ensure that each step meets security requirements. + */ + public void multiStepHybridDerivation(String password, byte[] sharedSecret) throws Exception { + byte[] pbkdf2Key = derivePBKDF2Key(password); + byte[] finalKey = hkdfExpand(sharedSecret, pbkdf2Key, 32); + System.out.println("Multi-Step Hybrid Key: " + Base64.getEncoder().encodeToString(finalKey)); + } + + ////////////////////////////////////// + // 6. DYNAMIC ALGORITHM SELECTION (AMBIGUOUS CASE) + ////////////////////////////////////// + + /** + * Dynamically selects a KDF algorithm based on external configuration. + * + * SAST/CBOM: + * - Parent: Dynamic/Configurable Key Derivation. + * - Loading the algorithm and parameters from a config file introduces risk if + * the configuration is compromised + * or misconfigured. + */ + public void dynamicKDFSelection(String password, String configPath) throws Exception { + Properties props = new Properties(); + try (FileInputStream fis = new FileInputStream(configPath)) { + props.load(fis); + } catch (IOException e) { + e.printStackTrace(); + } + String kdfAlg = props.getProperty("kdf.alg", "PBKDF2WithHmacSHA256"); + int iterations = Integer.parseInt(props.getProperty("kdf.iterations", "10000")); + int keySize = Integer.parseInt(props.getProperty("kdf.keySize", "256")); + + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterations, keySize); + SecretKeyFactory factory = SecretKeyFactory.getInstance(kdfAlg); + byte[] derived = factory.generateSecret(spec).getEncoded(); + System.out.println("Dynamically Selected KDF (" + kdfAlg + ") Key: " + + Base64.getEncoder().encodeToString(derived)); + } + + ////////////////////////////////////// + // HELPER METHODS + ////////////////////////////////////// + + /** + * Helper method to derive a PBKDF2 key with PBKDF2WithHmacSHA256. + * + * SAST/CBOM: + * - Parent: PBKDF2 helper. + */ + private byte[] derivePBKDF2Key(String password) throws Exception { + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + return factory.generateSecret(spec).getEncoded(); + } + + /** + * A simplistic HKDF expansion function using HMAC-SHA256. + * + * SAST/CBOM: + * - Parent: HKDF. + * - Uses a single-block expansion ("hkdf-expansion") which is non-standard and + * may be flagged. + */ + private byte[] hkdfExpand(byte[] ikm, byte[] salt, int length) throws Exception { + Mac hmac = Mac.getInstance("HmacSHA256"); + SecretKey secretKey = new SecretKeySpec(salt, "HmacSHA256"); + hmac.init(secretKey); + byte[] prk = hmac.doFinal(ikm); // Extraction step. + + // Single-block expansion (non-standard; for full HKDF, multiple iterations may + // be necessary) + hmac.init(new SecretKeySpec(prk, "HmacSHA256")); + byte[] okm = hmac.doFinal("hkdf-expansion".getBytes()); + return Arrays.copyOf(okm, length); + } + + /** + * Generates a secure random salt of the specified length. + * + * SAST/CBOM: + * - Parent: Secure Random Salt Generation. + * - Uses SecureRandom; considered best practice. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java new file mode 100644 index 000000000000..7d18f6f875ca --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java @@ -0,0 +1,235 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +// import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; +// import org.bouncycastle.pqc.jcajce.spec.KyberParameterSpec; +// import org.bouncycastle.util.Strings; + +import javax.crypto.Cipher; +import javax.crypto.KeyAgreement; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; + +/** + * Demonstrates various Key Encapsulation Mechanisms (KEMs), including: + * + * 1) RSA-KEM (emulated using RSA-OAEP for ephemeral key wrapping) + * - CBOM/SAST: Classified as a Hybrid Cryptosystem (public-key based key + * encapsulation). + * While RSA-OAEP is secure, using it to emulate KEM (without a standard scheme) + * may be flagged. + * + * 2) ECIES (Elliptic Curve Integrated Encryption Scheme) + * - CBOM/SAST: Classified as a Hybrid Cryptosystem (KEM+DEM) based on ECDH and + * AES. + * Note: Directly using the raw ECDH shared secret as key material is insecure + * in production. + * + * 3) Kyber (Post-Quantum KEM using BouncyCastle PQC) + * - CBOM/SAST: Classified as a Post-Quantum Key Encapsulation mechanism. + * This is modern and secure when using standardized parameters. + * + * 4) Basic ephemeral flows that mimic KEM logic using ephemeral ECDH. + * - CBOM/SAST: Classified as a simple KEM mimic based on ephemeral ECDH. + */ +public class KeyEncapsulation { + + // static { + // // Adding both classical and PQC providers. + // Security.addProvider(new BouncyCastleProvider()); + // Security.addProvider(new BouncyCastlePQCProvider()); + // } + + ////////////////////////////////////// + // 1. RSA-KEM-Like Flow + ////////////////////////////////////// + + /** + * Emulates RSA-KEM by using RSA-OAEP to wrap a random AES key. + * + * SAST/CBOM Classification: + * - Parent: Hybrid Cryptosystem (RSA-OAEP based key encapsulation). + * - Note: Although RSA-OAEP is secure, using it to "wrap" an ephemeral key is a + * non-standard KEM pattern. + * + * @param rsaPub The RSA public key of the recipient. + */ + public void rsaKEMEncapsulation(PublicKey rsaPub) throws Exception { + // 1) Generate an ephemeral AES key (symmetric key for data encryption) + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); // 256-bit AES key. + SecretKey aesKey = keyGen.generateKey(); + System.out.println("Ephemeral AES Key: " + Base64.getEncoder().encodeToString(aesKey.getEncoded())); + + // 2) Encrypt (wrap) the ephemeral AES key with RSA-OAEP. + // SAST Note: This RSA-OAEP wrapping is used to encapsulate the AES key. + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.ENCRYPT_MODE, rsaPub); + byte[] wrappedKey = rsaCipher.doFinal(aesKey.getEncoded()); + System.out.println("RSA-KEM Encapsulated AES Key: " + Base64.getEncoder().encodeToString(wrappedKey)); + + // 3) Example usage: Encrypt data with the ephemeral AES key using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Standard IV length for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, gcmSpec); + byte[] ciphertext = aesCipher.doFinal("KEM-based encryption".getBytes()); + System.out.println("AES-GCM ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + } + + /** + * Performs RSA decapsulation by decrypting the wrapped AES key. + * + * SAST/CBOM Classification: + * - Parent: Hybrid Cryptosystem (RSA-OAEP based key decapsulation). + * - Note: Secure when used with matching RSA key pairs. + * + * @param rsaPriv The RSA private key corresponding to the public key used. + * @param wrappedKey The RSA-wrapped ephemeral AES key. + */ + public void rsaKEMDecapsulation(PrivateKey rsaPriv, byte[] wrappedKey) throws Exception { + Cipher rsaCipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); + rsaCipher.init(Cipher.DECRYPT_MODE, rsaPriv); + byte[] aesKeyBytes = rsaCipher.doFinal(wrappedKey); + SecretKey aesKey = new SecretKeySpec(aesKeyBytes, "AES"); + System.out.println("RSA-KEM Decapsulated AES Key: " + Base64.getEncoder().encodeToString(aesKey.getEncoded())); + } + + ////////////////////////////////////// + // 2. ECIES Example + ////////////////////////////////////// + + /** + * Implements a simplified ECIES flow using ephemeral ECDH and AES-GCM. + * + * SAST/CBOM Classification: + * - Parent: Hybrid Cryptosystem (ECIES: ECDH-based key encapsulation + DEM). + * - Note: Directly using the raw ECDH shared secret as key material is + * insecure. + * In practice, a proper KDF must be applied. + * + * @param ecPub The recipient's EC public key. + */ + public void eciesEncapsulation(PublicKey ecPub) throws Exception { + // Generate an ephemeral EC key pair. + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); + kpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + KeyPair ephemeralEC = kpg.generateKeyPair(); + + // Perform ECDH key agreement to derive the shared secret. + KeyAgreement ka = KeyAgreement.getInstance("ECDH"); + ka.init(ephemeralEC.getPrivate()); + ka.doPhase(ecPub, true); + byte[] sharedSecret = ka.generateSecret(); + System.out.println("ECIES ephemeral ECDH Secret: " + Base64.getEncoder().encodeToString(sharedSecret)); + + // For demonstration only: directly use part of the shared secret as an AES key. + // SAST Note: This is insecure; a proper key derivation function (KDF) must be + // used. + SecretKey aesKey = new SecretKeySpec(sharedSecret, 0, 16, "AES"); + + // Encrypt the message using AES-GCM. + Cipher aesCipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + aesCipher.init(Cipher.ENCRYPT_MODE, aesKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = aesCipher.doFinal("ECIES message".getBytes()); + + // The ephemeral public key (ephemeralEC.getPublic()) is transmitted as part of + // the output. + System.out.println( + "ECIES ephemeral public: " + Base64.getEncoder().encodeToString(ephemeralEC.getPublic().getEncoded())); + System.out.println("ECIES ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + } + + ////////////////////////////////////// + // 3. Kyber Example (Post-Quantum KEM) + ////////////////////////////////////// + + // /** + // * Demonstrates a Kyber-based encapsulation using BouncyCastle's PQC provider. + // * + // * SAST/CBOM Classification: + // * - Parent: Post-Quantum KEM. + // * - Note: Kyber is a modern, post-quantum secure KEM. This example uses + // * Kyber-512. + // * + // * @param kyberRecipientKP The recipient's Kyber key pair. + // */ + // public void kyberEncapsulate(KeyPair kyberRecipientKP) throws Exception { + // // Use an ephemeral label for demonstration. + // byte[] ephemeralLabel = Strings.toByteArray("Kyber-KEM-Label"); + // Cipher kemCipher = Cipher.getInstance("Kyber", "BCPQC"); + // kemCipher.init(Cipher.ENCRYPT_MODE, kyberRecipientKP.getPublic(), new SecureRandom()); + // byte[] ciphertext = kemCipher.doFinal(ephemeralLabel); + // System.out.println("Kyber ciphertext: " + Base64.getEncoder().encodeToString(ciphertext)); + // } + + ////////////////////////////////////// + // 4. Basic Ephemeral Flows That Mimic KEM + ////////////////////////////////////// + + /** + * Uses ephemeral ECDH to derive a shared secret that mimics a KEM. + * + * SAST/CBOM Classification: + * - Parent: Ephemeral Key Agreement (mimicking KEM). + * - Note: This simple approach demonstrates the concept of using ephemeral keys + * to derive a secret. + * In a full scheme, the ephemeral public key would also be transmitted. + * + * @param recipientPubKey The recipient's public key. + */ + public void ephemeralECDHMimicKEM(PublicKey recipientPubKey) throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); + kpg.initialize(new ECGenParameterSpec("secp256r1")); + KeyPair ephemeralKP = kpg.generateKeyPair(); + KeyAgreement ka = KeyAgreement.getInstance("ECDH"); + ka.init(ephemeralKP.getPrivate()); + ka.doPhase(recipientPubKey, true); + byte[] sharedSecret = ka.generateSecret(); + System.out.println( + "Ephemeral ECDH shared secret (mimics KEM): " + Base64.getEncoder().encodeToString(sharedSecret)); + // In a full implementation, the ephemeral public key and the shared secret are + // used together. + } + + ////////////////////////////////////// + // Test / Demo Method + ////////////////////////////////////// + + /** + * Demonstrates each of the key encapsulation flows. + */ + public void runKeyEncapsulationDemos() throws Exception { + // 1) RSA-KEM-like Flow: + KeyPairGenerator rsaKpg = KeyPairGenerator.getInstance("RSA"); + rsaKpg.initialize(2048); + KeyPair rsaKP = rsaKpg.generateKeyPair(); + rsaKEMEncapsulation(rsaKP.getPublic()); + + // 2) ECIES Example: + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1")); + KeyPair ecKP = ecKpg.generateKeyPair(); + eciesEncapsulation(ecKP.getPublic()); + + // // 3) Kyber Example (Post-Quantum KEM): + // KeyPairGenerator kyberKpg = KeyPairGenerator.getInstance("Kyber", "BCPQC"); + // kyberKpg.initialize(KyberParameterSpec.kyber512); + // KeyPair kyberKP = kyberKpg.generateKeyPair(); + // kyberEncapsulate(kyberKP); + + // 4) Ephemeral ECDH Mimic KEM: + // For demonstration, we use an EC key pair and mimic KEM by deriving a shared + // secret. + KeyPair ephemeralEC = ecKpg.generateKeyPair(); + ephemeralECDHMimicKEM(ephemeralEC.getPublic()); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java new file mode 100644 index 000000000000..056d81b46be0 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java @@ -0,0 +1,341 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.KeyAgreement; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; + +/** + * Demonstrates various Key Exchange mechanisms using standard Java and + * BouncyCastle: + * + * 1) Classic DH (Diffie-Hellman) with multiple key sizes: + * - 512-bit: Insecure/deprecated (flagged as unsafe by SAST). + * - 2048-bit: Standard secure level. + * - 4096-bit: High-security (but can be slow). + * + * 2) ECDH (using secp256r1): + * - Classified as a secure elliptic-curve key exchange. + * + * 3) X25519: + * - A modern and efficient elliptic-curve key exchange protocol. + * + * 4) X448: + * - Provides a higher security level for key exchange. + * + * In addition, the class now includes a nuanced insecure example that + * demonstrates: + * - Reusing static key pairs instead of generating fresh ephemeral keys. + * - Using weak parameters (512-bit DH) in a key exchange. + * + * The runAllExchanges() method demonstrates generating keys for each algorithm, + * deriving shared secrets, and comparing safe vs. insecure practices. + */ +public class KeyExchange { + + // static { + // // Add the BouncyCastle provider to support additional algorithms. + // Security.addProvider(new BouncyCastleProvider()); + // } + + ////////////////////////////////////////// + // 1. Classic DH (Diffie-Hellman) + ////////////////////////////////////////// + + /** + * Generates a standard Diffie-Hellman key pair using a 2048-bit modulus. + * + * CBOM/SAST Classification: + * - Parent: Classic Diffie-Hellman Key Exchange. + * - 2048-bit is considered secure and is widely accepted. + * + * @return A 2048-bit DH KeyPair. + */ + public KeyPair generateDHKeyPair() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + dhKpg.initialize(2048); + return dhKpg.generateKeyPair(); + } + + /** + * Generates a deprecated/unsafe Diffie-Hellman key pair using a 512-bit + * modulus. + * + * CBOM/SAST Classification: + * - Parent: Classic Diffie-Hellman Key Exchange. + * - 512-bit DH is considered insecure and should be flagged by SAST tools. + * + * @return A 512-bit (insecure) DH KeyPair. + */ + public KeyPair generateDHDeprecated() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + // 512 bits is considered insecure/deprecated. + dhKpg.initialize(512); + return dhKpg.generateKeyPair(); + } + + /** + * Generates a high-security Diffie-Hellman key pair using a 4096-bit modulus. + * + * CBOM/SAST Classification: + * - Parent: Classic Diffie-Hellman Key Exchange. + * - 4096-bit DH offers high security, though it may be slower in practice. + * + * @return A 4096-bit DH KeyPair. + */ + public KeyPair generateDHHighSecurity() throws Exception { + KeyPairGenerator dhKpg = KeyPairGenerator.getInstance("DH"); + dhKpg.initialize(4096); + return dhKpg.generateKeyPair(); + } + + /** + * Derives a shared secret from a DH key pair. + * + * CBOM/SAST Classification: + * - Parent: Classic Diffie-Hellman Key Exchange. + * - Properly deriving the shared secret is secure if using a safe key size. + * + * @param privateKey The private key of one party. + * @param publicKey The public key of the other party. + * @return The derived shared secret as a byte array. + */ + public byte[] deriveDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("DH"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 2. ECDH (secp256r1) + ////////////////////////////////////////// + + /** + * Generates an Elliptic Curve Diffie-Hellman key pair using the secp256r1 + * curve. + * + * CBOM/SAST Classification: + * - Parent: Elliptic Curve Diffie-Hellman (ECDH). + * - secp256r1 is widely regarded as secure and efficient. + * + * @return An ECDH KeyPair on secp256r1. + */ + public KeyPair generateECDHKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return ecKpg.generateKeyPair(); + } + + /** + * Derives a shared secret using ECDH. + * + * CBOM/SAST Classification: + * - Parent: Elliptic Curve Diffie-Hellman (ECDH). + * - Secure when using appropriate curves and proper randomness. + * + * @param privateKey The ECDH private key. + * @param publicKey The corresponding public key. + * @return The derived ECDH shared secret. + */ + public byte[] deriveECDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("ECDH", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 3. X25519 + ////////////////////////////////////////// + + /** + * Generates an ephemeral X25519 key pair. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X25519 is considered secure and efficient. + * + * @return An X25519 KeyPair. + */ + public KeyPair generateX25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519", "BC"); + // X25519 key size is fixed; the parameter (255) is a reference value. + kpg.initialize(255, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the X25519 key agreement. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X25519 is highly recommended for its security and efficiency. + * + * @param privateKey The X25519 private key. + * @param publicKey The corresponding public key. + * @return The derived X25519 shared secret. + */ + public byte[] deriveX25519Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("X25519", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 4. X448 + ////////////////////////////////////////// + + /** + * Generates an ephemeral X448 key pair. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X448 provides a higher security margin than X25519. + * + * @return An X448 KeyPair. + */ + public KeyPair generateX448KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("X448", "BC"); + // X448 key size is fixed; the parameter (448) is the curve parameter. + kpg.initialize(448, new SecureRandom()); + return kpg.generateKeyPair(); + } + + /** + * Derives a shared secret using the X448 key agreement. + * + * CBOM/SAST Classification: + * - Parent: Modern Elliptic-Curve Key Exchange. + * - X448 is considered secure and suitable for high-security applications. + * + * @param privateKey The X448 private key. + * @param publicKey The corresponding public key. + * @return The derived X448 shared secret. + */ + public byte[] deriveX448Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { + KeyAgreement ka = KeyAgreement.getInstance("X448", "BC"); + ka.init(privateKey); + ka.doPhase(publicKey, true); + return ka.generateSecret(); + } + + ////////////////////////////////////////// + // 5. Nuanced Insecure Key Exchange Example + ////////////////////////////////////////// + + /** + * Demonstrates a nuanced example of insecure key exchange by: + * - Using deprecated DH parameters (512-bit). + * - Reusing static (non-ephemeral) keys. + * + * SAST/CBOM Classification: + * - Parent: Insecure Key Exchange Patterns. + * - Issues: + * * 512-bit DH is weak and vulnerable to attacks. + * * Reusing a static key pair across sessions eliminates forward secrecy. + * * Reusing an ECDH key pair for both sides results in predictable shared + * secrets. + */ + public void insecureKeyExchangeExample() throws Exception { + System.out.println("\n--- Insecure Key Exchange Example ---"); + + // Example 1: Using weak 512-bit DH with static key reuse. + KeyPair staticDHKeyPair = generateDHDeprecated(); + // Reusing the same static DH key pair for both parties. + byte[] staticDHSecret = deriveDHSecret(staticDHKeyPair.getPrivate(), staticDHKeyPair.getPublic()); + System.out.println("Static DH (512-bit) shared secret (reused): " + + Base64.getEncoder().encodeToString(staticDHSecret)); + // SAST Note: 512-bit DH is considered insecure and static key reuse prevents + // forward secrecy. + + // Example 2: Reusing an ECDH key pair instead of generating fresh ephemeral + // keys. + KeyPair reusedECDHKeyPair = generateECDHKeyPair(); + // Using the same key pair for both sides leads to a shared secret that is + // easily derived. + byte[] reusedECDHSecret = deriveECDHSecret(reusedECDHKeyPair.getPrivate(), reusedECDHKeyPair.getPublic()); + System.out.println("Reused ECDH shared secret: " + + Base64.getEncoder().encodeToString(reusedECDHSecret)); + // SAST Note: Proper key exchange requires fresh ephemeral keys for each session + // to ensure forward secrecy. + } + + ////////////////////////////////////////// + // 6. runAllExchanges() Demo Method + ////////////////////////////////////////// + + /** + * Demonstrates key exchange flows for various algorithms, including both secure + * and insecure examples. + * + * CBOM/SAST Classification: + * - Exercises both safe configurations (e.g., DH with 2048/4096-bit, ECDH, + * X25519, X448) + * and insecure configurations (e.g., DH with 512-bit, static key reuse). + */ + public void runAllExchanges() throws Exception { + System.out.println("--- Running Secure Key Exchanges ---"); + + // ============ DEPRECATED / UNSAFE DH (512 bits) ============ + KeyPair dhDep1 = generateDHDeprecated(); + KeyPair dhDep2 = generateDHDeprecated(); + byte[] dhDepSecret1 = deriveDHSecret(dhDep1.getPrivate(), dhDep2.getPublic()); + byte[] dhDepSecret2 = deriveDHSecret(dhDep2.getPrivate(), dhDep1.getPublic()); + System.out.println("DH(512) K1->K2: " + Base64.getEncoder().encodeToString(dhDepSecret1)); + System.out.println("DH(512) K2->K1: " + Base64.getEncoder().encodeToString(dhDepSecret2)); + System.out.println("DH(512) match? " + Arrays.equals(dhDepSecret1, dhDepSecret2)); + + // ============ DH (2048 bits) Standard ============ + KeyPair dhKP1 = generateDHKeyPair(); + KeyPair dhKP2 = generateDHKeyPair(); + byte[] dhSecret1 = deriveDHSecret(dhKP1.getPrivate(), dhKP2.getPublic()); + byte[] dhSecret2 = deriveDHSecret(dhKP2.getPrivate(), dhKP1.getPublic()); + System.out.println("DH(2048) K1->K2: " + Base64.getEncoder().encodeToString(dhSecret1)); + System.out.println("DH(2048) K2->K1: " + Base64.getEncoder().encodeToString(dhSecret2)); + System.out.println("DH(2048) match? " + Arrays.equals(dhSecret1, dhSecret2)); + + // ============ DH (4096 bits) High-Security ============ + KeyPair dhHigh1 = generateDHHighSecurity(); + KeyPair dhHigh2 = generateDHHighSecurity(); + byte[] dhHighSecret1 = deriveDHSecret(dhHigh1.getPrivate(), dhHigh2.getPublic()); + byte[] dhHighSecret2 = deriveDHSecret(dhHigh2.getPrivate(), dhHigh1.getPublic()); + System.out.println("DH(4096) K1->K2: " + Base64.getEncoder().encodeToString(dhHighSecret1)); + System.out.println("DH(4096) K2->K1: " + Base64.getEncoder().encodeToString(dhHighSecret2)); + System.out.println("DH(4096) match? " + Arrays.equals(dhHighSecret1, dhHighSecret2)); + + // ============ ECDH (secp256r1) ============ + KeyPair ecKP1 = generateECDHKeyPair(); + KeyPair ecKP2 = generateECDHKeyPair(); + byte[] ecdhSecret1 = deriveECDHSecret(ecKP1.getPrivate(), ecKP2.getPublic()); + byte[] ecdhSecret2 = deriveECDHSecret(ecKP2.getPrivate(), ecKP1.getPublic()); + System.out.println("ECDH K1->K2: " + Base64.getEncoder().encodeToString(ecdhSecret1)); + System.out.println("ECDH K2->K1: " + Base64.getEncoder().encodeToString(ecdhSecret2)); + System.out.println("ECDH match? " + Arrays.equals(ecdhSecret1, ecdhSecret2)); + + // ============ X25519 ============ + KeyPair x25519KP1 = generateX25519KeyPair(); + KeyPair x25519KP2 = generateX25519KeyPair(); + byte[] x25519Secret1 = deriveX25519Secret(x25519KP1.getPrivate(), x25519KP2.getPublic()); + byte[] x25519Secret2 = deriveX25519Secret(x25519KP2.getPrivate(), x25519KP1.getPublic()); + System.out.println("X25519 K1->K2: " + Base64.getEncoder().encodeToString(x25519Secret1)); + System.out.println("X25519 K2->K1: " + Base64.getEncoder().encodeToString(x25519Secret2)); + System.out.println("X25519 match? " + Arrays.equals(x25519Secret1, x25519Secret2)); + + // ============ X448 ============ + KeyPair x448KP1 = generateX448KeyPair(); + KeyPair x448KP2 = generateX448KeyPair(); + byte[] x448Secret1 = deriveX448Secret(x448KP1.getPrivate(), x448KP2.getPublic()); + byte[] x448Secret2 = deriveX448Secret(x448KP2.getPrivate(), x448KP1.getPublic()); + System.out.println("X448 K1->K2: " + Base64.getEncoder().encodeToString(x448Secret1)); + System.out.println("X448 K2->K1: " + Base64.getEncoder().encodeToString(x448Secret2)); + System.out.println("X448 match? " + Arrays.equals(x448Secret1, x448Secret2)); + + // ============ Insecure Key Exchange Example ============ + insecureKeyExchangeExample(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java new file mode 100644 index 000000000000..7043a2498237 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -0,0 +1,259 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.KeyGenerator; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.*; +import java.util.Arrays; +import java.util.Base64; + +/** + * MACOperation demonstrates various Message Authentication Code (MAC) + * operations and further use of MAC outputs as inputs into higher‐level + * cryptosystems. + * + * Flows include: + * + * 1. Secure HMAC‑SHA2 (HMAC‑SHA256) – a widely accepted MAC. + * 2. Secure HMAC‑SHA3 (HMAC‑SHA3-256) – an alternative using the SHA‑3 family. + * 3. Secure Poly1305 MAC – using BouncyCastle’s implementation. + * 4. Secure GMAC – using AES‑GCM’s authentication tag in a dedicated MAC mode. + * 5. Secure KMAC – using KMAC128 (from the SHA‑3 family). + * + * Insecure examples include: + * + * 6. Insecure HMAC‑SHA1 – which is deprecated. + * + * Further flows: + * + * A. processMACOutput: Uses the MAC output directly as key material for AES + * encryption. + * (Note: This is acceptable only if the MAC is produced by a secure function.) + * + * B. alternativeMACFlow: Uses the MAC output as an identifier that is then + * encrypted. + * + * C. furtherUseMACForKeyDerivation: Uses PBKDF2 to split a MAC output into two + * keys, + * one for encryption and one for MACing ciphertext. + * + * SAST/CBOM Notes: + * - Secure MAC algorithms (HMAC‑SHA256, HMAC‑SHA3-256, Poly1305, GMAC, KMAC128) + * are acceptable if used correctly. + * - HMAC‑SHA1 is flagged as insecure. + * - Using a raw MAC output directly as key material is ambiguous unless the MAC + * is produced by a secure KDF. + */ +public class MACOperation { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + // ---------- MAC Operations ---------- + + /** + * Secure MAC using HMAC-SHA256. + * SAST: HMAC-SHA256 is widely considered secure. + */ + public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using HMAC-SHA3-256. + * SAST: HMAC-SHA3 is a modern alternative from the SHA-3 family. + */ + public byte[] secureHMACSHA3(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA3-256", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA3-256"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using Poly1305. + * SAST: Poly1305 is secure when used with a one-time key from a cipher (e.g. + * ChaCha20). + */ + public byte[] securePoly1305(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("Poly1305", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "Poly1305"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using GMAC. + * SAST: GMAC (the MAC part of AES-GCM) is secure when used correctly. + */ + public byte[] secureGMAC(String message, byte[] key) throws Exception { + // For GMAC, we use the GMac algorithm as provided by BC. + Mac mac = Mac.getInstance("GMac", "BC"); + // Initialize the key for GMAC; key should be appropriate for the underlying + // block cipher. + SecretKey secretKey = new SecretKeySpec(key, "AES"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Secure MAC using KMAC128. + * SAST: KMAC128 is part of the SHA-3 family and is secure when used properly. + */ + public byte[] secureKMAC(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("KMAC128", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "KMAC128"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + /** + * Insecure MAC using HMAC-SHA1. + * SAST: HMAC-SHA1 is considered deprecated and weak. + */ + public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { + Mac mac = Mac.getInstance("HmacSHA1", "BC"); + SecretKey secretKey = new SecretKeySpec(key, "HmacSHA1"); + mac.init(secretKey); + return mac.doFinal(message.getBytes()); + } + + // ---------- Further Use of MAC Outputs ---------- + + /** + * Processes the MAC output by using it as key material for AES encryption. + * SAST: Using a raw MAC output as key material is acceptable only if the MAC + * was + * produced by a secure function; otherwise, this is ambiguous. + * + * @param macOutput The computed MAC output. + * @throws Exception if encryption fails. + */ + public void processMACOutput(byte[] macOutput) throws Exception { + // Derive a 128-bit AES key from the MAC output. + SecretKey key = new SecretKeySpec(macOutput, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + storeEncryptedMAC(encryptedData); + } + + /** + * Alternative flow: Uses the MAC output as an identifier and then encrypts it. + * SAST: Using a MAC as an identifier is common; subsequent encryption must be + * secure. + * + * @param macOutput The computed MAC output. + * @throws Exception if encryption fails. + */ + public void alternativeMACFlow(byte[] macOutput) throws Exception { + byte[] identifier = Base64.getEncoder().encode(macOutput); + encryptAndSend(identifier); + } + + /** + * Further use: Derives two separate keys from the MAC output using PBKDF2, + * then uses one key for encryption and one for computing an additional MAC over + * the ciphertext. + * + * SAST: This key-splitting technique is acceptable if PBKDF2 is used securely. + * + * @param macOutput The MAC output to derive keys from. + * @throws Exception if key derivation or encryption fails. + */ + public void furtherUseMACForKeyDerivation(byte[] macOutput) throws Exception { + // Use the Base64 representation of the MAC as the password input to PBKDF2. + String macAsPassword = Base64.getEncoder().encodeToString(macOutput); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(macAsPassword.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] keyMaterial = factory.generateSecret(spec).getEncoded(); + // Split into two 128-bit keys. + byte[] encryptionKeyBytes = Arrays.copyOfRange(keyMaterial, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(keyMaterial, 16, 32); + SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + // Encrypt some sample data using the derived encryption key. + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom()); + byte[] ciphertext = cipher.doFinal("Further Use Test Data".getBytes()); + + // Compute HMAC over the ciphertext using the derived MAC key. + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + // Concatenate the ciphertext and MAC for further use. + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedMAC(output); + } + + // ---------- Output/Storage Methods ---------- + + /** + * Simulates secure storage or transmission of an encrypted MAC output. + * SAST: In production, storage and transmission must be protected. + * + * @param encryptedMAC The encrypted MAC output. + */ + public void storeEncryptedMAC(byte[] encryptedMAC) { + String stored = Base64.getEncoder().encodeToString(encryptedMAC); + // In production, this string would be securely stored or transmitted. + } + + /** + * Encrypts data using AES-GCM and simulates secure transmission. + * SAST: Uses a securely generated AES key. + * + * @param data The data to encrypt. + * @throws Exception if encryption fails. + */ + public void encryptAndSend(byte[] data) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + SecretKey key = generateAESKey(); + cipher.init(Cipher.ENCRYPT_MODE, key, new SecureRandom()); + byte[] encryptedData = cipher.doFinal(data); + storeEncryptedMAC(encryptedData); + } + + // ---------- Helper Methods ---------- + + /** + * Generates a secure 256-bit AES key. + * SAST: Uses a strong RNG for key generation. + * + * @return A SecretKey for AES. + * @throws NoSuchAlgorithmException if AES is unsupported. + */ + private SecretKey generateAESKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256); + return keyGen.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. + * SAST: Salting is essential for secure key derivation. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java new file mode 100644 index 000000000000..3d1803c2d40e --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java @@ -0,0 +1,115 @@ +package com.example.crypto.artifacts; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.Cipher; +import java.security.*; +import java.util.Base64; +import java.util.Random; + +public class Nonce { + + // static { + // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available + // } + + /** + * Simple Case: Generates a secure nonce and uses it in HMAC. + */ + public void simpleNonceUsage() throws Exception { + byte[] nonce = secureNonce(16); + SecretKey key = generateHmacKey(); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Simple Test Data".getBytes()); + } + + /** + * Incorrect: Hardcoded, reused nonce in encryption, leading to predictable + * output. + */ + public void hardcodedNonceReuse() throws Exception { + byte[] nonce = "BADNONCEBADNONCE".getBytes(); // HARDCODED NONCE REUSED! + SecretKey key = generateHmacKey(); + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Sensitive Data".getBytes()); + } + + /** + * Incorrect: Reusing a nonce with AES-GCM, which can lead to catastrophic + * security failures. + */ + public void insecureNonceReuseGCM(SecretKey key, byte[] plaintext) throws Exception { + byte[] nonce = getReusedNonce(12); // SAME NONCE REUSED! + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + /** + * Secure Case: Proper unique nonce usage in AES-GCM. + */ + public void secureNonceUsageGCM(SecretKey key, byte[] plaintext) throws Exception { + byte[] nonce = secureNonce(12); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + } + + public void complexNonceFlow() { + byte[] nonce = useSecureMethod() ? secureNonce(16) : insecureNonce(16); + processNonce(nonce); + try { + useNonceInMac(nonce, generateHmacKey(), "HmacSHA256"); + } catch (Exception e) { + e.printStackTrace(); + } + } + + public void useNonceInMac(byte[] nonce, SecretKey key, String macAlgorithm) throws Exception { + Mac mac = Mac.getInstance(macAlgorithm); + mac.init(key); + mac.update(nonce); + byte[] macResult = mac.doFinal("Sensitive Data".getBytes()); + } + + private boolean useSecureMethod() { + return System.currentTimeMillis() % 2 == 0; + } + + private void processNonce(byte[] nonce) { + String nonceBase64 = Base64.getEncoder().encodeToString(nonce); + } + + private SecretKey generateHmacKey() throws NoSuchAlgorithmException { + KeyGenerator keyGen = KeyGenerator.getInstance("HmacSHA256"); + return keyGen.generateKey(); + } + + private byte[] secureNonce(int length) { + byte[] nonce = new byte[length]; + new SecureRandom().nextBytes(nonce); + return nonce; + } + + private byte[] insecureNonce(int length) { + byte[] nonce = new byte[length]; + new Random().nextBytes(nonce); + return nonce; + } + + /** + * Incorrect: A nonce that is stored and reused across multiple encryptions. + */ + private byte[] getReusedNonce(int length) { + return "BADNONCEBADNONCE".getBytes(); // Fixed nonce reuse across calls + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java new file mode 100644 index 000000000000..59f1c121e0f4 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java @@ -0,0 +1,166 @@ +package com.example.crypto.algorithms; + +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Random; +import javax.crypto.SecretKey; +import javax.crypto.KeyGenerator; + +/** + * PrngTest demonstrates various approaches for generating random data using + * PRNG/RNG APIs. + * + * It covers: + * 1) Secure random generation using SecureRandom (default and + * getInstanceStrong). + * 2) Insecure random generation using java.util.Random. + * 3) Flawed PRNG usage by setting a fixed seed. + * 4) Dynamic PRNG selection based on configuration. + * 5) Usage of random data as nonces/IVs in symmetric encryption. + * + * SAST/CBOM Notes: + * - SecureRandom (and SecureRandom.getInstanceStrong) are recommended. + * - java.util.Random is not suitable for cryptographic purposes. + * - Re-seeding or using a fixed seed with SecureRandom makes it predictable. + * - IVs and nonces must be unique for each operation; reusing fixed values is + * insecure. + */ +public class PrngTest { + + // ---------- Secure Random Generation ---------- + + /** + * Generates random bytes using the default SecureRandom. + * SAST: SecureRandom is recommended for cryptographically secure random data. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + */ + public byte[] generateSecureRandomBytes(int numBytes) { + SecureRandom secureRandom = new SecureRandom(); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + /** + * Generates random bytes using SecureRandom.getInstanceStrong(). + * SAST: getInstanceStrong() returns a strong RNG (may block in some + * environments). + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + * @throws NoSuchAlgorithmException if a strong RNG is not available. + */ + public byte[] generateSecureRandomBytesStrong(int numBytes) throws NoSuchAlgorithmException { + SecureRandom secureRandom = SecureRandom.getInstanceStrong(); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Insecure Random Generation ---------- + + /** + * Generates random bytes using java.util.Random. + * SAST: java.util.Random is predictable and insecure for cryptographic + * purposes. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + */ + public byte[] generateInsecureRandomBytes(int numBytes) { + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); + return bytes; + } + + /** + * Generates random bytes using SecureRandom with a fixed seed. + * SAST: Fixed seeding makes SecureRandom predictable and insecure. + * + * @param numBytes Number of bytes to generate. + * @return A byte array of predictable random data. + */ + public byte[] generatePredictableRandomBytes(int numBytes) { + SecureRandom secureRandom = new SecureRandom(); + // Fixed seed (predictable and insecure) + secureRandom.setSeed(0xDEADBEEF); + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Dynamic PRNG Selection ---------- + + /** + * Dynamically selects a PRNG algorithm based on a configuration property. + * If the algorithm is unknown, falls back to java.util.Random (insecure). + * SAST: Dynamic selection may introduce risk if an insecure RNG is chosen. + * + * @param algorithmName The PRNG algorithm name (e.g. "SHA1PRNG", + * "NativePRNGNonBlocking", "getInstanceStrong"). + * @param numBytes Number of bytes to generate. + * @return A byte array of random data. + * @throws NoSuchAlgorithmException if the algorithm is not available. + */ + public byte[] dynamicRandomGeneration(String algorithmName, int numBytes) throws NoSuchAlgorithmException { + SecureRandom secureRandom; + if ("SHA1PRNG".equalsIgnoreCase(algorithmName)) { + // SHA1PRNG is older and less preferred. + secureRandom = SecureRandom.getInstance("SHA1PRNG"); + } else if ("NativePRNGNonBlocking".equalsIgnoreCase(algorithmName)) { + secureRandom = SecureRandom.getInstance("NativePRNGNonBlocking"); + } else if ("getInstanceStrong".equalsIgnoreCase(algorithmName)) { + secureRandom = SecureRandom.getInstanceStrong(); + } else { + // Fallback to insecure java.util.Random. + Random random = new Random(); + byte[] bytes = new byte[numBytes]; + random.nextBytes(bytes); + return bytes; + } + byte[] bytes = new byte[numBytes]; + secureRandom.nextBytes(bytes); + return bytes; + } + + // ---------- Usage Examples: Nonce/IV Generation for Symmetric Encryption + // ---------- + + /** + * Demonstrates secure generation of an IV for AES-GCM encryption. + * SAST: A unique, random IV is required for each encryption operation. + * + * @return A 12-byte IV. + */ + public byte[] generateRandomIVForGCM() { + return generateSecureRandomBytes(12); + } + + /** + * Demonstrates insecure use of a fixed IV for AES-GCM encryption. + * SAST: Reusing a fixed IV in AES-GCM compromises security. + * + * @return A fixed 12-byte IV (all zeros). + */ + public byte[] generateFixedIVForGCM() { + return new byte[12]; // 12 bytes of zeros. + } + + // ---------- Example: Using PRNG for Key Generation ---------- + + /** + * Generates a secure 256-bit AES key using SecureRandom. + * SAST: Strong key generation is critical for symmetric cryptography. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator keyGen = KeyGenerator.getInstance("AES"); + keyGen.init(256, new SecureRandom()); + return keyGen.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java new file mode 100644 index 000000000000..0526c12c1063 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java @@ -0,0 +1,369 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; + +/** + * This class demonstrates cryptographic flows combining signing, encryption, + * and MAC. + * + * It intentionally includes both safe and unsafe patterns so that a SAST tool + * can detect: + * + * 1. **Sign then Encrypt (Unsafe)** + * - Signs the plaintext and encrypts only the signature, leaving the plaintext + * in cleartext. + * - *Issue:* The message is exposed, which could lead to replay or modification + * attacks. + * + * 2. **Encrypt then Sign (Safe with caveats)** + * - Encrypts the plaintext and then signs the ciphertext. + * - *Caveat:* The signature is in the clear; metadata (e.g. ciphertext length) + * may be exposed. + * + * 3. **MAC then Encrypt (Unsafe)** + * - Computes a MAC on the plaintext and appends it before encryption. + * - *Issue:* Operating on plaintext for MAC generation can leak information and + * is discouraged. + * + * 4. **Encrypt then MAC (Safe)** + * - Encrypts the plaintext and computes a MAC over the ciphertext. + * - *Benefit:* Provides a robust authenticated encryption construction when not + * using an AEAD cipher. + * + * Note: AES/GCM already provides authentication, so adding an external MAC is + * redundant. + */ +public class SignEncryptCombinations { + + private static final SecureRandom RANDOM = new SecureRandom(); + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + /////////////////////////////////////////////// + // Key Generation for ECDSA on secp256r1 + /////////////////////////////////////////////// + + public KeyPair generateECDSAKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), RANDOM); + return ecKpg.generateKeyPair(); + } + + /////////////////////////////////////////////// + // Signing with ECDSA (SHA256withECDSA) + /////////////////////////////////////////////// + + public byte[] signECDSA(PrivateKey privKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(privKey, RANDOM); + signature.update(data); + return signature.sign(); + } + + public boolean verifyECDSA(PublicKey pubKey, byte[] data, byte[] signatureBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(pubKey); + signature.update(data); + return signature.verify(signatureBytes); + } + + /////////////////////////////////////////////// + // Symmetric Encryption with AES-GCM + /////////////////////////////////////////////// + + /** + * Generates a 256-bit AES key. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256); + return kg.generateKey(); + } + + /** + * Encrypts data using AES-GCM with a 12-byte IV and a 128-bit tag. + * Returns the concatenation of IV and ciphertext. + */ + public byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM + RANDOM.nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + + byte[] result = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, result, 0, iv.length); + System.arraycopy(ciphertext, 0, result, iv.length, ciphertext.length); + return result; + } + + /** + * Decrypts data that was encrypted using encryptAESGCM. + */ + public byte[] decryptAESGCM(SecretKey key, byte[] ivCiphertext) throws Exception { + byte[] iv = Arrays.copyOfRange(ivCiphertext, 0, 12); + byte[] ciphertext = Arrays.copyOfRange(ivCiphertext, 12, ivCiphertext.length); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + cipher.init(Cipher.DECRYPT_MODE, key, new GCMParameterSpec(128, iv)); + return cipher.doFinal(ciphertext); + } + + /////////////////////////////////////////////// + // HMAC Usage with HMAC-SHA256 + /////////////////////////////////////////////// + + public byte[] computeHmacSHA256(SecretKey key, byte[] data) throws Exception { + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(key); + return mac.doFinal(data); + } + + public boolean verifyHmacSHA256(SecretKey key, byte[] data, byte[] givenMac) throws Exception { + byte[] computed = computeHmacSHA256(key, data); + return Arrays.equals(computed, givenMac); + } + + /////////////////////////////////////////////// + // 1) SIGN THEN ENCRYPT vs. ENCRYPT THEN SIGN + /////////////////////////////////////////////// + + /** + * UNSAFE FLOW: Signs the plaintext and encrypts only the signature. + * + *

    + * **Issue:** The plaintext message is not encrypted—only the signature is. + * This exposes the original message to eavesdroppers and negates the purpose of + * encryption. + *

    + * + * @param signingKey ECDSA private key for signing. + * @param encryptionKey AES key for encryption. + * @param data The plaintext message. + * @return The encrypted signature only. + */ + public byte[] signThenEncrypt(PrivateKey signingKey, SecretKey encryptionKey, byte[] data) throws Exception { + // Sign the plaintext message. + byte[] signature = signECDSA(signingKey, data); + // **** UNSAFE: Only the signature is encrypted. The plaintext remains in the + // clear. **** + return encryptAESGCM(encryptionKey, signature); + } + + /** + * Decrypts the signature and verifies it against the original plaintext. + */ + public boolean decryptThenVerify(SecretKey encryptionKey, PublicKey verifyingKey, byte[] encryptedSig, + byte[] originalData) throws Exception { + byte[] decryptedSig = decryptAESGCM(encryptionKey, encryptedSig); + return verifyECDSA(verifyingKey, originalData, decryptedSig); + } + + /** + * SAFE FLOW (with caveats): Encrypts the plaintext and then signs the + * ciphertext. + * + *

    + * **Benefit:** The plaintext is fully encrypted and remains confidential. + * **Caveat:** The signature is transmitted in the clear. Although this does not + * compromise + * the message, it might reveal metadata (like ciphertext length). + *

    + * + * @param encryptionKey AES key for encryption. + * @param signingKey ECDSA private key for signing. + * @param data The plaintext message. + * @return The concatenation of the ciphertext and its signature. + */ + public byte[] encryptThenSign(SecretKey encryptionKey, PrivateKey signingKey, byte[] data) throws Exception { + // Encrypt the plaintext. + byte[] ivCiphertext = encryptAESGCM(encryptionKey, data); + // Sign the ciphertext. + byte[] signature = signECDSA(signingKey, ivCiphertext); + + // Combine ciphertext and signature. + byte[] combined = new byte[ivCiphertext.length + signature.length]; + System.arraycopy(ivCiphertext, 0, combined, 0, ivCiphertext.length); + System.arraycopy(signature, 0, combined, ivCiphertext.length, signature.length); + return combined; + } + + /** + * Extracts and verifies the signature from the combined ciphertext-signature + * bundle, + * then decrypts the ciphertext. + * + *

    + * **Issue:** Here we assume a fixed signature length (70 bytes). In production, + * the signature length + * should be explicitly stored. Hard-coding a length is an unsafe pattern and + * may trigger SAST warnings. + *

    + * + * @param verifyingKey ECDSA public key for signature verification. + * @param encryptionKey AES key for decryption. + * @param combined The combined ciphertext and signature. + * @return The decrypted plaintext message. + */ + public byte[] verifyThenDecrypt(PublicKey verifyingKey, SecretKey encryptionKey, byte[] combined) throws Exception { + int assumedSignatureLength = 70; // UNSAFE: Hard-coded signature length. + if (combined.length < assumedSignatureLength) { + throw new IllegalArgumentException("Combined data too short."); + } + int ctLen = combined.length - assumedSignatureLength; + byte[] ivCiphertext = Arrays.copyOfRange(combined, 0, ctLen); + byte[] signature = Arrays.copyOfRange(combined, ctLen, combined.length); + + if (!verifyECDSA(verifyingKey, ivCiphertext, signature)) { + throw new SecurityException("Signature verification failed."); + } + return decryptAESGCM(encryptionKey, ivCiphertext); + } + + /////////////////////////////////////////////// + // 2) MAC THEN ENCRYPT vs. ENCRYPT THEN MAC + /////////////////////////////////////////////// + + /** + * UNSAFE FLOW: Computes a MAC on the plaintext, appends it to the plaintext, + * and then encrypts the combined data. + * + *

    + * **Issue:** Operating on unencrypted plaintext to compute the MAC can leak + * structural + * information. Additionally, if the encryption scheme does not provide + * integrity, + * this construction is vulnerable. + *

    + * + * @param macKey AES key used as the HMAC key (should be separate from the + * encryption key). + * @param encKey AES key for encryption. + * @param data The plaintext message. + * @return The encrypted (plaintext + MAC) bundle. + */ + public byte[] macThenEncrypt(SecretKey macKey, SecretKey encKey, byte[] data) throws Exception { + // Compute MAC over the plaintext. + byte[] mac = computeHmacSHA256(macKey, data); + // Combine plaintext and MAC. + byte[] combined = new byte[data.length + mac.length]; + System.arraycopy(data, 0, combined, 0, data.length); + System.arraycopy(mac, 0, combined, data.length, mac.length); + // **** UNSAFE: The MAC is computed on plaintext, which can leak information. + // **** + return encryptAESGCM(encKey, combined); + } + + /** + * Decrypts the combined data and verifies the MAC. + * + * @param macKey AES key used as the HMAC key. + * @param encKey AES key for decryption. + * @param ciphertext The encrypted bundle containing plaintext and MAC. + * @return true if the MAC is valid; false otherwise. + */ + public boolean decryptThenVerifyMac(SecretKey macKey, SecretKey encKey, byte[] ciphertext) throws Exception { + byte[] combined = decryptAESGCM(encKey, ciphertext); + if (combined.length < 32) { // HMAC-SHA256 produces a 32-byte MAC. + throw new IllegalArgumentException("Combined data too short for MAC verification."); + } + int dataLen = combined.length - 32; + byte[] originalData = Arrays.copyOfRange(combined, 0, dataLen); + byte[] extractedMac = Arrays.copyOfRange(combined, dataLen, combined.length); + return verifyHmacSHA256(macKey, originalData, extractedMac); + } + + /** + * SAFE FLOW: Encrypts the plaintext and then computes a MAC over the + * ciphertext. + * + *

    + * **Benefit:** This "encrypt-then-MAC" construction ensures that the ciphertext + * is both confidential + * and tamper-evident. + *

    + * + * @param encKey AES key for encryption. + * @param macKey AES key used as the HMAC key. + * @param data The plaintext message. + * @return The concatenation of ciphertext and MAC. + */ + public byte[] encryptThenMac(SecretKey encKey, SecretKey macKey, byte[] data) throws Exception { + // Encrypt the plaintext. + byte[] ivCiphertext = encryptAESGCM(encKey, data); + // Compute MAC over the ciphertext. + byte[] mac = computeHmacSHA256(macKey, ivCiphertext); + // Combine ciphertext and MAC. + byte[] combined = new byte[ivCiphertext.length + mac.length]; + System.arraycopy(ivCiphertext, 0, combined, 0, ivCiphertext.length); + System.arraycopy(mac, 0, combined, ivCiphertext.length, mac.length); + return combined; + } + + /** + * Verifies the MAC and then decrypts the ciphertext. + * + * @param encKey AES key for decryption. + * @param macKey AES key used as the HMAC key. + * @param combined The combined ciphertext and MAC. + * @return The decrypted plaintext message. + */ + public byte[] verifyMacThenDecrypt(SecretKey encKey, SecretKey macKey, byte[] combined) throws Exception { + if (combined.length < 32) { + throw new IllegalArgumentException("Combined data too short for MAC verification."); + } + int macOffset = combined.length - 32; + byte[] ivCiphertext = Arrays.copyOfRange(combined, 0, macOffset); + byte[] extractedMac = Arrays.copyOfRange(combined, macOffset, combined.length); + if (!verifyHmacSHA256(macKey, ivCiphertext, extractedMac)) { + throw new SecurityException("MAC verification failed."); + } + return decryptAESGCM(encKey, ivCiphertext); + } + + /////////////////////////////////////////////// + // Demo: runAllCombinations + /////////////////////////////////////////////// + + public void runAllCombinations() throws Exception { + // Generate keys for signing and for encryption/MAC. + KeyPair signingKeys = generateECDSAKeyPair(); + SecretKey encKey = generateAESKey(); + SecretKey macKey = generateAESKey(); // Ensure a separate key for MAC operations. + + byte[] message = "Hello, combinations!".getBytes(); + + // 1) Sign then Encrypt (Unsafe) vs. Encrypt then Sign (Safe with caveats) + System.out.println("--Sign Then Encrypt (UNSAFE)"); + byte[] encryptedSig = signThenEncrypt(signingKeys.getPrivate(), encKey, message); + boolean steVerified = decryptThenVerify(encKey, signingKeys.getPublic(), encryptedSig, message); + System.out.println("signThenEncrypt -> signature verified? " + steVerified); + + System.out.println("--Encrypt Then Sign (SAFE with caveats)"); + byte[] combinedETS = encryptThenSign(encKey, signingKeys.getPrivate(), message); + byte[] finalPlain = verifyThenDecrypt(signingKeys.getPublic(), encKey, combinedETS); + System.out.println("encryptThenSign -> decrypted message: " + new String(finalPlain)); + + // 2) MAC then Encrypt (Unsafe) vs. Encrypt then MAC (Safe) + System.out.println("--MAC Then Encrypt (UNSAFE)"); + byte[] mteCipher = macThenEncrypt(macKey, encKey, message); + boolean mteVerified = decryptThenVerifyMac(macKey, encKey, mteCipher); + System.out.println("macThenEncrypt -> MAC verified? " + mteVerified); + + System.out.println("--Encrypt Then MAC (SAFE)"); + byte[] etmCombined = encryptThenMac(encKey, macKey, message); + byte[] etmPlain = verifyMacThenDecrypt(encKey, macKey, etmCombined); + System.out.println("encryptThenMac -> decrypted message: " + new String(etmPlain)); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java new file mode 100644 index 000000000000..6a0574886f92 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java @@ -0,0 +1,380 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; +import java.util.Properties; + +/** + * Demonstrates various digital signature operations: + * + * 1) RSA-PSS (modern, safer) + * - CBOM/SAST: Classified as a Modern Digital Signature scheme using RSA-PSS. + * RSA-PSS with SHA-256 is recommended. + * + * 2) ECDSA with secp256r1 + * - CBOM/SAST: Classified as an Elliptic Curve Digital Signature Algorithm. + * Secure when used with a strong curve and proper randomness. + * + * 3) Ed25519 (RFC 8032) + * - CBOM/SAST: Classified as a modern, high-performance signature scheme. + * + * 4) SHA1withRSA (deprecated/unsafe example) + * - CBOM/SAST: Classified as a legacy digital signature scheme. + * SHA-1 and 1024-bit RSA are deprecated. + * + * Additional nuanced examples: + * + * - Signing and verifying an empty message. + * - Signing data with non-ASCII characters. + * - Demonstrating signature tampering and its detection. + * - A dynamic (runtime-selected) signature algorithm scenario ("known + * unknown"). + * + * Requirements: + * - BouncyCastle for ECDSA, Ed25519, and RSA-PSS (if needed). + * - Java 11+ for native Ed25519 support or using BC for older versions. + */ +public class SignatureOperation { + + // static { + // // Register the BouncyCastle provider. + // Security.addProvider(new BouncyCastleProvider()); + // } + + /////////////////////////////////////// + // 1. RSA-PSS (Recommended) + /////////////////////////////////////// + + /** + * Generate an RSA key pair for RSA-PSS. + * Uses a 2048-bit key. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (RSA-PSS). + */ + public KeyPair generateRSAPSSKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(2048); + return kpg.generateKeyPair(); + } + + /** + * Sign data using RSA-PSS with SHA-256. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (RSA-PSS). + */ + public byte[] signRSAPSS(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using RSA-PSS with SHA-256. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (RSA-PSS). + */ + public boolean verifyRSAPSS(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 2. ECDSA (secp256r1) + /////////////////////////////////////// + + /** + * Generate an ECDSA key pair on secp256r1. + * + * CBOM/SAST Notes: + * - Parent: Elliptic Curve Digital Signature. + */ + public KeyPair generateECDSAKeyPair() throws Exception { + KeyPairGenerator ecKpg = KeyPairGenerator.getInstance("EC", "BC"); + ecKpg.initialize(new ECGenParameterSpec("secp256r1"), new SecureRandom()); + return ecKpg.generateKeyPair(); + } + + /** + * Sign data using ECDSA with SHA-256. + * + * CBOM/SAST Notes: + * - Parent: Elliptic Curve Digital Signature. + */ + public byte[] signECDSA(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using ECDSA with SHA-256. + * + * CBOM/SAST Notes: + * - Parent: Elliptic Curve Digital Signature. + */ + public boolean verifyECDSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 3. Ed25519 (RFC 8032) + /////////////////////////////////////// + + /** + * Generate an Ed25519 key pair. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (EdDSA). + */ + public KeyPair generateEd25519KeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("Ed25519", "BC"); + return kpg.generateKeyPair(); + } + + /** + * Sign data using Ed25519. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (EdDSA). + */ + public byte[] signEd25519(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using Ed25519. + * + * CBOM/SAST Notes: + * - Parent: Modern Digital Signature (EdDSA). + */ + public boolean verifyEd25519(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("Ed25519", "BC"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // 4. SHA1withRSA (Deprecated/Unsafe) + /////////////////////////////////////// + + /** + * Generate an RSA key pair for the deprecated/unsafe example. + * Uses a 1024-bit key. + * + * CBOM/SAST Notes: + * - Parent: Legacy Digital Signature. + * - RSA with SHA-1 and 1024-bit keys is deprecated and should be avoided. + */ + public KeyPair generateRSAUnsafeKeyPair() throws Exception { + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + kpg.initialize(1024); + return kpg.generateKeyPair(); + } + + /** + * Sign data using SHA1withRSA. + * + * CBOM/SAST Notes: + * - Parent: Legacy Digital Signature. + * - SHA-1 is deprecated and RSA with 1024 bits is considered weak. + */ + public byte[] signSHA1withRSA(PrivateKey privateKey, byte[] data) throws Exception { + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initSign(privateKey); + signature.update(data); + return signature.sign(); + } + + /** + * Verify data using SHA1withRSA. + * + * CBOM/SAST Notes: + * - Parent: Legacy Digital Signature. + * - Verification of SHA1withRSA is insecure. + */ + public boolean verifySHA1withRSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { + Signature signature = Signature.getInstance("SHA1withRSA"); + signature.initVerify(publicKey); + signature.update(data); + return signature.verify(sigBytes); + } + + /////////////////////////////////////// + // Nuanced Edge-Case Examples + /////////////////////////////////////// + + /** + * Demonstrates signing and verifying an empty message. + * + * CBOM/SAST Notes: + * - Edge Case: Signing empty input should be handled correctly but might be + * unexpected. + */ + public void signAndVerifyEmptyMessage() throws Exception { + byte[] emptyMessage = new byte[0]; + KeyPair kp = generateRSAPSSKeyPair(); + byte[] sig = signRSAPSS(kp.getPrivate(), emptyMessage); + boolean verified = verifyRSAPSS(kp.getPublic(), emptyMessage, sig); + System.out.println("Empty message signature verified? " + verified); + } + + /** + * Demonstrates signing and verifying data containing non-ASCII characters. + * + * CBOM/SAST Notes: + * - Edge Case: Non-ASCII (e.g., Unicode) data should be handled correctly. + */ + public void signAndVerifyNonAsciiMessage() throws Exception { + // Use a message with Unicode characters. + String nonAscii = "こんにちは世界"; // "Hello World" in Japanese. + byte[] message = nonAscii.getBytes("UTF-8"); + KeyPair kp = generateEd25519KeyPair(); + byte[] sig = signEd25519(kp.getPrivate(), message); + boolean verified = verifyEd25519(kp.getPublic(), message, sig); + System.out.println("Non-ASCII message signature verified? " + verified); + } + + /** + * Demonstrates that even a slight tampering with the signature will cause + * verification to fail. + * + * CBOM/SAST Notes: + * - Edge Case: Signature integrity is critical. Any change—even a single + * byte—should invalidate the signature. + */ + public void tamperSignatureEdgeCase() throws Exception { + byte[] message = "Important Message".getBytes(); + KeyPair kp = generateECDSAKeyPair(); + byte[] originalSig = signECDSA(kp.getPrivate(), message); + // Tamper with the signature by flipping one bit. + byte[] tamperedSig = originalSig.clone(); + tamperedSig[0] ^= 0x01; + boolean verifiedOriginal = verifyECDSA(kp.getPublic(), message, originalSig); + boolean verifiedTampered = verifyECDSA(kp.getPublic(), message, tamperedSig); + System.out.println("Original ECDSA signature verified? " + verifiedOriginal); + System.out.println("Tampered ECDSA signature verified? " + verifiedTampered); + } + + /** + * Demonstrates dynamic signature algorithm selection. + * This is a "known unknown" scenario where the algorithm is chosen at runtime + * based on configuration. If the configuration is compromised or misconfigured, + * an insecure algorithm might be selected. + * + * CBOM/SAST Notes: + * - Known Unknown: Dynamic configuration introduces ambiguity and risk. + * - Ensure that fallback defaults are secure. + */ + public void dynamicSignatureSelectionDemo() throws Exception { + // Simulate loading a configuration. + Properties config = new Properties(); + // For demonstration, let's assume the config might specify an algorithm. + // Possible values: "SHA256withRSAandMGF1", "SHA256withECDSA", "Ed25519", + // "SHA1withRSA" + // Here we simulate an unknown or insecure algorithm being selected. + config.setProperty("signature.algorithm", "SHA1withRSA"); // Insecure choice! + String algorithm = config.getProperty("signature.algorithm", "SHA256withRSAandMGF1"); + + KeyPair kp; + Signature signature; + if ("SHA256withRSAandMGF1".equalsIgnoreCase(algorithm)) { + kp = generateRSAPSSKeyPair(); + signature = Signature.getInstance("SHA256withRSAandMGF1"); + } else if ("SHA256withECDSA".equalsIgnoreCase(algorithm)) { + kp = generateECDSAKeyPair(); + signature = Signature.getInstance("SHA256withECDSA", "BC"); + } else if ("Ed25519".equalsIgnoreCase(algorithm)) { + kp = generateEd25519KeyPair(); + signature = Signature.getInstance("Ed25519", "BC"); + } else if ("SHA1withRSA".equalsIgnoreCase(algorithm)) { + kp = generateRSAUnsafeKeyPair(); + signature = Signature.getInstance("SHA1withRSA"); + } else { + // Fallback to a secure default. + kp = generateRSAPSSKeyPair(); + signature = Signature.getInstance("SHA256withRSAandMGF1"); + } + + byte[] message = "Dynamic Signature Demo".getBytes(); + signature.initSign(kp.getPrivate()); + signature.update(message); + byte[] sigBytes = signature.sign(); + // Verify using the same algorithm. + signature.initVerify(kp.getPublic()); + signature.update(message); + boolean verified = signature.verify(sigBytes); + System.out.println("Dynamic algorithm (" + algorithm + ") signature verified? " + verified); + } + + /////////////////////////////////////// + // Demo Method: runSignatureDemos + /////////////////////////////////////// + + /** + * Demonstrates digital signature operations for various algorithms. + * It generates key pairs, signs a message, and verifies the signature for: + * - RSA-PSS + * - ECDSA (secp256r1) + * - Ed25519 + * - SHA1withRSA (deprecated/unsafe) + * Additionally, it runs several edge-case demos. + * + * CBOM/SAST Classification: + * - Shows both modern, secure signature schemes and a deprecated example. + * - Also demonstrates handling of edge cases and dynamic selection risks. + */ + public void runSignatureDemos() throws Exception { + byte[] message = "Hello Signature World!".getBytes(); + + // ============ RSA-PSS ============ + KeyPair rsaPssKP = generateRSAPSSKeyPair(); + byte[] rsaPssSig = signRSAPSS(rsaPssKP.getPrivate(), message); + System.out.println("RSA-PSS Signature: " + Base64.getEncoder().encodeToString(rsaPssSig)); + boolean rsaPssVerified = verifyRSAPSS(rsaPssKP.getPublic(), message, rsaPssSig); + System.out.println("RSA-PSS Verified? " + rsaPssVerified); + + // ============ ECDSA (secp256r1) ============ + KeyPair ecdsaKP = generateECDSAKeyPair(); + byte[] ecdsaSig = signECDSA(ecdsaKP.getPrivate(), message); + System.out.println("ECDSA Signature: " + Base64.getEncoder().encodeToString(ecdsaSig)); + boolean ecdsaVerified = verifyECDSA(ecdsaKP.getPublic(), message, ecdsaSig); + System.out.println("ECDSA Verified? " + ecdsaVerified); + + // ============ Ed25519 ============ + KeyPair ed25519KP = generateEd25519KeyPair(); + byte[] ed25519Sig = signEd25519(ed25519KP.getPrivate(), message); + System.out.println("Ed25519 Signature: " + Base64.getEncoder().encodeToString(ed25519Sig)); + boolean ed25519Verified = verifyEd25519(ed25519KP.getPublic(), message, ed25519Sig); + System.out.println("Ed25519 Verified? " + ed25519Verified); + + // ============ SHA1withRSA (Deprecated/Unsafe) ============ + KeyPair rsaUnsafeKP = generateRSAUnsafeKeyPair(); + byte[] rsaUnsafeSig = signSHA1withRSA(rsaUnsafeKP.getPrivate(), message); + System.out.println("SHA1withRSA Signature (Insecure): " + Base64.getEncoder().encodeToString(rsaUnsafeSig)); + boolean rsaUnsafeVerified = verifySHA1withRSA(rsaUnsafeKP.getPublic(), message, rsaUnsafeSig); + System.out.println("SHA1withRSA Verified? " + rsaUnsafeVerified); + + // ============ Edge Cases ============ + signAndVerifyEmptyMessage(); + signAndVerifyNonAsciiMessage(); + tamperSignatureEdgeCase(); + dynamicSignatureSelectionDemo(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java new file mode 100644 index 000000000000..9624ac2c32a4 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java @@ -0,0 +1,364 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; + +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; + +/** + * SymmetricAlgorithmTest demonstrates various symmetric encryption flows and + * key derivation + * scenarios that can be analyzed by SAST tools. + * + * It includes: + * 1) AES-GCM encryption with random nonce (secure). + * 2) AES-GCM encryption with fixed nonce (insecure). + * 3) AES-CBC encryption with random IV (secure). + * 4) AES-ECB encryption (insecure). + * 5) RC4 encryption (insecure). + * 6) DES and TripleDES encryption (insecure/weak). + * 7) ChaCha20 encryption (secure, if available). + * 8) KMAC-based key derivation used to derive a key for AES encryption. + * 9) Dynamic symmetric encryption selection based on configuration. + * 10) Further use: deriving two keys from symmetric key material via PBKDF2. + * + * SAST/CBOM notes: + * - Nonce/IV reuse (e.g., fixed nonce) must be flagged. + * - Insecure algorithms (RC4, DES, TripleDES, AES/ECB) are marked as unsafe. + * - Dynamic selection may lead to insecure fallback if misconfigured. + */ +public class SymmetricAlgorithm { + + // static { + // Security.addProvider(new BouncyCastleProvider()); + // } + + // ---------- Secure Symmetric Encryption Flows ---------- + + /** + * AES-GCM encryption using a 12-byte random nonce. + * SAST: AES-GCM is secure when a unique nonce is used per encryption. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesGcmEncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Recommended 12-byte nonce for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-GCM encryption using a fixed (constant) nonce. + * SAST: Fixed nonce reuse in AES-GCM is insecure as it destroys + * confidentiality. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The fixed IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesGcmEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; // Fixed IV (all zeros by default) – insecure. + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, key, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-CBC encryption using a random IV. + * SAST: AES-CBC is secure if IVs are random and not reused. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesCbcEncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); + byte[] iv = new byte[16]; // 16-byte IV for AES block size. + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * AES-ECB encryption. + * SAST: ECB mode is insecure as it does not use an IV, revealing data patterns. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] aesEcbEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding"); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(plaintext); + } + + // ---------- Other Symmetric Algorithms ---------- + + /** + * RC4 encryption. + * SAST: RC4 is deprecated due to vulnerabilities. + * + * @param key The RC4 key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] rc4EncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("RC4"); + cipher.init(Cipher.ENCRYPT_MODE, key); + return cipher.doFinal(plaintext); + } + + /** + * DES encryption. + * SAST: DES is insecure due to its 56-bit effective key size. + * + * @param key The DES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] desEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("DES/CBC/PKCS5Padding"); + byte[] iv = new byte[8]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * TripleDES (DESede) encryption. + * SAST: TripleDES is weak by modern standards and is deprecated. + * + * @param key The TripleDES key. + * @param plaintext The plaintext to encrypt. + * @return The IV prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] tripleDesEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("DESede/CBC/PKCS5Padding"); + byte[] iv = new byte[8]; + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + /** + * ChaCha20 encryption. + * SAST: ChaCha20 is considered secure and is a modern alternative to AES. + * + * @param key The ChaCha20 key. + * @param plaintext The plaintext to encrypt. + * @return The nonce prepended to the ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] chacha20EncryptSafe(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("ChaCha20", "BC"); + byte[] nonce = new byte[12]; // ChaCha20 typically uses a 12-byte nonce. + new SecureRandom().nextBytes(nonce); + // ChaCha20 may require an IvParameterSpec for the nonce. + cipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(nonce)); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[nonce.length + ciphertext.length]; + System.arraycopy(nonce, 0, output, 0, nonce.length); + System.arraycopy(ciphertext, 0, output, nonce.length, ciphertext.length); + return output; + } + + /** + * KMAC-based flow: Uses KMAC128 to derive key material for AES encryption. + * SAST: KMAC128 is secure as part of the SHA-3 family when used correctly. + * + * @param key The KMAC key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (with IV) resulting from encryption with a derived + * key. + * @throws Exception if encryption fails. + */ + public byte[] kmacEncryptFlow(SecretKey key, byte[] plaintext) throws Exception { + Mac kmac = Mac.getInstance("KMAC128", "BC"); + kmac.init(key); + byte[] kmacOutput = kmac.doFinal(plaintext); + // Use the first 16 bytes of KMAC output as an AES key. + SecretKey derivedKey = new SecretKeySpec(kmacOutput, 0, 16, "AES"); + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + GCMParameterSpec spec = new GCMParameterSpec(128, iv); + cipher.init(Cipher.ENCRYPT_MODE, derivedKey, spec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return output; + } + + // ---------- Dynamic Algorithm Selection ---------- + + /** + * Dynamically selects a symmetric encryption algorithm based on a configuration + * property. + * If the algorithm is unknown or ambiguous, falls back to an insecure default + * (AES/ECB). + * + * SAST: Dynamic selection introduces a known unknown risk. + * + * @param algorithm The algorithm name from configuration. + * @param key The symmetric key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext. + * @throws Exception if encryption fails. + */ + public byte[] dynamicSymmetricEncryption(String algorithm, SecretKey key, byte[] plaintext) throws Exception { + if ("AES/GCM/NoPadding".equalsIgnoreCase(algorithm)) { + return aesGcmEncryptSafe(key, plaintext); + } else if ("AES/CBC/PKCS5Padding".equalsIgnoreCase(algorithm)) { + return aesCbcEncryptSafe(key, plaintext); + } else if ("AES/ECB/PKCS5Padding".equalsIgnoreCase(algorithm)) { + return aesEcbEncryptUnsafe(key, plaintext); + } else if ("RC4".equalsIgnoreCase(algorithm)) { + return rc4EncryptUnsafe(key, plaintext); + } else if ("ChaCha20".equalsIgnoreCase(algorithm)) { + return chacha20EncryptSafe(key, plaintext); + } else { + // Unknown algorithm: fallback to insecure AES/ECB. + return aesEcbEncryptUnsafe(key, plaintext); + } + } + + // ---------- Further Use of Symmetric Keys ---------- + + /** + * Derives a key from an input key by simple truncation. + * SAST: This approach is ambiguous; a proper KDF should be used. + * + * @param key The input symmetric key. + * @return A derived 128-bit key. + */ + public byte[] deriveKeyFromKey(SecretKey key) { + byte[] keyBytes = key.getEncoded(); + return Arrays.copyOf(keyBytes, 16); + } + + /** + * Further use: Derives two separate keys from a symmetric key using PBKDF2, + * then uses one key for encryption and one for MACing ciphertext. + * SAST: This key-splitting approach is acceptable if PBKDF2 is used securely. + * + * @param key The input key material. + * @param plaintext The plaintext to encrypt. + * @return The concatenated ciphertext and its MAC. + * @throws Exception if key derivation or encryption fails. + */ + public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plaintext) throws Exception { + String keyAsString = Base64.getEncoder().encodeToString(key.getEncoded()); + byte[] salt = generateSalt(16); + PBEKeySpec spec = new PBEKeySpec(keyAsString.toCharArray(), salt, 10000, 256); + SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); + byte[] derived = factory.generateSecret(spec).getEncoded(); + byte[] encKeyBytes = Arrays.copyOfRange(derived, 0, 16); + byte[] macKeyBytes = Arrays.copyOfRange(derived, 16, 32); + SecretKey encKey = new SecretKeySpec(encKeyBytes, "AES"); + SecretKey derivedMacKey = new SecretKeySpec(macKeyBytes, "HmacSHA256"); + + Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); + byte[] iv = new byte[12]; + new SecureRandom().nextBytes(iv); + cipher.init(Cipher.ENCRYPT_MODE, encKey, new GCMParameterSpec(128, iv)); + byte[] ciphertext = cipher.doFinal(plaintext); + + Mac mac = Mac.getInstance("HmacSHA256"); + mac.init(derivedMacKey); + byte[] computedMac = mac.doFinal(ciphertext); + + byte[] output = new byte[ciphertext.length + computedMac.length]; + System.arraycopy(ciphertext, 0, output, 0, ciphertext.length); + System.arraycopy(computedMac, 0, output, ciphertext.length, computedMac.length); + storeEncryptedOutput(output); + return output; + } + + /** + * Stores the encrypted output. + * SAST: In production, secure storage/transmission is required. + * + * @param output The output to store. + */ + public void storeEncryptedOutput(byte[] output) { + String stored = Base64.getEncoder().encodeToString(output); + } + + // ---------- Helper Methods ---------- + + /** + * Generates a secure 256-bit AES key. + * SAST: Uses a strong RNG for key generation. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256); + return kg.generateKey(); + } + + /** + * Generates a random salt of the specified length using SecureRandom. + * SAST: Salting is essential for secure key derivation. + * + * @param length The salt length. + * @return A byte array representing the salt. + */ + private byte[] generateSalt(int length) { + byte[] salt = new byte[length]; + new SecureRandom().nextBytes(salt); + return salt; + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java new file mode 100644 index 000000000000..4ea75ab8d8c2 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java @@ -0,0 +1,144 @@ +package com.example.crypto.algorithms; + +//import org.bouncycastle.jce.provider.BouncyCastleProvider; + +import java.security.*; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import java.security.SecureRandom; +import java.util.Base64; + +/** + * SymmetricModesTest demonstrates the use of advanced cipher modes for + * symmetric encryption: + * + * 1. AES/KWP/NoPadding: Uses AES Key Wrap with Padding (KWP) to securely wrap + * (encrypt) a key. + * - Secure usage: Uses a randomly generated wrapping key. + * + * 2. AES/OFB8/NoPadding: Uses AES in Output Feedback mode with an 8-bit + * feedback size. + * - Secure usage: Uses a random IV for each encryption. + * - Insecure usage: Using a fixed IV (or nonce) in OFB mode compromises + * confidentiality. + * + * In production, algorithm parameters (such as mode, padding, and IV + * generation) should be + * externalized via configuration files to support crypto agility. + */ +public class SymmetricModesTest { + + // static { + // // Register BouncyCastle provider for additional cipher modes. + // Security.addProvider(new BouncyCastleProvider()); + // } + + // --------------------------- + // AES/KWP/NoPadding Example + // --------------------------- + + /** + * Securely wraps a target AES key using AES/KWP/NoPadding. + * + * Best Practice: + * - The wrapping key must be generated randomly. + * - AES/KWP provides key wrapping with padding, suitable for keys whose lengths + * are not multiples of the block size. + * + * @return The Base64-encoded wrapped key. + * @throws Exception if an error occurs during key wrapping. + */ + public String secureAESKWPWrap() throws Exception { + // Generate a random wrapping key (256-bit) for key wrapping. + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + SecretKey wrappingKey = kg.generateKey(); + + // Generate a target AES key to be wrapped (128-bit). + kg.init(128, new SecureRandom()); + SecretKey targetKey = kg.generateKey(); + + // Use AES/KWP (Key Wrap with Padding) to wrap the target key. + Cipher cipher = Cipher.getInstance("AES/KWP/NoPadding", "BC"); + cipher.init(Cipher.WRAP_MODE, wrappingKey); + byte[] wrappedKey = cipher.wrap(targetKey); + + return Base64.getEncoder().encodeToString(wrappedKey); + } + + // --------------------------- + // AES/OFB8/NoPadding Examples + // --------------------------- + + /** + * Securely encrypts plaintext using AES in OFB mode with an 8-bit feedback size + * (AES/OFB8/NoPadding). + * + * Best Practice: + * - Use a fresh, random IV for each encryption operation. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (Base64-encoded) with the IV prepended. + * @throws Exception if encryption fails. + */ + public String secureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/OFB8/NoPadding", "BC"); + byte[] iv = new byte[16]; // IV size for AES block cipher (128-bit) even if feedback is 8-bit. + new SecureRandom().nextBytes(iv); + IvParameterSpec ivSpec = new IvParameterSpec(iv); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + // Prepend IV to ciphertext (as is common practice) + byte[] output = new byte[iv.length + ciphertext.length]; + System.arraycopy(iv, 0, output, 0, iv.length); + System.arraycopy(ciphertext, 0, output, iv.length, ciphertext.length); + return Base64.getEncoder().encodeToString(output); + } + + /** + * Insecurely encrypts plaintext using AES in OFB mode with an 8-bit feedback + * size (AES/OFB8/NoPadding) + * by using a fixed IV. + * + * Best Practice Violation: + * - Using a fixed IV (or nonce) with any encryption mode (including OFB) + * compromises the cipher's security. + * + * @param key The AES key. + * @param plaintext The plaintext to encrypt. + * @return The ciphertext (Base64-encoded) with the fixed IV prepended. + * @throws Exception if encryption fails. + */ + public String insecureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws Exception { + Cipher cipher = Cipher.getInstance("AES/OFB8/NoPadding", "BC"); + // Fixed IV: Insecure because it causes nonce/IV reuse. + byte[] fixedIV = new byte[16]; // All zeros. + IvParameterSpec ivSpec = new IvParameterSpec(fixedIV); + cipher.init(Cipher.ENCRYPT_MODE, key, ivSpec); + byte[] ciphertext = cipher.doFinal(plaintext); + byte[] output = new byte[fixedIV.length + ciphertext.length]; + System.arraycopy(fixedIV, 0, output, 0, fixedIV.length); + System.arraycopy(ciphertext, 0, output, fixedIV.length, ciphertext.length); + return Base64.getEncoder().encodeToString(output); + } + + // --------------------------- + // Helper Methods + // --------------------------- + + /** + * Generates a secure 256-bit AES key. + * + * @return A new AES SecretKey. + * @throws Exception if key generation fails. + */ + public SecretKey generateAESKey() throws Exception { + KeyGenerator kg = KeyGenerator.getInstance("AES"); + kg.init(256, new SecureRandom()); + return kg.generateKey(); + } +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java new file mode 100644 index 000000000000..74b5b3b6184d --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java @@ -0,0 +1,48 @@ +package com.example.crypto.algorithms; + +// import org.bouncycastle.jce.provider.BouncyCastleProvider; +import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.crypto.spec.GCMParameterSpec; +import java.security.*; +import java.util.Base64; +import java.util.Random; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.nio.file.Files; +import java.io.IOException; + +public class UniversalFlowTest { + public void simpleAESEncryption() throws Exception { + String algorithm = "AES"; + String otherAlgorithm = loadAlgorithmFromDisk(); + + // Randomly select between the known algorithm and the one loaded from disk + String selectedAlgorithm = (new Random().nextInt(2) == 0) ? algorithm : otherAlgorithm; + + KeyGenerator keyGen = KeyGenerator.getInstance(selectedAlgorithm); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + String algorithm2 = "AES/GCM/NoPadding"; + Cipher cipher = Cipher.getInstance(algorithm2); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); +} + +// Method to load algorithm from disk +private String loadAlgorithmFromDisk() { + try { + // Implementation to load algorithm name from a file + Path path = Paths.get("algorithm.txt"); + return Files.readString(path).trim(); + } catch (IOException e) { + // Fallback to default algorithm if loading fails + System.err.println("Failed to load algorithm from disk: " + e.getMessage()); + return "AES"; + } +} +} \ No newline at end of file diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected new file mode 100644 index 000000000000..d17fd3500f7b --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -0,0 +1,1705 @@ +| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | +| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | Source | jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:76:29:76:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | Source | jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | +| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | Source | jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:99:29:99:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | Source | jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | +| jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | +| jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | Source | jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | +| jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | +| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | Source | jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | Source | jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | +| jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | +| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | Source | jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | Source | jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | Source | jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | +| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:162:29:162:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | +| jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | +| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | Source | jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | Source | jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | Source | jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | +| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:190:29:190:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | PeerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | ServerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Digest | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | MD | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | MGF1Hash | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | Source | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | +| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | Source | jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | Source | jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:29:44:29:52 | Message | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:28:42:28:44 | Key | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:29:29:29:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:29:44:29:52 | Message | Source | jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | Source | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | +| jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | Source | jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:40:31:40:40 | Message | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:39:42:39:44 | Key | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:40:16:40:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:40:31:40:40 | Message | Source | jca/ChainedEncryptionTest.java:40:31:40:40 | Message | +| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | Source | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | +| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | Source | jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | Source | jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:49:44:49:52 | Message | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:48:42:48:44 | Key | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:49:29:49:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:49:44:49:52 | Message | Source | jca/ChainedEncryptionTest.java:49:44:49:52 | Message | +| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | Source | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | +| jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | Source | jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:59:31:59:40 | Message | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:58:42:58:44 | Key | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:59:16:59:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:59:31:59:40 | Message | Source | jca/ChainedEncryptionTest.java:59:31:59:40 | Message | +| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:86:30:86:49 | Key | +| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:90:30:90:52 | Key | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | Source | jca/ChainedEncryptionTest.java:86:30:86:49 | Key | +| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | Source | jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | Source | jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:98:52:98:61 | Message | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:97:45:97:52 | Key | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:98:52:98:61 | Message | Source | jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | +| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | Source | jca/ChainedEncryptionTest.java:90:30:90:52 | Key | +| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | Source | jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | Source | jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:105:55:105:69 | Message | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:104:48:104:55 | Key | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:55:105:69 | Message | Source | jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | Source | jca/ChainedEncryptionTest.java:109:45:109:52 | Key | +| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | Source | jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | Source | jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:61:110:75 | Message | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:109:45:109:52 | Key | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:61:110:75 | Message | Source | jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | Source | jca/ChainedEncryptionTest.java:114:42:114:49 | Key | +| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | Source | jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | Source | jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:115:52:115:75 | Message | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:114:42:114:49 | Key | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:115:37:115:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:115:52:115:75 | Message | Source | jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | +| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | +| jca/Digest.java:56:23:56:66 | Digest | Source | jca/Digest.java:56:23:56:66 | Digest | +| jca/Digest.java:56:23:56:66 | HashOperation | Algorithm | jca/Digest.java:55:58:55:66 | HashAlgorithm | +| jca/Digest.java:56:23:56:66 | HashOperation | Digest | jca/Digest.java:56:23:56:66 | Digest | +| jca/Digest.java:56:23:56:66 | HashOperation | Message | jca/Digest.java:56:37:56:65 | Message | +| jca/Digest.java:56:37:56:65 | Message | Source | jca/Digest.java:56:37:56:54 | Constant | +| jca/Digest.java:66:23:66:70 | Digest | Source | jca/Digest.java:66:23:66:70 | Digest | +| jca/Digest.java:66:23:66:70 | HashOperation | Algorithm | jca/Digest.java:65:61:65:65 | HashAlgorithm | +| jca/Digest.java:66:23:66:70 | HashOperation | Digest | jca/Digest.java:66:23:66:70 | Digest | +| jca/Digest.java:66:23:66:70 | HashOperation | Message | jca/Digest.java:66:40:66:69 | Message | +| jca/Digest.java:66:40:66:69 | Message | Source | jca/Digest.java:66:40:66:58 | Constant | +| jca/Digest.java:76:23:76:62 | Digest | Source | jca/Digest.java:76:23:76:62 | Digest | +| jca/Digest.java:76:23:76:62 | HashOperation | Algorithm | jca/Digest.java:75:64:75:72 | HashAlgorithm | +| jca/Digest.java:76:23:76:62 | HashOperation | Digest | jca/Digest.java:76:23:76:62 | Digest | +| jca/Digest.java:76:23:76:62 | HashOperation | Message | jca/Digest.java:76:43:76:61 | Message | +| jca/Digest.java:76:43:76:61 | Message | Source | jca/Digest.java:74:49:74:63 | Parameter | +| jca/Digest.java:87:23:87:26 | Message | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | +| jca/Digest.java:87:23:87:26 | Message | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | +| jca/Digest.java:88:23:88:56 | Digest | Source | jca/Digest.java:88:23:88:56 | Digest | +| jca/Digest.java:88:23:88:56 | HashOperation | Algorithm | jca/Digest.java:86:58:86:66 | HashAlgorithm | +| jca/Digest.java:88:23:88:56 | HashOperation | Digest | jca/Digest.java:88:23:88:56 | Digest | +| jca/Digest.java:88:23:88:56 | HashOperation | Message | jca/Digest.java:87:23:87:26 | Message | +| jca/Digest.java:88:23:88:56 | HashOperation | Message | jca/Digest.java:88:37:88:55 | Message | +| jca/Digest.java:88:37:88:55 | Message | Source | jca/Digest.java:84:37:84:51 | Parameter | +| jca/Digest.java:98:42:98:63 | Message | Source | jca/Digest.java:96:37:96:51 | Parameter | +| jca/Digest.java:98:66:98:69 | Salt | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | +| jca/Digest.java:98:66:98:69 | Salt | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | +| jca/Digest.java:99:65:99:86 | HMACAlgorithm | H | jca/Digest.java:99:65:99:86 | HashAlgorithm | +| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:99:65:99:86 | HMACAlgorithm | +| jca/Digest.java:100:23:100:50 | KeyDerivation | Algorithm | jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | +| jca/Digest.java:100:23:100:50 | KeyDerivation | Input | jca/Digest.java:98:42:98:63 | Message | +| jca/Digest.java:100:23:100:50 | KeyDerivation | Output | jca/Digest.java:100:23:100:50 | Key | +| jca/Digest.java:100:23:100:50 | KeyDerivation | Salt | jca/Digest.java:98:66:98:69 | Salt | +| jca/Digest.java:110:23:110:57 | Digest | Source | jca/Digest.java:110:23:110:57 | Digest | +| jca/Digest.java:110:23:110:57 | HashOperation | Algorithm | jca/Digest.java:109:62:109:68 | HashAlgorithm | +| jca/Digest.java:110:23:110:57 | HashOperation | Digest | jca/Digest.java:110:23:110:57 | Digest | +| jca/Digest.java:110:23:110:57 | HashOperation | Message | jca/Digest.java:110:41:110:56 | Message | +| jca/Digest.java:110:41:110:56 | Message | Source | jca/Digest.java:108:40:108:51 | Parameter | +| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | +| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | +| jca/Digest.java:121:19:121:27 | Key | Source | jca/Digest.java:118:49:118:58 | Parameter | +| jca/Digest.java:122:23:122:52 | MACOperation | Algorithm | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | +| jca/Digest.java:122:23:122:52 | MACOperation | HashAlgorithm | jca/Digest.java:122:23:122:52 | MACOperation | +| jca/Digest.java:122:23:122:52 | MACOperation | Input | jca/Digest.java:122:36:122:51 | Message | +| jca/Digest.java:122:23:122:52 | MACOperation | Key | jca/Digest.java:121:19:121:27 | Key | +| jca/Digest.java:122:23:122:52 | MACOperation | Message | jca/Digest.java:122:36:122:51 | Message | +| jca/Digest.java:122:23:122:52 | MACOperation | Nonce | jca/Digest.java:122:23:122:52 | MACOperation | +| jca/Digest.java:122:23:122:52 | MACOperation | Output | jca/Digest.java:122:23:122:52 | KeyOperationOutput | +| jca/Digest.java:122:36:122:51 | Message | Source | jca/Digest.java:118:35:118:46 | Parameter | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:141:44:141:62 | ModeOfOperation | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:141:44:141:62 | PaddingAlgorithm | +| jca/Digest.java:142:42:142:44 | Key | Source | jca/Digest.java:142:42:142:44 | Key | +| jca/Digest.java:143:32:143:74 | EncryptOperation | Algorithm | jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | +| jca/Digest.java:143:32:143:74 | EncryptOperation | Input | jca/Digest.java:143:47:143:73 | Message | +| jca/Digest.java:143:32:143:74 | EncryptOperation | Key | jca/Digest.java:142:42:142:44 | Key | +| jca/Digest.java:143:32:143:74 | EncryptOperation | Nonce | jca/Digest.java:143:32:143:74 | EncryptOperation | +| jca/Digest.java:143:32:143:74 | EncryptOperation | Output | jca/Digest.java:143:32:143:74 | KeyOperationOutput | +| jca/Digest.java:143:47:143:73 | Message | Source | jca/Digest.java:143:47:143:62 | Constant | +| jca/Digest.java:177:42:177:71 | Message | Source | jca/Digest.java:172:50:172:62 | Parameter | +| jca/Digest.java:177:74:177:77 | Salt | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | +| jca/Digest.java:177:74:177:77 | Salt | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | +| jca/Digest.java:178:65:178:86 | HMACAlgorithm | H | jca/Digest.java:178:65:178:86 | HashAlgorithm | +| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:178:65:178:86 | HMACAlgorithm | +| jca/Digest.java:179:30:179:57 | KeyDerivation | Algorithm | jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | +| jca/Digest.java:179:30:179:57 | KeyDerivation | Input | jca/Digest.java:177:42:177:71 | Message | +| jca/Digest.java:179:30:179:57 | KeyDerivation | Output | jca/Digest.java:179:30:179:57 | Key | +| jca/Digest.java:179:30:179:57 | KeyDerivation | Salt | jca/Digest.java:177:74:177:77 | Salt | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:187:44:187:62 | ModeOfOperation | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:187:44:187:62 | PaddingAlgorithm | +| jca/Digest.java:188:42:188:54 | Key | Source | jca/Digest.java:188:42:188:54 | Key | +| jca/Digest.java:189:29:189:78 | EncryptOperation | Algorithm | jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | +| jca/Digest.java:189:29:189:78 | EncryptOperation | Input | jca/Digest.java:189:44:189:77 | Message | +| jca/Digest.java:189:29:189:78 | EncryptOperation | Key | jca/Digest.java:188:42:188:54 | Key | +| jca/Digest.java:189:29:189:78 | EncryptOperation | Nonce | jca/Digest.java:189:29:189:78 | EncryptOperation | +| jca/Digest.java:189:29:189:78 | EncryptOperation | Output | jca/Digest.java:189:29:189:78 | KeyOperationOutput | +| jca/Digest.java:189:44:189:77 | Message | Source | jca/Digest.java:189:44:189:66 | Constant | +| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | +| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | +| jca/Digest.java:193:18:193:23 | Key | Source | jca/Digest.java:193:18:193:23 | Key | +| jca/Digest.java:194:30:194:52 | MACOperation | Algorithm | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | +| jca/Digest.java:194:30:194:52 | MACOperation | HashAlgorithm | jca/Digest.java:194:30:194:52 | MACOperation | +| jca/Digest.java:194:30:194:52 | MACOperation | Input | jca/Digest.java:194:42:194:51 | Message | +| jca/Digest.java:194:30:194:52 | MACOperation | Key | jca/Digest.java:193:18:193:23 | Key | +| jca/Digest.java:194:30:194:52 | MACOperation | Message | jca/Digest.java:194:42:194:51 | Message | +| jca/Digest.java:194:30:194:52 | MACOperation | Nonce | jca/Digest.java:194:30:194:52 | MACOperation | +| jca/Digest.java:194:30:194:52 | MACOperation | Output | jca/Digest.java:194:30:194:52 | KeyOperationOutput | +| jca/Digest.java:194:42:194:51 | Message | Source | jca/Digest.java:189:29:189:78 | KeyOperationOutput | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:211:44:211:62 | ModeOfOperation | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:211:44:211:62 | PaddingAlgorithm | +| jca/Digest.java:213:42:213:44 | Key | Source | jca/Digest.java:242:16:242:35 | Key | +| jca/Digest.java:214:32:214:51 | EncryptOperation | Algorithm | jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | +| jca/Digest.java:214:32:214:51 | EncryptOperation | Input | jca/Digest.java:214:47:214:50 | Message | +| jca/Digest.java:214:32:214:51 | EncryptOperation | Key | jca/Digest.java:213:42:213:44 | Key | +| jca/Digest.java:214:32:214:51 | EncryptOperation | Nonce | jca/Digest.java:214:32:214:51 | EncryptOperation | +| jca/Digest.java:214:32:214:51 | EncryptOperation | Output | jca/Digest.java:214:32:214:51 | KeyOperationOutput | +| jca/Digest.java:214:47:214:50 | Message | Source | jca/Digest.java:156:39:156:51 | Parameter | +| jca/Digest.java:242:16:242:35 | KeyGeneration | Algorithm | jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | +| jca/Digest.java:242:16:242:35 | KeyGeneration | Output | jca/Digest.java:242:16:242:35 | Key | +| jca/EllipticCurve1.java:48:16:48:36 | Key | Algorithm | jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | +| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | +| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | Output | jca/EllipticCurve1.java:48:16:48:36 | Key | +| jca/EllipticCurve1.java:58:16:58:36 | Key | Algorithm | jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | +| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | +| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | Output | jca/EllipticCurve1.java:58:16:58:36 | Key | +| jca/EllipticCurve1.java:68:16:68:36 | Key | Algorithm | jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | +| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | +| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | Output | jca/EllipticCurve1.java:68:16:68:36 | Key | +| jca/EllipticCurve1.java:77:16:77:36 | Key | Algorithm | jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | Output | jca/EllipticCurve1.java:77:16:77:36 | Key | +| jca/EllipticCurve1.java:85:16:85:36 | Key | Algorithm | jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | Output | jca/EllipticCurve1.java:85:16:85:36 | Key | +| jca/EllipticCurve1.java:96:16:96:36 | Key | Algorithm | jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | +| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | +| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | Output | jca/EllipticCurve1.java:96:16:96:36 | Key | +| jca/EllipticCurve1.java:107:16:107:36 | Key | Algorithm | jca/EllipticCurve1.java:106:66:106:76 | Constant | +| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:106:66:106:76 | Constant | +| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | Output | jca/EllipticCurve1.java:107:16:107:36 | Key | +| jca/EllipticCurve1.java:116:16:116:36 | Key | Algorithm | jca/EllipticCurve1.java:115:61:115:69 | Constant | +| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:115:61:115:69 | Constant | +| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | Output | jca/EllipticCurve1.java:116:16:116:36 | Key | +| jca/EllipticCurve2.java:56:16:56:36 | Key | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Output | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:65:16:65:36 | Key | Algorithm | jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Output | jca/EllipticCurve2.java:65:16:65:36 | Key | +| jca/EllipticCurve2.java:74:16:74:36 | Key | Algorithm | jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | +| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | +| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | Output | jca/EllipticCurve2.java:74:16:74:36 | Key | +| jca/EllipticCurve2.java:82:16:82:36 | Key | Algorithm | jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | Output | jca/EllipticCurve2.java:82:16:82:36 | Key | +| jca/EllipticCurve2.java:90:16:90:36 | Key | Algorithm | jca/EllipticCurve2.java:89:61:89:69 | Constant | +| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:89:61:89:69 | Constant | +| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | Output | jca/EllipticCurve2.java:90:16:90:36 | Key | +| jca/EllipticCurve2.java:116:17:116:36 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:117:20:117:36 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | +| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:117:20:117:36 | Key | +| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:116:17:116:36 | Key | +| jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | Source | jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | +| jca/EllipticCurve2.java:130:17:130:37 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:131:20:131:39 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | +| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:131:20:131:39 | Key | +| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:130:17:130:37 | Key | +| jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | Source | jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | +| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:149:28:149:42 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:150:26:150:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Input | jca/EllipticCurve2.java:150:26:150:32 | Message | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Key | jca/EllipticCurve2.java:149:28:149:42 | Key | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Output | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | +| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:164:30:164:43 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:165:26:165:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Input | jca/EllipticCurve2.java:165:26:165:32 | Message | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Key | jca/EllipticCurve2.java:164:30:164:43 | Key | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | +| jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | Source | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | +| jca/EllipticCurve2.java:179:28:179:42 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | +| jca/EllipticCurve2.java:180:26:180:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | Constant | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Input | jca/EllipticCurve2.java:180:26:180:32 | Message | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Key | jca/EllipticCurve2.java:179:28:179:42 | Key | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Output | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | +| jca/EllipticCurve2.java:194:30:194:43 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | +| jca/EllipticCurve2.java:195:26:195:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | Constant | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Input | jca/EllipticCurve2.java:195:26:195:32 | Message | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Key | jca/EllipticCurve2.java:194:30:194:43 | Key | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | +| jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | Source | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | +| jca/EllipticCurve2.java:222:17:222:37 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:223:20:223:41 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | +| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:223:20:223:41 | Key | +| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:222:17:222:37 | Key | +| jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | Source | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | +| jca/EllipticCurve2.java:229:29:229:55 | Digest | Source | jca/EllipticCurve2.java:229:29:229:55 | Digest | +| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Algorithm | jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | +| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Digest | jca/EllipticCurve2.java:229:29:229:55 | Digest | +| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Message | jca/EllipticCurve2.java:229:43:229:54 | Message | +| jca/EllipticCurve2.java:229:43:229:54 | Message | Source | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:238:42:238:47 | Key | Source | jca/EllipticCurve2.java:238:42:238:47 | Key | +| jca/EllipticCurve2.java:238:50:238:53 | Nonce | Source | jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:238:50:238:53 | Nonce | Source | jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Input | jca/EllipticCurve2.java:239:44:239:52 | Message | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Key | jca/EllipticCurve2.java:238:42:238:47 | Key | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Nonce | jca/EllipticCurve2.java:238:50:238:53 | Nonce | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Output | jca/EllipticCurve2.java:239:29:239:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:239:44:239:52 | Message | Source | jca/EllipticCurve2.java:274:62:274:83 | Constant | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | Algorithm | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | Output | jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | +| jca/Encryption1.java:67:42:67:44 | Key | Source | jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | +| jca/Encryption1.java:67:47:67:53 | Nonce | Source | jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Algorithm | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Input | jca/Encryption1.java:68:47:68:73 | Message | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Key | jca/Encryption1.java:67:42:67:44 | Key | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Nonce | jca/Encryption1.java:67:47:67:53 | Nonce | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | Output | jca/Encryption1.java:68:32:68:74 | KeyOperationOutput | +| jca/Encryption1.java:68:47:68:73 | Message | Source | jca/Encryption1.java:68:47:68:62 | Constant | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | Algorithm | jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | Output | jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:88:44:88:62 | ModeOfOperation | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | +| jca/Encryption1.java:89:42:89:44 | Key | Source | jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Algorithm | jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Input | jca/Encryption1.java:90:47:90:73 | Message | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Key | jca/Encryption1.java:89:42:89:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Nonce | jca/Encryption1.java:90:32:90:74 | EncryptOperation | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | Output | jca/Encryption1.java:90:32:90:74 | KeyOperationOutput | +| jca/Encryption1.java:90:47:90:73 | Message | Source | jca/Encryption1.java:90:47:90:62 | Constant | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:105:44:105:82 | ModeOfOperation | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | MD | jca/Encryption1.java:105:44:105:82 | HashAlgorithm | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:106:42:106:50 | Key | Source | jca/Encryption1.java:104:35:104:53 | Parameter | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Algorithm | jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Input | jca/Encryption1.java:107:47:107:61 | Message | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Key | jca/Encryption1.java:106:42:106:50 | Key | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Nonce | jca/Encryption1.java:107:32:107:62 | EncryptOperation | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | Output | jca/Encryption1.java:107:32:107:62 | KeyOperationOutput | +| jca/Encryption1.java:107:47:107:61 | Message | Source | jca/Encryption1.java:104:56:104:66 | Parameter | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:120:44:120:82 | ModeOfOperation | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | MD | jca/Encryption1.java:120:44:120:82 | HashAlgorithm | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:121:42:121:51 | Key | Source | jca/Encryption1.java:119:35:119:55 | Parameter | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Algorithm | jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Input | jca/Encryption1.java:122:47:122:59 | Message | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Key | jca/Encryption1.java:121:42:121:51 | Key | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Nonce | jca/Encryption1.java:122:32:122:60 | DecryptOperation | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | Output | jca/Encryption1.java:122:32:122:60 | KeyOperationOutput | +| jca/Encryption1.java:122:47:122:59 | Message | Source | jca/Encryption1.java:119:58:119:77 | Parameter | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | Algorithm | jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | Output | jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:141:47:141:85 | ModeOfOperation | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | MD | jca/Encryption1.java:141:47:141:85 | HashAlgorithm | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:142:45:142:56 | Key | Source | jca/Encryption1.java:136:34:136:55 | Parameter | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Algorithm | jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Input | jca/Encryption1.java:143:52:143:70 | Message | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Key | jca/Encryption1.java:142:45:142:56 | Key | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Nonce | jca/Encryption1.java:143:34:143:71 | EncryptOperation | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | Output | jca/Encryption1.java:143:34:143:71 | KeyOperationOutput | +| jca/Encryption1.java:143:52:143:70 | Message | Source | jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | Algorithm | jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | Output | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:166:47:166:85 | ModeOfOperation | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | MD | jca/Encryption1.java:166:47:166:85 | HashAlgorithm | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | MGF1Hash | jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:167:45:167:56 | Key | Source | jca/Encryption1.java:159:34:159:55 | Parameter | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Algorithm | jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Input | jca/Encryption1.java:168:52:168:70 | Message | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Key | jca/Encryption1.java:167:45:167:56 | Key | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Nonce | jca/Encryption1.java:168:34:168:71 | EncryptOperation | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | Output | jca/Encryption1.java:168:34:168:71 | KeyOperationOutput | +| jca/Encryption1.java:168:52:168:70 | Message | Source | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:171:47:171:65 | ModeOfOperation | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Padding | jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | +| jca/Encryption1.java:175:45:175:50 | Key | Source | jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | +| jca/Encryption1.java:175:53:175:59 | Nonce | Source | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Algorithm | jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Input | jca/Encryption1.java:176:50:176:64 | Message | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Key | jca/Encryption1.java:175:45:175:50 | Key | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Nonce | jca/Encryption1.java:175:53:175:59 | Nonce | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | Output | jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | +| jca/Encryption1.java:176:50:176:64 | Message | Source | jca/Encryption1.java:159:58:159:68 | Parameter | +| jca/Encryption2.java:64:16:64:49 | Key | Algorithm | jca/Encryption2.java:63:60:63:70 | EllipticCurve | +| jca/Encryption2.java:64:16:64:49 | KeyGeneration | Algorithm | jca/Encryption2.java:63:60:63:70 | EllipticCurve | +| jca/Encryption2.java:64:16:64:49 | KeyGeneration | Output | jca/Encryption2.java:64:16:64:49 | Key | +| jca/Encryption2.java:81:27:81:36 | Key | Source | jca/Encryption2.java:64:16:64:49 | Key | +| jca/Encryption2.java:82:30:82:38 | Key | Source | jca/Encryption2.java:103:38:103:65 | Parameter | +| jca/Encryption2.java:82:30:82:38 | Key | Source | jca/Encryption2.java:149:45:149:65 | Parameter | +| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | Algorithm | jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | Output | jca/Encryption2.java:83:16:83:44 | SharedSecret | +| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | PeerKey | jca/Encryption2.java:82:30:82:38 | Key | +| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | ServerKey | jca/Encryption2.java:81:27:81:36 | Key | +| jca/Encryption2.java:83:16:83:44 | SharedSecret | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | +| jca/Encryption2.java:113:30:113:56 | Digest | Source | jca/Encryption2.java:113:30:113:56 | Digest | +| jca/Encryption2.java:113:30:113:56 | HashOperation | Algorithm | jca/Encryption2.java:112:58:112:66 | HashAlgorithm | +| jca/Encryption2.java:113:30:113:56 | HashOperation | Digest | jca/Encryption2.java:113:30:113:56 | Digest | +| jca/Encryption2.java:113:30:113:56 | HashOperation | Message | jca/Encryption2.java:113:44:113:55 | Message | +| jca/Encryption2.java:113:44:113:55 | Message | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:118:47:118:65 | ModeOfOperation | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | +| jca/Encryption2.java:122:45:122:50 | Key | Source | jca/Encryption2.java:122:45:122:50 | Key | +| jca/Encryption2.java:122:53:122:59 | Nonce | Source | jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | +| jca/Encryption2.java:122:53:122:59 | Nonce | Source | jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Algorithm | jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Input | jca/Encryption2.java:123:50:123:64 | Message | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Key | jca/Encryption2.java:122:45:122:50 | Key | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Nonce | jca/Encryption2.java:122:53:122:59 | Nonce | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Output | jca/Encryption2.java:123:32:123:65 | KeyOperationOutput | +| jca/Encryption2.java:123:50:123:64 | Message | Source | jca/Encryption2.java:103:68:103:78 | Parameter | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:162:47:162:65 | ModeOfOperation | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | +| jca/Encryption2.java:166:45:166:50 | Key | Source | jca/Encryption2.java:166:45:166:50 | Key | +| jca/Encryption2.java:166:53:166:59 | Nonce | Source | jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | +| jca/Encryption2.java:166:53:166:59 | Nonce | Source | jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Algorithm | jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Input | jca/Encryption2.java:167:50:167:97 | Message | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Key | jca/Encryption2.java:166:45:166:50 | Key | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Nonce | jca/Encryption2.java:166:53:166:59 | Nonce | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Output | jca/Encryption2.java:167:32:167:98 | KeyOperationOutput | +| jca/Encryption2.java:167:50:167:97 | Message | Source | jca/Encryption2.java:167:50:167:86 | Constant | +| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:194:19:194:27 | Key | Source | jca/Encryption2.java:149:68:149:88 | Parameter | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Algorithm | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:195:31:195:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:195:31:195:52 | MACOperation | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Input | jca/Encryption2.java:195:44:195:51 | Message | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Key | jca/Encryption2.java:194:19:194:27 | Key | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Message | jca/Encryption2.java:195:44:195:51 | Message | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Nonce | jca/Encryption2.java:195:31:195:52 | MACOperation | +| jca/Encryption2.java:195:31:195:52 | MACOperation | Output | jca/Encryption2.java:195:31:195:52 | KeyOperationOutput | +| jca/Encryption2.java:195:44:195:51 | Message | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | +| jca/Hash.java:88:23:88:66 | Digest | Source | jca/Hash.java:88:23:88:66 | Digest | +| jca/Hash.java:88:23:88:66 | HashOperation | Algorithm | jca/Hash.java:87:58:87:66 | HashAlgorithm | +| jca/Hash.java:88:23:88:66 | HashOperation | Digest | jca/Hash.java:88:23:88:66 | Digest | +| jca/Hash.java:88:23:88:66 | HashOperation | Message | jca/Hash.java:88:37:88:65 | Message | +| jca/Hash.java:88:37:88:65 | Message | Source | jca/Hash.java:88:37:88:54 | Constant | +| jca/Hash.java:102:23:102:70 | Digest | Source | jca/Hash.java:102:23:102:70 | Digest | +| jca/Hash.java:102:23:102:70 | HashOperation | Algorithm | jca/Hash.java:101:61:101:65 | HashAlgorithm | +| jca/Hash.java:102:23:102:70 | HashOperation | Digest | jca/Hash.java:102:23:102:70 | Digest | +| jca/Hash.java:102:23:102:70 | HashOperation | Message | jca/Hash.java:102:40:102:69 | Message | +| jca/Hash.java:102:40:102:69 | Message | Source | jca/Hash.java:102:40:102:58 | Constant | +| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | +| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | +| jca/Hash.java:152:28:152:37 | Key | Source | jca/Hash.java:150:43:150:63 | Parameter | +| jca/Hash.java:153:26:153:41 | Message | Source | jca/Hash.java:150:29:150:40 | Parameter | +| jca/Hash.java:154:29:154:44 | SignOperation | Algorithm | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | +| jca/Hash.java:154:29:154:44 | SignOperation | HashAlgorithm | jca/Hash.java:151:53:151:67 | HashAlgorithm | +| jca/Hash.java:154:29:154:44 | SignOperation | Input | jca/Hash.java:153:26:153:41 | Message | +| jca/Hash.java:154:29:154:44 | SignOperation | Key | jca/Hash.java:152:28:152:37 | Key | +| jca/Hash.java:154:29:154:44 | SignOperation | Output | jca/Hash.java:154:29:154:44 | SignatureOutput | +| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | +| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | +| jca/Hash.java:174:30:174:38 | Key | Source | jca/Hash.java:172:73:172:91 | Parameter | +| jca/Hash.java:175:26:175:41 | Message | Source | jca/Hash.java:172:40:172:51 | Parameter | +| jca/Hash.java:176:16:176:43 | VerifyOperation | Algorithm | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | +| jca/Hash.java:176:16:176:43 | VerifyOperation | HashAlgorithm | jca/Hash.java:173:53:173:67 | HashAlgorithm | +| jca/Hash.java:176:16:176:43 | VerifyOperation | Input | jca/Hash.java:175:26:175:41 | Message | +| jca/Hash.java:176:16:176:43 | VerifyOperation | Key | jca/Hash.java:174:30:174:38 | Key | +| jca/Hash.java:176:16:176:43 | VerifyOperation | Signature | jca/Hash.java:176:33:176:42 | SignatureInput | +| jca/Hash.java:176:33:176:42 | SignatureInput | Source | jca/Hash.java:172:54:172:70 | Parameter | +| jca/Hash.java:193:23:193:52 | Digest | Source | jca/Hash.java:193:23:193:52 | Digest | +| jca/Hash.java:193:23:193:52 | HashOperation | Algorithm | jca/Hash.java:192:58:192:66 | HashAlgorithm | +| jca/Hash.java:193:23:193:52 | HashOperation | Digest | jca/Hash.java:193:23:193:52 | Digest | +| jca/Hash.java:193:23:193:52 | HashOperation | Message | jca/Hash.java:193:37:193:51 | Message | +| jca/Hash.java:193:37:193:51 | Message | Source | jca/Hash.java:191:43:191:53 | Parameter | +| jca/Hash.java:215:27:215:57 | Digest | Source | jca/Hash.java:215:27:215:57 | Digest | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:33:211:39 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:42:211:50 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:53:211:61 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:64:211:72 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:75:211:83 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:86:211:95 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:98:211:107 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:17:212:29 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:32:212:44 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:47:212:51 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | HashOperation | Digest | jca/Hash.java:215:27:215:57 | Digest | +| jca/Hash.java:215:27:215:57 | HashOperation | Message | jca/Hash.java:215:41:215:56 | Message | +| jca/Hash.java:215:41:215:56 | Message | Source | jca/Hash.java:210:43:210:54 | Parameter | +| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | +| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | +| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | +| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | +| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | +| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | +| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | +| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | +| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | +| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | +| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | +| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | +| jca/Hash.java:238:22:238:30 | Key | Source | jca/Hash.java:233:57:233:66 | Parameter | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | +| jca/Hash.java:239:27:239:55 | MACOperation | HashAlgorithm | jca/Hash.java:239:27:239:55 | MACOperation | +| jca/Hash.java:239:27:239:55 | MACOperation | Input | jca/Hash.java:239:39:239:54 | Message | +| jca/Hash.java:239:27:239:55 | MACOperation | Key | jca/Hash.java:238:22:238:30 | Key | +| jca/Hash.java:239:27:239:55 | MACOperation | Message | jca/Hash.java:239:39:239:54 | Message | +| jca/Hash.java:239:27:239:55 | MACOperation | Nonce | jca/Hash.java:239:27:239:55 | MACOperation | +| jca/Hash.java:239:27:239:55 | MACOperation | Output | jca/Hash.java:239:27:239:55 | KeyOperationOutput | +| jca/Hash.java:239:39:239:54 | Message | Source | jca/Hash.java:233:43:233:54 | Parameter | +| jca/Hash.java:259:42:259:63 | Message | Source | jca/Hash.java:256:40:256:54 | Parameter | +| jca/Hash.java:259:66:259:69 | Salt | Source | jca/Hash.java:338:9:338:42 | RandomNumberGeneration | +| jca/Hash.java:259:66:259:69 | Salt | Source | jca/Hash.java:338:38:338:41 | RandomNumberGeneration | +| jca/Hash.java:260:65:260:86 | HMACAlgorithm | H | jca/Hash.java:260:65:260:86 | HashAlgorithm | +| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:260:65:260:86 | HMACAlgorithm | +| jca/Hash.java:261:23:261:50 | KeyDerivation | Algorithm | jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | +| jca/Hash.java:261:23:261:50 | KeyDerivation | Input | jca/Hash.java:259:42:259:63 | Message | +| jca/Hash.java:261:23:261:50 | KeyDerivation | Output | jca/Hash.java:261:23:261:50 | Key | +| jca/Hash.java:261:23:261:50 | KeyDerivation | Salt | jca/Hash.java:259:66:259:69 | Salt | +| jca/Hash.java:277:23:277:70 | Digest | Source | jca/Hash.java:277:23:277:70 | Digest | +| jca/Hash.java:277:23:277:70 | HashOperation | Algorithm | jca/Hash.java:321:16:321:66 | LocalData | +| jca/Hash.java:277:23:277:70 | HashOperation | Algorithm | jca/Hash.java:321:57:321:65 | HashAlgorithm | +| jca/Hash.java:277:23:277:70 | HashOperation | Digest | jca/Hash.java:277:23:277:70 | Digest | +| jca/Hash.java:277:23:277:70 | HashOperation | Message | jca/Hash.java:277:37:277:69 | Message | +| jca/Hash.java:277:37:277:69 | Message | Source | jca/Hash.java:277:37:277:58 | Constant | +| jca/Hash.java:296:27:296:30 | Message | Source | jca/Hash.java:295:27:295:38 | Constant | +| jca/Hash.java:297:40:297:54 | Digest | Source | jca/Hash.java:297:40:297:54 | Digest | +| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:33:292:41 | HashAlgorithm | +| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:44:292:52 | HashAlgorithm | +| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:55:292:64 | HashAlgorithm | +| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:67:292:76 | HashAlgorithm | +| jca/Hash.java:297:40:297:54 | HashOperation | Digest | jca/Hash.java:297:40:297:54 | Digest | +| jca/Hash.java:297:40:297:54 | HashOperation | Message | jca/Hash.java:296:27:296:30 | Message | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | +| jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:31:47:31:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Algorithm | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Input | jca/IVArtifact.java:32:44:32:72 | Message | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Key | jca/IVArtifact.java:31:42:31:44 | Key | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Nonce | jca/IVArtifact.java:31:47:31:52 | Nonce | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | Output | jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | +| jca/IVArtifact.java:32:44:32:72 | Message | Source | jca/IVArtifact.java:32:44:32:61 | Constant | +| jca/IVArtifact.java:38:42:38:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:38:47:38:52 | Nonce | Source | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:16:70:81 | LocalData | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Algorithm | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Input | jca/IVArtifact.java:39:44:39:52 | Message | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Key | jca/IVArtifact.java:38:42:38:44 | Key | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Nonce | jca/IVArtifact.java:38:47:38:52 | Nonce | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | Output | jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | +| jca/IVArtifact.java:39:44:39:52 | Message | Source | jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Algorithm | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Output | jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | +| jca/IVArtifact.java:109:42:109:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | +| jca/IVArtifact.java:109:47:109:50 | Nonce | Source | jca/IVArtifact.java:109:47:109:50 | Nonce | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Input | jca/IVArtifact.java:110:31:110:39 | Message | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Key | jca/IVArtifact.java:109:42:109:44 | Key | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Nonce | jca/IVArtifact.java:109:47:109:50 | Nonce | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Output | jca/IVArtifact.java:110:16:110:40 | KeyOperationOutput | +| jca/IVArtifact.java:110:31:110:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | +| jca/IVArtifact.java:136:42:136:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | +| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:118:31:118:34 | Constant | +| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | +| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Input | jca/IVArtifact.java:137:31:137:39 | Message | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Key | jca/IVArtifact.java:136:42:136:44 | Key | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Nonce | jca/IVArtifact.java:136:47:136:50 | Nonce | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Output | jca/IVArtifact.java:137:16:137:40 | KeyOperationOutput | +| jca/IVArtifact.java:137:31:137:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | +| jca/IVArtifact.java:158:31:158:78 | Digest | Source | jca/IVArtifact.java:158:31:158:78 | Digest | +| jca/IVArtifact.java:158:31:158:78 | HashOperation | Algorithm | jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | +| jca/IVArtifact.java:158:31:158:78 | HashOperation | Digest | jca/IVArtifact.java:158:31:158:78 | Digest | +| jca/IVArtifact.java:158:31:158:78 | HashOperation | Message | jca/IVArtifact.java:158:45:158:77 | Message | +| jca/IVArtifact.java:158:45:158:77 | Message | Source | jca/IVArtifact.java:158:45:158:59 | Constant | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | +| jca/IVArtifact.java:162:42:162:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | +| jca/IVArtifact.java:162:47:162:50 | Nonce | Source | jca/IVArtifact.java:162:47:162:50 | Nonce | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Input | jca/IVArtifact.java:163:31:163:39 | Message | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Key | jca/IVArtifact.java:162:42:162:44 | Key | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Nonce | jca/IVArtifact.java:162:47:162:50 | Nonce | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Output | jca/IVArtifact.java:163:16:163:40 | KeyOperationOutput | +| jca/IVArtifact.java:163:31:163:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | +| jca/IVArtifact.java:188:46:188:48 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | +| jca/IVArtifact.java:188:51:188:54 | Nonce | Source | jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | +| jca/IVArtifact.java:188:51:188:54 | Nonce | Source | jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Input | jca/IVArtifact.java:189:45:189:57 | Message | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Key | jca/IVArtifact.java:188:46:188:48 | Key | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Nonce | jca/IVArtifact.java:188:51:188:54 | Nonce | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Output | jca/IVArtifact.java:189:30:189:58 | KeyOperationOutput | +| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:35:283:47 | Constant | +| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:61:283:73 | Constant | +| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:87:283:101 | Constant | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | +| jca/IVArtifact.java:207:42:207:44 | Key | Source | jca/IVArtifact.java:221:53:221:65 | Parameter | +| jca/IVArtifact.java:207:42:207:44 | Key | Source | jca/IVArtifact.java:242:60:242:72 | Parameter | +| jca/IVArtifact.java:207:47:207:50 | Nonce | Source | jca/IVArtifact.java:207:47:207:50 | Nonce | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Input | jca/IVArtifact.java:208:31:208:39 | Message | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Key | jca/IVArtifact.java:207:42:207:44 | Key | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Nonce | jca/IVArtifact.java:207:47:207:50 | Nonce | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Output | jca/IVArtifact.java:208:16:208:40 | KeyOperationOutput | +| jca/IVArtifact.java:208:31:208:39 | Message | Source | jca/IVArtifact.java:221:68:221:83 | Parameter | +| jca/IVArtifact.java:208:31:208:39 | Message | Source | jca/IVArtifact.java:242:75:242:90 | Parameter | +| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | Algorithm | jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | Output | jca/IVArtifact.java:263:29:263:44 | Key | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Output | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | PeerKey | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | ServerKey | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Input | jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Output | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Salt | jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Output | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | +| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | Algorithm | jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | Output | jca/KeyArtifact.java:21:31:21:50 | Key | +| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | Algorithm | jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | Output | jca/KeyArtifact.java:26:30:26:49 | Key | +| jca/KeyArtifact.java:33:30:33:57 | Key | Algorithm | jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | Algorithm | jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | Output | jca/KeyArtifact.java:33:30:33:57 | Key | +| jca/KeyArtifact.java:38:29:38:56 | Key | Algorithm | jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | Algorithm | jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | Output | jca/KeyArtifact.java:38:29:38:56 | Key | +| jca/KeyArtifact.java:43:26:43:53 | Key | Algorithm | jca/KeyArtifact.java:43:26:43:53 | Key | +| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | +| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | Output | jca/KeyArtifact.java:43:26:43:53 | Key | +| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:63:28:63:73 | LocalData | +| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Output | jca/KeyArtifact.java:67:32:67:51 | Key | +| jca/KeyArtifact.java:74:16:74:43 | Key | Algorithm | jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:74:16:74:43 | Key | Algorithm | jca/KeyArtifact.java:79:46:79:54 | Constant | +| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:79:46:79:54 | Constant | +| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Output | jca/KeyArtifact.java:74:16:74:43 | Key | +| jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:39:92:53 | Parameter | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Input | jca/KeyDerivation1.java:94:42:94:63 | Message | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | +| jca/KeyDerivation1.java:111:42:111:63 | Message | Source | jca/KeyDerivation1.java:109:36:109:50 | Parameter | +| jca/KeyDerivation1.java:111:66:111:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:111:66:111:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | +| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Input | jca/KeyDerivation1.java:111:42:111:63 | Message | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Output | jca/KeyDerivation1.java:113:22:113:49 | Key | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:111:66:111:69 | Salt | +| jca/KeyDerivation1.java:126:42:126:63 | Message | Source | jca/KeyDerivation1.java:124:37:124:51 | Parameter | +| jca/KeyDerivation1.java:126:66:126:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:126:66:126:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | +| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Input | jca/KeyDerivation1.java:126:42:126:63 | Message | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Output | jca/KeyDerivation1.java:128:22:128:49 | Key | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:126:66:126:69 | Salt | +| jca/KeyDerivation1.java:142:42:142:63 | Message | Source | jca/KeyDerivation1.java:140:32:140:46 | Parameter | +| jca/KeyDerivation1.java:142:66:142:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:142:66:142:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | +| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Input | jca/KeyDerivation1.java:142:42:142:63 | Message | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Output | jca/KeyDerivation1.java:144:22:144:49 | Key | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:142:66:142:69 | Salt | +| jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:155:34:155:48 | Parameter | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | +| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | +| jca/KeyDerivation1.java:178:42:178:63 | Message | Source | jca/KeyDerivation1.java:175:28:175:42 | Parameter | +| jca/KeyDerivation1.java:178:66:178:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:178:66:178:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:179:65:179:72 | Constant | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Input | jca/KeyDerivation1.java:178:42:178:63 | Message | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Output | jca/KeyDerivation1.java:180:22:180:49 | Key | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:178:66:178:69 | Salt | +| jca/KeyDerivation1.java:194:42:194:63 | Message | Source | jca/KeyDerivation1.java:191:30:191:44 | Parameter | +| jca/KeyDerivation1.java:194:66:194:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:194:66:194:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:195:65:195:72 | Constant | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Input | jca/KeyDerivation1.java:194:42:194:63 | Message | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Output | jca/KeyDerivation1.java:196:22:196:49 | Key | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:194:66:194:69 | Salt | +| jca/KeyDerivation1.java:266:29:266:59 | Digest | Source | jca/KeyDerivation1.java:266:29:266:59 | Digest | +| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Algorithm | jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | +| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Digest | jca/KeyDerivation1.java:266:29:266:59 | Digest | +| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Message | jca/KeyDerivation1.java:266:43:266:58 | Message | +| jca/KeyDerivation1.java:266:43:266:58 | Message | Source | jca/KeyDerivation1.java:264:45:264:56 | Parameter | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:272:55:272:57 | Key | Source | jca/KeyDerivation1.java:272:55:272:57 | Key | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Input | jca/KeyDerivation1.java:273:44:273:73 | Message | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Key | jca/KeyDerivation1.java:272:55:272:57 | Key | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Nonce | jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Output | jca/KeyDerivation1.java:273:29:273:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:273:44:273:73 | Message | Source | jca/KeyDerivation1.java:273:44:273:62 | Constant | +| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | +| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:337:42:337:63 | Message | Source | jca/KeyDerivation1.java:325:37:325:51 | Parameter | +| jca/KeyDerivation1.java:337:66:337:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:337:66:337:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:332:25:332:76 | LocalData | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Input | jca/KeyDerivation1.java:337:42:337:63 | Message | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Output | jca/KeyDerivation1.java:339:26:339:53 | Key | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:337:66:337:69 | Salt | +| jca/KeyDerivation1.java:356:42:356:63 | Message | Source | jca/KeyDerivation1.java:306:43:306:57 | Parameter | +| jca/KeyDerivation1.java:356:66:356:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:356:66:356:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | +| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Input | jca/KeyDerivation1.java:356:42:356:63 | Message | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Output | jca/KeyDerivation1.java:358:16:358:43 | Key | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:356:66:356:69 | Salt | +| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:372:19:372:27 | Key | Source | jca/KeyDerivation1.java:372:19:372:27 | Key | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:373:22:373:38 | MACOperation | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Input | jca/KeyDerivation1.java:373:35:373:37 | Message | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Key | jca/KeyDerivation1.java:372:19:372:27 | Key | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Message | jca/KeyDerivation1.java:373:35:373:37 | Message | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Nonce | jca/KeyDerivation1.java:373:22:373:38 | MACOperation | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Output | jca/KeyDerivation1.java:373:22:373:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:373:35:373:37 | Message | Source | jca/KeyDerivation1.java:291:32:291:41 | Parameter | +| jca/KeyDerivation1.java:373:35:373:37 | Message | Source | jca/KeyDerivation1.java:306:60:306:78 | Parameter | +| jca/KeyDerivation1.java:377:19:377:54 | Key | Source | jca/KeyDerivation1.java:377:19:377:54 | Key | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:378:22:378:62 | MACOperation | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Input | jca/KeyDerivation1.java:378:35:378:61 | Message | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Key | jca/KeyDerivation1.java:372:19:372:27 | Key | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Key | jca/KeyDerivation1.java:377:19:377:54 | Key | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Message | jca/KeyDerivation1.java:378:35:378:61 | Message | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Nonce | jca/KeyDerivation1.java:378:22:378:62 | MACOperation | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Output | jca/KeyDerivation1.java:378:22:378:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:378:35:378:61 | Message | Source | jca/KeyDerivation1.java:378:35:378:50 | Constant | +| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | Output | jca/KeyEncapsulation.java:66:28:66:47 | Key | +| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:72:45:72:50 | Key | Source | jca/KeyEncapsulation.java:214:25:214:48 | Key | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Input | jca/KeyEncapsulation.java:73:47:73:65 | Message | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Key | jca/KeyEncapsulation.java:72:45:72:50 | Key | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Output | jca/KeyEncapsulation.java:73:29:73:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:73:47:73:65 | Message | Source | jca/KeyEncapsulation.java:66:28:66:47 | Key | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:81:45:81:50 | Key | Source | jca/KeyEncapsulation.java:66:28:66:47 | Key | +| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | Source | jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | Source | jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:82:47:82:79 | Message | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Key | jca/KeyEncapsulation.java:81:45:81:50 | Key | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:81:53:81:59 | Nonce | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Output | jca/KeyEncapsulation.java:82:29:82:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:82:47:82:79 | Message | Source | jca/KeyEncapsulation.java:82:47:82:68 | Constant | +| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:98:45:98:51 | Key | Source | jca/KeyEncapsulation.java:96:37:96:54 | Parameter | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Algorithm | jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Input | jca/KeyEncapsulation.java:99:48:99:57 | Message | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Key | jca/KeyEncapsulation.java:98:45:98:51 | Key | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Nonce | jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Output | jca/KeyEncapsulation.java:99:30:99:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:99:48:99:57 | Message | Source | jca/KeyEncapsulation.java:96:57:96:73 | Parameter | +| jca/KeyEncapsulation.java:123:31:123:51 | Key | Algorithm | jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | +| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | +| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:123:31:123:51 | Key | +| jca/KeyEncapsulation.java:127:17:127:40 | Key | Source | jca/KeyEncapsulation.java:123:31:123:51 | Key | +| jca/KeyEncapsulation.java:128:20:128:24 | Key | Source | jca/KeyEncapsulation.java:220:24:220:46 | Key | +| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | +| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:128:20:128:24 | Key | +| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:127:17:127:40 | Key | +| jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | Source | jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:141:45:141:50 | Key | Source | jca/KeyEncapsulation.java:141:45:141:50 | Key | +| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | Source | jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | Source | jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:142:47:142:72 | Message | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Key | jca/KeyEncapsulation.java:141:45:141:50 | Key | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:141:53:141:81 | Nonce | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Output | jca/KeyEncapsulation.java:142:29:142:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:142:47:142:72 | Message | Source | jca/KeyEncapsulation.java:142:47:142:61 | Constant | +| jca/KeyEncapsulation.java:192:31:192:51 | Key | Algorithm | jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | +| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | +| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:192:31:192:51 | Key | +| jca/KeyEncapsulation.java:194:17:194:40 | Key | Source | jca/KeyEncapsulation.java:192:31:192:51 | Key | +| jca/KeyEncapsulation.java:195:20:195:34 | Key | Source | jca/KeyEncapsulation.java:232:31:232:53 | Key | +| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | +| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:195:20:195:34 | Key | +| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:194:17:194:40 | Key | +| jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | Source | jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | +| jca/KeyEncapsulation.java:214:25:214:48 | Key | Algorithm | jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | Output | jca/KeyEncapsulation.java:214:25:214:48 | Key | +| jca/KeyEncapsulation.java:220:24:220:46 | Key | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | +| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | +| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | Output | jca/KeyEncapsulation.java:220:24:220:46 | Key | +| jca/KeyEncapsulation.java:232:31:232:53 | Key | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | +| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | +| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | Output | jca/KeyEncapsulation.java:232:31:232:53 | Key | +| jca/KeyExchange.java:60:16:60:38 | Key | Algorithm | jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | Output | jca/KeyExchange.java:60:16:60:38 | Key | +| jca/KeyExchange.java:77:16:77:38 | Key | Algorithm | jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | Output | jca/KeyExchange.java:77:16:77:38 | Key | +| jca/KeyExchange.java:92:16:92:38 | Key | Algorithm | jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | Output | jca/KeyExchange.java:92:16:92:38 | Key | +| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:60:16:60:38 | Key | +| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:77:16:77:38 | Key | +| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:92:16:92:38 | Key | +| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:60:16:60:38 | Key | +| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:77:16:77:38 | Key | +| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:92:16:92:38 | Key | +| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:110:16:110:34 | SharedSecret | +| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:109:20:109:28 | Key | +| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:108:17:108:26 | Key | +| jca/KeyExchange.java:110:16:110:34 | SharedSecret | Source | jca/KeyExchange.java:110:16:110:34 | SharedSecret | +| jca/KeyExchange.java:130:16:130:38 | Key | Algorithm | jca/KeyExchange.java:129:49:129:59 | EllipticCurve | +| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:129:49:129:59 | EllipticCurve | +| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | Output | jca/KeyExchange.java:130:16:130:38 | Key | +| jca/KeyExchange.java:146:17:146:26 | Key | Source | jca/KeyExchange.java:130:16:130:38 | Key | +| jca/KeyExchange.java:147:20:147:28 | Key | Source | jca/KeyExchange.java:130:16:130:38 | Key | +| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:148:16:148:34 | SharedSecret | +| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:147:20:147:28 | Key | +| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:146:17:146:26 | Key | +| jca/KeyExchange.java:148:16:148:34 | SharedSecret | Source | jca/KeyExchange.java:148:16:148:34 | SharedSecret | +| jca/KeyExchange.java:168:16:168:36 | Key | Algorithm | jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | Output | jca/KeyExchange.java:168:16:168:36 | Key | +| jca/KeyExchange.java:184:17:184:26 | Key | Source | jca/KeyExchange.java:168:16:168:36 | Key | +| jca/KeyExchange.java:185:20:185:28 | Key | Source | jca/KeyExchange.java:168:16:168:36 | Key | +| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:186:16:186:34 | SharedSecret | +| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:185:20:185:28 | Key | +| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:184:17:184:26 | Key | +| jca/KeyExchange.java:186:16:186:34 | SharedSecret | Source | jca/KeyExchange.java:186:16:186:34 | SharedSecret | +| jca/KeyExchange.java:206:16:206:36 | Key | Algorithm | jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | Output | jca/KeyExchange.java:206:16:206:36 | Key | +| jca/KeyExchange.java:222:17:222:26 | Key | Source | jca/KeyExchange.java:206:16:206:36 | Key | +| jca/KeyExchange.java:223:20:223:28 | Key | Source | jca/KeyExchange.java:206:16:206:36 | Key | +| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:224:16:224:34 | SharedSecret | +| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:223:20:223:28 | Key | +| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:222:17:222:26 | Key | +| jca/KeyExchange.java:224:16:224:34 | SharedSecret | Source | jca/KeyExchange.java:224:16:224:34 | SharedSecret | +| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:68:18:68:26 | Key | Source | jca/MACOperation.java:65:52:65:61 | Parameter | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Algorithm | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:69:16:69:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:69:16:69:46 | MACOperation | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Input | jca/MACOperation.java:69:28:69:45 | Message | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Key | jca/MACOperation.java:68:18:68:26 | Key | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Message | jca/MACOperation.java:69:28:69:45 | Message | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Nonce | jca/MACOperation.java:69:16:69:46 | MACOperation | +| jca/MACOperation.java:69:16:69:46 | MACOperation | Output | jca/MACOperation.java:69:16:69:46 | KeyOperationOutput | +| jca/MACOperation.java:69:28:69:45 | Message | Source | jca/MACOperation.java:65:36:65:49 | Parameter | +| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:79:18:79:26 | Key | Source | jca/MACOperation.java:76:50:76:59 | Parameter | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Algorithm | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:80:16:80:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:80:16:80:46 | MACOperation | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Input | jca/MACOperation.java:80:28:80:45 | Message | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Key | jca/MACOperation.java:79:18:79:26 | Key | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Message | jca/MACOperation.java:80:28:80:45 | Message | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Nonce | jca/MACOperation.java:80:16:80:46 | MACOperation | +| jca/MACOperation.java:80:16:80:46 | MACOperation | Output | jca/MACOperation.java:80:16:80:46 | KeyOperationOutput | +| jca/MACOperation.java:80:28:80:45 | Message | Source | jca/MACOperation.java:76:34:76:47 | Parameter | +| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:91:18:91:26 | Key | Source | jca/MACOperation.java:88:50:88:59 | Parameter | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Algorithm | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:92:16:92:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:92:16:92:46 | MACOperation | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Input | jca/MACOperation.java:92:28:92:45 | Message | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Key | jca/MACOperation.java:91:18:91:26 | Key | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Message | jca/MACOperation.java:92:28:92:45 | Message | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Nonce | jca/MACOperation.java:92:16:92:46 | MACOperation | +| jca/MACOperation.java:92:16:92:46 | MACOperation | Output | jca/MACOperation.java:92:16:92:46 | KeyOperationOutput | +| jca/MACOperation.java:92:28:92:45 | Message | Source | jca/MACOperation.java:88:34:88:47 | Parameter | +| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:105:18:105:26 | Key | Source | jca/MACOperation.java:99:46:99:55 | Parameter | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Algorithm | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:106:16:106:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:106:16:106:46 | MACOperation | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Input | jca/MACOperation.java:106:28:106:45 | Message | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Key | jca/MACOperation.java:105:18:105:26 | Key | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Message | jca/MACOperation.java:106:28:106:45 | Message | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Nonce | jca/MACOperation.java:106:16:106:46 | MACOperation | +| jca/MACOperation.java:106:16:106:46 | MACOperation | Output | jca/MACOperation.java:106:16:106:46 | KeyOperationOutput | +| jca/MACOperation.java:106:28:106:45 | Message | Source | jca/MACOperation.java:99:30:99:43 | Parameter | +| jca/MACOperation.java:116:18:116:26 | Key | Source | jca/MACOperation.java:113:46:113:55 | Parameter | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Algorithm | jca/MACOperation.java:114:35:114:43 | Constant | +| jca/MACOperation.java:117:16:117:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:117:16:117:46 | MACOperation | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Input | jca/MACOperation.java:117:28:117:45 | Message | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Key | jca/MACOperation.java:116:18:116:26 | Key | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Message | jca/MACOperation.java:117:28:117:45 | Message | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Nonce | jca/MACOperation.java:117:16:117:46 | MACOperation | +| jca/MACOperation.java:117:16:117:46 | MACOperation | Output | jca/MACOperation.java:117:16:117:46 | KeyOperationOutput | +| jca/MACOperation.java:117:28:117:45 | Message | Source | jca/MACOperation.java:113:30:113:43 | Parameter | +| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:127:18:127:26 | Key | Source | jca/MACOperation.java:124:52:124:61 | Parameter | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Algorithm | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:128:16:128:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:128:16:128:46 | MACOperation | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Input | jca/MACOperation.java:128:28:128:45 | Message | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Key | jca/MACOperation.java:127:18:127:26 | Key | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Message | jca/MACOperation.java:128:28:128:45 | Message | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Nonce | jca/MACOperation.java:128:16:128:46 | MACOperation | +| jca/MACOperation.java:128:16:128:46 | MACOperation | Output | jca/MACOperation.java:128:16:128:46 | KeyOperationOutput | +| jca/MACOperation.java:128:28:128:45 | Message | Source | jca/MACOperation.java:124:36:124:49 | Parameter | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:145:44:145:62 | ModeOfOperation | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | +| jca/MACOperation.java:146:42:146:44 | Key | Source | jca/MACOperation.java:142:34:142:49 | Parameter | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Algorithm | jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Input | jca/MACOperation.java:147:47:147:73 | Message | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Key | jca/MACOperation.java:146:42:146:44 | Key | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Nonce | jca/MACOperation.java:147:32:147:74 | EncryptOperation | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Output | jca/MACOperation.java:147:32:147:74 | KeyOperationOutput | +| jca/MACOperation.java:147:47:147:73 | Message | Source | jca/MACOperation.java:147:47:147:62 | Constant | +| jca/MACOperation.java:178:42:178:68 | Message | Source | jca/MACOperation.java:174:47:174:62 | Parameter | +| jca/MACOperation.java:178:71:178:74 | Salt | Source | jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | +| jca/MACOperation.java:178:71:178:74 | Salt | Source | jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | +| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | H | jca/MACOperation.java:179:65:179:86 | HashAlgorithm | +| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Algorithm | jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Input | jca/MACOperation.java:178:42:178:68 | Message | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Output | jca/MACOperation.java:180:30:180:57 | Key | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Salt | jca/MACOperation.java:178:71:178:74 | Salt | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:188:44:188:62 | ModeOfOperation | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | +| jca/MACOperation.java:189:42:189:54 | Key | Source | jca/MACOperation.java:189:42:189:54 | Key | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Algorithm | jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Input | jca/MACOperation.java:190:44:190:77 | Message | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Key | jca/MACOperation.java:189:42:189:54 | Key | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Nonce | jca/MACOperation.java:190:29:190:78 | EncryptOperation | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Output | jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | +| jca/MACOperation.java:190:44:190:77 | Message | Source | jca/MACOperation.java:190:44:190:66 | Constant | +| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:194:18:194:30 | Key | Source | jca/MACOperation.java:194:18:194:30 | Key | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Algorithm | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:195:30:195:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:195:30:195:52 | MACOperation | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Input | jca/MACOperation.java:195:42:195:51 | Message | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Key | jca/MACOperation.java:194:18:194:30 | Key | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Message | jca/MACOperation.java:195:42:195:51 | Message | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Nonce | jca/MACOperation.java:195:30:195:52 | MACOperation | +| jca/MACOperation.java:195:30:195:52 | MACOperation | Output | jca/MACOperation.java:195:30:195:52 | KeyOperationOutput | +| jca/MACOperation.java:195:42:195:51 | Message | Source | jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:225:44:225:62 | ModeOfOperation | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | +| jca/MACOperation.java:227:42:227:44 | Key | Source | jca/MACOperation.java:244:16:244:35 | Key | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Algorithm | jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Input | jca/MACOperation.java:228:47:228:50 | Message | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Key | jca/MACOperation.java:227:42:227:44 | Key | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Nonce | jca/MACOperation.java:228:32:228:51 | EncryptOperation | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Output | jca/MACOperation.java:228:32:228:51 | KeyOperationOutput | +| jca/MACOperation.java:228:47:228:50 | Message | Source | jca/MACOperation.java:159:36:159:51 | Parameter | +| jca/MACOperation.java:244:16:244:35 | KeyGeneration | Algorithm | jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:244:16:244:35 | KeyGeneration | Output | jca/MACOperation.java:244:16:244:35 | Key | +| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | +| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | +| jca/Nonce.java:26:18:26:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | +| jca/Nonce.java:28:28:28:69 | MACOperation | Algorithm | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | +| jca/Nonce.java:28:28:28:69 | MACOperation | HashAlgorithm | jca/Nonce.java:28:28:28:69 | MACOperation | +| jca/Nonce.java:28:28:28:69 | MACOperation | Input | jca/Nonce.java:28:40:28:68 | Message | +| jca/Nonce.java:28:28:28:69 | MACOperation | Key | jca/Nonce.java:26:18:26:20 | Key | +| jca/Nonce.java:28:28:28:69 | MACOperation | Message | jca/Nonce.java:28:40:28:68 | Message | +| jca/Nonce.java:28:28:28:69 | MACOperation | Nonce | jca/Nonce.java:28:28:28:69 | MACOperation | +| jca/Nonce.java:28:28:28:69 | MACOperation | Output | jca/Nonce.java:28:28:28:69 | KeyOperationOutput | +| jca/Nonce.java:28:40:28:68 | Message | Source | jca/Nonce.java:28:40:28:57 | Constant | +| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | +| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | +| jca/Nonce.java:39:18:39:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | +| jca/Nonce.java:41:28:41:67 | MACOperation | Algorithm | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | +| jca/Nonce.java:41:28:41:67 | MACOperation | HashAlgorithm | jca/Nonce.java:41:28:41:67 | MACOperation | +| jca/Nonce.java:41:28:41:67 | MACOperation | Input | jca/Nonce.java:41:40:41:66 | Message | +| jca/Nonce.java:41:28:41:67 | MACOperation | Key | jca/Nonce.java:39:18:39:20 | Key | +| jca/Nonce.java:41:28:41:67 | MACOperation | Message | jca/Nonce.java:41:40:41:66 | Message | +| jca/Nonce.java:41:28:41:67 | MACOperation | Nonce | jca/Nonce.java:41:28:41:67 | MACOperation | +| jca/Nonce.java:41:28:41:67 | MACOperation | Output | jca/Nonce.java:41:28:41:67 | KeyOperationOutput | +| jca/Nonce.java:41:40:41:66 | Message | Source | jca/Nonce.java:41:40:41:55 | Constant | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:51:44:51:62 | ModeOfOperation | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | +| jca/Nonce.java:52:42:52:44 | Key | Source | jca/Nonce.java:48:39:48:51 | Parameter | +| jca/Nonce.java:52:47:52:53 | Nonce | Source | jca/Nonce.java:113:16:113:33 | Constant | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | Algorithm | jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | Input | jca/Nonce.java:53:44:53:52 | Message | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | Key | jca/Nonce.java:52:42:52:44 | Key | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | Nonce | jca/Nonce.java:52:47:52:53 | Nonce | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | Output | jca/Nonce.java:53:29:53:53 | KeyOperationOutput | +| jca/Nonce.java:53:44:53:52 | Message | Source | jca/Nonce.java:48:54:48:69 | Parameter | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:62:44:62:62 | ModeOfOperation | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | +| jca/Nonce.java:63:42:63:44 | Key | Source | jca/Nonce.java:59:37:59:49 | Parameter | +| jca/Nonce.java:63:47:63:53 | Nonce | Source | jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | +| jca/Nonce.java:63:47:63:53 | Nonce | Source | jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | Algorithm | jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | Input | jca/Nonce.java:64:44:64:52 | Message | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | Key | jca/Nonce.java:63:42:63:44 | Key | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | Nonce | jca/Nonce.java:63:47:63:53 | Nonce | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | Output | jca/Nonce.java:64:29:64:53 | KeyOperationOutput | +| jca/Nonce.java:64:44:64:52 | Message | Source | jca/Nonce.java:59:52:59:67 | Parameter | +| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | +| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | +| jca/Nonce.java:79:18:79:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | +| jca/Nonce.java:81:28:81:67 | MACOperation | Algorithm | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | +| jca/Nonce.java:81:28:81:67 | MACOperation | HashAlgorithm | jca/Nonce.java:81:28:81:67 | MACOperation | +| jca/Nonce.java:81:28:81:67 | MACOperation | Input | jca/Nonce.java:81:40:81:66 | Message | +| jca/Nonce.java:81:28:81:67 | MACOperation | Key | jca/Nonce.java:79:18:79:20 | Key | +| jca/Nonce.java:81:28:81:67 | MACOperation | Message | jca/Nonce.java:81:40:81:66 | Message | +| jca/Nonce.java:81:28:81:67 | MACOperation | Nonce | jca/Nonce.java:81:28:81:67 | MACOperation | +| jca/Nonce.java:81:28:81:67 | MACOperation | Output | jca/Nonce.java:81:28:81:67 | KeyOperationOutput | +| jca/Nonce.java:81:40:81:66 | Message | Source | jca/Nonce.java:81:40:81:55 | Constant | +| jca/Nonce.java:94:16:94:35 | KeyGeneration | Algorithm | jca/Nonce.java:93:56:93:67 | Constant | +| jca/Nonce.java:94:16:94:35 | KeyGeneration | Output | jca/Nonce.java:94:16:94:35 | Key | +| jca/PrngTest.java:164:16:164:35 | KeyGeneration | Algorithm | jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:164:16:164:35 | KeyGeneration | Output | jca/PrngTest.java:164:16:164:35 | Key | +| jca/SignEncryptCombinations.java:60:16:60:38 | Key | Algorithm | jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | Output | jca/SignEncryptCombinations.java:60:16:60:38 | Key | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:69:28:69:34 | Key | Source | jca/SignEncryptCombinations.java:60:16:60:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Key | jca/SignEncryptCombinations.java:69:28:69:34 | Key | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Output | jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:76:30:76:35 | Key | Source | jca/SignEncryptCombinations.java:60:16:60:38 | Key | +| jca/SignEncryptCombinations.java:77:26:77:29 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:77:26:77:29 | Message | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:76:30:76:35 | Key | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | +| jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:91:16:91:31 | Key | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:103:42:103:44 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | +| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | Source | jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | Source | jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:104:44:104:52 | Message | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Key | jca/SignEncryptCombinations.java:103:42:103:44 | Key | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:104:29:104:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:104:44:104:52 | Message | Source | jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:104:44:104:52 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:119:42:119:44 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | +| jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | Source | jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:120:31:120:40 | Message | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:119:42:119:44 | Key | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:120:31:120:40 | Message | Source | jca/SignEncryptCombinations.java:120:31:120:40 | Message | +| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:129:18:129:20 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Input | jca/SignEncryptCombinations.java:130:28:130:31 | Message | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Key | jca/SignEncryptCombinations.java:129:18:129:20 | Key | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Message | jca/SignEncryptCombinations.java:130:28:130:31 | Message | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Output | jca/SignEncryptCombinations.java:130:16:130:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:130:28:130:31 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | +| jca/SignatureOperation.java:61:16:61:36 | Key | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Output | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:72:28:72:37 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | Constant | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:74:16:74:31 | SignOperation | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Input | jca/SignatureOperation.java:73:26:73:29 | Message | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Key | jca/SignatureOperation.java:72:28:72:37 | Key | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Output | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | +| jca/SignatureOperation.java:85:30:85:38 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | Constant | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Input | jca/SignatureOperation.java:86:26:86:29 | Message | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Key | jca/SignatureOperation.java:85:30:85:38 | Key | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Signature | jca/SignatureOperation.java:87:33:87:40 | SignatureInput | +| jca/SignatureOperation.java:87:33:87:40 | SignatureInput | Source | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | +| jca/SignatureOperation.java:103:16:103:38 | Key | Algorithm | jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | +| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | Algorithm | jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | +| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | Output | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:114:28:114:37 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:263:26:263:44 | Constant | +| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Algorithm | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Input | jca/SignatureOperation.java:115:26:115:29 | Message | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Key | jca/SignatureOperation.java:114:28:114:37 | Key | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Output | jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | +| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:127:30:127:38 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:263:26:263:44 | Constant | +| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Input | jca/SignatureOperation.java:128:26:128:29 | Message | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Key | jca/SignatureOperation.java:127:30:127:38 | Key | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Signature | jca/SignatureOperation.java:129:33:129:40 | SignatureInput | +| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | +| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:268:27:268:30 | Constant | +| jca/SignatureOperation.java:144:16:144:36 | Key | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | +| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | +| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Output | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:155:28:155:37 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | +| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | Constant | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:31 | SignOperation | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Key | jca/SignatureOperation.java:155:28:155:37 | Key | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Output | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | +| jca/SignatureOperation.java:168:30:168:38 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | +| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | Constant | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Input | jca/SignatureOperation.java:169:26:169:29 | Message | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Key | jca/SignatureOperation.java:168:30:168:38 | Key | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Signature | jca/SignatureOperation.java:170:33:170:40 | SignatureInput | +| jca/SignatureOperation.java:170:33:170:40 | SignatureInput | Source | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | +| jca/SignatureOperation.java:188:16:188:36 | Key | Algorithm | jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | Output | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:200:28:200:37 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:201:26:201:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Algorithm | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Input | jca/SignatureOperation.java:201:26:201:29 | Message | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Key | jca/SignatureOperation.java:200:28:200:37 | Key | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Output | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | +| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:214:30:214:38 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:215:26:215:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Input | jca/SignatureOperation.java:215:26:215:29 | Message | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Key | jca/SignatureOperation.java:214:30:214:38 | Key | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Signature | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | +| jca/SignatureOperation.java:216:33:216:40 | SignatureInput | Source | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | +| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:317:26:317:32 | Message | Source | jca/SignatureOperation.java:315:26:315:49 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Output | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | +| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:321:26:321:32 | Message | Source | jca/SignatureOperation.java:321:26:321:32 | Message | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:321:26:321:32 | Message | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:320:30:320:43 | Key | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Signature | jca/SignatureOperation.java:322:45:322:52 | SignatureInput | +| jca/SignatureOperation.java:322:45:322:52 | SignatureInput | Source | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | Source | jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | Source | jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:65:44:65:52 | Message | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:64:42:64:44 | Key | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:65:29:65:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:65:44:65:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | Source | jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | +| jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | Source | jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:87:44:87:52 | Message | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:86:42:86:44 | Key | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:87:29:87:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:87:44:87:52 | Message | Source | jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | Source | jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | Source | jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:109:44:109:52 | Message | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:108:42:108:44 | Key | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:109:29:109:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:109:44:109:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:128:31:128:39 | Message | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:127:42:127:44 | Key | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:128:16:128:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:128:31:128:39 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:145:31:145:39 | Message | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:144:42:144:44 | Key | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:145:16:145:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:145:31:145:39 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | Source | jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | +| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | Source | jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | Source | jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:163:44:163:52 | Message | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:162:42:162:44 | Key | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:163:29:163:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:163:44:163:52 | Message | Source | jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | +| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | Source | jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | +| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | Source | jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | Source | jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:185:44:185:52 | Message | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:184:42:184:44 | Key | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:185:29:185:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:185:44:185:52 | Message | Source | jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | Source | jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | Source | jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:207:44:207:52 | Message | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:206:42:206:44 | Key | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:207:29:207:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:207:44:207:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | Source | jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Input | jca/SymmetricAlgorithm.java:227:42:227:50 | Message | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Key | jca/SymmetricAlgorithm.java:226:19:226:21 | Key | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Message | jca/SymmetricAlgorithm.java:227:42:227:50 | Message | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Output | jca/SymmetricAlgorithm.java:227:29:227:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:227:42:227:50 | Message | Source | jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | Source | jca/SymmetricAlgorithm.java:234:42:234:51 | Key | +| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | Source | jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | Source | jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:235:44:235:52 | Message | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:234:42:234:51 | Key | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:235:29:235:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:235:44:235:52 | Message | Source | jca/SymmetricAlgorithm.java:235:44:235:52 | Message | +| jca/SymmetricAlgorithm.java:302:42:302:66 | Message | Source | jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | +| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | Source | jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | Source | jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Algorithm | jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Input | jca/SymmetricAlgorithm.java:302:42:302:66 | Message | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Output | jca/SymmetricAlgorithm.java:304:26:304:53 | Key | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Salt | jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | Source | jca/SymmetricAlgorithm.java:313:42:313:47 | Key | +| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | Source | jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | Source | jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:314:44:314:52 | Message | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:313:42:313:47 | Key | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:314:44:314:52 | Message | Source | jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | +| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | Source | jca/SymmetricAlgorithm.java:317:18:317:30 | Key | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:318:42:318:51 | Message | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:317:18:317:30 | Key | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:318:42:318:51 | Message | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Output | jca/SymmetricAlgorithm.java:318:30:318:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:318:42:318:51 | Message | Source | jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | Algorithm | jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | Output | jca/SymmetricAlgorithm.java:349:16:349:31 | Key | +| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | Output | jca/SymmetricModesTest.java:58:33:58:48 | Key | +| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | Output | jca/SymmetricModesTest.java:62:31:62:46 | Key | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:66:39:66:49 | Key | Source | jca/SymmetricModesTest.java:58:33:58:48 | Key | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Algorithm | jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Input | jca/SymmetricModesTest.java:67:41:67:49 | Message | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Key | jca/SymmetricModesTest.java:66:39:66:49 | Key | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Nonce | jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Output | jca/SymmetricModesTest.java:67:29:67:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:67:41:67:49 | Message | Source | jca/SymmetricModesTest.java:62:31:62:46 | Key | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:93:42:93:44 | Key | Source | jca/SymmetricModesTest.java:88:43:88:55 | Parameter | +| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | Source | jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | Source | jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:94:44:94:52 | Message | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:93:42:93:44 | Key | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:93:47:93:52 | Nonce | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:94:29:94:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:94:44:94:52 | Message | Source | jca/SymmetricModesTest.java:88:58:88:73 | Parameter | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:121:42:121:44 | Key | Source | jca/SymmetricModesTest.java:116:45:116:57 | Parameter | +| jca/SymmetricModesTest.java:121:47:121:52 | Nonce | Source | jca/SymmetricModesTest.java:121:47:121:52 | Nonce | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:122:44:122:52 | Message | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:121:42:121:44 | Key | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:121:47:121:52 | Nonce | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:122:29:122:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:122:44:122:52 | Message | Source | jca/SymmetricModesTest.java:116:60:116:75 | Parameter | +| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | Output | jca/SymmetricModesTest.java:142:16:142:31 | Key | +| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Output | jca/UniversalFlowTest.java:26:21:26:40 | Key | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:32:38:32:40 | Key | Source | jca/UniversalFlowTest.java:26:21:26:40 | Key | +| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | Source | jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | Source | jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Input | jca/UniversalFlowTest.java:33:43:33:69 | Message | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Key | jca/UniversalFlowTest.java:32:38:32:40 | Key | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Nonce | jca/UniversalFlowTest.java:32:43:32:49 | Nonce | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Output | jca/UniversalFlowTest.java:33:28:33:70 | KeyOperationOutput | +| jca/UniversalFlowTest.java:33:43:33:69 | Message | Source | jca/UniversalFlowTest.java:33:43:33:58 | Constant | diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.ql b/java/ql/test/experimental/library-tests/quantum/node_edges.ql new file mode 100644 index 000000000000..4c9afb6c8ff5 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.ql @@ -0,0 +1,5 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n, string key +select n, key, n.getChild(key) diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected new file mode 100644 index 000000000000..f906e1211725 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -0,0 +1,1684 @@ +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:71:17:71:19 | jca/AesWrapAndPBEWith.java:71:17:71:19 | +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:68:17:68:19 | jca/AesWrapAndPBEWith.java:68:17:68:19 | +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | +| jca/AesWrapAndPBEWith.java:68:17:68:19 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:68:17:68:19 | jca/AesWrapAndPBEWith.java:68:17:68:19 | +| jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:69:33:69:48 | jca/AesWrapAndPBEWith.java:69:33:69:48 | +| jca/AesWrapAndPBEWith.java:71:17:71:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:71:17:71:19 | jca/AesWrapAndPBEWith.java:71:17:71:19 | +| jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:72:31:72:46 | jca/AesWrapAndPBEWith.java:72:31:72:46 | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | +| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:75:39:75:49 | jca/AesWrapAndPBEWith.java:75:39:75:49 | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:76:29:76:50 | jca/AesWrapAndPBEWith.java:76:29:76:50 | +| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:94:17:94:19 | jca/AesWrapAndPBEWith.java:94:17:94:19 | +| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | +| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | +| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | +| jca/AesWrapAndPBEWith.java:94:17:94:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:94:17:94:19 | jca/AesWrapAndPBEWith.java:94:17:94:19 | +| jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:95:31:95:46 | jca/AesWrapAndPBEWith.java:95:31:95:46 | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | +| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:98:39:98:49 | jca/AesWrapAndPBEWith.java:98:39:98:49 | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:99:29:99:50 | jca/AesWrapAndPBEWith.java:99:29:99:50 | +| jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | Description | 0x00 | jca/AesWrapAndPBEWith.java:117:34:117:37 | jca/AesWrapAndPBEWith.java:117:34:117:37 | +| jca/AesWrapAndPBEWith.java:118:72:118:75 | Constant | Description | 1000 | jca/AesWrapAndPBEWith.java:118:72:118:75 | jca/AesWrapAndPBEWith.java:118:72:118:75 | +| jca/AesWrapAndPBEWith.java:118:78:118:79 | Constant | Description | 64 | jca/AesWrapAndPBEWith.java:118:78:118:79 | jca/AesWrapAndPBEWith.java:118:78:118:79 | +| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | Name | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:119:65:119:82 | jca/AesWrapAndPBEWith.java:119:65:119:82 | +| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | RawName | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:119:65:119:82 | jca/AesWrapAndPBEWith.java:119:65:119:82 | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:120:27:120:54 | jca/AesWrapAndPBEWith.java:120:27:120:54 | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:118:72:118:75 | jca/AesWrapAndPBEWith.java:118:72:118:75 | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:118:78:118:79 | jca/AesWrapAndPBEWith.java:118:78:118:79 | +| jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:133:9:133:42 | jca/AesWrapAndPBEWith.java:133:9:133:42 | +| jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:133:38:133:41 | jca/AesWrapAndPBEWith.java:133:38:133:41 | +| jca/AesWrapAndPBEWith.java:134:72:134:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:134:72:134:76 | jca/AesWrapAndPBEWith.java:134:72:134:76 | +| jca/AesWrapAndPBEWith.java:134:79:134:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:134:79:134:81 | jca/AesWrapAndPBEWith.java:134:79:134:81 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | Name | HMAC | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | DigestSize | 256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | Name | SHA2 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:136:27:136:54 | jca/AesWrapAndPBEWith.java:136:27:136:54 | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:134:72:134:76 | jca/AesWrapAndPBEWith.java:134:72:134:76 | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:134:79:134:81 | jca/AesWrapAndPBEWith.java:134:79:134:81 | +| jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:151:9:151:42 | jca/AesWrapAndPBEWith.java:151:9:151:42 | +| jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:151:38:151:41 | jca/AesWrapAndPBEWith.java:151:38:151:41 | +| jca/AesWrapAndPBEWith.java:152:72:152:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:152:72:152:76 | jca/AesWrapAndPBEWith.java:152:72:152:76 | +| jca/AesWrapAndPBEWith.java:152:79:152:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:152:79:152:81 | jca/AesWrapAndPBEWith.java:152:79:152:81 | +| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | Name | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:153:65:153:98 | jca/AesWrapAndPBEWith.java:153:65:153:98 | +| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | RawName | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:153:65:153:98 | jca/AesWrapAndPBEWith.java:153:65:153:98 | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:154:28:154:55 | jca/AesWrapAndPBEWith.java:154:28:154:55 | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:152:72:152:76 | jca/AesWrapAndPBEWith.java:152:72:152:76 | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:152:79:152:81 | jca/AesWrapAndPBEWith.java:152:79:152:81 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | +| jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:159:9:159:40 | jca/AesWrapAndPBEWith.java:159:9:159:40 | +| jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:159:38:159:39 | jca/AesWrapAndPBEWith.java:159:38:159:39 | +| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:161:42:161:47 | jca/AesWrapAndPBEWith.java:161:42:161:47 | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:162:29:162:64 | jca/AesWrapAndPBEWith.java:162:29:162:64 | +| jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:179:9:179:42 | jca/AesWrapAndPBEWith.java:179:9:179:42 | +| jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:179:38:179:41 | jca/AesWrapAndPBEWith.java:179:38:179:41 | +| jca/AesWrapAndPBEWith.java:180:72:180:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:180:72:180:76 | jca/AesWrapAndPBEWith.java:180:72:180:76 | +| jca/AesWrapAndPBEWith.java:180:79:180:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:180:79:180:81 | jca/AesWrapAndPBEWith.java:180:79:180:81 | +| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | Name | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:181:65:181:96 | jca/AesWrapAndPBEWith.java:181:65:181:96 | +| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | RawName | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:181:65:181:96 | jca/AesWrapAndPBEWith.java:181:65:181:96 | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:182:28:182:55 | jca/AesWrapAndPBEWith.java:182:28:182:55 | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:180:72:180:76 | jca/AesWrapAndPBEWith.java:180:72:180:76 | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:180:79:180:81 | jca/AesWrapAndPBEWith.java:180:79:180:81 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | +| jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:187:9:187:40 | jca/AesWrapAndPBEWith.java:187:9:187:40 | +| jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:187:38:187:39 | jca/AesWrapAndPBEWith.java:187:38:187:39 | +| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:189:42:189:47 | jca/AesWrapAndPBEWith.java:189:42:189:47 | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:190:29:190:64 | jca/AesWrapAndPBEWith.java:190:29:190:64 | +| jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:214:55:214:69 | jca/AesWrapAndPBEWith.java:214:55:214:69 | +| jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:214:72:214:87 | jca/AesWrapAndPBEWith.java:214:72:214:87 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | RawName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | Name | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | Constant | Description | 255 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | RawName | SHA-256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | Constant | Description | 2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | Constant | Description | 1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | Name | OAEP | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | RawName | RSA/ECB/PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | RawName | PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | RawName | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | Constant | Description | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | KeyType | Symmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | +| jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:26:9:26:40 | jca/ChainedEncryptionTest.java:26:9:26:40 | +| jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:26:38:26:39 | jca/ChainedEncryptionTest.java:26:38:26:39 | +| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:28:42:28:44 | jca/ChainedEncryptionTest.java:28:42:28:44 | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:29:29:29:53 | jca/ChainedEncryptionTest.java:29:29:29:53 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | +| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:39:42:39:44 | jca/ChainedEncryptionTest.java:39:42:39:44 | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:40:16:40:41 | jca/ChainedEncryptionTest.java:40:16:40:41 | +| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:45:44:45:62 | jca/ChainedEncryptionTest.java:45:44:45:62 | +| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:45:44:45:62 | jca/ChainedEncryptionTest.java:45:44:45:62 | +| jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:47:9:47:43 | jca/ChainedEncryptionTest.java:47:9:47:43 | +| jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:47:38:47:42 | jca/ChainedEncryptionTest.java:47:38:47:42 | +| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:48:42:48:44 | jca/ChainedEncryptionTest.java:48:42:48:44 | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:49:29:49:53 | jca/ChainedEncryptionTest.java:49:29:49:53 | +| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:57:44:57:62 | jca/ChainedEncryptionTest.java:57:44:57:62 | +| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:57:44:57:62 | jca/ChainedEncryptionTest.java:57:44:57:62 | +| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:58:42:58:44 | jca/ChainedEncryptionTest.java:58:42:58:44 | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:59:16:59:41 | jca/ChainedEncryptionTest.java:59:16:59:41 | +| jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | Description | plaintext | jca/ChainedEncryptionTest.java:80:46:80:61 | jca/ChainedEncryptionTest.java:80:46:80:61 | +| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:85:21:85:23 | jca/ChainedEncryptionTest.java:85:21:85:23 | +| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | +| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | +| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | +| jca/ChainedEncryptionTest.java:85:21:85:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:85:21:85:23 | jca/ChainedEncryptionTest.java:85:21:85:23 | +| jca/ChainedEncryptionTest.java:86:30:86:49 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:86:30:86:49 | jca/ChainedEncryptionTest.java:86:30:86:49 | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:89:24:89:26 | jca/ChainedEncryptionTest.java:89:24:89:26 | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | +| jca/ChainedEncryptionTest.java:89:24:89:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:89:24:89:26 | jca/ChainedEncryptionTest.java:89:24:89:26 | +| jca/ChainedEncryptionTest.java:90:30:90:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:90:30:90:52 | jca/ChainedEncryptionTest.java:90:30:90:52 | +| jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:94:9:94:43 | jca/ChainedEncryptionTest.java:94:9:94:43 | +| jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:94:38:94:42 | jca/ChainedEncryptionTest.java:94:38:94:42 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | +| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:97:45:97:52 | jca/ChainedEncryptionTest.java:97:45:97:52 | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:98:34:98:62 | jca/ChainedEncryptionTest.java:98:34:98:62 | +| jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:102:9:102:49 | jca/ChainedEncryptionTest.java:102:9:102:49 | +| jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:102:38:102:48 | jca/ChainedEncryptionTest.java:102:38:102:48 | +| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:103:50:103:68 | jca/ChainedEncryptionTest.java:103:50:103:68 | +| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:103:50:103:68 | jca/ChainedEncryptionTest.java:103:50:103:68 | +| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:104:48:104:55 | jca/ChainedEncryptionTest.java:104:48:104:55 | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:105:34:105:70 | jca/ChainedEncryptionTest.java:105:34:105:70 | +| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:108:47:108:65 | jca/ChainedEncryptionTest.java:108:47:108:65 | +| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:108:47:108:65 | jca/ChainedEncryptionTest.java:108:47:108:65 | +| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:109:45:109:52 | jca/ChainedEncryptionTest.java:109:45:109:52 | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:110:43:110:76 | jca/ChainedEncryptionTest.java:110:43:110:76 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | +| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:114:42:114:49 | jca/ChainedEncryptionTest.java:114:42:114:49 | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:115:37:115:76 | jca/ChainedEncryptionTest.java:115:37:115:76 | +| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:123:21:123:23 | jca/ChainedEncryptionTest.java:123:21:123:23 | +| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | +| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | +| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | +| jca/ChainedEncryptionTest.java:123:21:123:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:123:21:123:23 | jca/ChainedEncryptionTest.java:123:21:123:23 | +| jca/ChainedEncryptionTest.java:124:28:124:47 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:124:28:124:47 | jca/ChainedEncryptionTest.java:124:28:124:47 | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:128:24:128:26 | jca/ChainedEncryptionTest.java:128:24:128:26 | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | +| jca/ChainedEncryptionTest.java:128:24:128:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:128:24:128:26 | jca/ChainedEncryptionTest.java:128:24:128:26 | +| jca/ChainedEncryptionTest.java:129:31:129:53 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:129:31:129:53 | jca/ChainedEncryptionTest.java:129:31:129:53 | +| jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | Description | "This is a secret message." | jca/ChainedEncryptionTest.java:131:31:131:57 | jca/ChainedEncryptionTest.java:131:31:131:57 | +| jca/Digest.java:55:58:55:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | +| jca/Digest.java:55:58:55:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | +| jca/Digest.java:55:58:55:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | +| jca/Digest.java:56:37:56:54 | Constant | Description | "Simple Test Data" | jca/Digest.java:56:37:56:54 | jca/Digest.java:56:37:56:54 | +| jca/Digest.java:65:61:65:65 | HashAlgorithm | DigestSize | 128 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | +| jca/Digest.java:65:61:65:65 | HashAlgorithm | Name | MD5 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | +| jca/Digest.java:65:61:65:65 | HashAlgorithm | RawName | MD5 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | +| jca/Digest.java:66:40:66:58 | Constant | Description | "Weak Hash Example" | jca/Digest.java:66:40:66:58 | jca/Digest.java:66:40:66:58 | +| jca/Digest.java:74:49:74:63 | Parameter | Description | password | jca/Digest.java:74:49:74:63 | jca/Digest.java:74:49:74:63 | +| jca/Digest.java:75:64:75:72 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | +| jca/Digest.java:75:64:75:72 | HashAlgorithm | Name | SHA2 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | +| jca/Digest.java:75:64:75:72 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | +| jca/Digest.java:84:37:84:51 | Parameter | Description | password | jca/Digest.java:84:37:84:51 | jca/Digest.java:84:37:84:51 | +| jca/Digest.java:86:58:86:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | +| jca/Digest.java:86:58:86:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | +| jca/Digest.java:86:58:86:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | +| jca/Digest.java:96:37:96:51 | Parameter | Description | password | jca/Digest.java:96:37:96:51 | jca/Digest.java:96:37:96:51 | +| jca/Digest.java:98:72:98:76 | Constant | Description | 10000 | jca/Digest.java:98:72:98:76 | jca/Digest.java:98:72:98:76 | +| jca/Digest.java:98:79:98:81 | Constant | Description | 256 | jca/Digest.java:98:79:98:81 | jca/Digest.java:98:79:98:81 | +| jca/Digest.java:99:65:99:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | +| jca/Digest.java:100:23:100:50 | Key | KeyType | Symmetric | jca/Digest.java:100:23:100:50 | jca/Digest.java:100:23:100:50 | +| jca/Digest.java:100:23:100:50 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:98:72:98:76 | jca/Digest.java:98:72:98:76 | +| jca/Digest.java:100:23:100:50 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:98:79:98:81 | jca/Digest.java:98:79:98:81 | +| jca/Digest.java:108:40:108:51 | Parameter | Description | input | jca/Digest.java:108:40:108:51 | jca/Digest.java:108:40:108:51 | +| jca/Digest.java:109:62:109:68 | HashAlgorithm | DigestSize | 160 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | +| jca/Digest.java:109:62:109:68 | HashAlgorithm | Name | SHA1 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | +| jca/Digest.java:109:62:109:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | +| jca/Digest.java:118:35:118:46 | Parameter | Description | input | jca/Digest.java:118:35:118:46 | jca/Digest.java:118:35:118:46 | +| jca/Digest.java:118:49:118:58 | Parameter | Description | key | jca/Digest.java:118:49:118:58 | jca/Digest.java:118:49:118:58 | +| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:119:36:119:47 | jca/Digest.java:119:36:119:47 | +| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:119:36:119:47 | jca/Digest.java:119:36:119:47 | +| jca/Digest.java:121:19:121:27 | Key | KeyType | Unknown | jca/Digest.java:121:19:121:27 | jca/Digest.java:121:19:121:27 | +| jca/Digest.java:122:23:122:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:122:23:122:52 | jca/Digest.java:122:23:122:52 | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | ModeOfOperation | Name | GCM | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | +| jca/Digest.java:142:42:142:44 | Key | KeyType | Unknown | jca/Digest.java:142:42:142:44 | jca/Digest.java:142:42:142:44 | +| jca/Digest.java:143:32:143:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:143:32:143:74 | jca/Digest.java:143:32:143:74 | +| jca/Digest.java:143:47:143:62 | Constant | Description | "Sensitive Data" | jca/Digest.java:143:47:143:62 | jca/Digest.java:143:47:143:62 | +| jca/Digest.java:156:39:156:51 | Parameter | Description | digest | jca/Digest.java:156:39:156:51 | jca/Digest.java:156:39:156:51 | +| jca/Digest.java:172:50:172:62 | Parameter | Description | digest | jca/Digest.java:172:50:172:62 | jca/Digest.java:172:50:172:62 | +| jca/Digest.java:177:80:177:84 | Constant | Description | 10000 | jca/Digest.java:177:80:177:84 | jca/Digest.java:177:80:177:84 | +| jca/Digest.java:177:87:177:89 | Constant | Description | 256 | jca/Digest.java:177:87:177:89 | jca/Digest.java:177:87:177:89 | +| jca/Digest.java:178:65:178:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | +| jca/Digest.java:179:30:179:57 | Key | KeyType | Symmetric | jca/Digest.java:179:30:179:57 | jca/Digest.java:179:30:179:57 | +| jca/Digest.java:179:30:179:57 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:177:80:177:84 | jca/Digest.java:177:80:177:84 | +| jca/Digest.java:179:30:179:57 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:177:87:177:89 | jca/Digest.java:177:87:177:89 | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | ModeOfOperation | Name | GCM | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | +| jca/Digest.java:188:42:188:54 | Key | KeyType | Unknown | jca/Digest.java:188:42:188:54 | jca/Digest.java:188:42:188:54 | +| jca/Digest.java:189:29:189:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:189:29:189:78 | jca/Digest.java:189:29:189:78 | +| jca/Digest.java:189:44:189:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:189:44:189:66 | jca/Digest.java:189:44:189:66 | +| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:192:35:192:46 | jca/Digest.java:192:35:192:46 | +| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:192:35:192:46 | jca/Digest.java:192:35:192:46 | +| jca/Digest.java:193:18:193:23 | Key | KeyType | Unknown | jca/Digest.java:193:18:193:23 | jca/Digest.java:193:18:193:23 | +| jca/Digest.java:194:30:194:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:194:30:194:52 | jca/Digest.java:194:30:194:52 | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | ModeOfOperation | Name | GCM | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | +| jca/Digest.java:213:42:213:44 | Key | KeyType | Unknown | jca/Digest.java:213:42:213:44 | jca/Digest.java:213:42:213:44 | +| jca/Digest.java:214:32:214:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:214:32:214:51 | jca/Digest.java:214:32:214:51 | +| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Digest.java:241:21:241:23 | jca/Digest.java:241:21:241:23 | +| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | +| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | RawName | AES | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | +| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | +| jca/Digest.java:241:21:241:23 | Constant | Description | 256 | jca/Digest.java:241:21:241:23 | jca/Digest.java:241:21:241:23 | +| jca/Digest.java:242:16:242:35 | Key | KeyType | Symmetric | jca/Digest.java:242:16:242:35 | jca/Digest.java:242:16:242:35 | +| jca/Digest.java:254:9:254:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:254:9:254:42 | jca/Digest.java:254:9:254:42 | +| jca/Digest.java:254:38:254:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:254:38:254:41 | jca/Digest.java:254:38:254:41 | +| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | +| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | +| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | +| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | +| jca/EllipticCurve1.java:48:16:48:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:48:16:48:36 | jca/EllipticCurve1.java:48:16:48:36 | +| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | +| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | +| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | +| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | +| jca/EllipticCurve1.java:58:16:58:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:58:16:58:36 | jca/EllipticCurve1.java:58:16:58:36 | +| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | +| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | +| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | +| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | +| jca/EllipticCurve1.java:68:16:68:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:68:16:68:36 | jca/EllipticCurve1.java:68:16:68:36 | +| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve1.java:75:61:75:68 | jca/EllipticCurve1.java:75:61:75:68 | +| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve1.java:75:61:75:68 | jca/EllipticCurve1.java:75:61:75:68 | +| jca/EllipticCurve1.java:77:16:77:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:77:16:77:36 | jca/EllipticCurve1.java:77:16:77:36 | +| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:84:61:84:66 | jca/EllipticCurve1.java:84:61:84:66 | +| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:84:61:84:66 | jca/EllipticCurve1.java:84:61:84:66 | +| jca/EllipticCurve1.java:85:16:85:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:85:16:85:36 | jca/EllipticCurve1.java:85:16:85:36 | +| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | +| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | +| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | +| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | RawName | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | +| jca/EllipticCurve1.java:96:16:96:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:96:16:96:36 | jca/EllipticCurve1.java:96:16:96:36 | +| jca/EllipticCurve1.java:106:66:106:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:106:66:106:76 | jca/EllipticCurve1.java:106:66:106:76 | +| jca/EllipticCurve1.java:107:16:107:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:107:16:107:36 | jca/EllipticCurve1.java:107:16:107:36 | +| jca/EllipticCurve1.java:115:61:115:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:115:61:115:69 | jca/EllipticCurve1.java:115:61:115:69 | +| jca/EllipticCurve1.java:116:16:116:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:116:16:116:36 | jca/EllipticCurve1.java:116:16:116:36 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:56:16:56:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:56:16:56:36 | jca/EllipticCurve2.java:56:16:56:36 | +| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | +| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | +| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | +| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | +| jca/EllipticCurve2.java:65:16:65:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:65:16:65:36 | jca/EllipticCurve2.java:65:16:65:36 | +| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | +| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | +| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | +| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | +| jca/EllipticCurve2.java:74:16:74:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:74:16:74:36 | jca/EllipticCurve2.java:74:16:74:36 | +| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:81:61:81:68 | jca/EllipticCurve2.java:81:61:81:68 | +| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:81:61:81:68 | jca/EllipticCurve2.java:81:61:81:68 | +| jca/EllipticCurve2.java:82:16:82:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:82:16:82:36 | jca/EllipticCurve2.java:82:16:82:36 | +| jca/EllipticCurve2.java:89:61:89:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:89:61:89:69 | jca/EllipticCurve2.java:89:61:89:69 | +| jca/EllipticCurve2.java:90:16:90:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:90:16:90:36 | jca/EllipticCurve2.java:90:16:90:36 | +| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:115:52:115:57 | jca/EllipticCurve2.java:115:52:115:57 | +| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:115:52:115:57 | jca/EllipticCurve2.java:115:52:115:57 | +| jca/EllipticCurve2.java:116:17:116:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:116:17:116:36 | jca/EllipticCurve2.java:116:17:116:36 | +| jca/EllipticCurve2.java:117:20:117:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:117:20:117:36 | jca/EllipticCurve2.java:117:20:117:36 | +| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:129:52:129:57 | jca/EllipticCurve2.java:129:52:129:57 | +| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:129:52:129:57 | jca/EllipticCurve2.java:129:52:129:57 | +| jca/EllipticCurve2.java:130:17:130:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:130:17:130:37 | jca/EllipticCurve2.java:130:17:130:37 | +| jca/EllipticCurve2.java:131:20:131:39 | Key | KeyType | Unknown | jca/EllipticCurve2.java:131:20:131:39 | jca/EllipticCurve2.java:131:20:131:39 | +| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | +| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | +| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | +| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | +| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | +| jca/EllipticCurve2.java:149:28:149:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:149:28:149:42 | jca/EllipticCurve2.java:149:28:149:42 | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:151:16:151:31 | jca/EllipticCurve2.java:151:16:151:31 | +| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | +| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | +| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | +| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | +| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | +| jca/EllipticCurve2.java:164:30:164:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:164:30:164:43 | jca/EllipticCurve2.java:164:30:164:43 | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:166:16:166:47 | jca/EllipticCurve2.java:166:16:166:47 | +| jca/EllipticCurve2.java:178:53:178:61 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | +| jca/EllipticCurve2.java:179:28:179:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:179:28:179:42 | jca/EllipticCurve2.java:179:28:179:42 | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:181:16:181:31 | jca/EllipticCurve2.java:181:16:181:31 | +| jca/EllipticCurve2.java:193:53:193:61 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | +| jca/EllipticCurve2.java:194:30:194:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:194:30:194:43 | jca/EllipticCurve2.java:194:30:194:43 | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:196:16:196:47 | jca/EllipticCurve2.java:196:16:196:47 | +| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:221:52:221:57 | jca/EllipticCurve2.java:221:52:221:57 | +| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:221:52:221:57 | jca/EllipticCurve2.java:221:52:221:57 | +| jca/EllipticCurve2.java:222:17:222:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:222:17:222:37 | jca/EllipticCurve2.java:222:17:222:37 | +| jca/EllipticCurve2.java:223:20:223:41 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:20:223:41 | jca/EllipticCurve2.java:223:20:223:41 | +| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | +| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | +| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | RawName | SHA-256 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Name | AES | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Structure | Block | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | Name | GCM | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | +| jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:236:9:236:40 | jca/EllipticCurve2.java:236:9:236:40 | +| jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:236:38:236:39 | jca/EllipticCurve2.java:236:38:236:39 | +| jca/EllipticCurve2.java:238:42:238:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:238:42:238:47 | jca/EllipticCurve2.java:238:42:238:47 | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:239:29:239:53 | jca/EllipticCurve2.java:239:29:239:53 | +| jca/EllipticCurve2.java:261:30:261:53 | Constant | Description | "Test message for ECDSA" | jca/EllipticCurve2.java:261:30:261:53 | jca/EllipticCurve2.java:261:30:261:53 | +| jca/EllipticCurve2.java:274:62:274:83 | Constant | Description | "Secret ECIES Message" | jca/EllipticCurve2.java:274:62:274:83 | jca/EllipticCurve2.java:274:62:274:83 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:61:21:61:23 | jca/Encryption1.java:61:21:61:23 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | +| jca/Encryption1.java:61:21:61:23 | Constant | Description | 256 | jca/Encryption1.java:61:21:61:23 | jca/Encryption1.java:61:21:61:23 | +| jca/Encryption1.java:62:25:62:44 | Key | KeyType | Symmetric | jca/Encryption1.java:62:25:62:44 | jca/Encryption1.java:62:25:62:44 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | Name | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:63:44:63:62 | jca/Encryption1.java:63:44:63:62 | +| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:65:9:65:40 | jca/Encryption1.java:65:9:65:40 | +| jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:65:38:65:39 | jca/Encryption1.java:65:38:65:39 | +| jca/Encryption1.java:67:42:67:44 | Key | KeyType | Unknown | jca/Encryption1.java:67:42:67:44 | jca/Encryption1.java:67:42:67:44 | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:68:32:68:74 | jca/Encryption1.java:68:32:68:74 | +| jca/Encryption1.java:68:47:68:62 | Constant | Description | "Sensitive Data" | jca/Encryption1.java:68:47:68:62 | jca/Encryption1.java:68:47:68:62 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:84:21:84:23 | jca/Encryption1.java:84:21:84:23 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:83:56:83:60 | jca/Encryption1.java:83:56:83:60 | +| jca/Encryption1.java:84:21:84:23 | Constant | Description | 256 | jca/Encryption1.java:84:21:84:23 | jca/Encryption1.java:84:21:84:23 | +| jca/Encryption1.java:85:25:85:44 | Key | KeyType | Symmetric | jca/Encryption1.java:85:25:85:44 | jca/Encryption1.java:85:25:85:44 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | Name | ECB | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:88:44:88:62 | jca/Encryption1.java:88:44:88:62 | +| jca/Encryption1.java:89:42:89:44 | Key | KeyType | Unknown | jca/Encryption1.java:89:42:89:44 | jca/Encryption1.java:89:42:89:44 | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:90:32:90:74 | jca/Encryption1.java:90:32:90:74 | +| jca/Encryption1.java:90:47:90:62 | Constant | Description | "Sensitive Data" | jca/Encryption1.java:90:47:90:62 | jca/Encryption1.java:90:47:90:62 | +| jca/Encryption1.java:104:35:104:53 | Parameter | Description | publicKey | jca/Encryption1.java:104:35:104:53 | jca/Encryption1.java:104:35:104:53 | +| jca/Encryption1.java:104:56:104:66 | Parameter | Description | data | jca/Encryption1.java:104:56:104:66 | jca/Encryption1.java:104:56:104:66 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | Name | ECB | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:105:44:105:82 | jca/Encryption1.java:105:44:105:82 | +| jca/Encryption1.java:106:42:106:50 | Key | KeyType | Unknown | jca/Encryption1.java:106:42:106:50 | jca/Encryption1.java:106:42:106:50 | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:107:32:107:62 | jca/Encryption1.java:107:32:107:62 | +| jca/Encryption1.java:119:35:119:55 | Parameter | Description | privateKey | jca/Encryption1.java:119:35:119:55 | jca/Encryption1.java:119:35:119:55 | +| jca/Encryption1.java:119:58:119:77 | Parameter | Description | encryptedData | jca/Encryption1.java:119:58:119:77 | jca/Encryption1.java:119:58:119:77 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | Name | ECB | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:120:44:120:82 | jca/Encryption1.java:120:44:120:82 | +| jca/Encryption1.java:121:42:121:51 | Key | KeyType | Unknown | jca/Encryption1.java:121:42:121:51 | jca/Encryption1.java:121:42:121:51 | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/Encryption1.java:122:32:122:60 | jca/Encryption1.java:122:32:122:60 | +| jca/Encryption1.java:136:34:136:55 | Parameter | Description | rsaPublicKey | jca/Encryption1.java:136:34:136:55 | jca/Encryption1.java:136:34:136:55 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:138:21:138:23 | jca/Encryption1.java:138:21:138:23 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:137:56:137:60 | jca/Encryption1.java:137:56:137:60 | +| jca/Encryption1.java:138:21:138:23 | Constant | Description | 256 | jca/Encryption1.java:138:21:138:23 | jca/Encryption1.java:138:21:138:23 | +| jca/Encryption1.java:139:28:139:47 | Key | KeyType | Symmetric | jca/Encryption1.java:139:28:139:47 | jca/Encryption1.java:139:28:139:47 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | Name | ECB | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:141:47:141:85 | jca/Encryption1.java:141:47:141:85 | +| jca/Encryption1.java:142:45:142:56 | Key | KeyType | Unknown | jca/Encryption1.java:142:45:142:56 | jca/Encryption1.java:142:45:142:56 | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:143:34:143:71 | jca/Encryption1.java:143:34:143:71 | +| jca/Encryption1.java:159:34:159:55 | Parameter | Description | rsaPublicKey | jca/Encryption1.java:159:34:159:55 | jca/Encryption1.java:159:34:159:55 | +| jca/Encryption1.java:159:58:159:68 | Parameter | Description | data | jca/Encryption1.java:159:58:159:68 | jca/Encryption1.java:159:58:159:68 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:162:21:162:23 | jca/Encryption1.java:162:21:162:23 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:161:56:161:60 | jca/Encryption1.java:161:56:161:60 | +| jca/Encryption1.java:162:21:162:23 | Constant | Description | 256 | jca/Encryption1.java:162:21:162:23 | jca/Encryption1.java:162:21:162:23 | +| jca/Encryption1.java:163:28:163:47 | Key | KeyType | Symmetric | jca/Encryption1.java:163:28:163:47 | jca/Encryption1.java:163:28:163:47 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | DigestSize | 256 | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | Name | SHA2 | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | Name | RSA | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | Name | ECB | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | RawName | ECB | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | Name | OAEP | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/Encryption1.java:166:47:166:85 | jca/Encryption1.java:166:47:166:85 | +| jca/Encryption1.java:167:45:167:56 | Key | KeyType | Unknown | jca/Encryption1.java:167:45:167:56 | jca/Encryption1.java:167:45:167:56 | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:168:34:168:71 | jca/Encryption1.java:168:34:168:71 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | Name | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | RawName | GCM | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption1.java:171:47:171:65 | jca/Encryption1.java:171:47:171:65 | +| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption1.java:173:9:173:40 | jca/Encryption1.java:173:9:173:40 | +| jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | +| jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | +| jca/Encryption2.java:63:60:63:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | +| jca/Encryption2.java:63:60:63:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | +| jca/Encryption2.java:63:60:63:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | +| jca/Encryption2.java:63:60:63:70 | EllipticCurve | RawName | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | +| jca/Encryption2.java:64:16:64:49 | Key | KeyType | Asymmetric | jca/Encryption2.java:64:16:64:49 | jca/Encryption2.java:64:16:64:49 | +| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | Name | ECDH | jca/Encryption2.java:80:62:80:67 | jca/Encryption2.java:80:62:80:67 | +| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | RawName | ECDH | jca/Encryption2.java:80:62:80:67 | jca/Encryption2.java:80:62:80:67 | +| jca/Encryption2.java:81:27:81:36 | Key | KeyType | Unknown | jca/Encryption2.java:81:27:81:36 | jca/Encryption2.java:81:27:81:36 | +| jca/Encryption2.java:82:30:82:38 | Key | KeyType | Unknown | jca/Encryption2.java:82:30:82:38 | jca/Encryption2.java:82:30:82:38 | +| jca/Encryption2.java:103:38:103:65 | Parameter | Description | recipientPublicKey | jca/Encryption2.java:103:38:103:65 | jca/Encryption2.java:103:38:103:65 | +| jca/Encryption2.java:103:68:103:78 | Parameter | Description | data | jca/Encryption2.java:103:68:103:78 | jca/Encryption2.java:103:68:103:78 | +| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | +| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | +| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | RawName | SHA-256 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | +| jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:120:9:120:40 | jca/Encryption2.java:120:9:120:40 | +| jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:120:38:120:39 | jca/Encryption2.java:120:38:120:39 | +| jca/Encryption2.java:122:45:122:50 | Key | KeyType | Unknown | jca/Encryption2.java:122:45:122:50 | jca/Encryption2.java:122:45:122:50 | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:123:32:123:65 | jca/Encryption2.java:123:32:123:65 | +| jca/Encryption2.java:149:45:149:65 | Parameter | Description | ecPublicKey | jca/Encryption2.java:149:45:149:65 | jca/Encryption2.java:149:45:149:65 | +| jca/Encryption2.java:149:68:149:88 | Parameter | Description | pqSharedSecret | jca/Encryption2.java:149:68:149:88 | jca/Encryption2.java:149:68:149:88 | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | +| jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:164:9:164:40 | jca/Encryption2.java:164:9:164:40 | +| jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:164:38:164:39 | jca/Encryption2.java:164:38:164:39 | +| jca/Encryption2.java:166:45:166:50 | Key | KeyType | Unknown | jca/Encryption2.java:166:45:166:50 | jca/Encryption2.java:166:45:166:50 | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:167:32:167:98 | jca/Encryption2.java:167:32:167:98 | +| jca/Encryption2.java:167:50:167:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:167:50:167:86 | jca/Encryption2.java:167:50:167:86 | +| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:192:36:192:47 | jca/Encryption2.java:192:36:192:47 | +| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:192:36:192:47 | jca/Encryption2.java:192:36:192:47 | +| jca/Encryption2.java:194:19:194:27 | Key | KeyType | Unknown | jca/Encryption2.java:194:19:194:27 | jca/Encryption2.java:194:19:194:27 | +| jca/Encryption2.java:195:31:195:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:195:31:195:52 | jca/Encryption2.java:195:31:195:52 | +| jca/Hash.java:87:58:87:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | +| jca/Hash.java:87:58:87:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | +| jca/Hash.java:87:58:87:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | +| jca/Hash.java:88:37:88:54 | Constant | Description | "Simple Test Data" | jca/Hash.java:88:37:88:54 | jca/Hash.java:88:37:88:54 | +| jca/Hash.java:101:61:101:65 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | +| jca/Hash.java:101:61:101:65 | HashAlgorithm | Name | MD5 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | +| jca/Hash.java:101:61:101:65 | HashAlgorithm | RawName | MD5 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | +| jca/Hash.java:102:40:102:58 | Constant | Description | "Weak Hash Example" | jca/Hash.java:102:40:102:58 | jca/Hash.java:102:40:102:58 | +| jca/Hash.java:150:29:150:40 | Parameter | Description | input | jca/Hash.java:150:29:150:40 | jca/Hash.java:150:29:150:40 | +| jca/Hash.java:150:43:150:63 | Parameter | Description | privateKey | jca/Hash.java:150:43:150:63 | jca/Hash.java:150:43:150:63 | +| jca/Hash.java:151:53:151:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | +| jca/Hash.java:151:53:151:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | +| jca/Hash.java:151:53:151:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | +| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | +| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | +| jca/Hash.java:152:28:152:37 | Key | KeyType | Unknown | jca/Hash.java:152:28:152:37 | jca/Hash.java:152:28:152:37 | +| jca/Hash.java:154:29:154:44 | SignOperation | KeyOperationSubtype | Sign | jca/Hash.java:154:29:154:44 | jca/Hash.java:154:29:154:44 | +| jca/Hash.java:172:40:172:51 | Parameter | Description | input | jca/Hash.java:172:40:172:51 | jca/Hash.java:172:40:172:51 | +| jca/Hash.java:172:54:172:70 | Parameter | Description | signedHash | jca/Hash.java:172:54:172:70 | jca/Hash.java:172:54:172:70 | +| jca/Hash.java:172:73:172:91 | Parameter | Description | publicKey | jca/Hash.java:172:73:172:91 | jca/Hash.java:172:73:172:91 | +| jca/Hash.java:173:53:173:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | +| jca/Hash.java:173:53:173:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | +| jca/Hash.java:173:53:173:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | +| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | +| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | +| jca/Hash.java:174:30:174:38 | Key | KeyType | Unknown | jca/Hash.java:174:30:174:38 | jca/Hash.java:174:30:174:38 | +| jca/Hash.java:176:16:176:43 | VerifyOperation | KeyOperationSubtype | Verify | jca/Hash.java:176:16:176:43 | jca/Hash.java:176:16:176:43 | +| jca/Hash.java:191:43:191:53 | Parameter | Description | data | jca/Hash.java:191:43:191:53 | jca/Hash.java:191:43:191:53 | +| jca/Hash.java:192:58:192:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | +| jca/Hash.java:192:58:192:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | +| jca/Hash.java:192:58:192:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | +| jca/Hash.java:210:43:210:54 | Parameter | Description | input | jca/Hash.java:210:43:210:54 | jca/Hash.java:210:43:210:54 | +| jca/Hash.java:211:33:211:39 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | +| jca/Hash.java:211:33:211:39 | HashAlgorithm | Name | SHA1 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | +| jca/Hash.java:211:33:211:39 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | +| jca/Hash.java:211:42:211:50 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:211:42:211:50 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:211:42:211:50 | jca/Hash.java:211:42:211:50 | +| jca/Hash.java:211:53:211:61 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | +| jca/Hash.java:211:53:211:61 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | +| jca/Hash.java:211:53:211:61 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | +| jca/Hash.java:211:64:211:72 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | +| jca/Hash.java:211:64:211:72 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | +| jca/Hash.java:211:64:211:72 | HashAlgorithm | RawName | SHA-384 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | +| jca/Hash.java:211:75:211:83 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | +| jca/Hash.java:211:75:211:83 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | +| jca/Hash.java:211:75:211:83 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | +| jca/Hash.java:211:86:211:95 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | +| jca/Hash.java:211:86:211:95 | HashAlgorithm | Name | SHA3 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | +| jca/Hash.java:211:86:211:95 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | +| jca/Hash.java:211:98:211:107 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | +| jca/Hash.java:211:98:211:107 | HashAlgorithm | Name | SHA3 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | +| jca/Hash.java:211:98:211:107 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | +| jca/Hash.java:212:17:212:29 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:212:17:212:29 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:212:17:212:29 | jca/Hash.java:212:17:212:29 | +| jca/Hash.java:212:32:212:44 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:212:32:212:44 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:212:32:212:44 | jca/Hash.java:212:32:212:44 | +| jca/Hash.java:212:47:212:51 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | +| jca/Hash.java:212:47:212:51 | HashAlgorithm | Name | MD5 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | +| jca/Hash.java:212:47:212:51 | HashAlgorithm | RawName | MD5 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | +| jca/Hash.java:233:43:233:54 | Parameter | Description | input | jca/Hash.java:233:43:233:54 | jca/Hash.java:233:43:233:54 | +| jca/Hash.java:233:57:233:66 | Parameter | Description | key | jca/Hash.java:233:57:233:66 | jca/Hash.java:233:57:233:66 | +| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:33:234:42 | jca/Hash.java:234:33:234:42 | +| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:234:33:234:42 | jca/Hash.java:234:33:234:42 | +| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:45:234:56 | jca/Hash.java:234:45:234:56 | +| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:234:45:234:56 | jca/Hash.java:234:45:234:56 | +| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:59:234:70 | jca/Hash.java:234:59:234:70 | +| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:234:59:234:70 | jca/Hash.java:234:59:234:70 | +| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:73:234:84 | jca/Hash.java:234:73:234:84 | +| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:234:73:234:84 | jca/Hash.java:234:73:234:84 | +| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:87:234:100 | jca/Hash.java:234:87:234:100 | +| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:234:87:234:100 | jca/Hash.java:234:87:234:100 | +| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:103:234:116 | jca/Hash.java:234:103:234:116 | +| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:234:103:234:116 | jca/Hash.java:234:103:234:116 | +| jca/Hash.java:238:22:238:30 | Key | KeyType | Unknown | jca/Hash.java:238:22:238:30 | jca/Hash.java:238:22:238:30 | +| jca/Hash.java:239:27:239:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:239:27:239:55 | jca/Hash.java:239:27:239:55 | +| jca/Hash.java:256:40:256:54 | Parameter | Description | password | jca/Hash.java:256:40:256:54 | jca/Hash.java:256:40:256:54 | +| jca/Hash.java:259:72:259:76 | Constant | Description | 10000 | jca/Hash.java:259:72:259:76 | jca/Hash.java:259:72:259:76 | +| jca/Hash.java:259:79:259:81 | Constant | Description | 256 | jca/Hash.java:259:79:259:81 | jca/Hash.java:259:79:259:81 | +| jca/Hash.java:260:65:260:86 | HMACAlgorithm | Name | HMAC | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | HashAlgorithm | Name | SHA2 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | +| jca/Hash.java:261:23:261:50 | Key | KeyType | Symmetric | jca/Hash.java:261:23:261:50 | jca/Hash.java:261:23:261:50 | +| jca/Hash.java:261:23:261:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:259:72:259:76 | jca/Hash.java:259:72:259:76 | +| jca/Hash.java:261:23:261:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:259:79:259:81 | jca/Hash.java:259:79:259:81 | +| jca/Hash.java:277:37:277:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:277:37:277:58 | jca/Hash.java:277:37:277:58 | +| jca/Hash.java:292:33:292:41 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | +| jca/Hash.java:292:33:292:41 | HashAlgorithm | Name | SHA2 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | +| jca/Hash.java:292:33:292:41 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | +| jca/Hash.java:292:44:292:52 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | +| jca/Hash.java:292:44:292:52 | HashAlgorithm | Name | SHA2 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | +| jca/Hash.java:292:44:292:52 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | +| jca/Hash.java:292:55:292:64 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | +| jca/Hash.java:292:55:292:64 | HashAlgorithm | Name | SHA3 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | +| jca/Hash.java:292:55:292:64 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | +| jca/Hash.java:292:67:292:76 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | +| jca/Hash.java:292:67:292:76 | HashAlgorithm | Name | SHA3 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | +| jca/Hash.java:292:67:292:76 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | +| jca/Hash.java:295:27:295:38 | Constant | Description | "fixed-seed" | jca/Hash.java:295:27:295:38 | jca/Hash.java:295:27:295:38 | +| jca/Hash.java:321:16:321:66 | LocalData | Description | getProperty(...) | jca/Hash.java:321:16:321:66 | jca/Hash.java:321:16:321:66 | +| jca/Hash.java:321:57:321:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | +| jca/Hash.java:321:57:321:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | +| jca/Hash.java:321:57:321:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | +| jca/Hash.java:338:9:338:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:338:9:338:42 | jca/Hash.java:338:9:338:42 | +| jca/Hash.java:338:38:338:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:338:38:338:41 | jca/Hash.java:338:38:338:41 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | Name | CBC | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | RawName | CBC | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | Name | PKCS7 | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | +| jca/IVArtifact.java:31:42:31:44 | Key | KeyType | Unknown | jca/IVArtifact.java:31:42:31:44 | jca/IVArtifact.java:31:42:31:44 | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:32:29:32:73 | jca/IVArtifact.java:32:29:32:73 | +| jca/IVArtifact.java:32:44:32:61 | Constant | Description | "Simple Test Data" | jca/IVArtifact.java:32:44:32:61 | jca/IVArtifact.java:32:44:32:61 | +| jca/IVArtifact.java:38:42:38:44 | Key | KeyType | Unknown | jca/IVArtifact.java:38:42:38:44 | jca/IVArtifact.java:38:42:38:44 | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:39:29:39:53 | jca/IVArtifact.java:39:29:39:53 | +| jca/IVArtifact.java:49:27:49:42 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:49:27:49:42 | jca/IVArtifact.java:49:27:49:42 | +| jca/IVArtifact.java:70:16:70:81 | LocalData | Description | getProperty(...) | jca/IVArtifact.java:70:16:70:81 | jca/IVArtifact.java:70:16:70:81 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | Name | CBC | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | RawName | CBC | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | Name | PKCS7 | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | RawName | PKCS5Padding | jca/IVArtifact.java:70:59:70:80 | jca/IVArtifact.java:70:59:70:80 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:74:56:74:60 | jca/IVArtifact.java:74:56:74:60 | +| jca/IVArtifact.java:75:21:75:23 | Constant | Description | 256 | jca/IVArtifact.java:75:21:75:23 | jca/IVArtifact.java:75:21:75:23 | +| jca/IVArtifact.java:76:16:76:35 | Key | KeyType | Symmetric | jca/IVArtifact.java:76:16:76:35 | jca/IVArtifact.java:76:16:76:35 | +| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | +| jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | +| jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | +| jca/IVArtifact.java:109:42:109:44 | Key | KeyType | Unknown | jca/IVArtifact.java:109:42:109:44 | jca/IVArtifact.java:109:42:109:44 | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:110:16:110:40 | jca/IVArtifact.java:110:16:110:40 | +| jca/IVArtifact.java:118:31:118:34 | Constant | Description | null | jca/IVArtifact.java:118:31:118:34 | jca/IVArtifact.java:118:31:118:34 | +| jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:132:13:132:50 | jca/IVArtifact.java:132:13:132:50 | +| jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:132:42:132:49 | jca/IVArtifact.java:132:42:132:49 | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | +| jca/IVArtifact.java:136:42:136:44 | Key | KeyType | Unknown | jca/IVArtifact.java:136:42:136:44 | jca/IVArtifact.java:136:42:136:44 | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:137:16:137:40 | jca/IVArtifact.java:137:16:137:40 | +| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | DigestSize | 256 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | +| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | Name | SHA2 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | +| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | RawName | SHA-256 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | +| jca/IVArtifact.java:158:45:158:59 | Constant | Description | "fixedConstant" | jca/IVArtifact.java:158:45:158:59 | jca/IVArtifact.java:158:45:158:59 | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | +| jca/IVArtifact.java:162:42:162:44 | Key | KeyType | Unknown | jca/IVArtifact.java:162:42:162:44 | jca/IVArtifact.java:162:42:162:44 | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:163:16:163:40 | jca/IVArtifact.java:163:16:163:40 | +| jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:183:9:183:40 | jca/IVArtifact.java:183:9:183:40 | +| jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:183:38:183:39 | jca/IVArtifact.java:183:38:183:39 | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | +| jca/IVArtifact.java:188:46:188:48 | Key | KeyType | Unknown | jca/IVArtifact.java:188:46:188:48 | jca/IVArtifact.java:188:46:188:48 | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:189:30:189:58 | jca/IVArtifact.java:189:30:189:58 | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | +| jca/IVArtifact.java:207:42:207:44 | Key | KeyType | Unknown | jca/IVArtifact.java:207:42:207:44 | jca/IVArtifact.java:207:42:207:44 | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:208:16:208:40 | jca/IVArtifact.java:208:16:208:40 | +| jca/IVArtifact.java:221:53:221:65 | Parameter | Description | key | jca/IVArtifact.java:221:53:221:65 | jca/IVArtifact.java:221:53:221:65 | +| jca/IVArtifact.java:221:68:221:83 | Parameter | Description | plaintext | jca/IVArtifact.java:221:68:221:83 | jca/IVArtifact.java:221:68:221:83 | +| jca/IVArtifact.java:242:60:242:72 | Parameter | Description | key | jca/IVArtifact.java:242:60:242:72 | jca/IVArtifact.java:242:60:242:72 | +| jca/IVArtifact.java:242:75:242:90 | Parameter | Description | plaintext | jca/IVArtifact.java:242:75:242:90 | jca/IVArtifact.java:242:75:242:90 | +| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:262:21:262:23 | jca/IVArtifact.java:262:21:262:23 | +| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | +| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | +| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | +| jca/IVArtifact.java:262:21:262:23 | Constant | Description | 256 | jca/IVArtifact.java:262:21:262:23 | jca/IVArtifact.java:262:21:262:23 | +| jca/IVArtifact.java:263:29:263:44 | Key | KeyType | Symmetric | jca/IVArtifact.java:263:29:263:44 | jca/IVArtifact.java:263:29:263:44 | +| jca/IVArtifact.java:264:32:264:47 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:264:32:264:47 | jca/IVArtifact.java:264:32:264:47 | +| jca/IVArtifact.java:283:35:283:47 | Constant | Description | "Message One" | jca/IVArtifact.java:283:35:283:47 | jca/IVArtifact.java:283:35:283:47 | +| jca/IVArtifact.java:283:61:283:73 | Constant | Description | "Message Two" | jca/IVArtifact.java:283:61:283:73 | jca/IVArtifact.java:283:61:283:73 | +| jca/IVArtifact.java:283:87:283:101 | Constant | Description | "Message Three" | jca/IVArtifact.java:283:87:283:101 | jca/IVArtifact.java:283:87:283:101 | +| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | +| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | +| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | +| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | RawName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | +| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | +| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | +| jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | Constant | Description | 255 | jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | +| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | +| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | +| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | +| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | +| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | +| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | +| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | +| jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | +| jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | +| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | +| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | +| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | +| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | +| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | +| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | +| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | +| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | +| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | +| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | +| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | +| jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | +| jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | +| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | +| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | +| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | +| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | +| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | +| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | +| jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | +| jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | Description | key | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | +| jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | +| jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | Constant | Description | 10000 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | +| jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Iterations | Constant:10000 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | +| jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | +| jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | +| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | +| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | +| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | +| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | +| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | +| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | +| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | RawName | AES | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | +| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | +| jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | +| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | +| jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | +| jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | +| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:20:21:20:23 | jca/KeyArtifact.java:20:21:20:23 | +| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | +| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | +| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | +| jca/KeyArtifact.java:20:21:20:23 | Constant | Description | 256 | jca/KeyArtifact.java:20:21:20:23 | jca/KeyArtifact.java:20:21:20:23 | +| jca/KeyArtifact.java:21:31:21:50 | Key | KeyType | Symmetric | jca/KeyArtifact.java:21:31:21:50 | jca/KeyArtifact.java:21:31:21:50 | +| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:25:21:25:23 | jca/KeyArtifact.java:25:21:25:23 | +| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | +| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | +| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | +| jca/KeyArtifact.java:25:21:25:23 | Constant | Description | 256 | jca/KeyArtifact.java:25:21:25:23 | jca/KeyArtifact.java:25:21:25:23 | +| jca/KeyArtifact.java:26:30:26:49 | Key | KeyType | Symmetric | jca/KeyArtifact.java:26:30:26:49 | jca/KeyArtifact.java:26:30:26:49 | +| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:32:31:32:34 | jca/KeyArtifact.java:32:31:32:34 | +| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:31:68:31:72 | jca/KeyArtifact.java:31:68:31:72 | +| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:31:68:31:72 | jca/KeyArtifact.java:31:68:31:72 | +| jca/KeyArtifact.java:32:31:32:34 | Constant | Description | 2048 | jca/KeyArtifact.java:32:31:32:34 | jca/KeyArtifact.java:32:31:32:34 | +| jca/KeyArtifact.java:33:30:33:57 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:33:30:33:57 | jca/KeyArtifact.java:33:30:33:57 | +| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:37:31:37:34 | jca/KeyArtifact.java:37:31:37:34 | +| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:36:51:36:55 | jca/KeyArtifact.java:36:51:36:55 | +| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:36:51:36:55 | jca/KeyArtifact.java:36:51:36:55 | +| jca/KeyArtifact.java:37:31:37:34 | Constant | Description | 2048 | jca/KeyArtifact.java:37:31:37:34 | jca/KeyArtifact.java:37:31:37:34 | +| jca/KeyArtifact.java:38:29:38:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:38:29:38:56 | jca/KeyArtifact.java:38:29:38:56 | +| jca/KeyArtifact.java:42:31:42:33 | Constant | Description | 256 | jca/KeyArtifact.java:42:31:42:33 | jca/KeyArtifact.java:42:31:42:33 | +| jca/KeyArtifact.java:43:26:43:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:43:26:43:53 | jca/KeyArtifact.java:43:26:43:53 | +| jca/KeyArtifact.java:63:28:63:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:63:28:63:73 | jca/KeyArtifact.java:63:28:63:73 | +| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:66:21:66:23 | jca/KeyArtifact.java:66:21:66:23 | +| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | +| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | +| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | +| jca/KeyArtifact.java:66:21:66:23 | Constant | Description | 256 | jca/KeyArtifact.java:66:21:66:23 | jca/KeyArtifact.java:66:21:66:23 | +| jca/KeyArtifact.java:67:32:67:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:67:32:67:51 | jca/KeyArtifact.java:67:32:67:51 | +| jca/KeyArtifact.java:73:31:73:34 | Constant | Description | 2048 | jca/KeyArtifact.java:73:31:73:34 | jca/KeyArtifact.java:73:31:73:34 | +| jca/KeyArtifact.java:74:16:74:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:74:16:74:43 | jca/KeyArtifact.java:74:16:74:43 | +| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:73:31:73:34 | jca/KeyArtifact.java:73:31:73:34 | +| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:79:33:79:37 | jca/KeyArtifact.java:79:33:79:37 | +| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:79:33:79:37 | jca/KeyArtifact.java:79:33:79:37 | +| jca/KeyArtifact.java:79:46:79:54 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:79:46:79:54 | jca/KeyArtifact.java:79:46:79:54 | +| jca/KeyDerivation1.java:92:39:92:53 | Parameter | Description | password | jca/KeyDerivation1.java:92:39:92:53 | jca/KeyDerivation1.java:92:39:92:53 | +| jca/KeyDerivation1.java:94:72:94:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:94:72:94:76 | jca/KeyDerivation1.java:94:72:94:76 | +| jca/KeyDerivation1.java:94:79:94:81 | Constant | Description | 256 | jca/KeyDerivation1.java:94:79:94:81 | jca/KeyDerivation1.java:94:79:94:81 | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | +| jca/KeyDerivation1.java:96:22:96:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:96:22:96:49 | jca/KeyDerivation1.java:96:22:96:49 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:94:72:94:76 | jca/KeyDerivation1.java:94:72:94:76 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:94:79:94:81 | jca/KeyDerivation1.java:94:79:94:81 | +| jca/KeyDerivation1.java:109:36:109:50 | Parameter | Description | password | jca/KeyDerivation1.java:109:36:109:50 | jca/KeyDerivation1.java:109:36:109:50 | +| jca/KeyDerivation1.java:111:72:111:73 | Constant | Description | 10 | jca/KeyDerivation1.java:111:72:111:73 | jca/KeyDerivation1.java:111:72:111:73 | +| jca/KeyDerivation1.java:111:76:111:78 | Constant | Description | 256 | jca/KeyDerivation1.java:111:76:111:78 | jca/KeyDerivation1.java:111:76:111:78 | +| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | +| jca/KeyDerivation1.java:113:22:113:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:113:22:113:49 | jca/KeyDerivation1.java:113:22:113:49 | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Iterations | Constant:10 | jca/KeyDerivation1.java:111:72:111:73 | jca/KeyDerivation1.java:111:72:111:73 | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:111:76:111:78 | jca/KeyDerivation1.java:111:76:111:78 | +| jca/KeyDerivation1.java:124:37:124:51 | Parameter | Description | password | jca/KeyDerivation1.java:124:37:124:51 | jca/KeyDerivation1.java:124:37:124:51 | +| jca/KeyDerivation1.java:126:72:126:80 | Constant | Description | 1_000_000 | jca/KeyDerivation1.java:126:72:126:80 | jca/KeyDerivation1.java:126:72:126:80 | +| jca/KeyDerivation1.java:126:83:126:85 | Constant | Description | 256 | jca/KeyDerivation1.java:126:83:126:85 | jca/KeyDerivation1.java:126:83:126:85 | +| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | +| jca/KeyDerivation1.java:128:22:128:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:128:22:128:49 | jca/KeyDerivation1.java:128:22:128:49 | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Iterations | Constant:1_000_000 | jca/KeyDerivation1.java:126:72:126:80 | jca/KeyDerivation1.java:126:72:126:80 | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:126:83:126:85 | jca/KeyDerivation1.java:126:83:126:85 | +| jca/KeyDerivation1.java:140:32:140:46 | Parameter | Description | password | jca/KeyDerivation1.java:140:32:140:46 | jca/KeyDerivation1.java:140:32:140:46 | +| jca/KeyDerivation1.java:142:72:142:76 | Constant | Description | 80000 | jca/KeyDerivation1.java:142:72:142:76 | jca/KeyDerivation1.java:142:72:142:76 | +| jca/KeyDerivation1.java:142:79:142:81 | Constant | Description | 256 | jca/KeyDerivation1.java:142:79:142:81 | jca/KeyDerivation1.java:142:79:142:81 | +| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | DigestSize | 160 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | Name | SHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | +| jca/KeyDerivation1.java:144:22:144:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:144:22:144:49 | jca/KeyDerivation1.java:144:22:144:49 | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Iterations | Constant:80000 | jca/KeyDerivation1.java:142:72:142:76 | jca/KeyDerivation1.java:142:72:142:76 | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:142:79:142:81 | jca/KeyDerivation1.java:142:79:142:81 | +| jca/KeyDerivation1.java:155:34:155:48 | Parameter | Description | password | jca/KeyDerivation1.java:155:34:155:48 | jca/KeyDerivation1.java:155:34:155:48 | +| jca/KeyDerivation1.java:157:72:157:77 | Constant | Description | 160000 | jca/KeyDerivation1.java:157:72:157:77 | jca/KeyDerivation1.java:157:72:157:77 | +| jca/KeyDerivation1.java:157:80:157:82 | Constant | Description | 256 | jca/KeyDerivation1.java:157:80:157:82 | jca/KeyDerivation1.java:157:80:157:82 | +| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | DigestSize | 512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:159:22:159:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:159:22:159:49 | jca/KeyDerivation1.java:159:22:159:49 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Iterations | Constant:160000 | jca/KeyDerivation1.java:157:72:157:77 | jca/KeyDerivation1.java:157:72:157:77 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:157:80:157:82 | jca/KeyDerivation1.java:157:80:157:82 | +| jca/KeyDerivation1.java:175:28:175:42 | Parameter | Description | password | jca/KeyDerivation1.java:175:28:175:42 | jca/KeyDerivation1.java:175:28:175:42 | +| jca/KeyDerivation1.java:178:72:178:75 | Constant | Description | 1024 | jca/KeyDerivation1.java:178:72:178:75 | jca/KeyDerivation1.java:178:72:178:75 | +| jca/KeyDerivation1.java:178:78:178:80 | Constant | Description | 128 | jca/KeyDerivation1.java:178:78:178:80 | jca/KeyDerivation1.java:178:78:178:80 | +| jca/KeyDerivation1.java:179:65:179:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:179:65:179:72 | jca/KeyDerivation1.java:179:65:179:72 | +| jca/KeyDerivation1.java:180:22:180:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:180:22:180:49 | jca/KeyDerivation1.java:180:22:180:49 | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Iterations | Constant:1024 | jca/KeyDerivation1.java:178:72:178:75 | jca/KeyDerivation1.java:178:72:178:75 | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | KeySize | Constant:128 | jca/KeyDerivation1.java:178:78:178:80 | jca/KeyDerivation1.java:178:78:178:80 | +| jca/KeyDerivation1.java:191:30:191:44 | Parameter | Description | password | jca/KeyDerivation1.java:191:30:191:44 | jca/KeyDerivation1.java:191:30:191:44 | +| jca/KeyDerivation1.java:194:72:194:76 | Constant | Description | 16384 | jca/KeyDerivation1.java:194:72:194:76 | jca/KeyDerivation1.java:194:72:194:76 | +| jca/KeyDerivation1.java:194:79:194:81 | Constant | Description | 256 | jca/KeyDerivation1.java:194:79:194:81 | jca/KeyDerivation1.java:194:79:194:81 | +| jca/KeyDerivation1.java:195:65:195:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:195:65:195:72 | jca/KeyDerivation1.java:195:65:195:72 | +| jca/KeyDerivation1.java:196:22:196:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:196:22:196:49 | jca/KeyDerivation1.java:196:22:196:49 | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Iterations | Constant:16384 | jca/KeyDerivation1.java:194:72:194:76 | jca/KeyDerivation1.java:194:72:194:76 | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:194:79:194:81 | jca/KeyDerivation1.java:194:79:194:81 | +| jca/KeyDerivation1.java:264:45:264:56 | Parameter | Description | input | jca/KeyDerivation1.java:264:45:264:56 | jca/KeyDerivation1.java:264:45:264:56 | +| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | +| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | +| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Name | AES | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Structure | Block | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | Name | ECB | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | RawName | ECB | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | RawName | NoPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | +| jca/KeyDerivation1.java:272:55:272:57 | Key | KeyType | Unknown | jca/KeyDerivation1.java:272:55:272:57 | jca/KeyDerivation1.java:272:55:272:57 | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyDerivation1.java:273:29:273:74 | jca/KeyDerivation1.java:273:29:273:74 | +| jca/KeyDerivation1.java:273:44:273:62 | Constant | Description | "SampleData16Bytes" | jca/KeyDerivation1.java:273:44:273:62 | jca/KeyDerivation1.java:273:44:273:62 | +| jca/KeyDerivation1.java:291:32:291:41 | Parameter | Description | ikm | jca/KeyDerivation1.java:291:32:291:41 | jca/KeyDerivation1.java:291:32:291:41 | +| jca/KeyDerivation1.java:306:43:306:57 | Parameter | Description | password | jca/KeyDerivation1.java:306:43:306:57 | jca/KeyDerivation1.java:306:43:306:57 | +| jca/KeyDerivation1.java:306:60:306:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:306:60:306:78 | jca/KeyDerivation1.java:306:60:306:78 | +| jca/KeyDerivation1.java:325:37:325:51 | Parameter | Description | password | jca/KeyDerivation1.java:325:37:325:51 | jca/KeyDerivation1.java:325:37:325:51 | +| jca/KeyDerivation1.java:332:25:332:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:332:25:332:76 | jca/KeyDerivation1.java:332:25:332:76 | +| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | +| jca/KeyDerivation1.java:333:43:333:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:333:43:333:86 | jca/KeyDerivation1.java:333:43:333:86 | +| jca/KeyDerivation1.java:334:40:334:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:334:40:334:78 | jca/KeyDerivation1.java:334:40:334:78 | +| jca/KeyDerivation1.java:339:26:339:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:339:26:339:53 | jca/KeyDerivation1.java:339:26:339:53 | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:333:43:333:86 | jca/KeyDerivation1.java:333:43:333:86 | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:334:40:334:78 | jca/KeyDerivation1.java:334:40:334:78 | +| jca/KeyDerivation1.java:356:72:356:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:356:72:356:76 | jca/KeyDerivation1.java:356:72:356:76 | +| jca/KeyDerivation1.java:356:79:356:81 | Constant | Description | 256 | jca/KeyDerivation1.java:356:79:356:81 | jca/KeyDerivation1.java:356:79:356:81 | +| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | +| jca/KeyDerivation1.java:358:16:358:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:358:16:358:43 | jca/KeyDerivation1.java:358:16:358:43 | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:356:72:356:76 | jca/KeyDerivation1.java:356:72:356:76 | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:356:79:356:81 | jca/KeyDerivation1.java:356:79:356:81 | +| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:370:36:370:47 | jca/KeyDerivation1.java:370:36:370:47 | +| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:370:36:370:47 | jca/KeyDerivation1.java:370:36:370:47 | +| jca/KeyDerivation1.java:372:19:372:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:372:19:372:27 | jca/KeyDerivation1.java:372:19:372:27 | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:373:22:373:38 | jca/KeyDerivation1.java:373:22:373:38 | +| jca/KeyDerivation1.java:377:19:377:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:377:19:377:54 | jca/KeyDerivation1.java:377:19:377:54 | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:378:22:378:62 | jca/KeyDerivation1.java:378:22:378:62 | +| jca/KeyDerivation1.java:378:35:378:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:378:35:378:50 | jca/KeyDerivation1.java:378:35:378:50 | +| jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:391:9:391:42 | jca/KeyDerivation1.java:391:9:391:42 | +| jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:391:38:391:41 | jca/KeyDerivation1.java:391:38:391:41 | +| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:65:21:65:23 | jca/KeyEncapsulation.java:65:21:65:23 | +| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | +| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | +| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | +| jca/KeyEncapsulation.java:65:21:65:23 | Constant | Description | 256 | jca/KeyEncapsulation.java:65:21:65:23 | jca/KeyEncapsulation.java:65:21:65:23 | +| jca/KeyEncapsulation.java:66:28:66:47 | Key | KeyType | Symmetric | jca/KeyEncapsulation.java:66:28:66:47 | jca/KeyEncapsulation.java:66:28:66:47 | +| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | +| jca/KeyEncapsulation.java:72:45:72:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:72:45:72:50 | jca/KeyEncapsulation.java:72:45:72:50 | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:73:29:73:66 | jca/KeyEncapsulation.java:73:29:73:66 | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | +| jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:79:9:79:40 | jca/KeyEncapsulation.java:79:9:79:40 | +| jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:79:38:79:39 | jca/KeyEncapsulation.java:79:38:79:39 | +| jca/KeyEncapsulation.java:81:45:81:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:81:45:81:50 | jca/KeyEncapsulation.java:81:45:81:50 | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:82:29:82:80 | jca/KeyEncapsulation.java:82:29:82:80 | +| jca/KeyEncapsulation.java:82:47:82:68 | Constant | Description | "KEM-based encryption" | jca/KeyEncapsulation.java:82:47:82:68 | jca/KeyEncapsulation.java:82:47:82:68 | +| jca/KeyEncapsulation.java:96:37:96:54 | Parameter | Description | rsaPriv | jca/KeyEncapsulation.java:96:37:96:54 | jca/KeyEncapsulation.java:96:37:96:54 | +| jca/KeyEncapsulation.java:96:57:96:73 | Parameter | Description | wrappedKey | jca/KeyEncapsulation.java:96:57:96:73 | jca/KeyEncapsulation.java:96:57:96:73 | +| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | +| jca/KeyEncapsulation.java:98:45:98:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:98:45:98:51 | jca/KeyEncapsulation.java:98:45:98:51 | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:99:30:99:58 | jca/KeyEncapsulation.java:99:30:99:58 | +| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | +| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | +| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | +| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | +| jca/KeyEncapsulation.java:123:31:123:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:123:31:123:51 | jca/KeyEncapsulation.java:123:31:123:51 | +| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:126:52:126:57 | jca/KeyEncapsulation.java:126:52:126:57 | +| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:126:52:126:57 | jca/KeyEncapsulation.java:126:52:126:57 | +| jca/KeyEncapsulation.java:127:17:127:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:127:17:127:40 | jca/KeyEncapsulation.java:127:17:127:40 | +| jca/KeyEncapsulation.java:128:20:128:24 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:128:20:128:24 | jca/KeyEncapsulation.java:128:20:128:24 | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | +| jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:140:9:140:40 | jca/KeyEncapsulation.java:140:9:140:40 | +| jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:140:38:140:39 | jca/KeyEncapsulation.java:140:38:140:39 | +| jca/KeyEncapsulation.java:141:45:141:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:141:45:141:50 | jca/KeyEncapsulation.java:141:45:141:50 | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:142:29:142:73 | jca/KeyEncapsulation.java:142:29:142:73 | +| jca/KeyEncapsulation.java:142:47:142:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:142:47:142:61 | jca/KeyEncapsulation.java:142:47:142:61 | +| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | +| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | +| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | +| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | +| jca/KeyEncapsulation.java:192:31:192:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:192:31:192:51 | jca/KeyEncapsulation.java:192:31:192:51 | +| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:193:52:193:57 | jca/KeyEncapsulation.java:193:52:193:57 | +| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:193:52:193:57 | jca/KeyEncapsulation.java:193:52:193:57 | +| jca/KeyEncapsulation.java:194:17:194:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:194:17:194:40 | jca/KeyEncapsulation.java:194:17:194:40 | +| jca/KeyEncapsulation.java:195:20:195:34 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:195:20:195:34 | jca/KeyEncapsulation.java:195:20:195:34 | +| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyEncapsulation.java:213:27:213:30 | jca/KeyEncapsulation.java:213:27:213:30 | +| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:212:64:212:68 | jca/KeyEncapsulation.java:212:64:212:68 | +| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:212:64:212:68 | jca/KeyEncapsulation.java:212:64:212:68 | +| jca/KeyEncapsulation.java:213:27:213:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:213:27:213:30 | jca/KeyEncapsulation.java:213:27:213:30 | +| jca/KeyEncapsulation.java:214:25:214:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:214:25:214:48 | jca/KeyEncapsulation.java:214:25:214:48 | +| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | +| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | +| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | +| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | +| jca/KeyEncapsulation.java:220:24:220:46 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:220:24:220:46 | jca/KeyEncapsulation.java:220:24:220:46 | +| jca/KeyEncapsulation.java:232:31:232:53 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:232:31:232:53 | jca/KeyEncapsulation.java:232:31:232:53 | +| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:58:63:58:66 | jca/KeyExchange.java:58:63:58:66 | +| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:58:63:58:66 | jca/KeyExchange.java:58:63:58:66 | +| jca/KeyExchange.java:59:26:59:29 | Constant | Description | 2048 | jca/KeyExchange.java:59:26:59:29 | jca/KeyExchange.java:59:26:59:29 | +| jca/KeyExchange.java:60:16:60:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:60:16:60:38 | jca/KeyExchange.java:60:16:60:38 | +| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:74:63:74:66 | jca/KeyExchange.java:74:63:74:66 | +| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:74:63:74:66 | jca/KeyExchange.java:74:63:74:66 | +| jca/KeyExchange.java:76:26:76:28 | Constant | Description | 512 | jca/KeyExchange.java:76:26:76:28 | jca/KeyExchange.java:76:26:76:28 | +| jca/KeyExchange.java:77:16:77:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:77:16:77:38 | jca/KeyExchange.java:77:16:77:38 | +| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:90:63:90:66 | jca/KeyExchange.java:90:63:90:66 | +| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:90:63:90:66 | jca/KeyExchange.java:90:63:90:66 | +| jca/KeyExchange.java:91:26:91:29 | Constant | Description | 4096 | jca/KeyExchange.java:91:26:91:29 | jca/KeyExchange.java:91:26:91:29 | +| jca/KeyExchange.java:92:16:92:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:92:16:92:38 | jca/KeyExchange.java:92:16:92:38 | +| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:107:52:107:55 | jca/KeyExchange.java:107:52:107:55 | +| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:107:52:107:55 | jca/KeyExchange.java:107:52:107:55 | +| jca/KeyExchange.java:108:17:108:26 | Key | KeyType | Unknown | jca/KeyExchange.java:108:17:108:26 | jca/KeyExchange.java:108:17:108:26 | +| jca/KeyExchange.java:109:20:109:28 | Key | KeyType | Unknown | jca/KeyExchange.java:109:20:109:28 | jca/KeyExchange.java:109:20:109:28 | +| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | +| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | +| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | +| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | RawName | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | +| jca/KeyExchange.java:130:16:130:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:130:16:130:38 | jca/KeyExchange.java:130:16:130:38 | +| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyExchange.java:145:52:145:57 | jca/KeyExchange.java:145:52:145:57 | +| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyExchange.java:145:52:145:57 | jca/KeyExchange.java:145:52:145:57 | +| jca/KeyExchange.java:146:17:146:26 | Key | KeyType | Unknown | jca/KeyExchange.java:146:17:146:26 | jca/KeyExchange.java:146:17:146:26 | +| jca/KeyExchange.java:147:20:147:28 | Key | KeyType | Unknown | jca/KeyExchange.java:147:20:147:28 | jca/KeyExchange.java:147:20:147:28 | +| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:165:61:165:68 | jca/KeyExchange.java:165:61:165:68 | +| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:165:61:165:68 | jca/KeyExchange.java:165:61:165:68 | +| jca/KeyExchange.java:167:24:167:26 | Constant | Description | 255 | jca/KeyExchange.java:167:24:167:26 | jca/KeyExchange.java:167:24:167:26 | +| jca/KeyExchange.java:168:16:168:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:168:16:168:36 | jca/KeyExchange.java:168:16:168:36 | +| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:183:52:183:59 | jca/KeyExchange.java:183:52:183:59 | +| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:183:52:183:59 | jca/KeyExchange.java:183:52:183:59 | +| jca/KeyExchange.java:184:17:184:26 | Key | KeyType | Unknown | jca/KeyExchange.java:184:17:184:26 | jca/KeyExchange.java:184:17:184:26 | +| jca/KeyExchange.java:185:20:185:28 | Key | KeyType | Unknown | jca/KeyExchange.java:185:20:185:28 | jca/KeyExchange.java:185:20:185:28 | +| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:203:61:203:66 | jca/KeyExchange.java:203:61:203:66 | +| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:203:61:203:66 | jca/KeyExchange.java:203:61:203:66 | +| jca/KeyExchange.java:205:24:205:26 | Constant | Description | 448 | jca/KeyExchange.java:205:24:205:26 | jca/KeyExchange.java:205:24:205:26 | +| jca/KeyExchange.java:206:16:206:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:206:16:206:36 | jca/KeyExchange.java:206:16:206:36 | +| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:221:52:221:57 | jca/KeyExchange.java:221:52:221:57 | +| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:221:52:221:57 | jca/KeyExchange.java:221:52:221:57 | +| jca/KeyExchange.java:222:17:222:26 | Key | KeyType | Unknown | jca/KeyExchange.java:222:17:222:26 | jca/KeyExchange.java:222:17:222:26 | +| jca/KeyExchange.java:223:20:223:28 | Key | KeyType | Unknown | jca/KeyExchange.java:223:20:223:28 | jca/KeyExchange.java:223:20:223:28 | +| jca/MACOperation.java:65:36:65:49 | Parameter | Description | message | jca/MACOperation.java:65:36:65:49 | jca/MACOperation.java:65:36:65:49 | +| jca/MACOperation.java:65:52:65:61 | Parameter | Description | key | jca/MACOperation.java:65:52:65:61 | jca/MACOperation.java:65:52:65:61 | +| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:66:35:66:46 | jca/MACOperation.java:66:35:66:46 | +| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:66:35:66:46 | jca/MACOperation.java:66:35:66:46 | +| jca/MACOperation.java:68:18:68:26 | Key | KeyType | Unknown | jca/MACOperation.java:68:18:68:26 | jca/MACOperation.java:68:18:68:26 | +| jca/MACOperation.java:69:16:69:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:69:16:69:46 | jca/MACOperation.java:69:16:69:46 | +| jca/MACOperation.java:76:34:76:47 | Parameter | Description | message | jca/MACOperation.java:76:34:76:47 | jca/MACOperation.java:76:34:76:47 | +| jca/MACOperation.java:76:50:76:59 | Parameter | Description | key | jca/MACOperation.java:76:50:76:59 | jca/MACOperation.java:76:50:76:59 | +| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:77:35:77:48 | jca/MACOperation.java:77:35:77:48 | +| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:77:35:77:48 | jca/MACOperation.java:77:35:77:48 | +| jca/MACOperation.java:79:18:79:26 | Key | KeyType | Unknown | jca/MACOperation.java:79:18:79:26 | jca/MACOperation.java:79:18:79:26 | +| jca/MACOperation.java:80:16:80:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:80:16:80:46 | jca/MACOperation.java:80:16:80:46 | +| jca/MACOperation.java:88:34:88:47 | Parameter | Description | message | jca/MACOperation.java:88:34:88:47 | jca/MACOperation.java:88:34:88:47 | +| jca/MACOperation.java:88:50:88:59 | Parameter | Description | key | jca/MACOperation.java:88:50:88:59 | jca/MACOperation.java:88:50:88:59 | +| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:89:35:89:44 | jca/MACOperation.java:89:35:89:44 | +| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | RawName | Poly1305 | jca/MACOperation.java:89:35:89:44 | jca/MACOperation.java:89:35:89:44 | +| jca/MACOperation.java:91:18:91:26 | Key | KeyType | Unknown | jca/MACOperation.java:91:18:91:26 | jca/MACOperation.java:91:18:91:26 | +| jca/MACOperation.java:92:16:92:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:92:16:92:46 | jca/MACOperation.java:92:16:92:46 | +| jca/MACOperation.java:99:30:99:43 | Parameter | Description | message | jca/MACOperation.java:99:30:99:43 | jca/MACOperation.java:99:30:99:43 | +| jca/MACOperation.java:99:46:99:55 | Parameter | Description | key | jca/MACOperation.java:99:46:99:55 | jca/MACOperation.java:99:46:99:55 | +| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:101:35:101:40 | jca/MACOperation.java:101:35:101:40 | +| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | RawName | GMac | jca/MACOperation.java:101:35:101:40 | jca/MACOperation.java:101:35:101:40 | +| jca/MACOperation.java:105:18:105:26 | Key | KeyType | Unknown | jca/MACOperation.java:105:18:105:26 | jca/MACOperation.java:105:18:105:26 | +| jca/MACOperation.java:106:16:106:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:106:16:106:46 | jca/MACOperation.java:106:16:106:46 | +| jca/MACOperation.java:113:30:113:43 | Parameter | Description | message | jca/MACOperation.java:113:30:113:43 | jca/MACOperation.java:113:30:113:43 | +| jca/MACOperation.java:113:46:113:55 | Parameter | Description | key | jca/MACOperation.java:113:46:113:55 | jca/MACOperation.java:113:46:113:55 | +| jca/MACOperation.java:114:35:114:43 | Constant | Description | "KMAC128" | jca/MACOperation.java:114:35:114:43 | jca/MACOperation.java:114:35:114:43 | +| jca/MACOperation.java:116:18:116:26 | Key | KeyType | Unknown | jca/MACOperation.java:116:18:116:26 | jca/MACOperation.java:116:18:116:26 | +| jca/MACOperation.java:117:16:117:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:117:16:117:46 | jca/MACOperation.java:117:16:117:46 | +| jca/MACOperation.java:124:36:124:49 | Parameter | Description | message | jca/MACOperation.java:124:36:124:49 | jca/MACOperation.java:124:36:124:49 | +| jca/MACOperation.java:124:52:124:61 | Parameter | Description | key | jca/MACOperation.java:124:52:124:61 | jca/MACOperation.java:124:52:124:61 | +| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:125:35:125:44 | jca/MACOperation.java:125:35:125:44 | +| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:125:35:125:44 | jca/MACOperation.java:125:35:125:44 | +| jca/MACOperation.java:127:18:127:26 | Key | KeyType | Unknown | jca/MACOperation.java:127:18:127:26 | jca/MACOperation.java:127:18:127:26 | +| jca/MACOperation.java:128:16:128:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:128:16:128:46 | jca/MACOperation.java:128:16:128:46 | +| jca/MACOperation.java:142:34:142:49 | Parameter | Description | macOutput | jca/MACOperation.java:142:34:142:49 | jca/MACOperation.java:142:34:142:49 | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | +| jca/MACOperation.java:146:42:146:44 | Key | KeyType | Unknown | jca/MACOperation.java:146:42:146:44 | jca/MACOperation.java:146:42:146:44 | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:147:32:147:74 | jca/MACOperation.java:147:32:147:74 | +| jca/MACOperation.java:147:47:147:62 | Constant | Description | "Sensitive Data" | jca/MACOperation.java:147:47:147:62 | jca/MACOperation.java:147:47:147:62 | +| jca/MACOperation.java:159:36:159:51 | Parameter | Description | macOutput | jca/MACOperation.java:159:36:159:51 | jca/MACOperation.java:159:36:159:51 | +| jca/MACOperation.java:174:47:174:62 | Parameter | Description | macOutput | jca/MACOperation.java:174:47:174:62 | jca/MACOperation.java:174:47:174:62 | +| jca/MACOperation.java:178:77:178:81 | Constant | Description | 10000 | jca/MACOperation.java:178:77:178:81 | jca/MACOperation.java:178:77:178:81 | +| jca/MACOperation.java:178:84:178:86 | Constant | Description | 256 | jca/MACOperation.java:178:84:178:86 | jca/MACOperation.java:178:84:178:86 | +| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | +| jca/MACOperation.java:180:30:180:57 | Key | KeyType | Symmetric | jca/MACOperation.java:180:30:180:57 | jca/MACOperation.java:180:30:180:57 | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Iterations | Constant:10000 | jca/MACOperation.java:178:77:178:81 | jca/MACOperation.java:178:77:178:81 | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | KeySize | Constant:256 | jca/MACOperation.java:178:84:178:86 | jca/MACOperation.java:178:84:178:86 | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | +| jca/MACOperation.java:189:42:189:54 | Key | KeyType | Unknown | jca/MACOperation.java:189:42:189:54 | jca/MACOperation.java:189:42:189:54 | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:190:29:190:78 | jca/MACOperation.java:190:29:190:78 | +| jca/MACOperation.java:190:44:190:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:190:44:190:66 | jca/MACOperation.java:190:44:190:66 | +| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:193:35:193:46 | jca/MACOperation.java:193:35:193:46 | +| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:193:35:193:46 | jca/MACOperation.java:193:35:193:46 | +| jca/MACOperation.java:194:18:194:30 | Key | KeyType | Unknown | jca/MACOperation.java:194:18:194:30 | jca/MACOperation.java:194:18:194:30 | +| jca/MACOperation.java:195:30:195:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:195:30:195:52 | jca/MACOperation.java:195:30:195:52 | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | +| jca/MACOperation.java:227:42:227:44 | Key | KeyType | Unknown | jca/MACOperation.java:227:42:227:44 | jca/MACOperation.java:227:42:227:44 | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:228:32:228:51 | jca/MACOperation.java:228:32:228:51 | +| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/MACOperation.java:243:21:243:23 | jca/MACOperation.java:243:21:243:23 | +| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | +| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | RawName | AES | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | +| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | +| jca/MACOperation.java:243:21:243:23 | Constant | Description | 256 | jca/MACOperation.java:243:21:243:23 | jca/MACOperation.java:243:21:243:23 | +| jca/MACOperation.java:244:16:244:35 | Key | KeyType | Symmetric | jca/MACOperation.java:244:16:244:35 | jca/MACOperation.java:244:16:244:35 | +| jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:256:9:256:42 | jca/MACOperation.java:256:9:256:42 | +| jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:256:38:256:41 | jca/MACOperation.java:256:38:256:41 | +| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:25:35:25:46 | jca/Nonce.java:25:35:25:46 | +| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:25:35:25:46 | jca/Nonce.java:25:35:25:46 | +| jca/Nonce.java:26:18:26:20 | Key | KeyType | Unknown | jca/Nonce.java:26:18:26:20 | jca/Nonce.java:26:18:26:20 | +| jca/Nonce.java:28:28:28:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:28:28:28:69 | jca/Nonce.java:28:28:28:69 | +| jca/Nonce.java:28:40:28:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:28:40:28:57 | jca/Nonce.java:28:40:28:57 | +| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:38:35:38:46 | jca/Nonce.java:38:35:38:46 | +| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:38:35:38:46 | jca/Nonce.java:38:35:38:46 | +| jca/Nonce.java:39:18:39:20 | Key | KeyType | Unknown | jca/Nonce.java:39:18:39:20 | jca/Nonce.java:39:18:39:20 | +| jca/Nonce.java:41:28:41:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:41:28:41:67 | jca/Nonce.java:41:28:41:67 | +| jca/Nonce.java:41:40:41:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:41:40:41:55 | jca/Nonce.java:41:40:41:55 | +| jca/Nonce.java:48:39:48:51 | Parameter | Description | key | jca/Nonce.java:48:39:48:51 | jca/Nonce.java:48:39:48:51 | +| jca/Nonce.java:48:54:48:69 | Parameter | Description | plaintext | jca/Nonce.java:48:54:48:69 | jca/Nonce.java:48:54:48:69 | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | +| jca/Nonce.java:52:42:52:44 | Key | KeyType | Unknown | jca/Nonce.java:52:42:52:44 | jca/Nonce.java:52:42:52:44 | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:53:29:53:53 | jca/Nonce.java:53:29:53:53 | +| jca/Nonce.java:59:37:59:49 | Parameter | Description | key | jca/Nonce.java:59:37:59:49 | jca/Nonce.java:59:37:59:49 | +| jca/Nonce.java:59:52:59:67 | Parameter | Description | plaintext | jca/Nonce.java:59:52:59:67 | jca/Nonce.java:59:52:59:67 | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | +| jca/Nonce.java:63:42:63:44 | Key | KeyType | Unknown | jca/Nonce.java:63:42:63:44 | jca/Nonce.java:63:42:63:44 | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:64:29:64:53 | jca/Nonce.java:64:29:64:53 | +| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:71:53:71:64 | jca/Nonce.java:71:53:71:64 | +| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:71:53:71:64 | jca/Nonce.java:71:53:71:64 | +| jca/Nonce.java:79:18:79:20 | Key | KeyType | Unknown | jca/Nonce.java:79:18:79:20 | jca/Nonce.java:79:18:79:20 | +| jca/Nonce.java:81:28:81:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:81:28:81:67 | jca/Nonce.java:81:28:81:67 | +| jca/Nonce.java:81:40:81:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:81:40:81:55 | jca/Nonce.java:81:40:81:55 | +| jca/Nonce.java:93:56:93:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:93:56:93:67 | jca/Nonce.java:93:56:93:67 | +| jca/Nonce.java:94:16:94:35 | Key | KeyType | Symmetric | jca/Nonce.java:94:16:94:35 | jca/Nonce.java:94:16:94:35 | +| jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:99:9:99:43 | jca/Nonce.java:99:9:99:43 | +| jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:99:38:99:42 | jca/Nonce.java:99:38:99:42 | +| jca/Nonce.java:113:16:113:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:113:16:113:33 | jca/Nonce.java:113:16:113:33 | +| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:163:21:163:23 | jca/PrngTest.java:163:21:163:23 | +| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | +| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | RawName | AES | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | +| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | +| jca/PrngTest.java:163:21:163:23 | Constant | Description | 256 | jca/PrngTest.java:163:21:163:23 | jca/PrngTest.java:163:21:163:23 | +| jca/PrngTest.java:164:16:164:35 | Key | KeyType | Symmetric | jca/PrngTest.java:164:16:164:35 | jca/PrngTest.java:164:16:164:35 | +| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | +| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | +| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | +| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | RawName | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | +| jca/SignEncryptCombinations.java:60:16:60:38 | Key | KeyType | Asymmetric | jca/SignEncryptCombinations.java:60:16:60:38 | jca/SignEncryptCombinations.java:60:16:60:38 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | +| jca/SignEncryptCombinations.java:69:28:69:34 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:69:28:69:34 | jca/SignEncryptCombinations.java:69:28:69:34 | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignEncryptCombinations.java:71:16:71:31 | jca/SignEncryptCombinations.java:71:16:71:31 | +| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | +| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | +| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | +| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | +| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | +| jca/SignEncryptCombinations.java:76:30:76:35 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:76:30:76:35 | jca/SignEncryptCombinations.java:76:30:76:35 | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignEncryptCombinations.java:78:16:78:47 | jca/SignEncryptCombinations.java:78:16:78:47 | +| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SignEncryptCombinations.java:90:17:90:19 | jca/SignEncryptCombinations.java:90:17:90:19 | +| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | +| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | RawName | AES | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | +| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | +| jca/SignEncryptCombinations.java:90:17:90:19 | Constant | Description | 256 | jca/SignEncryptCombinations.java:90:17:90:19 | jca/SignEncryptCombinations.java:90:17:90:19 | +| jca/SignEncryptCombinations.java:91:16:91:31 | Key | KeyType | Symmetric | jca/SignEncryptCombinations.java:91:16:91:31 | jca/SignEncryptCombinations.java:91:16:91:31 | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | +| jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:101:9:101:28 | jca/SignEncryptCombinations.java:101:9:101:28 | +| jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:101:26:101:27 | jca/SignEncryptCombinations.java:101:26:101:27 | +| jca/SignEncryptCombinations.java:103:42:103:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:103:42:103:44 | jca/SignEncryptCombinations.java:103:42:103:44 | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:104:29:104:53 | jca/SignEncryptCombinations.java:104:29:104:53 | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | +| jca/SignEncryptCombinations.java:119:42:119:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:119:42:119:44 | jca/SignEncryptCombinations.java:119:42:119:44 | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:120:16:120:41 | jca/SignEncryptCombinations.java:120:16:120:41 | +| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:128:35:128:46 | jca/SignEncryptCombinations.java:128:35:128:46 | +| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:128:35:128:46 | jca/SignEncryptCombinations.java:128:35:128:46 | +| jca/SignEncryptCombinations.java:129:18:129:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:129:18:129:20 | jca/SignEncryptCombinations.java:129:18:129:20 | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:130:16:130:32 | jca/SignEncryptCombinations.java:130:16:130:32 | +| jca/SignEncryptCombinations.java:345:26:345:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:345:26:345:47 | jca/SignEncryptCombinations.java:345:26:345:47 | +| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/SignatureOperation.java:60:24:60:27 | jca/SignatureOperation.java:60:24:60:27 | +| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:59:61:59:65 | jca/SignatureOperation.java:59:61:59:65 | +| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:59:61:59:65 | jca/SignatureOperation.java:59:61:59:65 | +| jca/SignatureOperation.java:60:24:60:27 | Constant | Description | 2048 | jca/SignatureOperation.java:60:24:60:27 | jca/SignatureOperation.java:60:24:60:27 | +| jca/SignatureOperation.java:61:16:61:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:61:16:61:36 | jca/SignatureOperation.java:61:16:61:36 | +| jca/SignatureOperation.java:71:53:71:74 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:72:28:72:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:72:28:72:37 | jca/SignatureOperation.java:72:28:72:37 | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:74:16:74:31 | jca/SignatureOperation.java:74:16:74:31 | +| jca/SignatureOperation.java:84:53:84:74 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:85:30:85:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:85:30:85:38 | jca/SignatureOperation.java:85:30:85:38 | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:87:16:87:41 | jca/SignatureOperation.java:87:16:87:41 | +| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | +| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | +| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | +| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | RawName | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | +| jca/SignatureOperation.java:103:16:103:38 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:103:16:103:38 | jca/SignatureOperation.java:103:16:103:38 | +| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | +| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | +| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | +| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | +| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | +| jca/SignatureOperation.java:114:28:114:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:114:28:114:37 | jca/SignatureOperation.java:114:28:114:37 | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:116:16:116:31 | jca/SignatureOperation.java:116:16:116:31 | +| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | +| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | +| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | +| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | +| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | +| jca/SignatureOperation.java:127:30:127:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:127:30:127:38 | jca/SignatureOperation.java:127:30:127:38 | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:129:16:129:41 | jca/SignatureOperation.java:129:16:129:41 | +| jca/SignatureOperation.java:143:61:143:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:143:61:143:69 | jca/SignatureOperation.java:143:61:143:69 | +| jca/SignatureOperation.java:144:16:144:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:144:16:144:36 | jca/SignatureOperation.java:144:16:144:36 | +| jca/SignatureOperation.java:154:53:154:61 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | +| jca/SignatureOperation.java:155:28:155:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:155:28:155:37 | jca/SignatureOperation.java:155:28:155:37 | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:157:16:157:31 | jca/SignatureOperation.java:157:16:157:31 | +| jca/SignatureOperation.java:167:53:167:61 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | +| jca/SignatureOperation.java:168:30:168:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:168:30:168:38 | jca/SignatureOperation.java:168:30:168:38 | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:170:16:170:41 | jca/SignatureOperation.java:170:16:170:41 | +| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/SignatureOperation.java:187:24:187:27 | jca/SignatureOperation.java:187:24:187:27 | +| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:186:61:186:65 | jca/SignatureOperation.java:186:61:186:65 | +| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:186:61:186:65 | jca/SignatureOperation.java:186:61:186:65 | +| jca/SignatureOperation.java:187:24:187:27 | Constant | Description | 1024 | jca/SignatureOperation.java:187:24:187:27 | jca/SignatureOperation.java:187:24:187:27 | +| jca/SignatureOperation.java:188:16:188:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:188:16:188:36 | jca/SignatureOperation.java:188:16:188:36 | +| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | +| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | +| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | +| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | +| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | +| jca/SignatureOperation.java:200:28:200:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:200:28:200:37 | jca/SignatureOperation.java:200:28:200:37 | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:202:16:202:31 | jca/SignatureOperation.java:202:16:202:31 | +| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | +| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | +| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | +| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | +| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | +| jca/SignatureOperation.java:214:30:214:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:214:30:214:38 | jca/SignatureOperation.java:214:30:214:38 | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:216:16:216:41 | jca/SignatureOperation.java:216:16:216:41 | +| jca/SignatureOperation.java:246:27:246:35 | Constant | Description | "\u3053\u3093\u306b\u3061\u306f\u4e16\u754c" | jca/SignatureOperation.java:246:27:246:35 | jca/SignatureOperation.java:246:27:246:35 | +| jca/SignatureOperation.java:263:26:263:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:263:26:263:44 | jca/SignatureOperation.java:263:26:263:44 | +| jca/SignatureOperation.java:268:27:268:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:268:27:268:30 | jca/SignatureOperation.java:268:27:268:30 | +| jca/SignatureOperation.java:299:47:299:68 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | +| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | +| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | +| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | +| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | +| jca/SignatureOperation.java:305:47:305:55 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | +| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | +| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | +| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | +| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | +| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | +| jca/SignatureOperation.java:312:47:312:68 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:315:26:315:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:315:26:315:49 | jca/SignatureOperation.java:315:26:315:49 | +| jca/SignatureOperation.java:316:28:316:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:316:28:316:42 | jca/SignatureOperation.java:316:28:316:42 | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:318:27:318:42 | jca/SignatureOperation.java:318:27:318:42 | +| jca/SignatureOperation.java:320:30:320:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:320:30:320:43 | jca/SignatureOperation.java:320:30:320:43 | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:322:28:322:53 | jca/SignatureOperation.java:322:28:322:53 | +| jca/SignatureOperation.java:344:26:344:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:344:26:344:49 | jca/SignatureOperation.java:344:26:344:49 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | +| jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:62:9:62:40 | jca/SymmetricAlgorithm.java:62:9:62:40 | +| jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:62:38:62:39 | jca/SymmetricAlgorithm.java:62:38:62:39 | +| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:64:42:64:44 | jca/SymmetricAlgorithm.java:64:42:64:44 | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:65:29:65:53 | jca/SymmetricAlgorithm.java:65:29:65:53 | +| jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | Description | key | jca/SymmetricAlgorithm.java:82:39:82:51 | jca/SymmetricAlgorithm.java:82:39:82:51 | +| jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:82:54:82:69 | jca/SymmetricAlgorithm.java:82:54:82:69 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | +| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:86:42:86:44 | jca/SymmetricAlgorithm.java:86:42:86:44 | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:87:29:87:53 | jca/SymmetricAlgorithm.java:87:29:87:53 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | +| jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:106:9:106:40 | jca/SymmetricAlgorithm.java:106:9:106:40 | +| jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:106:38:106:39 | jca/SymmetricAlgorithm.java:106:38:106:39 | +| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:108:42:108:44 | jca/SymmetricAlgorithm.java:108:42:108:44 | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:109:29:109:53 | jca/SymmetricAlgorithm.java:109:29:109:53 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | RawName | AES/ECB/PKCS5Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | Name | ECB | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | RawName | ECB | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | +| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:127:42:127:44 | jca/SymmetricAlgorithm.java:127:42:127:44 | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:128:16:128:40 | jca/SymmetricAlgorithm.java:128:16:128:40 | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Name | RC4 | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | RawName | RC4 | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | +| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:144:42:144:44 | jca/SymmetricAlgorithm.java:144:42:144:44 | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:145:16:145:40 | jca/SymmetricAlgorithm.java:145:16:145:40 | +| jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | Description | key | jca/SymmetricAlgorithm.java:157:36:157:48 | jca/SymmetricAlgorithm.java:157:36:157:48 | +| jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:157:51:157:66 | jca/SymmetricAlgorithm.java:157:51:157:66 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | RawName | DES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | +| jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:160:9:160:40 | jca/SymmetricAlgorithm.java:160:9:160:40 | +| jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:160:38:160:39 | jca/SymmetricAlgorithm.java:160:38:160:39 | +| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:162:42:162:44 | jca/SymmetricAlgorithm.java:162:42:162:44 | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:163:29:163:53 | jca/SymmetricAlgorithm.java:163:29:163:53 | +| jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:179:42:179:54 | jca/SymmetricAlgorithm.java:179:42:179:54 | +| jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:179:57:179:72 | jca/SymmetricAlgorithm.java:179:57:179:72 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | +| jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:182:9:182:40 | jca/SymmetricAlgorithm.java:182:9:182:40 | +| jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:182:38:182:39 | jca/SymmetricAlgorithm.java:182:38:182:39 | +| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:184:42:184:44 | jca/SymmetricAlgorithm.java:184:42:184:44 | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:185:29:185:53 | jca/SymmetricAlgorithm.java:185:29:185:53 | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | KeySize | 256 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | +| jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:204:9:204:43 | jca/SymmetricAlgorithm.java:204:9:204:43 | +| jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:204:38:204:42 | jca/SymmetricAlgorithm.java:204:38:204:42 | +| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:206:42:206:44 | jca/SymmetricAlgorithm.java:206:42:206:44 | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:207:29:207:53 | jca/SymmetricAlgorithm.java:207:29:207:53 | +| jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | Description | key | jca/SymmetricAlgorithm.java:224:35:224:47 | jca/SymmetricAlgorithm.java:224:35:224:47 | +| jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:224:50:224:65 | jca/SymmetricAlgorithm.java:224:50:224:65 | +| jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | Description | "KMAC128" | jca/SymmetricAlgorithm.java:225:36:225:44 | jca/SymmetricAlgorithm.java:225:36:225:44 | +| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:226:19:226:21 | jca/SymmetricAlgorithm.java:226:19:226:21 | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:227:29:227:51 | jca/SymmetricAlgorithm.java:227:29:227:51 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | +| jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:232:9:232:40 | jca/SymmetricAlgorithm.java:232:9:232:40 | +| jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:232:38:232:39 | jca/SymmetricAlgorithm.java:232:38:232:39 | +| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:234:42:234:51 | jca/SymmetricAlgorithm.java:234:42:234:51 | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:235:29:235:53 | jca/SymmetricAlgorithm.java:235:29:235:53 | +| jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | Description | key | jca/SymmetricAlgorithm.java:258:64:258:76 | jca/SymmetricAlgorithm.java:258:64:258:76 | +| jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:258:79:258:94 | jca/SymmetricAlgorithm.java:258:79:258:94 | +| jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | Description | key | jca/SymmetricAlgorithm.java:299:58:299:70 | jca/SymmetricAlgorithm.java:299:58:299:70 | +| jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:299:73:299:88 | jca/SymmetricAlgorithm.java:299:73:299:88 | +| jca/SymmetricAlgorithm.java:302:75:302:79 | Constant | Description | 10000 | jca/SymmetricAlgorithm.java:302:75:302:79 | jca/SymmetricAlgorithm.java:302:75:302:79 | +| jca/SymmetricAlgorithm.java:302:82:302:84 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:302:82:302:84 | jca/SymmetricAlgorithm.java:302:82:302:84 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | +| jca/SymmetricAlgorithm.java:304:26:304:53 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:304:26:304:53 | jca/SymmetricAlgorithm.java:304:26:304:53 | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Iterations | Constant:10000 | jca/SymmetricAlgorithm.java:302:75:302:79 | jca/SymmetricAlgorithm.java:302:75:302:79 | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:302:82:302:84 | jca/SymmetricAlgorithm.java:302:82:302:84 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | +| jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:312:9:312:40 | jca/SymmetricAlgorithm.java:312:9:312:40 | +| jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:312:38:312:39 | jca/SymmetricAlgorithm.java:312:38:312:39 | +| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:313:42:313:47 | jca/SymmetricAlgorithm.java:313:42:313:47 | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:314:29:314:53 | jca/SymmetricAlgorithm.java:314:29:314:53 | +| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:316:35:316:46 | jca/SymmetricAlgorithm.java:316:35:316:46 | +| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:316:35:316:46 | jca/SymmetricAlgorithm.java:316:35:316:46 | +| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:317:18:317:30 | jca/SymmetricAlgorithm.java:317:18:317:30 | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:318:30:318:52 | jca/SymmetricAlgorithm.java:318:30:318:52 | +| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:348:17:348:19 | jca/SymmetricAlgorithm.java:348:17:348:19 | +| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | +| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | +| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | +| jca/SymmetricAlgorithm.java:348:17:348:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:348:17:348:19 | jca/SymmetricAlgorithm.java:348:17:348:19 | +| jca/SymmetricAlgorithm.java:349:16:349:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:349:16:349:31 | jca/SymmetricAlgorithm.java:349:16:349:31 | +| jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:361:9:361:42 | jca/SymmetricAlgorithm.java:361:9:361:42 | +| jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:361:38:361:41 | jca/SymmetricAlgorithm.java:361:38:361:41 | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:61:17:61:19 | jca/SymmetricModesTest.java:61:17:61:19 | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:57:17:57:19 | jca/SymmetricModesTest.java:57:17:57:19 | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | +| jca/SymmetricModesTest.java:57:17:57:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:57:17:57:19 | jca/SymmetricModesTest.java:57:17:57:19 | +| jca/SymmetricModesTest.java:58:33:58:48 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:58:33:58:48 | jca/SymmetricModesTest.java:58:33:58:48 | +| jca/SymmetricModesTest.java:61:17:61:19 | Constant | Description | 128 | jca/SymmetricModesTest.java:61:17:61:19 | jca/SymmetricModesTest.java:61:17:61:19 | +| jca/SymmetricModesTest.java:62:31:62:46 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:62:31:62:46 | jca/SymmetricModesTest.java:62:31:62:46 | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | RawName | AES/KWP/NoPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | RawName | KWP | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | +| jca/SymmetricModesTest.java:66:39:66:49 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:66:39:66:49 | jca/SymmetricModesTest.java:66:39:66:49 | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/SymmetricModesTest.java:67:29:67:50 | jca/SymmetricModesTest.java:67:29:67:50 | +| jca/SymmetricModesTest.java:88:43:88:55 | Parameter | Description | key | jca/SymmetricModesTest.java:88:43:88:55 | jca/SymmetricModesTest.java:88:43:88:55 | +| jca/SymmetricModesTest.java:88:58:88:73 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:88:58:88:73 | jca/SymmetricModesTest.java:88:58:88:73 | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | +| jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:91:9:91:40 | jca/SymmetricModesTest.java:91:9:91:40 | +| jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:91:38:91:39 | jca/SymmetricModesTest.java:91:38:91:39 | +| jca/SymmetricModesTest.java:93:42:93:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:93:42:93:44 | jca/SymmetricModesTest.java:93:42:93:44 | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:94:29:94:53 | jca/SymmetricModesTest.java:94:29:94:53 | +| jca/SymmetricModesTest.java:116:45:116:57 | Parameter | Description | key | jca/SymmetricModesTest.java:116:45:116:57 | jca/SymmetricModesTest.java:116:45:116:57 | +| jca/SymmetricModesTest.java:116:60:116:75 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:116:60:116:75 | jca/SymmetricModesTest.java:116:60:116:75 | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | +| jca/SymmetricModesTest.java:121:42:121:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:121:42:121:44 | jca/SymmetricModesTest.java:121:42:121:44 | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:122:29:122:53 | jca/SymmetricModesTest.java:122:29:122:53 | +| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:141:17:141:19 | jca/SymmetricModesTest.java:141:17:141:19 | +| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | +| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | +| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | +| jca/SymmetricModesTest.java:141:17:141:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:141:17:141:19 | jca/SymmetricModesTest.java:141:17:141:19 | +| jca/SymmetricModesTest.java:142:16:142:31 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:142:16:142:31 | jca/SymmetricModesTest.java:142:16:142:31 | +| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | +| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | +| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | +| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | +| jca/UniversalFlowTest.java:25:17:25:19 | Constant | Description | 256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | +| jca/UniversalFlowTest.java:26:21:26:40 | Key | KeyType | Symmetric | jca/UniversalFlowTest.java:26:21:26:40 | jca/UniversalFlowTest.java:26:21:26:40 | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | Name | GCM | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | +| jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:30:5:30:36 | jca/UniversalFlowTest.java:30:5:30:36 | +| jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:30:34:30:35 | jca/UniversalFlowTest.java:30:34:30:35 | +| jca/UniversalFlowTest.java:32:38:32:40 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:32:38:32:40 | jca/UniversalFlowTest.java:32:38:32:40 | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:33:28:33:70 | jca/UniversalFlowTest.java:33:28:33:70 | +| jca/UniversalFlowTest.java:33:43:33:58 | Constant | Description | "Sensitive Data" | jca/UniversalFlowTest.java:33:43:33:58 | jca/UniversalFlowTest.java:33:43:33:58 | +| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | +| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | +| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | +| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.ql b/java/ql/test/experimental/library-tests/quantum/node_properties.ql new file mode 100644 index 000000000000..79514611e679 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.ql @@ -0,0 +1,6 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n, string key, string value, Location location +where n.properties(key, value, location) +select n, key, value, location diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected new file mode 100644 index 000000000000..e38aa8790730 --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -0,0 +1,1512 @@ +| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:68:17:68:19 | Constant | +| jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | +| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:71:17:71:19 | Constant | +| jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | +| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | +| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:94:17:94:19 | Constant | +| jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | +| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | +| jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | +| jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | +| jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | +| jca/AesWrapAndPBEWith.java:118:72:118:75 | Constant | +| jca/AesWrapAndPBEWith.java:118:78:118:79 | Constant | +| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | +| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | +| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | +| jca/AesWrapAndPBEWith.java:134:72:134:76 | Constant | +| jca/AesWrapAndPBEWith.java:134:79:134:81 | Constant | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | +| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | +| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | +| jca/AesWrapAndPBEWith.java:152:72:152:76 | Constant | +| jca/AesWrapAndPBEWith.java:152:79:152:81 | Constant | +| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | +| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | +| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:162:29:162:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | +| jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | +| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | +| jca/AesWrapAndPBEWith.java:180:72:180:76 | Constant | +| jca/AesWrapAndPBEWith.java:180:79:180:81 | Constant | +| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | +| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | +| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:190:29:190:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | +| jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | +| jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | +| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | +| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | +| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:29:29:29:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:29:44:29:52 | Message | +| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | +| jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | +| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:40:16:40:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:40:31:40:40 | Message | +| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | +| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | +| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:49:29:49:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:49:44:49:52 | Message | +| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | +| jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | +| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:59:16:59:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:59:31:59:40 | Message | +| jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | +| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:85:21:85:23 | Constant | +| jca/ChainedEncryptionTest.java:86:30:86:49 | Key | +| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | +| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:89:24:89:26 | Constant | +| jca/ChainedEncryptionTest.java:90:30:90:52 | Key | +| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | +| jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | +| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | +| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | +| jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:98:52:98:61 | Message | +| jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | +| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | +| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | +| jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:55:105:69 | Message | +| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | +| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | +| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:61:110:75 | Message | +| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | +| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | +| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:115:37:115:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:115:52:115:75 | Message | +| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:123:21:123:23 | Constant | +| jca/ChainedEncryptionTest.java:124:28:124:47 | Key | +| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | +| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:128:24:128:26 | Constant | +| jca/ChainedEncryptionTest.java:129:31:129:53 | Key | +| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | +| jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | +| jca/Digest.java:55:58:55:66 | HashAlgorithm | +| jca/Digest.java:56:23:56:66 | Digest | +| jca/Digest.java:56:23:56:66 | HashOperation | +| jca/Digest.java:56:37:56:54 | Constant | +| jca/Digest.java:56:37:56:65 | Message | +| jca/Digest.java:65:61:65:65 | HashAlgorithm | +| jca/Digest.java:66:23:66:70 | Digest | +| jca/Digest.java:66:23:66:70 | HashOperation | +| jca/Digest.java:66:40:66:58 | Constant | +| jca/Digest.java:66:40:66:69 | Message | +| jca/Digest.java:74:49:74:63 | Parameter | +| jca/Digest.java:75:64:75:72 | HashAlgorithm | +| jca/Digest.java:76:23:76:62 | Digest | +| jca/Digest.java:76:23:76:62 | HashOperation | +| jca/Digest.java:76:43:76:61 | Message | +| jca/Digest.java:84:37:84:51 | Parameter | +| jca/Digest.java:86:58:86:66 | HashAlgorithm | +| jca/Digest.java:87:23:87:26 | Message | +| jca/Digest.java:88:23:88:56 | Digest | +| jca/Digest.java:88:23:88:56 | HashOperation | +| jca/Digest.java:88:37:88:55 | Message | +| jca/Digest.java:96:37:96:51 | Parameter | +| jca/Digest.java:98:42:98:63 | Message | +| jca/Digest.java:98:66:98:69 | Salt | +| jca/Digest.java:98:72:98:76 | Constant | +| jca/Digest.java:98:79:98:81 | Constant | +| jca/Digest.java:99:65:99:86 | HMACAlgorithm | +| jca/Digest.java:99:65:99:86 | HashAlgorithm | +| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | +| jca/Digest.java:100:23:100:50 | Key | +| jca/Digest.java:100:23:100:50 | KeyDerivation | +| jca/Digest.java:108:40:108:51 | Parameter | +| jca/Digest.java:109:62:109:68 | HashAlgorithm | +| jca/Digest.java:110:23:110:57 | Digest | +| jca/Digest.java:110:23:110:57 | HashOperation | +| jca/Digest.java:110:41:110:56 | Message | +| jca/Digest.java:118:35:118:46 | Parameter | +| jca/Digest.java:118:49:118:58 | Parameter | +| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | +| jca/Digest.java:121:19:121:27 | Key | +| jca/Digest.java:122:23:122:52 | KeyOperationOutput | +| jca/Digest.java:122:23:122:52 | MACOperation | +| jca/Digest.java:122:36:122:51 | Message | +| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | +| jca/Digest.java:141:44:141:62 | ModeOfOperation | +| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | +| jca/Digest.java:142:42:142:44 | Key | +| jca/Digest.java:143:32:143:74 | EncryptOperation | +| jca/Digest.java:143:32:143:74 | KeyOperationOutput | +| jca/Digest.java:143:47:143:62 | Constant | +| jca/Digest.java:143:47:143:73 | Message | +| jca/Digest.java:156:39:156:51 | Parameter | +| jca/Digest.java:172:50:172:62 | Parameter | +| jca/Digest.java:177:42:177:71 | Message | +| jca/Digest.java:177:74:177:77 | Salt | +| jca/Digest.java:177:80:177:84 | Constant | +| jca/Digest.java:177:87:177:89 | Constant | +| jca/Digest.java:178:65:178:86 | HMACAlgorithm | +| jca/Digest.java:178:65:178:86 | HashAlgorithm | +| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | +| jca/Digest.java:179:30:179:57 | Key | +| jca/Digest.java:179:30:179:57 | KeyDerivation | +| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | +| jca/Digest.java:187:44:187:62 | ModeOfOperation | +| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | +| jca/Digest.java:188:42:188:54 | Key | +| jca/Digest.java:189:29:189:78 | EncryptOperation | +| jca/Digest.java:189:29:189:78 | KeyOperationOutput | +| jca/Digest.java:189:44:189:66 | Constant | +| jca/Digest.java:189:44:189:77 | Message | +| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | +| jca/Digest.java:193:18:193:23 | Key | +| jca/Digest.java:194:30:194:52 | KeyOperationOutput | +| jca/Digest.java:194:30:194:52 | MACOperation | +| jca/Digest.java:194:42:194:51 | Message | +| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | +| jca/Digest.java:211:44:211:62 | ModeOfOperation | +| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | +| jca/Digest.java:213:42:213:44 | Key | +| jca/Digest.java:214:32:214:51 | EncryptOperation | +| jca/Digest.java:214:32:214:51 | KeyOperationOutput | +| jca/Digest.java:214:47:214:50 | Message | +| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | +| jca/Digest.java:241:21:241:23 | Constant | +| jca/Digest.java:242:16:242:35 | Key | +| jca/Digest.java:242:16:242:35 | KeyGeneration | +| jca/Digest.java:254:9:254:42 | RandomNumberGeneration | +| jca/Digest.java:254:38:254:41 | RandomNumberGeneration | +| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | +| jca/EllipticCurve1.java:48:16:48:36 | Key | +| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | +| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | +| jca/EllipticCurve1.java:58:16:58:36 | Key | +| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | +| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | +| jca/EllipticCurve1.java:68:16:68:36 | Key | +| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | +| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:77:16:77:36 | Key | +| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | +| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:85:16:85:36 | Key | +| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | +| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | +| jca/EllipticCurve1.java:96:16:96:36 | Key | +| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | +| jca/EllipticCurve1.java:106:66:106:76 | Constant | +| jca/EllipticCurve1.java:107:16:107:36 | Key | +| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | +| jca/EllipticCurve1.java:115:61:115:69 | Constant | +| jca/EllipticCurve1.java:116:16:116:36 | Key | +| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | +| jca/EllipticCurve2.java:56:16:56:36 | Key | +| jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | +| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | Key | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | +| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | +| jca/EllipticCurve2.java:74:16:74:36 | Key | +| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | +| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:82:16:82:36 | Key | +| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | +| jca/EllipticCurve2.java:89:61:89:69 | Constant | +| jca/EllipticCurve2.java:90:16:90:36 | Key | +| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | +| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:116:17:116:36 | Key | +| jca/EllipticCurve2.java:117:20:117:36 | Key | +| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | +| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:130:17:130:37 | Key | +| jca/EllipticCurve2.java:131:20:131:39 | Key | +| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | +| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | +| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:149:28:149:42 | Key | +| jca/EllipticCurve2.java:150:26:150:32 | Message | +| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | +| jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | +| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | +| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:164:30:164:43 | Key | +| jca/EllipticCurve2.java:165:26:165:32 | Message | +| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | +| jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | +| jca/EllipticCurve2.java:178:53:178:61 | Constant | +| jca/EllipticCurve2.java:179:28:179:42 | Key | +| jca/EllipticCurve2.java:180:26:180:32 | Message | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | +| jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | +| jca/EllipticCurve2.java:193:53:193:61 | Constant | +| jca/EllipticCurve2.java:194:30:194:43 | Key | +| jca/EllipticCurve2.java:195:26:195:32 | Message | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | +| jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | +| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:222:17:222:37 | Key | +| jca/EllipticCurve2.java:223:20:223:41 | Key | +| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | +| jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | +| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | +| jca/EllipticCurve2.java:229:29:229:55 | Digest | +| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | +| jca/EllipticCurve2.java:229:43:229:54 | Message | +| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | +| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:238:42:238:47 | Key | +| jca/EllipticCurve2.java:238:50:238:53 | Nonce | +| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | +| jca/EllipticCurve2.java:239:29:239:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:239:44:239:52 | Message | +| jca/EllipticCurve2.java:261:30:261:53 | Constant | +| jca/EllipticCurve2.java:274:62:274:83 | Constant | +| jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:61:21:61:23 | Constant | +| jca/Encryption1.java:62:25:62:44 | Key | +| jca/Encryption1.java:62:25:62:44 | KeyGeneration | +| jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:63:44:63:62 | ModeOfOperation | +| jca/Encryption1.java:63:44:63:62 | PaddingAlgorithm | +| jca/Encryption1.java:65:9:65:40 | RandomNumberGeneration | +| jca/Encryption1.java:65:38:65:39 | RandomNumberGeneration | +| jca/Encryption1.java:67:42:67:44 | Key | +| jca/Encryption1.java:67:47:67:53 | Nonce | +| jca/Encryption1.java:68:32:68:74 | EncryptOperation | +| jca/Encryption1.java:68:32:68:74 | KeyOperationOutput | +| jca/Encryption1.java:68:47:68:62 | Constant | +| jca/Encryption1.java:68:47:68:73 | Message | +| jca/Encryption1.java:83:56:83:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:84:21:84:23 | Constant | +| jca/Encryption1.java:85:25:85:44 | Key | +| jca/Encryption1.java:85:25:85:44 | KeyGeneration | +| jca/Encryption1.java:88:44:88:62 | KeyOperationAlgorithm | +| jca/Encryption1.java:88:44:88:62 | ModeOfOperation | +| jca/Encryption1.java:88:44:88:62 | PaddingAlgorithm | +| jca/Encryption1.java:89:42:89:44 | Key | +| jca/Encryption1.java:90:32:90:74 | EncryptOperation | +| jca/Encryption1.java:90:32:90:74 | KeyOperationOutput | +| jca/Encryption1.java:90:47:90:62 | Constant | +| jca/Encryption1.java:90:47:90:73 | Message | +| jca/Encryption1.java:104:35:104:53 | Parameter | +| jca/Encryption1.java:104:56:104:66 | Parameter | +| jca/Encryption1.java:105:44:105:82 | HashAlgorithm | +| jca/Encryption1.java:105:44:105:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:105:44:105:82 | ModeOfOperation | +| jca/Encryption1.java:105:44:105:82 | PaddingAlgorithm | +| jca/Encryption1.java:106:42:106:50 | Key | +| jca/Encryption1.java:107:32:107:62 | EncryptOperation | +| jca/Encryption1.java:107:32:107:62 | KeyOperationOutput | +| jca/Encryption1.java:107:47:107:61 | Message | +| jca/Encryption1.java:119:35:119:55 | Parameter | +| jca/Encryption1.java:119:58:119:77 | Parameter | +| jca/Encryption1.java:120:44:120:82 | HashAlgorithm | +| jca/Encryption1.java:120:44:120:82 | KeyOperationAlgorithm | +| jca/Encryption1.java:120:44:120:82 | ModeOfOperation | +| jca/Encryption1.java:120:44:120:82 | PaddingAlgorithm | +| jca/Encryption1.java:121:42:121:51 | Key | +| jca/Encryption1.java:122:32:122:60 | DecryptOperation | +| jca/Encryption1.java:122:32:122:60 | KeyOperationOutput | +| jca/Encryption1.java:122:47:122:59 | Message | +| jca/Encryption1.java:136:34:136:55 | Parameter | +| jca/Encryption1.java:137:56:137:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:138:21:138:23 | Constant | +| jca/Encryption1.java:139:28:139:47 | Key | +| jca/Encryption1.java:139:28:139:47 | KeyGeneration | +| jca/Encryption1.java:141:47:141:85 | HashAlgorithm | +| jca/Encryption1.java:141:47:141:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:141:47:141:85 | ModeOfOperation | +| jca/Encryption1.java:141:47:141:85 | PaddingAlgorithm | +| jca/Encryption1.java:142:45:142:56 | Key | +| jca/Encryption1.java:143:34:143:71 | EncryptOperation | +| jca/Encryption1.java:143:34:143:71 | KeyOperationOutput | +| jca/Encryption1.java:143:52:143:70 | Message | +| jca/Encryption1.java:159:34:159:55 | Parameter | +| jca/Encryption1.java:159:58:159:68 | Parameter | +| jca/Encryption1.java:161:56:161:60 | KeyOperationAlgorithm | +| jca/Encryption1.java:162:21:162:23 | Constant | +| jca/Encryption1.java:163:28:163:47 | Key | +| jca/Encryption1.java:163:28:163:47 | KeyGeneration | +| jca/Encryption1.java:166:47:166:85 | HashAlgorithm | +| jca/Encryption1.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/Encryption1.java:166:47:166:85 | ModeOfOperation | +| jca/Encryption1.java:166:47:166:85 | PaddingAlgorithm | +| jca/Encryption1.java:167:45:167:56 | Key | +| jca/Encryption1.java:168:34:168:71 | EncryptOperation | +| jca/Encryption1.java:168:34:168:71 | KeyOperationOutput | +| jca/Encryption1.java:168:52:168:70 | Message | +| jca/Encryption1.java:171:47:171:65 | KeyOperationAlgorithm | +| jca/Encryption1.java:171:47:171:65 | ModeOfOperation | +| jca/Encryption1.java:171:47:171:65 | PaddingAlgorithm | +| jca/Encryption1.java:173:9:173:40 | RandomNumberGeneration | +| jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | +| jca/Encryption1.java:175:45:175:50 | Key | +| jca/Encryption1.java:175:53:175:59 | Nonce | +| jca/Encryption1.java:176:32:176:65 | EncryptOperation | +| jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | +| jca/Encryption1.java:176:50:176:64 | Message | +| jca/Encryption2.java:63:60:63:70 | EllipticCurve | +| jca/Encryption2.java:64:16:64:49 | Key | +| jca/Encryption2.java:64:16:64:49 | KeyGeneration | +| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:81:27:81:36 | Key | +| jca/Encryption2.java:82:30:82:38 | Key | +| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | +| jca/Encryption2.java:83:16:83:44 | SharedSecret | +| jca/Encryption2.java:103:38:103:65 | Parameter | +| jca/Encryption2.java:103:68:103:78 | Parameter | +| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | +| jca/Encryption2.java:113:30:113:56 | Digest | +| jca/Encryption2.java:113:30:113:56 | HashOperation | +| jca/Encryption2.java:113:44:113:55 | Message | +| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | +| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | +| jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | +| jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | +| jca/Encryption2.java:122:45:122:50 | Key | +| jca/Encryption2.java:122:53:122:59 | Nonce | +| jca/Encryption2.java:123:32:123:65 | EncryptOperation | +| jca/Encryption2.java:123:32:123:65 | KeyOperationOutput | +| jca/Encryption2.java:123:50:123:64 | Message | +| jca/Encryption2.java:149:45:149:65 | Parameter | +| jca/Encryption2.java:149:68:149:88 | Parameter | +| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | +| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | +| jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | +| jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | +| jca/Encryption2.java:166:45:166:50 | Key | +| jca/Encryption2.java:166:53:166:59 | Nonce | +| jca/Encryption2.java:167:32:167:98 | EncryptOperation | +| jca/Encryption2.java:167:32:167:98 | KeyOperationOutput | +| jca/Encryption2.java:167:50:167:86 | Constant | +| jca/Encryption2.java:167:50:167:97 | Message | +| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:194:19:194:27 | Key | +| jca/Encryption2.java:195:31:195:52 | KeyOperationOutput | +| jca/Encryption2.java:195:31:195:52 | MACOperation | +| jca/Encryption2.java:195:44:195:51 | Message | +| jca/Hash.java:87:58:87:66 | HashAlgorithm | +| jca/Hash.java:88:23:88:66 | Digest | +| jca/Hash.java:88:23:88:66 | HashOperation | +| jca/Hash.java:88:37:88:54 | Constant | +| jca/Hash.java:88:37:88:65 | Message | +| jca/Hash.java:101:61:101:65 | HashAlgorithm | +| jca/Hash.java:102:23:102:70 | Digest | +| jca/Hash.java:102:23:102:70 | HashOperation | +| jca/Hash.java:102:40:102:58 | Constant | +| jca/Hash.java:102:40:102:69 | Message | +| jca/Hash.java:150:29:150:40 | Parameter | +| jca/Hash.java:150:43:150:63 | Parameter | +| jca/Hash.java:151:53:151:67 | HashAlgorithm | +| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | +| jca/Hash.java:152:28:152:37 | Key | +| jca/Hash.java:153:26:153:41 | Message | +| jca/Hash.java:154:29:154:44 | SignOperation | +| jca/Hash.java:154:29:154:44 | SignatureOutput | +| jca/Hash.java:172:40:172:51 | Parameter | +| jca/Hash.java:172:54:172:70 | Parameter | +| jca/Hash.java:172:73:172:91 | Parameter | +| jca/Hash.java:173:53:173:67 | HashAlgorithm | +| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | +| jca/Hash.java:174:30:174:38 | Key | +| jca/Hash.java:175:26:175:41 | Message | +| jca/Hash.java:176:16:176:43 | VerifyOperation | +| jca/Hash.java:176:33:176:42 | SignatureInput | +| jca/Hash.java:191:43:191:53 | Parameter | +| jca/Hash.java:192:58:192:66 | HashAlgorithm | +| jca/Hash.java:193:23:193:52 | Digest | +| jca/Hash.java:193:23:193:52 | HashOperation | +| jca/Hash.java:193:37:193:51 | Message | +| jca/Hash.java:210:43:210:54 | Parameter | +| jca/Hash.java:211:33:211:39 | HashAlgorithm | +| jca/Hash.java:211:42:211:50 | HashAlgorithm | +| jca/Hash.java:211:53:211:61 | HashAlgorithm | +| jca/Hash.java:211:64:211:72 | HashAlgorithm | +| jca/Hash.java:211:75:211:83 | HashAlgorithm | +| jca/Hash.java:211:86:211:95 | HashAlgorithm | +| jca/Hash.java:211:98:211:107 | HashAlgorithm | +| jca/Hash.java:212:17:212:29 | HashAlgorithm | +| jca/Hash.java:212:32:212:44 | HashAlgorithm | +| jca/Hash.java:212:47:212:51 | HashAlgorithm | +| jca/Hash.java:215:27:215:57 | Digest | +| jca/Hash.java:215:27:215:57 | HashOperation | +| jca/Hash.java:215:41:215:56 | Message | +| jca/Hash.java:233:43:233:54 | Parameter | +| jca/Hash.java:233:57:233:66 | Parameter | +| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | +| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | +| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | +| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | +| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | +| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | +| jca/Hash.java:238:22:238:30 | Key | +| jca/Hash.java:239:27:239:55 | KeyOperationOutput | +| jca/Hash.java:239:27:239:55 | MACOperation | +| jca/Hash.java:239:39:239:54 | Message | +| jca/Hash.java:256:40:256:54 | Parameter | +| jca/Hash.java:259:42:259:63 | Message | +| jca/Hash.java:259:66:259:69 | Salt | +| jca/Hash.java:259:72:259:76 | Constant | +| jca/Hash.java:259:79:259:81 | Constant | +| jca/Hash.java:260:65:260:86 | HMACAlgorithm | +| jca/Hash.java:260:65:260:86 | HashAlgorithm | +| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | +| jca/Hash.java:261:23:261:50 | Key | +| jca/Hash.java:261:23:261:50 | KeyDerivation | +| jca/Hash.java:277:23:277:70 | Digest | +| jca/Hash.java:277:23:277:70 | HashOperation | +| jca/Hash.java:277:37:277:58 | Constant | +| jca/Hash.java:277:37:277:69 | Message | +| jca/Hash.java:292:33:292:41 | HashAlgorithm | +| jca/Hash.java:292:44:292:52 | HashAlgorithm | +| jca/Hash.java:292:55:292:64 | HashAlgorithm | +| jca/Hash.java:292:67:292:76 | HashAlgorithm | +| jca/Hash.java:295:27:295:38 | Constant | +| jca/Hash.java:296:27:296:30 | Message | +| jca/Hash.java:297:40:297:54 | Digest | +| jca/Hash.java:297:40:297:54 | HashOperation | +| jca/Hash.java:321:16:321:66 | LocalData | +| jca/Hash.java:321:57:321:65 | HashAlgorithm | +| jca/Hash.java:338:9:338:42 | RandomNumberGeneration | +| jca/Hash.java:338:38:338:41 | RandomNumberGeneration | +| jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | +| jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | +| jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | +| jca/IVArtifact.java:31:42:31:44 | Key | +| jca/IVArtifact.java:31:47:31:52 | Nonce | +| jca/IVArtifact.java:32:29:32:73 | EncryptOperation | +| jca/IVArtifact.java:32:29:32:73 | KeyOperationOutput | +| jca/IVArtifact.java:32:44:32:61 | Constant | +| jca/IVArtifact.java:32:44:32:72 | Message | +| jca/IVArtifact.java:38:42:38:44 | Key | +| jca/IVArtifact.java:38:47:38:52 | Nonce | +| jca/IVArtifact.java:39:29:39:53 | EncryptOperation | +| jca/IVArtifact.java:39:29:39:53 | KeyOperationOutput | +| jca/IVArtifact.java:39:44:39:52 | Message | +| jca/IVArtifact.java:49:27:49:42 | Constant | +| jca/IVArtifact.java:70:16:70:81 | LocalData | +| jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | +| jca/IVArtifact.java:70:59:70:80 | ModeOfOperation | +| jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | +| jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:75:21:75:23 | Constant | +| jca/IVArtifact.java:76:16:76:35 | Key | +| jca/IVArtifact.java:76:16:76:35 | KeyGeneration | +| jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | +| jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | +| jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | +| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | +| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | +| jca/IVArtifact.java:109:42:109:44 | Key | +| jca/IVArtifact.java:109:47:109:50 | Nonce | +| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | +| jca/IVArtifact.java:110:16:110:40 | KeyOperationOutput | +| jca/IVArtifact.java:110:31:110:39 | Message | +| jca/IVArtifact.java:118:31:118:34 | Constant | +| jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | +| jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | +| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | +| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | +| jca/IVArtifact.java:136:42:136:44 | Key | +| jca/IVArtifact.java:136:47:136:50 | Nonce | +| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | +| jca/IVArtifact.java:137:16:137:40 | KeyOperationOutput | +| jca/IVArtifact.java:137:31:137:39 | Message | +| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | +| jca/IVArtifact.java:158:31:158:78 | Digest | +| jca/IVArtifact.java:158:31:158:78 | HashOperation | +| jca/IVArtifact.java:158:45:158:59 | Constant | +| jca/IVArtifact.java:158:45:158:77 | Message | +| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | +| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | +| jca/IVArtifact.java:162:42:162:44 | Key | +| jca/IVArtifact.java:162:47:162:50 | Nonce | +| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | +| jca/IVArtifact.java:163:16:163:40 | KeyOperationOutput | +| jca/IVArtifact.java:163:31:163:39 | Message | +| jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | +| jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | +| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | +| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | +| jca/IVArtifact.java:188:46:188:48 | Key | +| jca/IVArtifact.java:188:51:188:54 | Nonce | +| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | +| jca/IVArtifact.java:189:30:189:58 | KeyOperationOutput | +| jca/IVArtifact.java:189:45:189:57 | Message | +| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | +| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | +| jca/IVArtifact.java:207:42:207:44 | Key | +| jca/IVArtifact.java:207:47:207:50 | Nonce | +| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | +| jca/IVArtifact.java:208:16:208:40 | KeyOperationOutput | +| jca/IVArtifact.java:208:31:208:39 | Message | +| jca/IVArtifact.java:221:53:221:65 | Parameter | +| jca/IVArtifact.java:221:68:221:83 | Parameter | +| jca/IVArtifact.java:242:60:242:72 | Parameter | +| jca/IVArtifact.java:242:75:242:90 | Parameter | +| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:262:21:262:23 | Constant | +| jca/IVArtifact.java:263:29:263:44 | Key | +| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | +| jca/IVArtifact.java:264:32:264:47 | Constant | +| jca/IVArtifact.java:283:35:283:47 | Constant | +| jca/IVArtifact.java:283:61:283:73 | Constant | +| jca/IVArtifact.java:283:87:283:101 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | +| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | +| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | +| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:20:21:20:23 | Constant | +| jca/KeyArtifact.java:21:31:21:50 | Key | +| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | +| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:25:21:25:23 | Constant | +| jca/KeyArtifact.java:26:30:26:49 | Key | +| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | +| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:32:31:32:34 | Constant | +| jca/KeyArtifact.java:33:30:33:57 | Key | +| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | +| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:37:31:37:34 | Constant | +| jca/KeyArtifact.java:38:29:38:56 | Key | +| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | +| jca/KeyArtifact.java:42:31:42:33 | Constant | +| jca/KeyArtifact.java:43:26:43:53 | Key | +| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | +| jca/KeyArtifact.java:63:28:63:73 | LocalData | +| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:66:21:66:23 | Constant | +| jca/KeyArtifact.java:67:32:67:51 | Key | +| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | +| jca/KeyArtifact.java:73:31:73:34 | Constant | +| jca/KeyArtifact.java:74:16:74:43 | Key | +| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | +| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:79:46:79:54 | Constant | +| jca/KeyDerivation1.java:92:39:92:53 | Parameter | +| jca/KeyDerivation1.java:94:42:94:63 | Message | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | +| jca/KeyDerivation1.java:94:72:94:76 | Constant | +| jca/KeyDerivation1.java:94:79:94:81 | Constant | +| jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | +| jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:96:22:96:49 | Key | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | +| jca/KeyDerivation1.java:109:36:109:50 | Parameter | +| jca/KeyDerivation1.java:111:42:111:63 | Message | +| jca/KeyDerivation1.java:111:66:111:69 | Salt | +| jca/KeyDerivation1.java:111:72:111:73 | Constant | +| jca/KeyDerivation1.java:111:76:111:78 | Constant | +| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | +| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:113:22:113:49 | Key | +| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | +| jca/KeyDerivation1.java:124:37:124:51 | Parameter | +| jca/KeyDerivation1.java:126:42:126:63 | Message | +| jca/KeyDerivation1.java:126:66:126:69 | Salt | +| jca/KeyDerivation1.java:126:72:126:80 | Constant | +| jca/KeyDerivation1.java:126:83:126:85 | Constant | +| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | +| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:128:22:128:49 | Key | +| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | +| jca/KeyDerivation1.java:140:32:140:46 | Parameter | +| jca/KeyDerivation1.java:142:42:142:63 | Message | +| jca/KeyDerivation1.java:142:66:142:69 | Salt | +| jca/KeyDerivation1.java:142:72:142:76 | Constant | +| jca/KeyDerivation1.java:142:79:142:81 | Constant | +| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | +| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:144:22:144:49 | Key | +| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | +| jca/KeyDerivation1.java:155:34:155:48 | Parameter | +| jca/KeyDerivation1.java:157:42:157:63 | Message | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | +| jca/KeyDerivation1.java:157:72:157:77 | Constant | +| jca/KeyDerivation1.java:157:80:157:82 | Constant | +| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | +| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:159:22:159:49 | Key | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | +| jca/KeyDerivation1.java:175:28:175:42 | Parameter | +| jca/KeyDerivation1.java:178:42:178:63 | Message | +| jca/KeyDerivation1.java:178:66:178:69 | Salt | +| jca/KeyDerivation1.java:178:72:178:75 | Constant | +| jca/KeyDerivation1.java:178:78:178:80 | Constant | +| jca/KeyDerivation1.java:179:65:179:72 | Constant | +| jca/KeyDerivation1.java:180:22:180:49 | Key | +| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | +| jca/KeyDerivation1.java:191:30:191:44 | Parameter | +| jca/KeyDerivation1.java:194:42:194:63 | Message | +| jca/KeyDerivation1.java:194:66:194:69 | Salt | +| jca/KeyDerivation1.java:194:72:194:76 | Constant | +| jca/KeyDerivation1.java:194:79:194:81 | Constant | +| jca/KeyDerivation1.java:195:65:195:72 | Constant | +| jca/KeyDerivation1.java:196:22:196:49 | Key | +| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | +| jca/KeyDerivation1.java:264:45:264:56 | Parameter | +| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | +| jca/KeyDerivation1.java:266:29:266:59 | Digest | +| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | +| jca/KeyDerivation1.java:266:43:266:58 | Message | +| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | +| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:272:55:272:57 | Key | +| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | +| jca/KeyDerivation1.java:273:29:273:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:273:44:273:62 | Constant | +| jca/KeyDerivation1.java:273:44:273:73 | Message | +| jca/KeyDerivation1.java:291:32:291:41 | Parameter | +| jca/KeyDerivation1.java:306:43:306:57 | Parameter | +| jca/KeyDerivation1.java:306:60:306:78 | Parameter | +| jca/KeyDerivation1.java:325:37:325:51 | Parameter | +| jca/KeyDerivation1.java:332:25:332:76 | LocalData | +| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | +| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:333:43:333:86 | LocalData | +| jca/KeyDerivation1.java:334:40:334:78 | LocalData | +| jca/KeyDerivation1.java:337:42:337:63 | Message | +| jca/KeyDerivation1.java:337:66:337:69 | Salt | +| jca/KeyDerivation1.java:339:26:339:53 | Key | +| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | +| jca/KeyDerivation1.java:356:42:356:63 | Message | +| jca/KeyDerivation1.java:356:66:356:69 | Salt | +| jca/KeyDerivation1.java:356:72:356:76 | Constant | +| jca/KeyDerivation1.java:356:79:356:81 | Constant | +| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | +| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:358:16:358:43 | Key | +| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | +| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:372:19:372:27 | Key | +| jca/KeyDerivation1.java:373:22:373:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | +| jca/KeyDerivation1.java:373:35:373:37 | Message | +| jca/KeyDerivation1.java:377:19:377:54 | Key | +| jca/KeyDerivation1.java:378:22:378:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | +| jca/KeyDerivation1.java:378:35:378:50 | Constant | +| jca/KeyDerivation1.java:378:35:378:61 | Message | +| jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:65:21:65:23 | Constant | +| jca/KeyEncapsulation.java:66:28:66:47 | Key | +| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | +| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:72:45:72:50 | Key | +| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | +| jca/KeyEncapsulation.java:73:29:73:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:73:47:73:65 | Message | +| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:81:45:81:50 | Key | +| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | +| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | +| jca/KeyEncapsulation.java:82:29:82:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:82:47:82:68 | Constant | +| jca/KeyEncapsulation.java:82:47:82:79 | Message | +| jca/KeyEncapsulation.java:96:37:96:54 | Parameter | +| jca/KeyEncapsulation.java:96:57:96:73 | Parameter | +| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:98:45:98:51 | Key | +| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | +| jca/KeyEncapsulation.java:99:30:99:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:99:48:99:57 | Message | +| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | +| jca/KeyEncapsulation.java:123:31:123:51 | Key | +| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | +| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:127:17:127:40 | Key | +| jca/KeyEncapsulation.java:128:20:128:24 | Key | +| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | +| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:141:45:141:50 | Key | +| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | +| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | +| jca/KeyEncapsulation.java:142:29:142:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:142:47:142:61 | Constant | +| jca/KeyEncapsulation.java:142:47:142:72 | Message | +| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | +| jca/KeyEncapsulation.java:192:31:192:51 | Key | +| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | +| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:194:17:194:40 | Key | +| jca/KeyEncapsulation.java:195:20:195:34 | Key | +| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | +| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:213:27:213:30 | Constant | +| jca/KeyEncapsulation.java:214:25:214:48 | Key | +| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | +| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | +| jca/KeyEncapsulation.java:220:24:220:46 | Key | +| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | +| jca/KeyEncapsulation.java:232:31:232:53 | Key | +| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | +| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:59:26:59:29 | Constant | +| jca/KeyExchange.java:60:16:60:38 | Key | +| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | +| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:76:26:76:28 | Constant | +| jca/KeyExchange.java:77:16:77:38 | Key | +| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | +| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:91:26:91:29 | Constant | +| jca/KeyExchange.java:92:16:92:38 | Key | +| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | +| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:108:17:108:26 | Key | +| jca/KeyExchange.java:109:20:109:28 | Key | +| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | +| jca/KeyExchange.java:110:16:110:34 | SharedSecret | +| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | +| jca/KeyExchange.java:130:16:130:38 | Key | +| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | +| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:146:17:146:26 | Key | +| jca/KeyExchange.java:147:20:147:28 | Key | +| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | +| jca/KeyExchange.java:148:16:148:34 | SharedSecret | +| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:167:24:167:26 | Constant | +| jca/KeyExchange.java:168:16:168:36 | Key | +| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | +| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:184:17:184:26 | Key | +| jca/KeyExchange.java:185:20:185:28 | Key | +| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | +| jca/KeyExchange.java:186:16:186:34 | SharedSecret | +| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:205:24:205:26 | Constant | +| jca/KeyExchange.java:206:16:206:36 | Key | +| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | +| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:222:17:222:26 | Key | +| jca/KeyExchange.java:223:20:223:28 | Key | +| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | +| jca/KeyExchange.java:224:16:224:34 | SharedSecret | +| jca/MACOperation.java:65:36:65:49 | Parameter | +| jca/MACOperation.java:65:52:65:61 | Parameter | +| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:68:18:68:26 | Key | +| jca/MACOperation.java:69:16:69:46 | KeyOperationOutput | +| jca/MACOperation.java:69:16:69:46 | MACOperation | +| jca/MACOperation.java:69:28:69:45 | Message | +| jca/MACOperation.java:76:34:76:47 | Parameter | +| jca/MACOperation.java:76:50:76:59 | Parameter | +| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:79:18:79:26 | Key | +| jca/MACOperation.java:80:16:80:46 | KeyOperationOutput | +| jca/MACOperation.java:80:16:80:46 | MACOperation | +| jca/MACOperation.java:80:28:80:45 | Message | +| jca/MACOperation.java:88:34:88:47 | Parameter | +| jca/MACOperation.java:88:50:88:59 | Parameter | +| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:91:18:91:26 | Key | +| jca/MACOperation.java:92:16:92:46 | KeyOperationOutput | +| jca/MACOperation.java:92:16:92:46 | MACOperation | +| jca/MACOperation.java:92:28:92:45 | Message | +| jca/MACOperation.java:99:30:99:43 | Parameter | +| jca/MACOperation.java:99:46:99:55 | Parameter | +| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:105:18:105:26 | Key | +| jca/MACOperation.java:106:16:106:46 | KeyOperationOutput | +| jca/MACOperation.java:106:16:106:46 | MACOperation | +| jca/MACOperation.java:106:28:106:45 | Message | +| jca/MACOperation.java:113:30:113:43 | Parameter | +| jca/MACOperation.java:113:46:113:55 | Parameter | +| jca/MACOperation.java:114:35:114:43 | Constant | +| jca/MACOperation.java:116:18:116:26 | Key | +| jca/MACOperation.java:117:16:117:46 | KeyOperationOutput | +| jca/MACOperation.java:117:16:117:46 | MACOperation | +| jca/MACOperation.java:117:28:117:45 | Message | +| jca/MACOperation.java:124:36:124:49 | Parameter | +| jca/MACOperation.java:124:52:124:61 | Parameter | +| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:127:18:127:26 | Key | +| jca/MACOperation.java:128:16:128:46 | KeyOperationOutput | +| jca/MACOperation.java:128:16:128:46 | MACOperation | +| jca/MACOperation.java:128:28:128:45 | Message | +| jca/MACOperation.java:142:34:142:49 | Parameter | +| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | +| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | +| jca/MACOperation.java:146:42:146:44 | Key | +| jca/MACOperation.java:147:32:147:74 | EncryptOperation | +| jca/MACOperation.java:147:32:147:74 | KeyOperationOutput | +| jca/MACOperation.java:147:47:147:62 | Constant | +| jca/MACOperation.java:147:47:147:73 | Message | +| jca/MACOperation.java:159:36:159:51 | Parameter | +| jca/MACOperation.java:174:47:174:62 | Parameter | +| jca/MACOperation.java:178:42:178:68 | Message | +| jca/MACOperation.java:178:71:178:74 | Salt | +| jca/MACOperation.java:178:77:178:81 | Constant | +| jca/MACOperation.java:178:84:178:86 | Constant | +| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | +| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | +| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:180:30:180:57 | Key | +| jca/MACOperation.java:180:30:180:57 | KeyDerivation | +| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | +| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | +| jca/MACOperation.java:189:42:189:54 | Key | +| jca/MACOperation.java:190:29:190:78 | EncryptOperation | +| jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | +| jca/MACOperation.java:190:44:190:66 | Constant | +| jca/MACOperation.java:190:44:190:77 | Message | +| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:194:18:194:30 | Key | +| jca/MACOperation.java:195:30:195:52 | KeyOperationOutput | +| jca/MACOperation.java:195:30:195:52 | MACOperation | +| jca/MACOperation.java:195:42:195:51 | Message | +| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | +| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | +| jca/MACOperation.java:227:42:227:44 | Key | +| jca/MACOperation.java:228:32:228:51 | EncryptOperation | +| jca/MACOperation.java:228:32:228:51 | KeyOperationOutput | +| jca/MACOperation.java:228:47:228:50 | Message | +| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:243:21:243:23 | Constant | +| jca/MACOperation.java:244:16:244:35 | Key | +| jca/MACOperation.java:244:16:244:35 | KeyGeneration | +| jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | +| jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | +| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | +| jca/Nonce.java:26:18:26:20 | Key | +| jca/Nonce.java:28:28:28:69 | KeyOperationOutput | +| jca/Nonce.java:28:28:28:69 | MACOperation | +| jca/Nonce.java:28:40:28:57 | Constant | +| jca/Nonce.java:28:40:28:68 | Message | +| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | +| jca/Nonce.java:39:18:39:20 | Key | +| jca/Nonce.java:41:28:41:67 | KeyOperationOutput | +| jca/Nonce.java:41:28:41:67 | MACOperation | +| jca/Nonce.java:41:40:41:55 | Constant | +| jca/Nonce.java:41:40:41:66 | Message | +| jca/Nonce.java:48:39:48:51 | Parameter | +| jca/Nonce.java:48:54:48:69 | Parameter | +| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/Nonce.java:51:44:51:62 | ModeOfOperation | +| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | +| jca/Nonce.java:52:42:52:44 | Key | +| jca/Nonce.java:52:47:52:53 | Nonce | +| jca/Nonce.java:53:29:53:53 | EncryptOperation | +| jca/Nonce.java:53:29:53:53 | KeyOperationOutput | +| jca/Nonce.java:53:44:53:52 | Message | +| jca/Nonce.java:59:37:59:49 | Parameter | +| jca/Nonce.java:59:52:59:67 | Parameter | +| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | +| jca/Nonce.java:62:44:62:62 | ModeOfOperation | +| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | +| jca/Nonce.java:63:42:63:44 | Key | +| jca/Nonce.java:63:47:63:53 | Nonce | +| jca/Nonce.java:64:29:64:53 | EncryptOperation | +| jca/Nonce.java:64:29:64:53 | KeyOperationOutput | +| jca/Nonce.java:64:44:64:52 | Message | +| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | +| jca/Nonce.java:79:18:79:20 | Key | +| jca/Nonce.java:81:28:81:67 | KeyOperationOutput | +| jca/Nonce.java:81:28:81:67 | MACOperation | +| jca/Nonce.java:81:40:81:55 | Constant | +| jca/Nonce.java:81:40:81:66 | Message | +| jca/Nonce.java:93:56:93:67 | Constant | +| jca/Nonce.java:94:16:94:35 | Key | +| jca/Nonce.java:94:16:94:35 | KeyGeneration | +| jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | +| jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | +| jca/Nonce.java:113:16:113:33 | Constant | +| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:163:21:163:23 | Constant | +| jca/PrngTest.java:164:16:164:35 | Key | +| jca/PrngTest.java:164:16:164:35 | KeyGeneration | +| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:60:16:60:38 | Key | +| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | +| jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:69:28:69:34 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | +| jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:76:30:76:35 | Key | +| jca/SignEncryptCombinations.java:77:26:77:29 | Message | +| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | +| jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | +| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:90:17:90:19 | Constant | +| jca/SignEncryptCombinations.java:91:16:91:31 | Key | +| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | +| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:103:42:103:44 | Key | +| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | +| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | +| jca/SignEncryptCombinations.java:104:29:104:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:104:44:104:52 | Message | +| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:119:42:119:44 | Key | +| jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | +| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | +| jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:120:31:120:40 | Message | +| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:129:18:129:20 | Key | +| jca/SignEncryptCombinations.java:130:16:130:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | +| jca/SignEncryptCombinations.java:130:28:130:31 | Message | +| jca/SignEncryptCombinations.java:345:26:345:47 | Constant | +| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:60:24:60:27 | Constant | +| jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | +| jca/SignatureOperation.java:71:53:71:74 | Constant | +| jca/SignatureOperation.java:72:28:72:37 | Key | +| jca/SignatureOperation.java:73:26:73:29 | Message | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | +| jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | +| jca/SignatureOperation.java:84:53:84:74 | Constant | +| jca/SignatureOperation.java:85:30:85:38 | Key | +| jca/SignatureOperation.java:86:26:86:29 | Message | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | +| jca/SignatureOperation.java:87:33:87:40 | SignatureInput | +| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | +| jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | +| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | +| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:114:28:114:37 | Key | +| jca/SignatureOperation.java:115:26:115:29 | Message | +| jca/SignatureOperation.java:116:16:116:31 | SignOperation | +| jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | +| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | +| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:127:30:127:38 | Key | +| jca/SignatureOperation.java:128:26:128:29 | Message | +| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | +| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | +| jca/SignatureOperation.java:143:61:143:69 | Constant | +| jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | +| jca/SignatureOperation.java:154:53:154:61 | Constant | +| jca/SignatureOperation.java:155:28:155:37 | Key | +| jca/SignatureOperation.java:156:26:156:29 | Message | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | +| jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | +| jca/SignatureOperation.java:167:53:167:61 | Constant | +| jca/SignatureOperation.java:168:30:168:38 | Key | +| jca/SignatureOperation.java:169:26:169:29 | Message | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | +| jca/SignatureOperation.java:170:33:170:40 | SignatureInput | +| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:187:24:187:27 | Constant | +| jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | +| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | +| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:200:28:200:37 | Key | +| jca/SignatureOperation.java:201:26:201:29 | Message | +| jca/SignatureOperation.java:202:16:202:31 | SignOperation | +| jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | +| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | +| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:214:30:214:38 | Key | +| jca/SignatureOperation.java:215:26:215:29 | Message | +| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | +| jca/SignatureOperation.java:216:33:216:40 | SignatureInput | +| jca/SignatureOperation.java:246:27:246:35 | Constant | +| jca/SignatureOperation.java:263:26:263:44 | Constant | +| jca/SignatureOperation.java:268:27:268:30 | Constant | +| jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | +| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | +| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:315:26:315:49 | Constant | +| jca/SignatureOperation.java:316:28:316:42 | Key | +| jca/SignatureOperation.java:317:26:317:32 | Message | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | +| jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | +| jca/SignatureOperation.java:320:30:320:43 | Key | +| jca/SignatureOperation.java:321:26:321:32 | Message | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | +| jca/SignatureOperation.java:322:45:322:52 | SignatureInput | +| jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | +| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | +| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:65:29:65:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:65:44:65:52 | Message | +| jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | +| jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | +| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | +| jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | +| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:87:29:87:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:87:44:87:52 | Message | +| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | +| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | +| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:109:29:109:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:109:44:109:52 | Message | +| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | +| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:128:16:128:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:128:31:128:39 | Message | +| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | +| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:145:16:145:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:145:31:145:39 | Message | +| jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | +| jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | +| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | +| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | +| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:163:29:163:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:163:44:163:52 | Message | +| jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | +| jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | +| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | +| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | +| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:185:29:185:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:185:44:185:52 | Message | +| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | +| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | +| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:207:29:207:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:207:44:207:52 | Message | +| jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | +| jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | +| jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | +| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | +| jca/SymmetricAlgorithm.java:227:29:227:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | +| jca/SymmetricAlgorithm.java:227:42:227:50 | Message | +| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | +| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | +| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:235:29:235:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:235:44:235:52 | Message | +| jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | +| jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | +| jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | +| jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | +| jca/SymmetricAlgorithm.java:302:42:302:66 | Message | +| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | +| jca/SymmetricAlgorithm.java:302:75:302:79 | Constant | +| jca/SymmetricAlgorithm.java:302:82:302:84 | Constant | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:304:26:304:53 | Key | +| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | +| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | +| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | +| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:314:44:314:52 | Message | +| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | +| jca/SymmetricAlgorithm.java:318:30:318:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | +| jca/SymmetricAlgorithm.java:318:42:318:51 | Message | +| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:348:17:348:19 | Constant | +| jca/SymmetricAlgorithm.java:349:16:349:31 | Key | +| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | +| jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:57:17:57:19 | Constant | +| jca/SymmetricModesTest.java:58:33:58:48 | Key | +| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | +| jca/SymmetricModesTest.java:61:17:61:19 | Constant | +| jca/SymmetricModesTest.java:62:31:62:46 | Key | +| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | +| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:66:39:66:49 | Key | +| jca/SymmetricModesTest.java:67:29:67:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | +| jca/SymmetricModesTest.java:67:41:67:49 | Message | +| jca/SymmetricModesTest.java:88:43:88:55 | Parameter | +| jca/SymmetricModesTest.java:88:58:88:73 | Parameter | +| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:93:42:93:44 | Key | +| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | +| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | +| jca/SymmetricModesTest.java:94:29:94:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:94:44:94:52 | Message | +| jca/SymmetricModesTest.java:116:45:116:57 | Parameter | +| jca/SymmetricModesTest.java:116:60:116:75 | Parameter | +| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:121:42:121:44 | Key | +| jca/SymmetricModesTest.java:121:47:121:52 | Nonce | +| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | +| jca/SymmetricModesTest.java:122:29:122:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:122:44:122:52 | Message | +| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:141:17:141:19 | Constant | +| jca/SymmetricModesTest.java:142:16:142:31 | Key | +| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | +| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:25:17:25:19 | Constant | +| jca/UniversalFlowTest.java:26:21:26:40 | Key | +| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | +| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | +| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:32:38:32:40 | Key | +| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | +| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | +| jca/UniversalFlowTest.java:33:28:33:70 | KeyOperationOutput | +| jca/UniversalFlowTest.java:33:43:33:58 | Constant | +| jca/UniversalFlowTest.java:33:43:33:69 | Message | +| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.ql b/java/ql/test/experimental/library-tests/quantum/nodes.ql new file mode 100644 index 000000000000..e080ce7297ac --- /dev/null +++ b/java/ql/test/experimental/library-tests/quantum/nodes.ql @@ -0,0 +1,5 @@ +import java +import experimental.quantum.Language + +from Crypto::NodeBase n +select n From 9c5765a48c7313e8f7e746e25834c39295b52164 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 3 Oct 2025 17:17:07 -0400 Subject: [PATCH 232/307] Crypto: Add missing string constants for signature algorithms. --- java/ql/lib/experimental/quantum/JCA.qll | 26 ++++++++-- .../library-tests/quantum/node_edges.expected | 50 +++++++++++++------ .../quantum/node_properties.expected | 39 +++++++++++---- .../library-tests/quantum/nodes.expected | 22 ++++---- .../quantum/experimental/Standardization.qll | 1 + 5 files changed, 101 insertions(+), 37 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index a0ea566b268d..5625d7f03509 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -102,10 +102,15 @@ module JCAModel { ].toUpperCase()) } + /** + * Names that match known signature algorithms. + * https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html + */ bindingset[name] predicate signature_names(string name) { - name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA", "ECDSA", "DSA"]) - // note RSASSA-PSS is RSA with PSS where the digest is set through PSSParameterSpec + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA%", "ECDSA%", "DSA%"]) + or + name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) } bindingset[name] @@ -225,18 +230,29 @@ module JCAModel { name.toUpperCase() in ["ECDH", "X25519", "X448"] } + /** + * Maps a signature algorithm name to its type, if known. + * see https://docs.oracle.com/en/java/javase/25/docs/specs/security/standard-names.html + */ bindingset[name] predicate signature_name_to_type_known(Crypto::KeyOpAlg::TAlgorithm type, string name) { - name.toUpperCase().splitAt("with".toUpperCase(), 1) = "RSA" and + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("RSA%") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) or - name.toUpperCase().splitAt("with".toUpperCase(), 1) = "ECDSA" and + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("ECDSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::ECDSA()) or - name.toUpperCase().splitAt("with".toUpperCase(), 1) = "DSA" and + name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or name.toUpperCase().matches("RSASSA-PSS") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + or + name.toUpperCase().matches(["EDDSA", "ED25519", "ED448"]) and + type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA()) + or + name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) + or + name.toUpperCase().matches("HSS/LMS") and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) } bindingset[name] diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index d17fd3500f7b..cdafdbed3624 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -447,16 +447,20 @@ | jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Key | jca/EllipticCurve2.java:164:30:164:43 | Key | | jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | Source | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | +| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:179:28:179:42 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | | jca/EllipticCurve2.java:180:26:180:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | Constant | +| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Input | jca/EllipticCurve2.java:180:26:180:32 | Message | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Key | jca/EllipticCurve2.java:179:28:179:42 | Key | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Output | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | +| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:194:30:194:43 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | | jca/EllipticCurve2.java:195:26:195:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | Constant | +| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Input | jca/EllipticCurve2.java:195:26:195:32 | Message | | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Key | jca/EllipticCurve2.java:194:30:194:43 | Key | @@ -1398,17 +1402,21 @@ | jca/SignatureOperation.java:61:16:61:36 | Key | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Output | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:72:28:72:37 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | | jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | Constant | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:74:16:74:31 | SignOperation | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | Input | jca/SignatureOperation.java:73:26:73:29 | Message | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | Key | jca/SignatureOperation.java:72:28:72:37 | Key | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | Output | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | +| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:85:30:85:38 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | | jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | Constant | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Input | jca/SignatureOperation.java:86:26:86:29 | Message | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Key | jca/SignatureOperation.java:85:30:85:38 | Key | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Signature | jca/SignatureOperation.java:87:33:87:40 | SignatureInput | @@ -1441,18 +1449,22 @@ | jca/SignatureOperation.java:144:16:144:36 | Key | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | | jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | | jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Output | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:155:28:155:37 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | | jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | Constant | +| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:31 | SignOperation | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | Key | jca/SignatureOperation.java:155:28:155:37 | Key | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | Output | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | +| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:168:30:168:38 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | | jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | Constant | +| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Input | jca/SignatureOperation.java:169:26:169:29 | Message | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Key | jca/SignatureOperation.java:168:30:168:38 | Key | @@ -1480,22 +1492,30 @@ | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Key | jca/SignatureOperation.java:214:30:214:38 | Key | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Signature | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | Source | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | +| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | | jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | | jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | | jca/SignatureOperation.java:317:26:317:32 | Message | Source | jca/SignatureOperation.java:315:26:315:49 | Constant | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | +| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | Output | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | @@ -1504,13 +1524,15 @@ | jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | | jca/SignatureOperation.java:321:26:321:32 | Message | Source | jca/SignatureOperation.java:321:26:321:32 | Message | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | +| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:321:26:321:32 | Message | | jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index f906e1211725..ce660e86bd96 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -443,10 +443,12 @@ | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | | jca/EllipticCurve2.java:164:30:164:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:164:30:164:43 | jca/EllipticCurve2.java:164:30:164:43 | | jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:166:16:166:47 | jca/EllipticCurve2.java:166:16:166:47 | -| jca/EllipticCurve2.java:178:53:178:61 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | +| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | +| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | | jca/EllipticCurve2.java:179:28:179:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:179:28:179:42 | jca/EllipticCurve2.java:179:28:179:42 | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:181:16:181:31 | jca/EllipticCurve2.java:181:16:181:31 | -| jca/EllipticCurve2.java:193:53:193:61 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | +| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | +| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | | jca/EllipticCurve2.java:194:30:194:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:194:30:194:43 | jca/EllipticCurve2.java:194:30:194:43 | | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:196:16:196:47 | jca/EllipticCurve2.java:196:16:196:47 | | jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:221:52:221:57 | jca/EllipticCurve2.java:221:52:221:57 | @@ -1405,10 +1407,18 @@ | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:59:61:59:65 | jca/SignatureOperation.java:59:61:59:65 | | jca/SignatureOperation.java:60:24:60:27 | Constant | Description | 2048 | jca/SignatureOperation.java:60:24:60:27 | jca/SignatureOperation.java:60:24:60:27 | | jca/SignatureOperation.java:61:16:61:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:61:16:61:36 | jca/SignatureOperation.java:61:16:61:36 | -| jca/SignatureOperation.java:71:53:71:74 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | +| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | | jca/SignatureOperation.java:72:28:72:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:72:28:72:37 | jca/SignatureOperation.java:72:28:72:37 | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:74:16:74:31 | jca/SignatureOperation.java:74:16:74:31 | -| jca/SignatureOperation.java:84:53:84:74 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | +| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | | jca/SignatureOperation.java:85:30:85:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:85:30:85:38 | jca/SignatureOperation.java:85:30:85:38 | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:87:16:87:41 | jca/SignatureOperation.java:87:16:87:41 | | jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | @@ -1432,10 +1442,12 @@ | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:129:16:129:41 | jca/SignatureOperation.java:129:16:129:41 | | jca/SignatureOperation.java:143:61:143:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:143:61:143:69 | jca/SignatureOperation.java:143:61:143:69 | | jca/SignatureOperation.java:144:16:144:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:144:16:144:36 | jca/SignatureOperation.java:144:16:144:36 | -| jca/SignatureOperation.java:154:53:154:61 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | | jca/SignatureOperation.java:155:28:155:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:155:28:155:37 | jca/SignatureOperation.java:155:28:155:37 | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:157:16:157:31 | jca/SignatureOperation.java:157:16:157:31 | -| jca/SignatureOperation.java:167:53:167:61 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | +| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | +| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | | jca/SignatureOperation.java:168:30:168:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:168:30:168:38 | jca/SignatureOperation.java:168:30:168:38 | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:170:16:170:41 | jca/SignatureOperation.java:170:16:170:41 | | jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/SignatureOperation.java:187:24:187:27 | jca/SignatureOperation.java:187:24:187:27 | @@ -1460,19 +1472,28 @@ | jca/SignatureOperation.java:246:27:246:35 | Constant | Description | "\u3053\u3093\u306b\u3061\u306f\u4e16\u754c" | jca/SignatureOperation.java:246:27:246:35 | jca/SignatureOperation.java:246:27:246:35 | | jca/SignatureOperation.java:263:26:263:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:263:26:263:44 | jca/SignatureOperation.java:263:26:263:44 | | jca/SignatureOperation.java:268:27:268:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:268:27:268:30 | jca/SignatureOperation.java:268:27:268:30 | -| jca/SignatureOperation.java:299:47:299:68 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | +| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:305:47:305:55 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | +| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | +| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:312:47:312:68 | Constant | Description | "SHA256withRSAandMGF1" | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | +| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | | jca/SignatureOperation.java:315:26:315:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:315:26:315:49 | jca/SignatureOperation.java:315:26:315:49 | | jca/SignatureOperation.java:316:28:316:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:316:28:316:42 | jca/SignatureOperation.java:316:28:316:42 | | jca/SignatureOperation.java:318:27:318:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:318:27:318:42 | jca/SignatureOperation.java:318:27:318:42 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index e38aa8790730..7810a4626b63 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -400,12 +400,12 @@ | jca/EllipticCurve2.java:165:26:165:32 | Message | | jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | -| jca/EllipticCurve2.java:178:53:178:61 | Constant | +| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:179:28:179:42 | Key | | jca/EllipticCurve2.java:180:26:180:32 | Message | | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | -| jca/EllipticCurve2.java:193:53:193:61 | Constant | +| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | | jca/EllipticCurve2.java:194:30:194:43 | Key | | jca/EllipticCurve2.java:195:26:195:32 | Message | | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | @@ -1255,12 +1255,14 @@ | jca/SignatureOperation.java:60:24:60:27 | Constant | | jca/SignatureOperation.java:61:16:61:36 | Key | | jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | -| jca/SignatureOperation.java:71:53:71:74 | Constant | +| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | +| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:72:28:72:37 | Key | | jca/SignatureOperation.java:73:26:73:29 | Message | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | -| jca/SignatureOperation.java:84:53:84:74 | Constant | +| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | +| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:85:30:85:38 | Key | | jca/SignatureOperation.java:86:26:86:29 | Message | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | @@ -1283,12 +1285,12 @@ | jca/SignatureOperation.java:143:61:143:69 | Constant | | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | -| jca/SignatureOperation.java:154:53:154:61 | Constant | +| jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:155:28:155:37 | Key | | jca/SignatureOperation.java:156:26:156:29 | Message | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | -| jca/SignatureOperation.java:167:53:167:61 | Constant | +| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:168:30:168:38 | Key | | jca/SignatureOperation.java:169:26:169:29 | Message | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | @@ -1312,13 +1314,15 @@ | jca/SignatureOperation.java:246:27:246:35 | Constant | | jca/SignatureOperation.java:263:26:263:44 | Constant | | jca/SignatureOperation.java:268:27:268:30 | Constant | -| jca/SignatureOperation.java:299:47:299:68 | Constant | +| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | +| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:305:47:305:55 | Constant | +| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:312:47:312:68 | Constant | +| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | +| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | | jca/SignatureOperation.java:315:26:315:49 | Constant | | jca/SignatureOperation.java:316:28:316:42 | Key | | jca/SignatureOperation.java:317:26:317:32 | Message | diff --git a/shared/quantum/codeql/quantum/experimental/Standardization.qll b/shared/quantum/codeql/quantum/experimental/Standardization.qll index df3cb64d4e35..c713865f9aca 100644 --- a/shared/quantum/codeql/quantum/experimental/Standardization.qll +++ b/shared/quantum/codeql/quantum/experimental/Standardization.qll @@ -49,6 +49,7 @@ module Types { DSA() or ECDSA() or EDDSA() or // e.g., ED25519 or ED448 + HSS_LMS() or // Leighton-Micali Signature OtherSignatureAlgorithmType() newtype TKemAlgorithmType = From 9fa30a3884a59f99a81781c0fe474b83453e249c Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Fri, 3 Oct 2025 18:09:27 -0400 Subject: [PATCH 233/307] Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures. --- java/ql/lib/experimental/quantum/JCA.qll | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 5625d7f03509..baeed8b1b439 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -115,7 +115,8 @@ module JCAModel { bindingset[name] predicate key_agreement_names(string name) { - name.toUpperCase().matches(["DH", "EDH", "ECDH", "X25519", "X448"].toUpperCase()) + name.toUpperCase() + .matches(["DH", "EDH", "ECDH", "X25519", "X448", "ML-KEM%", "XDH"].toUpperCase()) } bindingset[name] @@ -221,13 +222,16 @@ module JCAModel { bindingset[name] predicate key_agreement_name_to_type_known(Crypto::TKeyAgreementType type, string name) { type = Crypto::DH() and - name.toUpperCase() = "DH" + name.toUpperCase() in ["DH", "XDH"] or type = Crypto::EDH() and name.toUpperCase() = "EDH" or type = Crypto::ECDH() and name.toUpperCase() in ["ECDH", "X25519", "X448"] + or + type = Crypto::OtherKeyAgreementType() and + name.toUpperCase().matches("ML-KEM%") } /** @@ -1042,7 +1046,8 @@ module JCAModel { override Crypto::AlgorithmInstance getAKnownAlgorithmSource() { result.(CipherStringLiteralAlgorithmInstance).getConsumer() = this or result.(KeyAgreementStringLiteralAlgorithmInstance).getConsumer() = this or - result.(EllipticCurveStringLiteralInstance).getConsumer() = this + result.(EllipticCurveStringLiteralInstance).getConsumer() = this or + result.(SignatureStringLiteralAlgorithmInstance).getConsumer() = this } KeyGeneratorGetInstanceCall getInstantiationCall() { result = instantiationCall } From f6b6a007b1a8164ce1b6825688b025d326deb629 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Fri, 19 Sep 2025 13:50:33 +0200 Subject: [PATCH 234/307] Java: Add integration tests for Maven 4 --- .../ExtractionErrors.expected | 0 .../ExtractionErrors.qlref | 1 + .../app/.mvn/wrapper/maven-wrapper.properties | 3 + .../maven_3_fetch_maven_4_wrapper/app/mvnw | 295 ++++++++++++++++++ .../app/mvnw.cmd | 189 +++++++++++ .../maven_3_fetch_maven_4_wrapper/app/pom.xml | 38 +++ .../app/src/main/java/testmaven/Test.java | 10 + .../methods.expected | 0 .../maven_3_fetch_maven_4_wrapper/methods.ql | 5 + .../maven_3_fetch_maven_4_wrapper/test.py | 20 ++ 10 files changed, 561 insertions(+) create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.expected create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties create mode 100755 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql create mode 100644 java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.expected b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref new file mode 100644 index 000000000000..5e501b2469d2 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/ExtractionErrors.qlref @@ -0,0 +1 @@ +Diagnostics/ExtractionErrors.ql \ No newline at end of file diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 000000000000..c0bcafe984fe --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,3 @@ +wrapperVersion=3.3.4 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.11/apache-maven-3.9.11-bin.zip diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw new file mode 100755 index 000000000000..bd8896bf2217 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw @@ -0,0 +1,295 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.4 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +scriptDir="$(dirname "$0")" +scriptName="$(basename "$0")" + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"$scriptDir/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${scriptName#mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c - >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +actualDistributionDir="" + +# First try the expected directory name (for regular distributions) +if [ -d "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" ]; then + if [ -f "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/bin/$MVN_CMD" ]; then + actualDistributionDir="$distributionUrlNameMain" + fi +fi + +# If not found, search for any directory with the Maven executable (for snapshots) +if [ -z "$actualDistributionDir" ]; then + # enable globbing to iterate over items + set +f + for dir in "$TMP_DOWNLOAD_DIR"/*; do + if [ -d "$dir" ]; then + if [ -f "$dir/bin/$MVN_CMD" ]; then + actualDistributionDir="$(basename "$dir")" + break + fi + fi + done + set -f +fi + +if [ -z "$actualDistributionDir" ]; then + verbose "Contents of $TMP_DOWNLOAD_DIR:" + verbose "$(ls -la "$TMP_DOWNLOAD_DIR")" + die "Could not find Maven distribution directory in extracted archive" +fi + +verbose "Found extracted Maven distribution directory: $actualDistributionDir" +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$actualDistributionDir/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$actualDistributionDir" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd new file mode 100644 index 000000000000..92450f932734 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/mvnw.cmd @@ -0,0 +1,189 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.4 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" ("%__MVNW_CMD__%" %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND -eq $False) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace "^.*$MVNW_REPO_PATTERN",'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' + +$MAVEN_M2_PATH = "$HOME/.m2" +if ($env:MAVEN_USER_HOME) { + $MAVEN_M2_PATH = "$env:MAVEN_USER_HOME" +} + +if (-not (Test-Path -Path $MAVEN_M2_PATH)) { + New-Item -Path $MAVEN_M2_PATH -ItemType Directory | Out-Null +} + +$MAVEN_WRAPPER_DISTS = $null +if ((Get-Item $MAVEN_M2_PATH).Target[0] -eq $null) { + $MAVEN_WRAPPER_DISTS = "$MAVEN_M2_PATH/wrapper/dists" +} else { + $MAVEN_WRAPPER_DISTS = (Get-Item $MAVEN_M2_PATH).Target[0] + "/wrapper/dists" +} + +$MAVEN_HOME_PARENT = "$MAVEN_WRAPPER_DISTS/$distributionUrlNameMain" +$MAVEN_HOME_NAME = ([System.Security.Cryptography.SHA256]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null + +# Find the actual extracted directory name (handles snapshots where filename != directory name) +$actualDistributionDir = "" + +# First try the expected directory name (for regular distributions) +$expectedPath = Join-Path "$TMP_DOWNLOAD_DIR" "$distributionUrlNameMain" +$expectedMvnPath = Join-Path "$expectedPath" "bin/$MVN_CMD" +if ((Test-Path -Path $expectedPath -PathType Container) -and (Test-Path -Path $expectedMvnPath -PathType Leaf)) { + $actualDistributionDir = $distributionUrlNameMain +} + +# If not found, search for any directory with the Maven executable (for snapshots) +if (!$actualDistributionDir) { + Get-ChildItem -Path "$TMP_DOWNLOAD_DIR" -Directory | ForEach-Object { + $testPath = Join-Path $_.FullName "bin/$MVN_CMD" + if (Test-Path -Path $testPath -PathType Leaf) { + $actualDistributionDir = $_.Name + } + } +} + +if (!$actualDistributionDir) { + Write-Error "Could not find Maven distribution directory in extracted archive" +} + +Write-Verbose "Found extracted Maven distribution directory: $actualDistributionDir" +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$actualDistributionDir" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml new file mode 100644 index 000000000000..2d203a7dcba4 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/pom.xml @@ -0,0 +1,38 @@ + + + 4.0.0 + + com.example + maven3-fetch-maven4-wrapper-test + 1.0.0 + jar + + Maven 3 Fetch Maven 4 Wrapper Test + Integration test for Maven 3 system trying to fetch Maven 4 wrapper binary + + + 11 + 11 + UTF-8 + + + + + + + + + + org.apache.maven.plugins + maven-compiler-plugin + 3.11.0 + + 11 + 11 + + + + + \ No newline at end of file diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java new file mode 100644 index 000000000000..79a9aa9a0645 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/app/src/main/java/testmaven/Test.java @@ -0,0 +1,10 @@ +package testmaven; + +public class Test { + public static void main(String[] args) { + System.out.println("Test"); + } + + public void trivial() { + } +} diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql new file mode 100644 index 000000000000..9d32c93e69ca --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.ql @@ -0,0 +1,5 @@ +import java + +from Method m +where exists(m.getFile().getRelativePath()) +select m diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py new file mode 100644 index 000000000000..666691824b96 --- /dev/null +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/test.py @@ -0,0 +1,20 @@ +import os +import tarfile +import tempfile +import pathlib +from fixtures.util import download_file_cached + +def test_maven3_fetch_maven4_wrapper(codeql, java, use_java_17, cache): + maven_url = "https://archive.apache.org/dist/maven/maven-3/3.6.0/binaries/apache-maven-3.6.0-bin.tar.gz" + maven_archive = download_file_cached(maven_url, "apache-maven-3.6.0-bin.tar.gz", cache) + + temp_dir = pathlib.Path(tempfile.mkdtemp()) + with tarfile.open(maven_archive, "r:gz") as tar: + tar.extractall(temp_dir, filter='data') + + # Set maven_home_path to the extracted directory + maven_home_path = temp_dir / "apache-maven-3.6.0" + + codeql.database.create(source_root="app", + build_mode="autobuild", + _env={"MAVEN_USER_HOME": str(maven_home_path)}) \ No newline at end of file From a22ec2d9c6c0124a7c624c954f3495e933b07cce Mon Sep 17 00:00:00 2001 From: idrissrio Date: Fri, 19 Sep 2025 13:50:58 +0200 Subject: [PATCH 235/307] Java: Accept new test results after extractor changes --- .../java/maven_3_fetch_maven_4_wrapper/methods.expected | 2 ++ 1 file changed, 2 insertions(+) diff --git a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected index e69de29bb2d1..0f1a4ca9dfb1 100644 --- a/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected +++ b/java/ql/integration-tests/java/maven_3_fetch_maven_4_wrapper/methods.expected @@ -0,0 +1,2 @@ +| app/src/main/java/testmaven/Test.java:4:24:4:27 | main | +| app/src/main/java/testmaven/Test.java:8:17:8:23 | trivial | From 84c788a027b1eb70394d707640fc7e771d8d6dd8 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 Oct 2025 11:31:08 +0200 Subject: [PATCH 236/307] JS: Add API graph test for explicit 'this' passing --- .../test/ApiGraphs/explicit-this/VerifyAssertions.expected | 0 .../ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql | 1 + javascript/ql/test/ApiGraphs/explicit-this/package.json | 6 ++++++ javascript/ql/test/ApiGraphs/explicit-this/tst.js | 7 +++++++ 4 files changed, 14 insertions(+) create mode 100644 javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected create mode 100644 javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql create mode 100644 javascript/ql/test/ApiGraphs/explicit-this/package.json create mode 100644 javascript/ql/test/ApiGraphs/explicit-this/tst.js diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql new file mode 100644 index 000000000000..b9c54e26072d --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.ql @@ -0,0 +1 @@ +import ApiGraphs.VerifyAssertions diff --git a/javascript/ql/test/ApiGraphs/explicit-this/package.json b/javascript/ql/test/ApiGraphs/explicit-this/package.json new file mode 100644 index 000000000000..f48acd623603 --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/package.json @@ -0,0 +1,6 @@ +{ + "name": "explicit-this", + "dependencies": { + "something": "*" + } +} diff --git a/javascript/ql/test/ApiGraphs/explicit-this/tst.js b/javascript/ql/test/ApiGraphs/explicit-this/tst.js new file mode 100644 index 000000000000..a3f5ecff21e4 --- /dev/null +++ b/javascript/ql/test/ApiGraphs/explicit-this/tst.js @@ -0,0 +1,7 @@ +const lib = require('something'); + +function f() { + this.two(); /** use=moduleImport("something").getMember("exports").getMember("one").getMember("two").getReturn() */ +} + +f.call(lib.one); From 4d3319024174f7cae61b348ea271024b6f775c94 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 Oct 2025 11:22:39 +0200 Subject: [PATCH 237/307] JS: Restrict this-argument passing in API graphs --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 8 ++++++-- .../ApiGraphs/explicit-this/VerifyAssertions.expected | 1 + 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 850e92244512..647d8f3b837e 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1324,7 +1324,9 @@ module API { exists(DataFlow::TypeTracker t, StepSummary summary, DataFlow::SourceNode prev | prev = trackUseNode(nd, promisified, boundArgs, prop, t) and StepSummary::step(prev, res, summary) and - result = t.append(summary) + result = t.append(summary) and + // Block argument-passing into 'this' + not (summary = CallStep() and res instanceof DataFlow::ThisNode) ) } @@ -1381,7 +1383,9 @@ module API { exists(DataFlow::TypeBackTracker t, StepSummary summary, DataFlow::Node next | next = trackDefNode(nd, t) and StepSummary::step(prev, next, summary) and - result = t.prepend(summary) + result = t.prepend(summary) and + // Block argument-passing steps from 'this' back to a receiver + not (summary = CallStep() and prev instanceof DataFlow::ThisNode) ) } diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected index e69de29bb2d1..daff5d3e13b5 100644 --- a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected @@ -0,0 +1 @@ +| tst.js:4:17:4:119 | /** use ... rn() */ | use moduleImport("something").getMember("exports").getMember("one") has no outgoing edge labelled getMember("two"); it has no outgoing edges at all. | From 587ad5c60041b4ed425e48cf77fa32bf0ab85953 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 6 Oct 2025 11:39:54 +0200 Subject: [PATCH 238/307] JS: Refine criteria so that explicit this-passing is not affected --- .../ql/lib/semmle/javascript/ApiGraphs.qll | 8 ++++---- .../javascript/dataflow/TypeTracking.qll | 4 ++++ .../dataflow/internal/StepSummary.qll | 18 +++++++++++++++++- .../explicit-this/VerifyAssertions.expected | 1 - 4 files changed, 25 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 647d8f3b837e..1a96e25b3b9f 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1325,8 +1325,8 @@ module API { prev = trackUseNode(nd, promisified, boundArgs, prop, t) and StepSummary::step(prev, res, summary) and result = t.append(summary) and - // Block argument-passing into 'this' - not (summary = CallStep() and res instanceof DataFlow::ThisNode) + // Block argument-passing into 'this' when it determines the call target + not summary = CallReceiverStep() ) } @@ -1384,8 +1384,8 @@ module API { next = trackDefNode(nd, t) and StepSummary::step(prev, next, summary) and result = t.prepend(summary) and - // Block argument-passing steps from 'this' back to a receiver - not (summary = CallStep() and prev instanceof DataFlow::ThisNode) + // Block argument-passing steps from 'this' back to a receiver when it determines the call target + not summary = CallReceiverStep() ) } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll index 9e912a336f6f..e4c8f162972a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TypeTracking.qll @@ -65,6 +65,8 @@ class TypeTracker extends TTypeTracker { or step = CallStep() and result = MkTypeTracker(true, prop) or + step = CallReceiverStep() and result = MkTypeTracker(true, prop) + or step = ReturnStep() and hasCall = false and result = this or step = LoadStep(prop) and result = MkTypeTracker(hasCall, "") @@ -238,6 +240,8 @@ class TypeBackTracker extends TTypeBackTracker { or step = CallStep() and hasReturn = false and result = this or + step = CallReceiverStep() and hasReturn = false and result = this + or step = ReturnStep() and result = MkTypeBackTracker(true, prop) or exists(string p | step = LoadStep(p) and prop = "" and result = MkTypeBackTracker(hasReturn, p)) diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll index 2bcd89130a9c..fed492074b6a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/StepSummary.qll @@ -43,6 +43,7 @@ private module Cached { newtype TStepSummary = LevelStep() or CallStep() or + CallReceiverStep() or ReturnStep() or StoreStep(PropertyName prop) or LoadStep(PropertyName prop) or @@ -101,6 +102,15 @@ private module Cached { ) } + pragma[nomagic] + private predicate isReceiverForMethodDispatch(DataFlow::Node node) { + exists(DataFlow::SourceNode base, DataFlow::CallNode invoke | + node = invoke.getReceiver() and + base = node.getALocalSource() and + invoke.getCalleeNode() = base.getAPropertyRead() + ) + } + /** * INTERNAL: Use `TypeBackTracker.smallstep()` instead. */ @@ -116,7 +126,11 @@ private module Cached { or // Flow into function callStep(pred, succ) and - summary = CallStep() + ( + if isReceiverForMethodDispatch(pred) + then summary = CallReceiverStep() + else summary = CallStep() + ) or // Flow out of function returnStep(pred, succ) and @@ -251,6 +265,8 @@ class StepSummary extends TStepSummary { or this instanceof CallStep and result = "call" or + this instanceof CallReceiverStep and result = "call-receiver" + or this instanceof ReturnStep and result = "return" or exists(string prop | this = StoreStep(prop) | result = "store " + prop) diff --git a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected index daff5d3e13b5..e69de29bb2d1 100644 --- a/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/explicit-this/VerifyAssertions.expected @@ -1 +0,0 @@ -| tst.js:4:17:4:119 | /** use ... rn() */ | use moduleImport("something").getMember("exports").getMember("one") has no outgoing edge labelled getMember("two"); it has no outgoing edges at all. | From a31c10c4fa345b5076c7dd2ae071e5de491addf2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 6 Oct 2025 11:37:40 +0100 Subject: [PATCH 239/307] Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- docs/codeql/codeql-overview/system-requirements.rst | 2 +- docs/codeql/writing-codeql-queries/creating-path-queries.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst index 8e1820d2123e..94fee8cd7b28 100644 --- a/docs/codeql/codeql-overview/system-requirements.rst +++ b/docs/codeql/codeql-overview/system-requirements.rst @@ -44,7 +44,7 @@ For Ruby extraction: For Rust extraction: -- Requires ``rustup`` and ``cargo`` to be installed. +- `rustup`` and ``cargo`` must be installed. For Java extraction: diff --git a/docs/codeql/writing-codeql-queries/creating-path-queries.rst b/docs/codeql/writing-codeql-queries/creating-path-queries.rst index 750085e839ea..2e439baa7f41 100644 --- a/docs/codeql/writing-codeql-queries/creating-path-queries.rst +++ b/docs/codeql/writing-codeql-queries/creating-path-queries.rst @@ -125,7 +125,7 @@ Declaring sources and sinks You must provide information about the ``source`` and ``sink`` in your path query. These are objects that correspond to the nodes of the paths that you are exploring. The name and the type of the ``source`` and the ``sink`` must be declared in the ``from`` statement of the query, and the types must be compatible with the nodes of the graph computed by the ``edges`` predicate. -If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, Ruby or Rust code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. +If you are querying C/C++, C#, Go, Java/Kotlin, JavaScript/TypeScript, Python, Ruby, or Rust code (and you have used ``import MyFlow::PathGraph`` in your query), the definitions of the ``source`` and ``sink`` are accessed via the module resulting from the application of the ``Global<..>`` module in the data flow library. You should declare both of these objects in the ``from`` statement. For example: .. code-block:: ql From 1c8ee0af898e3989848430dc8607a91b367accf9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 6 Oct 2025 11:40:41 +0100 Subject: [PATCH 240/307] Rust: Fix backticks. --- docs/codeql/codeql-overview/system-requirements.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-overview/system-requirements.rst b/docs/codeql/codeql-overview/system-requirements.rst index 94fee8cd7b28..100b75445b2e 100644 --- a/docs/codeql/codeql-overview/system-requirements.rst +++ b/docs/codeql/codeql-overview/system-requirements.rst @@ -44,7 +44,7 @@ For Ruby extraction: For Rust extraction: -- `rustup`` and ``cargo`` must be installed. +- ``rustup`` and ``cargo`` must be installed. For Java extraction: From f2b45b8726a4cf1463da0a7974bd3c58a05af192 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 15:52:18 +0200 Subject: [PATCH 241/307] C#: Add type locations test. --- csharp/ql/test/library-tests/locations/locations.expected | 8 ++++++++ csharp/ql/test/library-tests/locations/locations.ql | 4 ++++ 2 files changed, 12 insertions(+) diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 8b021b115d26..4ce04a705550 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -50,3 +50,11 @@ accessor_location | B.cs:3:14:3:14 | B | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | B.cs:10:9:10:11 | | B.cs:3:14:3:14 | B | B.cs:15:9:15:11 | add_Event | B.cs:15:9:15:11 | B.cs:15:9:15:11 | | B.cs:3:14:3:14 | B | B.cs:16:9:16:14 | remove_Event | B.cs:16:9:16:14 | B.cs:16:9:16:14 | +type_location +| A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:23:3:26 | A`1 | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | +| A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | +| C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql index 6c1dcc3e385b..bfadcff2ac89 100644 --- a/csharp/ql/test/library-tests/locations/locations.ql +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -12,3 +12,7 @@ query predicate accessor_location(Type t, Accessor a, SourceLocation l) { l = a.getLocation() and not l instanceof EmptyLocation } + +query predicate type_location(Type t, SourceLocation l) { + l = t.getLocation() and not l instanceof EmptyLocation +} From 0cd7c37209b610b080085e5cd0dc152802603463 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 30 Sep 2025 15:52:47 +0200 Subject: [PATCH 242/307] C#: Avoid extracting duplicate type locations. --- .../Entities/Types/NamedType.cs | 13 ++++++++----- .../Entities/Types/TypeParameter.cs | 7 +++++-- .../Semmle.Extraction.CSharp/Extractor/Context.cs | 3 +++ 3 files changed, 16 insertions(+), 7 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs index d43ec6860313..d7eab644eeb9 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/NamedType.cs @@ -111,15 +111,18 @@ public override IEnumerable Locations } } - private static IEnumerable GetLocations(INamedTypeSymbol type) + private IEnumerable GetLocations(INamedTypeSymbol type) { - return type.Locations - .Where(l => l.IsInMetadata) - .Concat(type.DeclaringSyntaxReferences + var metadataLocations = type.Locations + .Where(l => l.IsInMetadata); + var sourceLocations = type.DeclaringSyntaxReferences .Select(loc => loc.GetSyntax()) .OfType() .Select(l => l.FixedLocation()) - ); + .Where(Context.IsLocationInContext); + + return metadataLocations + .Concat(sourceLocations); } public override Microsoft.CodeAnalysis.Location? ReportingLocation => GetLocations(Symbol).BestOrDefault(); diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs index a74a547f87b8..303421d32e76 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs @@ -26,9 +26,12 @@ public override void Populate(TextWriter trapFile) var parentNs = Namespace.Create(Context, Symbol.TypeParameterKind == TypeParameterKind.Method ? Context.Compilation.GlobalNamespace : Symbol.ContainingNamespace); trapFile.parent_namespace(this, parentNs); - foreach (var l in Symbol.Locations) + if (Context.ExtractLocation(Symbol)) { - WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); + foreach (var l in Symbol.Locations) + { + WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); + } } if (IsSourceDeclaration) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs index b7160cd1f638..44a2fcda5c22 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs @@ -554,6 +554,9 @@ public bool ExtractLocation(ISymbol symbol) => SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) && scope.InScope(symbol); + public bool IsLocationInContext(Location location) => + location.SourceTree == SourceTree; + /// /// Runs the given action , guarding for trap duplication /// based on key . From b5592ad42ff4a3efc541aa44824b1aabe1a3f372 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 2 Oct 2025 14:40:43 +0200 Subject: [PATCH 243/307] C#: Add partial class example. --- csharp/ql/test/library-tests/locations/Multiple1.cs | 1 + csharp/ql/test/library-tests/locations/Multiple2.cs | 1 + csharp/ql/test/library-tests/locations/locations.expected | 4 ++++ 3 files changed, 6 insertions(+) create mode 100644 csharp/ql/test/library-tests/locations/Multiple1.cs create mode 100644 csharp/ql/test/library-tests/locations/Multiple2.cs diff --git a/csharp/ql/test/library-tests/locations/Multiple1.cs b/csharp/ql/test/library-tests/locations/Multiple1.cs new file mode 100644 index 000000000000..34bec96c0699 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Multiple1.cs @@ -0,0 +1 @@ +public partial class Multiple { } diff --git a/csharp/ql/test/library-tests/locations/Multiple2.cs b/csharp/ql/test/library-tests/locations/Multiple2.cs new file mode 100644 index 000000000000..34bec96c0699 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Multiple2.cs @@ -0,0 +1 @@ +public partial class Multiple { } diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 4ce04a705550..502a99805c4d 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -58,3 +58,7 @@ type_location | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | | C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | +| Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple1.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Multiple2.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple2.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | From 12dc65d170baa338b54c0fb165b6bc3b1006552d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 3 Oct 2025 11:40:42 +0200 Subject: [PATCH 244/307] C#: For implicit constructors, pick a unique source location as reporting location (if any). --- .../extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs index 045277784695..4fa035446ef5 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs @@ -222,7 +222,8 @@ public override Microsoft.CodeAnalysis.Location? ReportingLocation if (Symbol.IsImplicitlyDeclared) { - return ContainingType!.ReportingLocation; + var best = Symbol.Locations.Where(l => l.IsInSource).BestOrDefault(); + return best ?? ContainingType!.ReportingLocation; } return Symbol.ContainingType.Locations.FirstOrDefault(); From 0ba9b80d089510684d1b75a55814349ad19f339a Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 3 Oct 2025 11:43:35 +0200 Subject: [PATCH 245/307] C#: Add some more partial class related tests. --- csharp/ql/test/library-tests/partial/Partial1.expected | 2 ++ .../test/library-tests/partial/PartialConstructors.expected | 4 ++++ csharp/ql/test/library-tests/partial/PartialConstructors.ql | 5 +++++ .../ql/test/library-tests/partial/PartialMultipleFiles1.cs | 1 + .../ql/test/library-tests/partial/PartialMultipleFiles2.cs | 1 + csharp/ql/test/library-tests/partial/PrintAst.expected | 4 ++++ 6 files changed, 17 insertions(+) create mode 100644 csharp/ql/test/library-tests/partial/PartialConstructors.expected create mode 100644 csharp/ql/test/library-tests/partial/PartialConstructors.ql create mode 100644 csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs create mode 100644 csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs diff --git a/csharp/ql/test/library-tests/partial/Partial1.expected b/csharp/ql/test/library-tests/partial/Partial1.expected index af7be1359143..55dcaabcea7d 100644 --- a/csharp/ql/test/library-tests/partial/Partial1.expected +++ b/csharp/ql/test/library-tests/partial/Partial1.expected @@ -10,3 +10,5 @@ | Partial.cs:28:9:28:11 | set_Item | | Partial.cs:32:15:32:33 | OnePartPartialClass | | Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | +| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | +| PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles | diff --git a/csharp/ql/test/library-tests/partial/PartialConstructors.expected b/csharp/ql/test/library-tests/partial/PartialConstructors.expected new file mode 100644 index 000000000000..01779f1b81ed --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialConstructors.expected @@ -0,0 +1,4 @@ +| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | {...} | +| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | {...} | +| Partial.cs:38:7:38:21 | NonPartialClass | Partial.cs:38:7:38:21 | {...} | +| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | {...} | diff --git a/csharp/ql/test/library-tests/partial/PartialConstructors.ql b/csharp/ql/test/library-tests/partial/PartialConstructors.ql new file mode 100644 index 000000000000..049de6290854 --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialConstructors.ql @@ -0,0 +1,5 @@ +import csharp + +from Constructor c +where c.getDeclaringType().fromSource() +select c, c.getBody() diff --git a/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs b/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs new file mode 100644 index 000000000000..6f9471f19ca0 --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialMultipleFiles1.cs @@ -0,0 +1 @@ +public partial class PartialMultipleFiles { } diff --git a/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs b/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs new file mode 100644 index 000000000000..6f9471f19ca0 --- /dev/null +++ b/csharp/ql/test/library-tests/partial/PartialMultipleFiles2.cs @@ -0,0 +1 @@ +public partial class PartialMultipleFiles { } diff --git a/csharp/ql/test/library-tests/partial/PrintAst.expected b/csharp/ql/test/library-tests/partial/PrintAst.expected index 8d9da42fc11c..d97f6fc01f04 100644 --- a/csharp/ql/test/library-tests/partial/PrintAst.expected +++ b/csharp/ql/test/library-tests/partial/PrintAst.expected @@ -89,3 +89,7 @@ Partial.cs: # 42| 0: [Parameter] index # 45| 1: [Parameter] value # 45| 4: [BlockStmt] {...} +PartialMultipleFiles1.cs: +# 1| [Class] PartialMultipleFiles +PartialMultipleFiles2.cs: +# 1| [Class] PartialMultipleFiles From 7b61a5fffa31aaa515294417707eba788e2db0bf Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 3 Oct 2025 13:28:20 +0200 Subject: [PATCH 246/307] C#: Update some test expected output that uses the location of the implicit constructor. --- .../test/library-tests/csharp8/NullableRefTypes.expected | 8 ++++---- csharp/ql/test/library-tests/csharp9/withExpr.expected | 8 ++++---- .../expressions/ConstructorInitializers.expected | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected b/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected index 56f2f7e3d602..6ad47e73d01a 100644 --- a/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected +++ b/csharp/ql/test/library-tests/csharp8/NullableRefTypes.expected @@ -178,8 +178,8 @@ returnTypes | NullableRefTypes.cs:51:12:51:15 | Q | object | | NullableRefTypes.cs:51:12:51:15 | Q | object! | | NullableRefTypes.cs:51:12:51:15 | Q`1 | object! | -| NullableRefTypes.cs:54:11:54:33 | Generic | Void! | -| NullableRefTypes.cs:58:11:58:26 | Generic2 | Void! | +| NullableRefTypes.cs:54:11:54:17 | Generic | Void! | +| NullableRefTypes.cs:58:11:58:18 | Generic2 | Void! | | NullableRefTypes.cs:67:10:67:21 | GenericFn | Void | | NullableRefTypes.cs:67:10:67:21 | GenericFn | Void! | | NullableRefTypes.cs:67:10:67:21 | GenericFn`1 | Void! | @@ -271,8 +271,8 @@ expressionTypes | NullableRefTypes.cs:40:26:40:30 | ref ... | MyClass | | NullableRefTypes.cs:40:30:40:30 | access to local variable b | MyClass? | | NullableRefTypes.cs:51:44:51:47 | null | null | -| NullableRefTypes.cs:54:11:54:33 | call to constructor Object | object | -| NullableRefTypes.cs:58:11:58:26 | call to constructor Object | object | +| NullableRefTypes.cs:54:11:54:17 | call to constructor Object | object | +| NullableRefTypes.cs:58:11:58:18 | call to constructor Object | object | | NullableRefTypes.cs:73:18:73:18 | access to local variable x | MyClass! | | NullableRefTypes.cs:73:18:73:25 | MyClass x = ... | MyClass! | | NullableRefTypes.cs:73:22:73:25 | null | null | diff --git a/csharp/ql/test/library-tests/csharp9/withExpr.expected b/csharp/ql/test/library-tests/csharp9/withExpr.expected index 2d32e7c8bfd4..cf3b9f5eb007 100644 --- a/csharp/ql/test/library-tests/csharp9/withExpr.expected +++ b/csharp/ql/test/library-tests/csharp9/withExpr.expected @@ -4,10 +4,10 @@ withExpr | Record.cs:77:21:77:31 | ... with { ... } | Person1 | Record.cs:77:21:77:22 | access to local variable p1 | Record.cs:77:29:77:31 | { ..., ... } | Person1.$() | | Record.cs:84:16:84:33 | ... with { ... } | R1 | Record.cs:84:16:84:16 | access to local variable b | Record.cs:84:23:84:33 | { ..., ... } | R1.$() | withTarget -| Record.cs:75:18:75:47 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:1:27:57 | Person1 | -| Record.cs:76:18:76:81 | ... with { ... } | Record.cs:29:1:30:35 | $ | Record.cs:29:1:30:35 | Teacher1 | -| Record.cs:77:21:77:31 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:1:27:57 | Person1 | -| Record.cs:84:16:84:33 | ... with { ... } | Record.cs:54:1:54:39 | $ | Record.cs:54:1:54:39 | R1 | +| Record.cs:75:18:75:47 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:15:27:21 | Person1 | +| Record.cs:76:18:76:81 | ... with { ... } | Record.cs:29:1:30:35 | $ | Record.cs:29:15:29:22 | Teacher1 | +| Record.cs:77:21:77:31 | ... with { ... } | Record.cs:27:1:27:57 | $ | Record.cs:27:15:27:21 | Person1 | +| Record.cs:84:16:84:33 | ... with { ... } | Record.cs:54:1:54:39 | $ | Record.cs:54:24:54:25 | R1 | cloneOverrides | Person1.$() | Student1.$() | | Person1.$() | Teacher1.$() | diff --git a/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected b/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected index 00e46f6359c0..2e6a5f679ba4 100644 --- a/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected +++ b/csharp/ql/test/library-tests/expressions/ConstructorInitializers.expected @@ -27,6 +27,6 @@ | file://:0:0:0:0 | TestCreations | expressions.cs:383:18:383:30 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | TestUnaryOperator | expressions.cs:292:11:292:27 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | TupleExprs | expressions.cs:501:11:501:20 | call to constructor Object | file://:0:0:0:0 | Object | -| file://:0:0:0:0 | X | expressions.cs:108:15:108:18 | call to constructor Object | file://:0:0:0:0 | Object | +| file://:0:0:0:0 | X | expressions.cs:108:15:108:15 | call to constructor Object | file://:0:0:0:0 | Object | | file://:0:0:0:0 | X | expressions.cs:216:18:216:18 | call to constructor Object | file://:0:0:0:0 | Object | -| file://:0:0:0:0 | Y | expressions.cs:104:15:104:21 | call to constructor Object | file://:0:0:0:0 | Object | +| file://:0:0:0:0 | Y | expressions.cs:104:15:104:15 | call to constructor Object | file://:0:0:0:0 | Object | From 579da1dbd614d6208a8799f1b67735a56dadd24c Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Mon, 6 Oct 2025 14:45:45 +0200 Subject: [PATCH 247/307] Fix QL-for-QL alerts --- java/ql/lib/experimental/quantum/JCA.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index baeed8b1b439..45a707febc24 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -249,14 +249,14 @@ module JCAModel { name.toUpperCase().splitAt("with".toUpperCase(), 1).matches("DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or - name.toUpperCase().matches("RSASSA-PSS") and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) + name.toUpperCase() = "RSASSA-PSS" and type = KeyOpAlg::TAsymmetricCipher(KeyOpAlg::RSA()) or name.toUpperCase().matches(["EDDSA", "ED25519", "ED448"]) and type = KeyOpAlg::TSignature(KeyOpAlg::EDDSA()) or name.toUpperCase().matches("ML-DSA%") and type = KeyOpAlg::TSignature(KeyOpAlg::DSA()) or - name.toUpperCase().matches("HSS/LMS") and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) + name.toUpperCase() = "HSS/LMS" and type = KeyOpAlg::TSignature(KeyOpAlg::HSS_LMS()) } bindingset[name] @@ -1814,9 +1814,9 @@ module JCAModel { } } - class SignatureOperationinstance extends Crypto::SignatureOperationInstance instanceof SignatureOperationCall + class SignatureOperationInstance extends Crypto::SignatureOperationInstance instanceof SignatureOperationCall { - SignatureOperationinstance() { + SignatureOperationInstance() { // exclude update (only include sign and verify) not super.isIntermediate() } From b32a6407b9f26c0ed247588c2f4484de7dc6e0f5 Mon Sep 17 00:00:00 2001 From: Ben Rodes Date: Mon, 6 Oct 2025 09:04:19 -0400 Subject: [PATCH 248/307] Update java/ql/lib/experimental/quantum/JCA.qll Co-authored-by: Nicolas Will --- java/ql/lib/experimental/quantum/JCA.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index 45a707febc24..8b27409410a3 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -108,7 +108,7 @@ module JCAModel { */ bindingset[name] predicate signature_names(string name) { - name.toUpperCase().splitAt("with".toUpperCase(), 1).matches(["RSA%", "ECDSA%", "DSA%"]) + name.toUpperCase().splitAt("WITH", 1).matches(["RSA%", "ECDSA%", "DSA%"]) or name.toUpperCase().matches(["RSASSA-PSS", "ED25519", "ED448", "EDDSA", "ML-DSA%", "HSS/LMS"]) } From 606aef38cbb02ca929bf9517a901c13d4dacae6f Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 6 Oct 2025 09:56:14 -0400 Subject: [PATCH 249/307] Crypto: Removing non-ascii characters from unit tests --- .../quantum/jca/EllipticCurve2.java | 2 +- .../quantum/jca/KeyDerivation1.java | 2 +- .../library-tests/quantum/jca/MACOperation.java | 2 +- .../quantum/jca/SignEncryptCombinations.java | 2 +- .../quantum/jca/SignatureOperation.java | 16 ---------------- .../quantum/jca/SymmetricAlgorithm.java | 2 +- 6 files changed, 5 insertions(+), 21 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java index e9bb2463d50d..6faf48879aed 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java @@ -24,7 +24,7 @@ * - Brainpool (e.g., brainpoolP256r1) * - CURVE25519 (for X25519 key agreement) * - ES (e.g., Ed25519 for signatures) - * - Other fallback (e.g., secp256r1 for “OtherEllipticCurveType”) + * - Other fallback (e.g., secp256r1 for "OtherEllipticCurveType") * * Best practices: * - Use ephemeral keys and a strong RNG. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java index 13da3b077a22..6dd2c33b93f1 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java @@ -28,7 +28,7 @@ * 1. PBKDF2 Examples: * - Parent Classification: Password-Based Key Derivation Function (PBKDF). * - SAST: - * * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 with 10,000 iterations – + * * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 with 10,000 iterations - * acceptable if parameters meet current standards. * * pbkdf2LowIteration: Uses only 10 iterations – flagged as insecure due to * insufficient iteration count. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java index 7043a2498237..6994048d1c8b 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -15,7 +15,7 @@ /** * MACOperation demonstrates various Message Authentication Code (MAC) - * operations and further use of MAC outputs as inputs into higher‐level + * operations and further use of MAC outputs as inputs into higher-level * cryptosystems. * * Flows include: diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java index 0526c12c1063..2649db688edd 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java @@ -143,7 +143,7 @@ public boolean verifyHmacSHA256(SecretKey key, byte[] data, byte[] givenMac) thr * UNSAFE FLOW: Signs the plaintext and encrypts only the signature. * *

    - * **Issue:** The plaintext message is not encrypted—only the signature is. + * **Issue:** The plaintext message is not encrypted, only the signature is. * This exposes the original message to eavesdroppers and negates the purpose of * encryption. *

    diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java index 6a0574886f92..50de520880f0 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java @@ -235,22 +235,6 @@ public void signAndVerifyEmptyMessage() throws Exception { System.out.println("Empty message signature verified? " + verified); } - /** - * Demonstrates signing and verifying data containing non-ASCII characters. - * - * CBOM/SAST Notes: - * - Edge Case: Non-ASCII (e.g., Unicode) data should be handled correctly. - */ - public void signAndVerifyNonAsciiMessage() throws Exception { - // Use a message with Unicode characters. - String nonAscii = "こんにちは世界"; // "Hello World" in Japanese. - byte[] message = nonAscii.getBytes("UTF-8"); - KeyPair kp = generateEd25519KeyPair(); - byte[] sig = signEd25519(kp.getPrivate(), message); - boolean verified = verifyEd25519(kp.getPublic(), message, sig); - System.out.println("Non-ASCII message signature verified? " + verified); - } - /** * Demonstrates that even a slight tampering with the signature will cause * verification to fail. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java index 9624ac2c32a4..1c9d90780f3e 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java @@ -81,7 +81,7 @@ public byte[] aesGcmEncryptSafe(SecretKey key, byte[] plaintext) throws Exceptio */ public byte[] aesGcmEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); - byte[] iv = new byte[12]; // Fixed IV (all zeros by default) – insecure. + byte[] iv = new byte[12]; // Fixed IV (all zeros by default) - insecure. GCMParameterSpec spec = new GCMParameterSpec(128, iv); cipher.init(Cipher.ENCRYPT_MODE, key, spec); byte[] ciphertext = cipher.doFinal(plaintext); From 96f6832a6f789f88c46788c3ca4868d9c42d9aec Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 6 Oct 2025 10:07:15 -0400 Subject: [PATCH 250/307] Crypto: Updating expected files for unit tests. --- .../quantum/jca/SignatureOperation.java | 1 - .../library-tests/quantum/node_edges.expected | 118 +++++++++--------- .../quantum/node_properties.expected | 61 +++++---- .../library-tests/quantum/nodes.expected | 43 ++++--- 4 files changed, 109 insertions(+), 114 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java index 50de520880f0..74fc4a99c044 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java @@ -357,7 +357,6 @@ public void runSignatureDemos() throws Exception { // ============ Edge Cases ============ signAndVerifyEmptyMessage(); - signAndVerifyNonAsciiMessage(); tamperSignatureEdgeCase(); dynamicSignatureSelectionDemo(); } diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index cdafdbed3624..871e2fec3b5d 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -1405,7 +1405,7 @@ | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:72:28:72:37 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | | jca/SignatureOperation.java:74:16:74:31 | SignOperation | Input | jca/SignatureOperation.java:73:26:73:29 | Message | @@ -1414,7 +1414,7 @@ | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:85:30:85:38 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | | jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Input | jca/SignatureOperation.java:86:26:86:29 | Message | @@ -1427,8 +1427,8 @@ | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:114:28:114:37 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:263:26:263:44 | Constant | -| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:247:26:247:44 | Constant | +| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:116:16:116:31 | SignOperation | Algorithm | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:116:16:116:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | | jca/SignatureOperation.java:116:16:116:31 | SignOperation | Input | jca/SignatureOperation.java:115:26:115:29 | Message | @@ -1437,23 +1437,22 @@ | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:127:30:127:38 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:263:26:263:44 | Constant | -| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:247:26:247:44 | Constant | +| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Input | jca/SignatureOperation.java:128:26:128:29 | Message | | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Key | jca/SignatureOperation.java:127:30:127:38 | Key | | jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Signature | jca/SignatureOperation.java:129:33:129:40 | SignatureInput | | jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | -| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:268:27:268:30 | Constant | +| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:252:27:252:30 | Constant | | jca/SignatureOperation.java:144:16:144:36 | Key | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | | jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | | jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Output | jca/SignatureOperation.java:144:16:144:36 | Key | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:155:28:155:37 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | -| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:31 | SignOperation | | jca/SignatureOperation.java:157:16:157:31 | SignOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | @@ -1462,8 +1461,7 @@ | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:168:30:168:38 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:246:27:246:35 | Constant | -| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Input | jca/SignatureOperation.java:169:26:169:29 | Message | @@ -1476,7 +1474,7 @@ | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:200:28:200:37 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:201:26:201:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:201:26:201:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:202:16:202:31 | SignOperation | Algorithm | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:202:16:202:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | | jca/SignatureOperation.java:202:16:202:31 | SignOperation | Input | jca/SignatureOperation.java:201:26:201:29 | Message | @@ -1485,60 +1483,60 @@ | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:214:30:214:38 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:215:26:215:29 | Message | Source | jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:215:26:215:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Input | jca/SignatureOperation.java:215:26:215:29 | Message | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Key | jca/SignatureOperation.java:214:30:214:38 | Key | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Signature | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | Source | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | -| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:316:28:316:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:317:26:317:32 | Message | Source | jca/SignatureOperation.java:315:26:315:49 | Constant | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | Output | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | -| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:320:30:320:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:321:26:321:32 | Message | Source | jca/SignatureOperation.java:321:26:321:32 | Message | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:317:26:317:32 | Message | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Input | jca/SignatureOperation.java:321:26:321:32 | Message | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:316:28:316:42 | Key | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Key | jca/SignatureOperation.java:320:30:320:43 | Key | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | Signature | jca/SignatureOperation.java:322:45:322:52 | SignatureInput | -| jca/SignatureOperation.java:322:45:322:52 | SignatureInput | Source | jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | +| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:301:26:301:32 | Message | Source | jca/SignatureOperation.java:299:26:299:49 | Constant | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Input | jca/SignatureOperation.java:301:26:301:32 | Message | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Key | jca/SignatureOperation.java:300:28:300:42 | Key | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Output | jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | +| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | +| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | +| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | +| jca/SignatureOperation.java:305:26:305:32 | Message | Source | jca/SignatureOperation.java:305:26:305:32 | Message | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Input | jca/SignatureOperation.java:301:26:301:32 | Message | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Input | jca/SignatureOperation.java:305:26:305:32 | Message | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Key | jca/SignatureOperation.java:300:28:300:42 | Key | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Key | jca/SignatureOperation.java:304:30:304:43 | Key | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Signature | jca/SignatureOperation.java:306:45:306:52 | SignatureInput | +| jca/SignatureOperation.java:306:45:306:52 | SignatureInput | Source | jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | | jca/SymmetricAlgorithm.java:64:42:64:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index ce660e86bd96..620760455bc7 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -1469,37 +1469,36 @@ | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | | jca/SignatureOperation.java:214:30:214:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:214:30:214:38 | jca/SignatureOperation.java:214:30:214:38 | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:216:16:216:41 | jca/SignatureOperation.java:216:16:216:41 | -| jca/SignatureOperation.java:246:27:246:35 | Constant | Description | "\u3053\u3093\u306b\u3061\u306f\u4e16\u754c" | jca/SignatureOperation.java:246:27:246:35 | jca/SignatureOperation.java:246:27:246:35 | -| jca/SignatureOperation.java:263:26:263:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:263:26:263:44 | jca/SignatureOperation.java:263:26:263:44 | -| jca/SignatureOperation.java:268:27:268:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:268:27:268:30 | jca/SignatureOperation.java:268:27:268:30 | -| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | -| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | -| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | -| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | -| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:299:47:299:68 | jca/SignatureOperation.java:299:47:299:68 | -| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:302:47:302:63 | jca/SignatureOperation.java:302:47:302:63 | -| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | -| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:305:47:305:55 | jca/SignatureOperation.java:305:47:305:55 | -| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:308:47:308:59 | jca/SignatureOperation.java:308:47:308:59 | -| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | -| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | -| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | -| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | -| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:312:47:312:68 | jca/SignatureOperation.java:312:47:312:68 | -| jca/SignatureOperation.java:315:26:315:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:315:26:315:49 | jca/SignatureOperation.java:315:26:315:49 | -| jca/SignatureOperation.java:316:28:316:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:316:28:316:42 | jca/SignatureOperation.java:316:28:316:42 | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:318:27:318:42 | jca/SignatureOperation.java:318:27:318:42 | -| jca/SignatureOperation.java:320:30:320:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:320:30:320:43 | jca/SignatureOperation.java:320:30:320:43 | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:322:28:322:53 | jca/SignatureOperation.java:322:28:322:53 | -| jca/SignatureOperation.java:344:26:344:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:344:26:344:49 | jca/SignatureOperation.java:344:26:344:49 | +| jca/SignatureOperation.java:247:26:247:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:247:26:247:44 | jca/SignatureOperation.java:247:26:247:44 | +| jca/SignatureOperation.java:252:27:252:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:252:27:252:30 | jca/SignatureOperation.java:252:27:252:30 | +| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | +| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | +| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | +| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | +| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | +| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | +| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | +| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | +| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | +| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | +| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:289:47:289:55 | jca/SignatureOperation.java:289:47:289:55 | +| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:289:47:289:55 | jca/SignatureOperation.java:289:47:289:55 | +| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | +| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | +| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | +| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | +| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | +| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | +| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | +| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | +| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | +| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | +| jca/SignatureOperation.java:299:26:299:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:299:26:299:49 | jca/SignatureOperation.java:299:26:299:49 | +| jca/SignatureOperation.java:300:28:300:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:300:28:300:42 | jca/SignatureOperation.java:300:28:300:42 | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:302:27:302:42 | jca/SignatureOperation.java:302:27:302:42 | +| jca/SignatureOperation.java:304:30:304:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:304:30:304:43 | jca/SignatureOperation.java:304:30:304:43 | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:306:28:306:53 | jca/SignatureOperation.java:306:28:306:53 | +| jca/SignatureOperation.java:328:26:328:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:328:26:328:49 | jca/SignatureOperation.java:328:26:328:49 | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 7810a4626b63..57586bc1d351 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -1311,28 +1311,27 @@ | jca/SignatureOperation.java:215:26:215:29 | Message | | jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | -| jca/SignatureOperation.java:246:27:246:35 | Constant | -| jca/SignatureOperation.java:263:26:263:44 | Constant | -| jca/SignatureOperation.java:268:27:268:30 | Constant | -| jca/SignatureOperation.java:299:47:299:68 | HashAlgorithm | -| jca/SignatureOperation.java:299:47:299:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:47:302:63 | HashAlgorithm | -| jca/SignatureOperation.java:302:47:302:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:305:47:305:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:308:47:308:59 | HashAlgorithm | -| jca/SignatureOperation.java:308:47:308:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:312:47:312:68 | HashAlgorithm | -| jca/SignatureOperation.java:312:47:312:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:315:26:315:49 | Constant | -| jca/SignatureOperation.java:316:28:316:42 | Key | -| jca/SignatureOperation.java:317:26:317:32 | Message | -| jca/SignatureOperation.java:318:27:318:42 | SignOperation | -| jca/SignatureOperation.java:318:27:318:42 | SignatureOutput | -| jca/SignatureOperation.java:320:30:320:43 | Key | -| jca/SignatureOperation.java:321:26:321:32 | Message | -| jca/SignatureOperation.java:322:28:322:53 | VerifyOperation | -| jca/SignatureOperation.java:322:45:322:52 | SignatureInput | -| jca/SignatureOperation.java:344:26:344:49 | Constant | +| jca/SignatureOperation.java:247:26:247:44 | Constant | +| jca/SignatureOperation.java:252:27:252:30 | Constant | +| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | +| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | +| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | +| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | +| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:299:26:299:49 | Constant | +| jca/SignatureOperation.java:300:28:300:42 | Key | +| jca/SignatureOperation.java:301:26:301:32 | Message | +| jca/SignatureOperation.java:302:27:302:42 | SignOperation | +| jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | +| jca/SignatureOperation.java:304:30:304:43 | Key | +| jca/SignatureOperation.java:305:26:305:32 | Message | +| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | +| jca/SignatureOperation.java:306:45:306:52 | SignatureInput | +| jca/SignatureOperation.java:328:26:328:49 | Constant | | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | | jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | | jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | From 15e9bb9cc1346ac5cb1a6c97bebc83f856984a77 Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Mon, 6 Oct 2025 16:29:25 +0200 Subject: [PATCH 251/307] Format Test and update .expected --- .../quantum/NonceReuse/NonceReuse.expected | 8 ++-- .../query-tests/quantum/NonceReuse/Test.java | 40 +++++++------------ 2 files changed, 18 insertions(+), 30 deletions(-) diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected index 7372722c2f57..38ba6187b595 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/NonceReuse.expected @@ -1,4 +1,4 @@ -| Test.java:47:47:47:52 | Nonce | Reuse with nonce $@ | Test.java:56:47:56:52 | Nonce | Nonce | -| Test.java:56:47:56:52 | Nonce | Reuse with nonce $@ | Test.java:47:47:47:52 | Nonce | Nonce | -| Test.java:84:48:84:54 | Nonce | Reuse with nonce $@ | Test.java:90:49:90:55 | Nonce | Nonce | -| Test.java:90:49:90:55 | Nonce | Reuse with nonce $@ | Test.java:84:48:84:54 | Nonce | Nonce | +| Test.java:40:47:40:52 | Nonce | Reuse with nonce $@ | Test.java:49:47:49:52 | Nonce | Nonce | +| Test.java:49:47:49:52 | Nonce | Reuse with nonce $@ | Test.java:40:47:40:52 | Nonce | Nonce | +| Test.java:76:48:76:54 | Nonce | Reuse with nonce $@ | Test.java:82:49:82:55 | Nonce | Nonce | +| Test.java:82:49:82:55 | Nonce | Reuse with nonce $@ | Test.java:76:48:76:54 | Nonce | Nonce | diff --git a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java index 2f3aab5b6ef3..1b65e324275b 100644 --- a/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java +++ b/java/ql/test/experimental/query-tests/quantum/NonceReuse/Test.java @@ -1,46 +1,39 @@ package com.example.crypto.artifacts; + +import java.security.*; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.GCMParameterSpec; -import java.security.*; -import java.util.Base64; -import java.util.Properties; -import java.util.Random; -import java.io.FileInputStream; -import java.io.IOException; -import java.util.Arrays; public class Test { - public static SecretKey generateAESKey()throws Exception { + public static SecretKey generateAESKey() throws Exception { KeyGenerator keyGen = KeyGenerator.getInstance("AES"); keyGen.init(256); return keyGen.generateKey(); } - - private static byte[] getRandomWrapper1()throws Exception { + private static byte[] getRandomWrapper1() throws Exception { byte[] val = new byte[16]; new SecureRandom().nextBytes(val); return val; } - private static byte[] getRandomWrapper2A()throws Exception { + private static byte[] getRandomWrapper2A() throws Exception { byte[] val; - val = getRandomWrapper1(); + val = getRandomWrapper1(); funcA1(val); return val; } - private static byte[] getRandomWrapper2b()throws Exception { + private static byte[] getRandomWrapper2b() throws Exception { byte[] val; - val = getRandomWrapper1(); + val = getRandomWrapper1(); return val; } - private static void funcA1(byte[] iv)throws Exception { + private static void funcA1(byte[] iv) throws Exception { IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); SecretKey key = generateAESKey(); @@ -48,7 +41,7 @@ private static void funcA1(byte[] iv)throws Exception { byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } - private static void funcB1()throws Exception { + private static void funcB1() throws Exception { byte[] iv = getRandomWrapper2A(); IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); @@ -57,7 +50,7 @@ private static void funcB1()throws Exception { byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } - private static void funcA2()throws Exception { + private static void funcA2() throws Exception { byte[] iv = getRandomWrapper2b(); IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); @@ -66,7 +59,7 @@ private static void funcA2()throws Exception { byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } - private static void funcB2()throws Exception { + private static void funcB2() throws Exception { byte[] iv = getRandomWrapper2b(); IvParameterSpec ivSpec = new IvParameterSpec(iv); Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding"); @@ -75,7 +68,6 @@ private static void funcB2()throws Exception { byte[] ciphertext = cipher.doFinal("Simple Test Data".getBytes()); } - private static void funcA3() throws Exception { byte[] iv = getRandomWrapper2b(); IvParameterSpec ivSpec1 = new IvParameterSpec(iv); @@ -91,16 +83,12 @@ private static void funcA3() throws Exception { byte[] ciphertext2 = cipher2.doFinal("Simple Test Data".getBytes()); } - - - public static void main(String[] args) { - try{ + try { funcA2(); funcB1(); funcB2(); - } - catch(Exception e) { + } catch (Exception e) { e.printStackTrace(); } } From b362b4657f127af4febf7a92054b5f5b7732b711 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 6 Oct 2025 16:40:13 +0200 Subject: [PATCH 252/307] C#: Add some examples with nested types. --- .../ql/test/library-tests/locations/Base.cs | 6 ++++++ csharp/ql/test/library-tests/locations/Sub.cs | 8 ++++++++ .../locations/locations.expected | 19 +++++++++++++++++++ .../test/library-tests/locations/locations.ql | 5 +++++ 4 files changed, 38 insertions(+) create mode 100644 csharp/ql/test/library-tests/locations/Base.cs create mode 100644 csharp/ql/test/library-tests/locations/Sub.cs diff --git a/csharp/ql/test/library-tests/locations/Base.cs b/csharp/ql/test/library-tests/locations/Base.cs new file mode 100644 index 000000000000..02082e0e6c4b --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Base.cs @@ -0,0 +1,6 @@ +public abstract class Base +{ + public void M() { } + + public class InnerBase { } +} diff --git a/csharp/ql/test/library-tests/locations/Sub.cs b/csharp/ql/test/library-tests/locations/Sub.cs new file mode 100644 index 000000000000..744cf63b7b11 --- /dev/null +++ b/csharp/ql/test/library-tests/locations/Sub.cs @@ -0,0 +1,8 @@ +public class Sub : Base +{ + public void SubM() + { + M(); + var x = new InnerBase(); + } +} diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 502a99805c4d..122921ac1e3a 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -23,7 +23,12 @@ member_locations | B.cs:3:14:3:14 | B | B.cs:7:25:7:28 | Item | B.cs:7:25:7:28 | B.cs:7:25:7:28 | | B.cs:3:14:3:14 | B | B.cs:13:40:13:44 | Event | B.cs:13:40:13:44 | B.cs:13:40:13:44 | | B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | +| Base.cs:1:23:1:29 | Base | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | +| Base.cs:1:23:1:29 | Base | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | | C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | +| Sub.cs:1:14:1:16 | Sub | Sub.cs:3:17:3:20 | SubM | Sub.cs:3:17:3:20 | Sub.cs:3:17:3:20 | accessor_location | A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | | A.cs:3:23:3:26 | A | A.cs:6:41:6:43 | get_Item | A.cs:6:41:6:43 | A.cs:6:41:6:43 | @@ -57,8 +62,22 @@ type_location | A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | +| Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Base.cs:1:28:1:28 | T | Base.cs:1:28:1:28 | Base.cs:1:28:1:28 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | | C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | | Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | | Multiple1.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | | Multiple2.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | | Multiple2.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | +calltype_location +| A.cs:12:14:12:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:32:20:32:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| B.cs:3:14:3:14 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| C.cs:7:15:7:21 | object creation of type B | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | +| C.cs:9:17:9:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| Sub.cs:1:14:1:16 | call to constructor Base | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | +| Sub.cs:6:17:6:31 | object creation of type InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql index bfadcff2ac89..04ea140340bd 100644 --- a/csharp/ql/test/library-tests/locations/locations.ql +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -16,3 +16,8 @@ query predicate accessor_location(Type t, Accessor a, SourceLocation l) { query predicate type_location(Type t, SourceLocation l) { l = t.getLocation() and not l instanceof EmptyLocation } + +query predicate calltype_location(Call call, Type t, SourceLocation l) { + t = call.getType() and + l = t.getALocation() +} From 6149608c034405cc8a8d76b93c71bd1e9739aa0a Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 6 Oct 2025 16:41:12 +0200 Subject: [PATCH 253/307] C#: Always use the unbound type declaration location for type location. --- csharp/ql/lib/semmle/code/csharp/Type.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index e417f393b94a..c8b9799bbf64 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -30,7 +30,7 @@ class Type extends Member, TypeContainer, @type { /** Holds if this type is implicitly convertible to `that` type. */ predicate isImplicitlyConvertibleTo(Type that) { implicitConversion(this, that) } - override Location getALocation() { type_location(this, result) } + override Location getALocation() { type_location(this.getUnboundDeclaration(), result) } override Type getChild(int n) { none() } From abeb3141b15b7e3b682acaafc3b9ac73ddbf9b19 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 6 Oct 2025 10:46:09 -0400 Subject: [PATCH 254/307] Crypto: Formatting test cases, more removal of non-ascii --- .../quantum/jca/AesWrapAndPBEWith.java | 67 +- ...metricEncryptionMacHybridCryptosystem.java | 95 +- .../quantum/jca/ChainedEncryptionTest.java | 17 +- .../library-tests/quantum/jca/Digest.java | 13 +- .../quantum/jca/EllipticCurve1.java | 1 - .../quantum/jca/EllipticCurve2.java | 74 +- .../quantum/jca/Encryption1.java | 4 +- .../quantum/jca/Encryption2.java | 135 +- .../library-tests/quantum/jca/Hash.java | 196 +- .../library-tests/quantum/jca/IVArtifact.java | 62 +- .../jca/KeyAgreementHybridCryptosystem.java | 80 +- .../quantum/jca/KeyArtifact.java | 9 +- .../quantum/jca/KeyDerivation1.java | 132 +- .../quantum/jca/KeyEncapsulation.java | 40 +- .../quantum/jca/KeyExchange.java | 67 +- .../quantum/jca/MACOperation.java | 98 +- .../library-tests/quantum/jca/Nonce.java | 1 - .../library-tests/quantum/jca/PrngTest.java | 58 +- .../quantum/jca/SignEncryptCombinations.java | 82 +- .../quantum/jca/SignatureOperation.java | 81 +- .../quantum/jca/SymmetricAlgorithm.java | 116 +- .../quantum/jca/SymmetricModesTest.java | 51 +- .../quantum/jca/UniversalFlowTest.java | 51 +- .../library-tests/quantum/node_edges.expected | 3196 ++++++++--------- .../quantum/node_properties.expected | 3092 ++++++++-------- .../library-tests/quantum/nodes.expected | 2764 +++++++------- 26 files changed, 5167 insertions(+), 5415 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java index e920d7d550ba..775f02280b5c 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/AesWrapAndPBEWith.java @@ -1,7 +1,6 @@ package com.example.crypto.algorithms; //import org.bouncycastle.jce.provider.BouncyCastleProvider; - import java.security.*; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; @@ -20,29 +19,23 @@ * * This file includes: * - * 1. AESWrap Examples: - * - secureAESWrap(): Uses a randomly generated wrapping key. - * - insecureAESWrap(): Uses a fixed, hard-coded wrapping key. + * 1. AESWrap Examples: - secureAESWrap(): Uses a randomly generated wrapping + * key. - insecureAESWrap(): Uses a fixed, hard-coded wrapping key. * - * 2. PBEWith Examples: - * - insecurePBEExample(): Uses the legacy PBEWithMD5AndDES. - * - securePBEExample(): Uses PBKDF2WithHmacSHA256. - * - additionalPBEExample(): Uses PBEWithSHA256And128BitAES-CBC-BC. - * - additionalPBEExample2(): Uses PBEWithSHA1And128BitAES-CBC-BC. + * 2. PBEWith Examples: - insecurePBEExample(): Uses the legacy + * PBEWithMD5AndDES. - securePBEExample(): Uses PBKDF2WithHmacSHA256. - + * additionalPBEExample(): Uses PBEWithSHA256And128BitAES-CBC-BC. - + * additionalPBEExample2(): Uses PBEWithSHA1And128BitAES-CBC-BC. * - * 3. Dynamic PBE Encryption: - * - dynamicPBEEncryption(): Chooses the PBE transformation based on a - * configuration string. + * 3. Dynamic PBE Encryption: - dynamicPBEEncryption(): Chooses the PBE + * transformation based on a configuration string. * - * Best Practices: - * - Use secure random keys and salts. - * - Avoid legacy algorithms like PBEWithMD5AndDES. - * - Prefer modern KDFs (PBKDF2WithHmacSHA256) and secure provider-specific PBE - * transformations. + * Best Practices: - Use secure random keys and salts. - Avoid legacy algorithms + * like PBEWithMD5AndDES. - Prefer modern KDFs (PBKDF2WithHmacSHA256) and secure + * provider-specific PBE transformations. * - * SAST/CBOM Notes: - * - Insecure examples (PBEWithMD5AndDES, fixed keys) should be flagged. - * - Secure examples use random salt, high iteration counts, and strong + * SAST/CBOM Notes: - Insecure examples (PBEWithMD5AndDES, fixed keys) should be + * flagged. - Secure examples use random salt, high iteration counts, and strong * algorithms. */ public class AesWrapAndPBEWith { @@ -51,14 +44,12 @@ public class AesWrapAndPBEWith { // // Register BouncyCastle as a provider. // Security.addProvider(new BouncyCastleProvider()); // } - // =========================== // 1. AESWrap Examples // =========================== - /** - * Secure AES key wrapping. - * Generates a random 256-bit wrapping key to wrap a target AES key. + * Secure AES key wrapping. Generates a random 256-bit wrapping key to wrap + * a target AES key. * * @return The wrapped key (Base64-encoded). * @throws Exception if an error occurs. @@ -79,8 +70,7 @@ public String secureAESWrap() throws Exception { } /** - * Insecure AES key wrapping. - * Uses a fixed (hard-coded) wrapping key. + * Insecure AES key wrapping. Uses a fixed (hard-coded) wrapping key. * * @return The wrapped key (Base64-encoded). * @throws Exception if an error occurs. @@ -104,7 +94,6 @@ public String insecureAESWrap() throws Exception { // =========================== // 2. PBEWith Examples // =========================== - /** * Insecure PBE example using PBEWithMD5AndDES. * @@ -141,7 +130,7 @@ public String securePBEExample(String password) throws Exception { /** * Additional PBE example using PBEWithSHA256And128BitAES-CBC-BC. * - * @param password The input password. + * @param password The input password. * @param plaintext The plaintext to encrypt. * @return The IV concatenated with ciphertext (Base64-encoded). * @throws Exception if key derivation or encryption fails. @@ -165,11 +154,10 @@ public String additionalPBEExample(String password, String plaintext) throws Exc } /** - * Additional PBE example using PBEWithSHA1And128BitAES-CBC-BC. - * This is less preferred than PBKDF2WithHmacSHA256 but demonstrates another - * variant. + * Additional PBE example using PBEWithSHA1And128BitAES-CBC-BC. This is less + * preferred than PBKDF2WithHmacSHA256 but demonstrates another variant. * - * @param password The input password. + * @param password The input password. * @param plaintext The plaintext to encrypt. * @return The IV concatenated with ciphertext (Base64-encoded). * @throws Exception if key derivation or encryption fails. @@ -195,18 +183,16 @@ public String additionalPBEExample2(String password, String plaintext) throws Ex // =========================== // 3. Dynamic PBE Encryption // =========================== - /** * Dynamically selects a PBE transformation based on a configuration string. * - * Acceptable values: - * - "PBKDF2": Uses PBKDF2WithHmacSHA256. - * - "SHA256AES": Uses PBEWithSHA256And128BitAES-CBC-BC. - * - "SHA1AES": Uses PBEWithSHA1And128BitAES-CBC-BC. - * - Otherwise, falls back to insecure PBEWithMD5AndDES. + * Acceptable values: - "PBKDF2": Uses PBKDF2WithHmacSHA256. - "SHA256AES": + * Uses PBEWithSHA256And128BitAES-CBC-BC. - "SHA1AES": Uses + * PBEWithSHA1And128BitAES-CBC-BC. - Otherwise, falls back to insecure + * PBEWithMD5AndDES. * - * @param config The configuration string. - * @param password The input password. + * @param config The configuration string. + * @param password The input password. * @param plaintext The plaintext to encrypt. * @return The Base64-encoded encrypted output. * @throws Exception if an error occurs. @@ -227,7 +213,6 @@ public String dynamicPBEEncryption(String config, String password, String plaint // =========================== // Helper Methods // =========================== - /** * Concatenates two byte arrays. */ diff --git a/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java index b08247372ef9..8f844ba86207 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/AsymmetricEncryptionMacHybridCryptosystem.java @@ -2,7 +2,10 @@ // import org.bouncycastle.jce.provider.BouncyCastleProvider; // import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; - +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; import javax.crypto.KeyGenerator; @@ -10,42 +13,31 @@ import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Arrays; -import java.util.Base64; /** - * AsymmetricEncryptionMacHybridCryptosystem demonstrates hybrid - * cryptosystems that combine asymmetric encryption with a MAC. + * AsymmetricEncryptionMacHybridCryptosystem demonstrates hybrid cryptosystems + * that combine asymmetric encryption with a MAC. * - * Flows: - * 1. RSA-OAEP + HMAC: - * - Secure Flow: Uses 2048-bit RSA-OAEP (with SHA256andMGF1Padding) to - * encapsulate a freshly generated AES key; - * then encrypts using AES-GCM with a random nonce and computes HMAC-SHA256 over - * the ciphertext. - * - Insecure Flow: Uses 1024-bit RSA (RSA/ECB/PKCS1Padding), AES-GCM with a - * fixed IV, and HMAC-SHA1. + * Flows: 1. RSA-OAEP + HMAC: - Secure Flow: Uses 2048-bit RSA-OAEP (with + * SHA256andMGF1Padding) to encapsulate a freshly generated AES key; then + * encrypts using AES-GCM with a random nonce and computes HMAC-SHA256 over the + * ciphertext. - Insecure Flow: Uses 1024-bit RSA (RSA/ECB/PKCS1Padding), + * AES-GCM with a fixed IV, and HMAC-SHA1. * - * 2. ECIES + HMAC: - * - Secure Flow: Uses ephemeral ECDH key pairs (secp256r1); derives a shared - * secret and applies a simple KDF (SHA-256) - * to derive a 128-bit AES key; then uses AES-GCM with a random nonce and - * computes HMAC-SHA256. - * - Insecure Flow: Reuses a static EC key pair, directly truncates the shared - * secret without a proper KDF, - * uses a fixed IV, and computes HMAC-SHA1. + * 2. ECIES + HMAC: - Secure Flow: Uses ephemeral ECDH key pairs (secp256r1); + * derives a shared secret and applies a simple KDF (SHA-256) to derive a + * 128-bit AES key; then uses AES-GCM with a random nonce and computes + * HMAC-SHA256. - Insecure Flow: Reuses a static EC key pair, directly truncates + * the shared secret without a proper KDF, uses a fixed IV, and computes + * HMAC-SHA1. * - * 3. Dynamic Hybrid Selection: - * - Chooses between flows based on a configuration string. + * 3. Dynamic Hybrid Selection: - Chooses between flows based on a configuration + * string. * - * SAST/CBOM Notes: - * - Secure flows use proper ephemeral key generation, secure key sizes, KDF - * usage, and random nonces/IVs. - * - Insecure flows (static key reuse, fixed nonces, weak key sizes, raw shared - * secret truncation, and deprecated algorithms) - * should be flagged. + * SAST/CBOM Notes: - Secure flows use proper ephemeral key generation, secure + * key sizes, KDF usage, and random nonces/IVs. - Insecure flows (static key + * reuse, fixed nonces, weak key sizes, raw shared secret truncation, and + * deprecated algorithms) should be flagged. */ public class AsymmetricEncryptionMacHybridCryptosystem { @@ -53,9 +45,9 @@ public class AsymmetricEncryptionMacHybridCryptosystem { // Security.addProvider(new BouncyCastleProvider()); // Security.addProvider(new BouncyCastlePQCProvider()); // } - // ---------- Result Class ---------- public static class HybridResult { + private final byte[] encapsulatedKey; private final byte[] ciphertext; private final byte[] mac; @@ -79,14 +71,13 @@ public byte[] getMac() { } public String toBase64String() { - return "EncapsulatedKey: " + Base64.getEncoder().encodeToString(encapsulatedKey) + - "\nCiphertext: " + Base64.getEncoder().encodeToString(ciphertext) + - "\nMAC: " + Base64.getEncoder().encodeToString(mac); + return "EncapsulatedKey: " + Base64.getEncoder().encodeToString(encapsulatedKey) + + "\nCiphertext: " + Base64.getEncoder().encodeToString(ciphertext) + + "\nMAC: " + Base64.getEncoder().encodeToString(mac); } } // ---------- Helper Methods ---------- - /** * Generates an ephemeral ECDH key pair on secp256r1. */ @@ -107,10 +98,10 @@ public KeyPair generateX25519KeyPair() throws Exception { /** * Derives a shared secret using the provided key agreement algorithm. - * + * * @param privateKey The private key. - * @param publicKey The corresponding public key. - * @param algorithm The key agreement algorithm (e.g., "ECDH" or "X25519"). + * @param publicKey The corresponding public key. + * @param algorithm The key agreement algorithm (e.g., "ECDH" or "X25519"). * @return The shared secret. */ public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, String algorithm) throws Exception { @@ -123,8 +114,8 @@ public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey, Str /** * A simple KDF that hashes the input with SHA-256 and returns the first * numBytes. - * - * @param input The input byte array. + * + * @param input The input byte array. * @param numBytes The desired number of output bytes. * @return The derived key material. */ @@ -147,7 +138,6 @@ public byte[] concatenate(byte[] a, byte[] b) { // ===================================================== // 1. RSA-OAEP + HMAC Hybrid Cryptosystem // ===================================================== - /** * Generates a secure 2048-bit RSA key pair. */ @@ -216,7 +206,6 @@ public HybridResult insecureRSAHybridEncryption(byte[] plaintext) throws Excepti // ===================================================== // 2. ECIES + HMAC Hybrid Cryptosystem // ===================================================== - /** * Secure hybrid encryption using ECIES (via ECDH) + HMAC-SHA256. */ @@ -268,16 +257,15 @@ public HybridResult insecureECIESHybridEncryption(byte[] plaintext) throws Excep // ===================================================== // 3. Dynamic Hybrid Selection // ===================================================== - /** * Dynamically selects a hybrid encryption flow based on configuration. * SAST: Dynamic selection introduces risk if insecure defaults are chosen. * - * @param config The configuration string ("secureRSA", "insecureRSA", - * "secureECIES", "insecureECIES"). + * @param config The configuration string ("secureRSA", "insecureRSA", + * "secureECIES", "insecureECIES"). * @param plaintext The plaintext to encrypt. * @return A Base64-encoded string representation of the hybrid encryption - * result. + * result. * @throws Exception if an error occurs. */ public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { @@ -300,10 +288,8 @@ public String dynamicHybridEncryption(String config, byte[] plaintext) throws Ex // ===================================================== // 4. Helper Methods for HMAC and Symmetric Encryption // ===================================================== - /** - * Secure HMAC using HMAC-SHA256. - * SAST: HMAC-SHA256 is secure. + * Secure HMAC using HMAC-SHA256. SAST: HMAC-SHA256 is secure. */ public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("HmacSHA256", "BC"); @@ -313,8 +299,8 @@ public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { } /** - * Insecure HMAC using HMAC-SHA1. - * SAST: HMAC-SHA1 is deprecated and insecure. + * Insecure HMAC using HMAC-SHA1. SAST: HMAC-SHA1 is deprecated and + * insecure. */ public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("HmacSHA1", "BC"); @@ -326,10 +312,9 @@ public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { // ===================================================== // 5. Helper Methods for Key/Nonce Generation // ===================================================== - /** - * Generates a secure 256-bit AES key. - * SAST: Uses SecureRandom for key generation. + * Generates a secure 256-bit AES key. SAST: Uses SecureRandom for key + * generation. */ public SecretKey generateAESKey() throws Exception { KeyGenerator kg = KeyGenerator.getInstance("AES"); diff --git a/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java index fedd9423b89c..2190921937e2 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/ChainedEncryptionTest.java @@ -1,24 +1,19 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - import java.security.*; - +import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.IvParameterSpec; -import java.util.Arrays; -import java.util.Base64; - public class ChainedEncryptionTest { // static { // Security.addProvider(new BouncyCastleProvider()); // } - // Encrypts using AES-GCM. Returns IV concatenated with ciphertext. public static byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); @@ -68,10 +63,10 @@ private static byte[] concat(byte[] a, byte[] b) { } /** - * Performs chained encryption and decryption in one function. - * First, plaintext is encrypted with AES-GCM (inner layer), - * then that ciphertext is encrypted with ChaCha20-Poly1305 (outer layer). - * The decryption process reverses these steps. + * Performs chained encryption and decryption in one function. First, + * plaintext is encrypted with AES-GCM (inner layer), then that ciphertext + * is encrypted with ChaCha20-Poly1305 (outer layer). The decryption process + * reverses these steps. * * @param plaintext The input plaintext. * @return The decrypted plaintext as a String. @@ -148,4 +143,4 @@ public static void main(String[] args) throws Exception { System.out.println("Decrypted: " + new String(decryptedPlaintext)); } -} \ No newline at end of file +} diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Digest.java b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java index 942178e57683..412bf578ac18 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/Digest.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/Digest.java @@ -2,19 +2,18 @@ // import org.bouncycastle.jce.provider.BouncyCastleProvider; -import java.security.*; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.security.SecureRandom; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; -import javax.crypto.KeyGenerator; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.util.Arrays; -import java.util.Base64; /** * DigestTestCase demonstrates the further use of cryptographic digests diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java index 41d84640598d..71481b7e7a92 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve1.java @@ -4,7 +4,6 @@ import java.security.KeyPair; import java.security.KeyPairGenerator; -import java.security.Security; import java.util.Base64; /** diff --git a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java index 6faf48879aed..41def510f18a 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/EllipticCurve2.java @@ -1,40 +1,33 @@ package com.example.crypto.algorithms; //import org.bouncycastle.jce.provider.BouncyCastleProvider; - +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Arrays; -import java.util.Base64; /** * EllipticCurve2 demonstrates real-world uses of elliptic curve algorithms, * including key pair generation, key agreement (ECDH), digital signatures - * (ECDSA, EdDSA), - * and a simple simulation of ECIES (using ECDH + AES-GCM). + * (ECDSA, EdDSA), and a simple simulation of ECIES (using ECDH + AES-GCM). * - * Curve types shown include: - * - NIST (e.g., secp256r1) - * - SEC (e.g., secp256k1) - * - Brainpool (e.g., brainpoolP256r1) - * - CURVE25519 (for X25519 key agreement) - * - ES (e.g., Ed25519 for signatures) - * - Other fallback (e.g., secp256r1 for "OtherEllipticCurveType") + * Curve types shown include: - NIST (e.g., secp256r1) - SEC (e.g., secp256k1) - + * Brainpool (e.g., brainpoolP256r1) - CURVE25519 (for X25519 key agreement) - + * ES (e.g., Ed25519 for signatures) - Other fallback (e.g., secp256r1 for + * "OtherEllipticCurveType") * - * Best practices: - * - Use ephemeral keys and a strong RNG. - * - Use proper key agreement (with a KDF if needed) and digital signature - * schemes. - * - Avoid static key reuse or using weak curves. + * Best practices: - Use ephemeral keys and a strong RNG. - Use proper key + * agreement (with a KDF if needed) and digital signature schemes. - Avoid + * static key reuse or using weak curves. * - * SAST/CBOM considerations: - * - Secure implementations use ephemeral keys and modern curves. - * - Insecure practices (e.g., static keys or reusing keys) must be flagged. + * SAST/CBOM considerations: - Secure implementations use ephemeral keys and + * modern curves. - Insecure practices (e.g., static keys or reusing keys) must + * be flagged. */ public class EllipticCurve2 { @@ -42,11 +35,9 @@ public class EllipticCurve2 { // // Register BouncyCastle provider for additional curves and algorithms. // Security.addProvider(new BouncyCastleProvider()); // } - // ---------------------------- // 1. Key Pair Generation Examples // ---------------------------- - /** * Generates a key pair using a NIST curve (secp256r1). */ @@ -101,10 +92,9 @@ public KeyPair generateOtherEllipticCurveKeyPair() throws Exception { // ---------------------------- // 2. Key Agreement (ECDH) Examples // ---------------------------- - /** - * Performs ECDH key agreement using two ephemeral NIST key pairs. - * Secure Example: Uses ephemeral keys and a strong RNG. + * Performs ECDH key agreement using two ephemeral NIST key pairs. Secure + * Example: Uses ephemeral keys and a strong RNG. * * @return The shared secret. */ @@ -119,8 +109,8 @@ public byte[] performECDHKeyAgreement() throws Exception { } /** - * Insecure ECDH Example: Uses a static key pair for both parties. - * SAST: Reusing the same key pair eliminates forward secrecy and is insecure. + * Insecure ECDH Example: Uses a static key pair for both parties. SAST: + * Reusing the same key pair eliminates forward secrecy and is insecure. * * @return The (insecure) shared secret. */ @@ -135,10 +125,8 @@ public byte[] insecureECDHKeyAgreement() throws Exception { // ---------------------------- // 3. Digital Signature Examples // ---------------------------- - /** - * Generates an ECDSA signature using a NIST key pair. - * Secure Example. + * Generates an ECDSA signature using a NIST key pair. Secure Example. * * @param message The message to sign. * @return The signature. @@ -154,9 +142,9 @@ public byte[] generateECDSASignature(byte[] message) throws Exception { /** * Verifies an ECDSA signature using the corresponding NIST key pair. * - * @param message The original message. + * @param message The original message. * @param signatureBytes The signature to verify. - * @param kp The key pair used for signing. + * @param kp The key pair used for signing. * @return True if the signature is valid. */ public boolean verifyECDSASignature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { @@ -167,8 +155,8 @@ public boolean verifyECDSASignature(byte[] message, byte[] signatureBytes, KeyPa } /** - * Generates an Ed25519 signature. - * Secure Example: Ed25519 is a modern, high-performance signature scheme. + * Generates an Ed25519 signature. Secure Example: Ed25519 is a modern, + * high-performance signature scheme. * * @param message The message to sign. * @return The signature. @@ -184,9 +172,9 @@ public byte[] generateEd25519Signature(byte[] message) throws Exception { /** * Verifies an Ed25519 signature. * - * @param message The original message. + * @param message The original message. * @param signatureBytes The signature to verify. - * @param kp The key pair used for signing. + * @param kp The key pair used for signing. * @return True if the signature is valid. */ public boolean verifyEd25519Signature(byte[] message, byte[] signatureBytes, KeyPair kp) throws Exception { @@ -199,17 +187,14 @@ public boolean verifyEd25519Signature(byte[] message, byte[] signatureBytes, Key // ---------------------------- // 4. ECIES-like Encryption (ECDH + AES-GCM) // ---------------------------- - /** * A simple simulation of ECIES using ECDH for key agreement and AES-GCM for - * encryption. - * Secure Example: Uses ephemeral ECDH key pairs, a KDF to derive a symmetric - * key, - * and AES-GCM with a random nonce. + * encryption. Secure Example: Uses ephemeral ECDH key pairs, a KDF to + * derive a symmetric key, and AES-GCM with a random nonce. * * @param plaintext The plaintext to encrypt. * @return The concatenation of the ephemeral public key, IV, and ciphertext - * (Base64-encoded). + * (Base64-encoded). * @throws Exception if encryption fails. */ public String eciesEncryptionExample(byte[] plaintext) throws Exception { @@ -248,7 +233,6 @@ public String eciesEncryptionExample(byte[] plaintext) throws Exception { // ---------------------------- // 5. Main Method for Demonstration // ---------------------------- - public static void main(String[] args) { try { EllipticCurve2 test = new EllipticCurve2(); diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java index f20220e55bc3..74b2070d13ec 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption1.java @@ -1,12 +1,12 @@ package com.example.crypto.algorithms; //import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; -import java.security.*; -import java.util.Base64; /** * This class demonstrates several encryption schemes along with SAST/CBOM diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java index 8c2b9777655b..edcfa0302045 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/Encryption2.java @@ -1,60 +1,52 @@ package com.example.crypto.algorithms; //import org.bouncycastle.jce.provider.BouncyCastleProvider; +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; +import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Base64; -import java.util.Arrays; -import javax.crypto.Mac; /** * This class demonstrates encryption schemes using elliptic-curve - * Diffie-Hellman (ECDH) - * and hybrid encryption methods, including a post-quantum hybrid scheme. + * Diffie-Hellman (ECDH) and hybrid encryption methods, including a post-quantum + * hybrid scheme. * * SAST/CBOM Classification: - * - * 1. EC Key Generation & ECDH Key Agreement: - * - Parent Classification: Asymmetric Key Generation / Key Agreement. - * - SAST: Secure when using established curves (secp256r1) and reputable - * providers (BouncyCastle). * - * 2. ECDH Hybrid Encryption: - * - Parent Classification: Hybrid Cryptosystem (ECDH + AEAD). - * - SAST: Uses ECDH for key agreement and AES/GCM for encryption. However, the - * derivation of an AES key - * by applying a single SHA-256 hash to the shared secret may be flagged as a - * weak key derivation method. - * A dedicated KDF (e.g., HKDF) is recommended. + * 1. EC Key Generation & ECDH Key Agreement: - Parent Classification: + * Asymmetric Key Generation / Key Agreement. - SAST: Secure when using + * established curves (secp256r1) and reputable providers (BouncyCastle). + * + * 2. ECDH Hybrid Encryption: - Parent Classification: Hybrid Cryptosystem (ECDH + * + AEAD). - SAST: Uses ECDH for key agreement and AES/GCM for encryption. + * However, the derivation of an AES key by applying a single SHA-256 hash to + * the shared secret may be flagged as a weak key derivation method. A dedicated + * KDF (e.g., HKDF) is recommended. * - * 3. Post-Quantum Hybrid Encryption: - * - Parent Classification: Hybrid Cryptosystem (Classical ECDH + Post-Quantum - * Secret + KDF + AEAD). - * - SAST: Combining classical and post-quantum components is advanced and - * secure if implemented properly. - * The custom HKDF expand function provided here is simplistic and may be - * flagged in a CBOM analysis; - * a standard HKDF library should be used in production. + * 3. Post-Quantum Hybrid Encryption: - Parent Classification: Hybrid + * Cryptosystem (Classical ECDH + Post-Quantum Secret + KDF + AEAD). - SAST: + * Combining classical and post-quantum components is advanced and secure if + * implemented properly. The custom HKDF expand function provided here is + * simplistic and may be flagged in a CBOM analysis; a standard HKDF library + * should be used in production. */ public class Encryption2 { // static { // Security.addProvider(new BouncyCastleProvider()); // } - /** * Generates an Elliptic Curve (EC) key pair using the secp256r1 curve. * - * SAST/CBOM Notes: - * - Algorithm: EC key pair generation. - * - Parent Classification: Asymmetric Key Generation. - * - SAST: Considered secure when using strong randomness and a reputable - * provider. + * SAST/CBOM Notes: - Algorithm: EC key pair generation. - Parent + * Classification: Asymmetric Key Generation. - SAST: Considered secure when + * using strong randomness and a reputable provider. * * @return an EC KeyPair. */ @@ -67,13 +59,12 @@ public KeyPair generateECKeyPair() throws Exception { /** * Derives a shared secret using Elliptic Curve Diffie-Hellman (ECDH). * - * SAST/CBOM Notes: - * - Algorithm: ECDH key agreement. - * - Parent Classification: Asymmetric Key Agreement. - * - SAST: Secure when both parties use strong EC keys and proper randomness. + * SAST/CBOM Notes: - Algorithm: ECDH key agreement. - Parent + * Classification: Asymmetric Key Agreement. - SAST: Secure when both + * parties use strong EC keys and proper randomness. * * @param privateKey the private key of one party. - * @param publicKey the public key of the other party. + * @param publicKey the public key of the other party. * @return the derived shared secret as a byte array. */ public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { @@ -84,21 +75,17 @@ public byte[] deriveSharedSecret(PrivateKey privateKey, PublicKey publicKey) thr } /** - * Performs hybrid encryption using ECDH to derive a shared secret, then derives - * an AES key - * by hashing the shared secret with SHA-256, and finally encrypts the data with - * AES-GCM. + * Performs hybrid encryption using ECDH to derive a shared secret, then + * derives an AES key by hashing the shared secret with SHA-256, and finally + * encrypts the data with AES-GCM. * - * SAST/CBOM Notes: - * - Parent Classification: Hybrid Cryptosystem (ECDH + AES-GCM). - * - SAST: While ECDH and AES-GCM are secure, the key derivation method here (a - * single SHA-256 hash) - * is not as robust as using a dedicated KDF. This approach may be flagged and - * is recommended for - * improvement. + * SAST/CBOM Notes: - Parent Classification: Hybrid Cryptosystem (ECDH + + * AES-GCM). - SAST: While ECDH and AES-GCM are secure, the key derivation + * method here (a single SHA-256 hash) is not as robust as using a dedicated + * KDF. This approach may be flagged and is recommended for improvement. * * @param recipientPublicKey the recipient's public EC key. - * @param data the plaintext data to encrypt. + * @param data the plaintext data to encrypt. */ public void ecdhHybridEncryption(PublicKey recipientPublicKey, String data) throws Exception { // Generate an ephemeral EC key pair for the sender. @@ -127,24 +114,20 @@ public void ecdhHybridEncryption(PublicKey recipientPublicKey, String data) thro } /** - * Performs post-quantum hybrid encryption by combining a classical ECDH-derived - * secret with a - * post-quantum shared secret. The two secrets are combined using a custom HKDF - * expansion, and the - * derived key is used to encrypt data with AES-GCM. + * Performs post-quantum hybrid encryption by combining a classical + * ECDH-derived secret with a post-quantum shared secret. The two secrets + * are combined using a custom HKDF expansion, and the derived key is used + * to encrypt data with AES-GCM. * - * SAST/CBOM Notes: - * - Parent Classification: Hybrid Cryptosystem (Classical ECDH + Post-Quantum - * Secret + KDF + AES-GCM). - * - SAST: The combination of classical and post-quantum secrets is a modern - * approach. However, the - * custom HKDF expand function is simplistic and may be flagged as insecure. Use - * a standard HKDF - * implementation in production. + * SAST/CBOM Notes: - Parent Classification: Hybrid Cryptosystem (Classical + * ECDH + Post-Quantum Secret + KDF + AES-GCM). - SAST: The combination of + * classical and post-quantum secrets is a modern approach. However, the + * custom HKDF expand function is simplistic and may be flagged as insecure. + * Use a standard HKDF implementation in production. * - * @param ecPublicKey the recipient's EC public key. + * @param ecPublicKey the recipient's EC public key. * @param pqSharedSecret the post-quantum shared secret from a separate - * algorithm. + * algorithm. */ public void postQuantumHybridEncryption(PublicKey ecPublicKey, byte[] pqSharedSecret) throws Exception { // Step 1: Perform classical ECDH key agreement to derive a shared secret. @@ -171,21 +154,19 @@ public void postQuantumHybridEncryption(PublicKey ecPublicKey, byte[] pqSharedSe } /** - * A simplified HKDF expansion function that uses HMAC-SHA256 to derive a key of - * a desired length. + * A simplified HKDF expansion function that uses HMAC-SHA256 to derive a + * key of a desired length. * - * SAST/CBOM Notes: - * - Parent Classification: Key Derivation Function (KDF). - * - SAST: Custom KDF implementations are risky if not thoroughly vetted. This - * simple HKDF expand - * function lacks the full HKDF mechanism (e.g., multiple iterations, info, and - * context parameters) - * and may be flagged. It is recommended to use a standardized HKDF library. + * SAST/CBOM Notes: - Parent Classification: Key Derivation Function (KDF). + * - SAST: Custom KDF implementations are risky if not thoroughly vetted. + * This simple HKDF expand function lacks the full HKDF mechanism (e.g., + * multiple iterations, info, and context parameters) and may be flagged. It + * is recommended to use a standardized HKDF library. * * @param inputKey the input key material. - * @param salt a salt value (here, the post-quantum shared secret is used as - * the salt). - * @param length the desired length of the derived key. + * @param salt a salt value (here, the post-quantum shared secret is used as + * the salt). + * @param length the desired length of the derived key. * @return a derived key of the specified length. */ private byte[] hkdfExpand(byte[] inputKey, byte[] salt, int length) throws Exception { diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Hash.java b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java index 703bfe4ca8cb..d4e6985eac67 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/Hash.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/Hash.java @@ -20,68 +20,56 @@ * * SAST/CBOM Classification Notes: * - * 1. simpleSHA256Hash: - * - Parent Classification: Cryptographic Hash Function. - * - SAST: Uses SHA-256, which is widely regarded as secure. + * 1. simpleSHA256Hash: - Parent Classification: Cryptographic Hash Function. - + * SAST: Uses SHA-256, which is widely regarded as secure. * - * 2. insecureMD5Hash: - * - Parent Classification: Cryptographic Hash Function. - * - SAST: MD5 is cryptographically broken and should be flagged as insecure. + * 2. insecureMD5Hash: - Parent Classification: Cryptographic Hash Function. - + * SAST: MD5 is cryptographically broken and should be flagged as insecure. * - * 3. hashWithBouncyCastleSHA3: - * - Parent Classification: Cryptographic Hash Function (SHA3). - * - SAST: Uses SHA3-256 from BouncyCastle; considered secure. + * 3. hashWithBouncyCastleSHA3: - Parent Classification: Cryptographic Hash + * Function (SHA3). - SAST: Uses SHA3-256 from BouncyCastle; considered secure. * - * 4. hashWithBouncyCastleBlake2b: - * - Parent Classification: Cryptographic Hash Function (BLAKE2). - * - SAST: Uses BLAKE2b-512; considered secure if used correctly. + * 4. hashWithBouncyCastleBlake2b: - Parent Classification: Cryptographic Hash + * Function (BLAKE2). - SAST: Uses BLAKE2b-512; considered secure if used + * correctly. * - * 5. hashAndSign & verifyHashSignature: - * - Parent Classification: Digital Signature (RSA-based). - * - SAST: Uses SHA256withRSA for signing and verification; secure if key - * management is proper. + * 5. hashAndSign & verifyHashSignature: - Parent Classification: Digital + * Signature (RSA-based). - SAST: Uses SHA256withRSA for signing and + * verification; secure if key management is proper. * - * 6. hashForDataIntegrityCheck: - * - Parent Classification: Data Integrity Check. + * 6. hashForDataIntegrityCheck: - Parent Classification: Data Integrity Check. * - SAST: Uses SHA-256 to verify integrity; considered secure. * - * 7. hashWithVariousAlgorithms: - * - Parent Classification: Cryptographic Hash Function. - * - SAST: Iterates through multiple algorithms; insecure algorithms (MD5, - * SHA-1) may be flagged. + * 7. hashWithVariousAlgorithms: - Parent Classification: Cryptographic Hash + * Function. - SAST: Iterates through multiple algorithms; insecure algorithms + * (MD5, SHA-1) may be flagged. * - * 8. hmacWithVariousAlgorithms: - * - Parent Classification: Message Authentication Code (MAC). - * - SAST: Iterates through various HMAC algorithms; HmacSHA1 is considered - * weaker than SHA256 and above. + * 8. hmacWithVariousAlgorithms: - Parent Classification: Message Authentication + * Code (MAC). - SAST: Iterates through various HMAC algorithms; HmacSHA1 is + * considered weaker than SHA256 and above. * - * 9. hashForPasswordStorage: - * - Parent Classification: Password-Based Key Derivation Function (PBKDF). - * - SAST: Uses PBKDF2WithHmacSHA256 with salt and iteration count; considered - * secure, - * though iteration counts should be reviewed against current standards. + * 9. hashForPasswordStorage: - Parent Classification: Password-Based Key + * Derivation Function (PBKDF). - SAST: Uses PBKDF2WithHmacSHA256 with salt and + * iteration count; considered secure, though iteration counts should be + * reviewed against current standards. * - * 10. hashFromUnknownConfig: - * - Parent Classification: Dynamic Cryptographic Hash Function. - * - SAST: Loading the hash algorithm from an external configuration introduces - * risk of misconfiguration. + * 10. hashFromUnknownConfig: - Parent Classification: Dynamic Cryptographic + * Hash Function. - SAST: Loading the hash algorithm from an external + * configuration introduces risk of misconfiguration. * - * 11. insecureHashBasedRNG: - * - Parent Classification: Pseudo-Random Number Generator (PRNG) using hash. - * - SAST: Uses a fixed seed with various hash algorithms; flagged as insecure - * due to predictability. + * 11. insecureHashBasedRNG: - Parent Classification: Pseudo-Random Number + * Generator (PRNG) using hash. - SAST: Uses a fixed seed with various hash + * algorithms; flagged as insecure due to predictability. */ public class Hash { // static { // Security.addProvider(new BouncyCastleProvider()); // } - /** * Computes a SHA-256 hash of static test data. * - * CBOM/SAST Classification: - * - Uses SHA-256: Classified as secure. + * CBOM/SAST Classification: - Uses SHA-256: Classified as secure. */ public void simpleSHA256Hash() throws Exception { MessageDigest digest = MessageDigest.getInstance("SHA-256"); @@ -92,9 +80,8 @@ public void simpleSHA256Hash() throws Exception { /** * Computes an MD5 hash of static data. * - * CBOM/SAST Classification: - * - Uses MD5: Classified as insecure. - * - SAST: MD5 is deprecated for cryptographic purposes due to collision + * CBOM/SAST Classification: - Uses MD5: Classified as insecure. - SAST: MD5 + * is deprecated for cryptographic purposes due to collision * vulnerabilities. */ public void insecureMD5Hash() throws Exception { @@ -118,8 +105,6 @@ public void insecureMD5Hash() throws Exception { // digest.doFinal(hash, 0); // System.out.println("SHA3-256 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); // } - - // /** // * Computes a BLAKE2b-512 hash using BouncyCastle's Blake2bDigest. // * @@ -135,16 +120,14 @@ public void insecureMD5Hash() throws Exception { // digest.doFinal(hash, 0); // System.out.println("BLAKE2b-512 (BC) Hash: " + Base64.getEncoder().encodeToString(hash)); // } - /** * Signs the hash of the input using SHA256withRSA. * - * CBOM/SAST Classification: - * - Digital Signature (RSA): Classified as secure if keys are managed - * correctly. - * - SAST: The combination of SHA256 and RSA is a standard and secure pattern. + * CBOM/SAST Classification: - Digital Signature (RSA): Classified as secure + * if keys are managed correctly. - SAST: The combination of SHA256 and RSA + * is a standard and secure pattern. * - * @param input The input data to be signed. + * @param input The input data to be signed. * @param privateKey The RSA private key used for signing. */ public void hashAndSign(String input, PrivateKey privateKey) throws Exception { @@ -158,15 +141,14 @@ public void hashAndSign(String input, PrivateKey privateKey) throws Exception { /** * Verifies the signature of the input data. * - * CBOM/SAST Classification: - * - Digital Signature Verification: Classified as secure when using - * SHA256withRSA. - * - SAST: Should correctly verify that the signed hash matches the input. + * CBOM/SAST Classification: - Digital Signature Verification: Classified as + * secure when using SHA256withRSA. - SAST: Should correctly verify that the + * signed hash matches the input. * - * @param input The original input data. + * @param input The original input data. * @param signedHash The signed hash to verify. - * @param publicKey The RSA public key corresponding to the private key that - * signed the data. + * @param publicKey The RSA public key corresponding to the private key that + * signed the data. * @return true if the signature is valid, false otherwise. */ public boolean verifyHashSignature(String input, byte[] signedHash, PublicKey publicKey) throws Exception { @@ -177,15 +159,14 @@ public boolean verifyHashSignature(String input, byte[] signedHash, PublicKey pu } /** - * Computes a SHA-256 hash for data integrity checking and compares it with an - * expected hash. + * Computes a SHA-256 hash for data integrity checking and compares it with + * an expected hash. * - * CBOM/SAST Classification: - * - Data Integrity: Uses SHA-256 for integrity checks, which is secure. - * - SAST: A correct implementation for verifying data has not been tampered - * with. + * CBOM/SAST Classification: - Data Integrity: Uses SHA-256 for integrity + * checks, which is secure. - SAST: A correct implementation for verifying + * data has not been tampered with. * - * @param data The input data. + * @param data The input data. * @param expectedHash The expected Base64-encoded hash. */ public void hashForDataIntegrityCheck(String data, String expectedHash) throws Exception { @@ -199,17 +180,16 @@ public void hashForDataIntegrityCheck(String data, String expectedHash) throws E /** * Computes hashes of the input data using various algorithms. * - * CBOM/SAST Classification: - * - Cryptographic Hash Functions: Iterates through multiple hash functions. - * - SAST: While many are secure (e.g., SHA-256, SHA-512, SHA3), MD5 and SHA-1 - * are insecure - * and should be flagged if used in security-critical contexts. + * CBOM/SAST Classification: - Cryptographic Hash Functions: Iterates + * through multiple hash functions. - SAST: While many are secure (e.g., + * SHA-256, SHA-512, SHA3), MD5 and SHA-1 are insecure and should be flagged + * if used in security-critical contexts. * * @param input The input data to hash. */ public void hashWithVariousAlgorithms(String input) throws Exception { - String[] algorithms = { "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-512", - "BLAKE2B-512", "BLAKE2S-256", "MD5" }; + String[] algorithms = {"SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512", "SHA3-256", "SHA3-512", + "BLAKE2B-512", "BLAKE2S-256", "MD5"}; for (String algorithm : algorithms) { MessageDigest digest = MessageDigest.getInstance(algorithm); byte[] hash = digest.digest(input.getBytes()); @@ -220,18 +200,16 @@ public void hashWithVariousAlgorithms(String input) throws Exception { /** * Computes HMACs of the input data using various algorithms. * - * CBOM/SAST Classification: - * - Message Authentication Code (MAC): Iterates through different HMAC - * algorithms. - * - SAST: HmacSHA256, HmacSHA384, HmacSHA512, HmacSHA3-256, and HmacSHA3-512 - * are secure; - * HmacSHA1 is considered less secure and may be flagged. + * CBOM/SAST Classification: - Message Authentication Code (MAC): Iterates + * through different HMAC algorithms. - SAST: HmacSHA256, HmacSHA384, + * HmacSHA512, HmacSHA3-256, and HmacSHA3-512 are secure; HmacSHA1 is + * considered less secure and may be flagged. * * @param input The input data. - * @param key The secret key used for HMAC computation. + * @param key The secret key used for HMAC computation. */ public void hmacWithVariousAlgorithms(String input, byte[] key) throws Exception { - String[] algorithms = { "HmacSHA1", "HmacSHA256", "HmacSHA384", "HmacSHA512", "HmacSHA3-256", "HmacSHA3-512" }; + String[] algorithms = {"HmacSHA1", "HmacSHA256", "HmacSHA384", "HmacSHA512", "HmacSHA3-256", "HmacSHA3-512"}; for (String algorithm : algorithms) { Mac mac = Mac.getInstance(algorithm); SecretKey secretKey = new SecretKeySpec(key, algorithm); @@ -244,12 +222,10 @@ public void hmacWithVariousAlgorithms(String input, byte[] key) throws Exception /** * Computes a PBKDF2 hash for password storage. * - * CBOM/SAST Classification: - * - Password-Based Key Derivation Function (PBKDF): Uses PBKDF2WithHmacSHA256. - * - SAST: Considered secure when using a strong salt and an appropriate - * iteration count. - * Note: The iteration count (10000) should be reviewed against current security - * standards. + * CBOM/SAST Classification: - Password-Based Key Derivation Function + * (PBKDF): Uses PBKDF2WithHmacSHA256. - SAST: Considered secure when using + * a strong salt and an appropriate iteration count. Note: The iteration + * count (10000) should be reviewed against current security standards. * * @param password The password to hash. */ @@ -263,50 +239,47 @@ public void hashForPasswordStorage(String password) throws Exception { } /** - * Dynamically loads a hash algorithm from configuration and computes a hash. + * Dynamically loads a hash algorithm from configuration and computes a + * hash. * - * CBOM/SAST Classification: - * - Dynamic Cryptographic Hash Selection: Algorithm is loaded from a config - * file. - * - SAST: May be flagged as risky because an insecure or unintended algorithm - * might be chosen. + * CBOM/SAST Classification: - Dynamic Cryptographic Hash Selection: + * Algorithm is loaded from a config file. - SAST: May be flagged as risky + * because an insecure or unintended algorithm might be chosen. */ public void hashFromUnknownConfig() throws Exception { String algorithm = loadHashAlgorithmFromConfig("config.properties"); MessageDigest digest = MessageDigest.getInstance(algorithm); byte[] hash = digest.digest("Config-based Hashing".getBytes()); - System.out.println("Dynamically Loaded Hash Algorithm (" + algorithm + "): " + - Base64.getEncoder().encodeToString(hash)); + System.out.println("Dynamically Loaded Hash Algorithm (" + algorithm + "): " + + Base64.getEncoder().encodeToString(hash)); } /** - * Demonstrates an insecure method for generating pseudo-random bytes by using a - * fixed seed with hash algorithms. + * Demonstrates an insecure method for generating pseudo-random bytes by + * using a fixed seed with hash algorithms. * - * CBOM/SAST Classification: - * - Insecure RNG: Uses a fixed seed with various hash algorithms. - * - SAST: This approach is insecure because it produces predictable output and - * should be flagged. + * CBOM/SAST Classification: - Insecure RNG: Uses a fixed seed with various + * hash algorithms. - SAST: This approach is insecure because it produces + * predictable output and should be flagged. */ public void insecureHashBasedRNG() throws Exception { - String[] algorithms = { "SHA-256", "SHA-512", "SHA3-256", "SHA3-512" }; + String[] algorithms = {"SHA-256", "SHA-512", "SHA3-256", "SHA3-512"}; for (String algorithm : algorithms) { MessageDigest digest = MessageDigest.getInstance(algorithm); byte[] seed = "fixed-seed".getBytes(); // Fixed seed: insecure and predictable. digest.update(seed); byte[] pseudoRandomBytes = digest.digest(); - System.out.println("Insecure RNG using " + algorithm + ": " + - Base64.getEncoder().encodeToString(pseudoRandomBytes)); + System.out.println("Insecure RNG using " + algorithm + ": " + + Base64.getEncoder().encodeToString(pseudoRandomBytes)); } } /** * Loads the hash algorithm from an external configuration file. * - * CBOM/SAST Classification: - * - Dynamic Configuration: External config loading. - * - SAST: The use of external configuration may introduce risks if the config - * file is compromised. + * CBOM/SAST Classification: - Dynamic Configuration: External config + * loading. - SAST: The use of external configuration may introduce risks if + * the config file is compromised. * * @param configPath Path to the configuration file. * @return The hash algorithm to be used (default is SHA-256). @@ -325,9 +298,8 @@ private String loadHashAlgorithmFromConfig(String configPath) { * Generates a secure salt using a cryptographically strong random number * generator. * - * CBOM/SAST Classification: - * - Secure Salt Generation: Uses SecureRandom. - * - SAST: This is a best-practice approach for generating salts for password + * CBOM/SAST Classification: - Secure Salt Generation: Uses SecureRandom. - + * SAST: This is a best-practice approach for generating salts for password * hashing. * * @param length The desired salt length. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java index 30059d40c9a7..dfd94d82358d 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/IVArtifact.java @@ -20,9 +20,9 @@ public class IVArtifact { // static { // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available // } - /** - * Simple Case: Generates a secure IV and encrypts with AES/CBC/PKCS5Padding. + * Simple Case: Generates a secure IV and encrypts with + * AES/CBC/PKCS5Padding. */ public void simpleIVEncryption() throws Exception { SecretKey key = generateAESKey(); @@ -91,13 +91,12 @@ private byte[] insecureIV(int length) { // ------------------------------- // 1. Direct Fixed IV Usage // ------------------------------- - /** - * Encrypts plaintext using AES-GCM with a fixed IV (all zeros). - * This is an insecure practice as IV reuse in AES-GCM undermines - * confidentiality and integrity. + * Encrypts plaintext using AES-GCM with a fixed IV (all zeros). This is an + * insecure practice as IV reuse in AES-GCM undermines confidentiality and + * integrity. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -113,7 +112,6 @@ public byte[] encryptWithFixedIV(SecretKey key, byte[] plaintext) throws Excepti // ------------------------------- // 2. Cached IV Usage // ------------------------------- - // Cache an IV for reuse in multiple encryptions (insecure) private byte[] cachedIV = null; @@ -121,7 +119,7 @@ public byte[] encryptWithFixedIV(SecretKey key, byte[] plaintext) throws Excepti * Encrypts plaintext using AES-GCM with an IV cached from the first call. * Reusing the same IV across multiple encryptions is insecure. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -140,15 +138,13 @@ public byte[] encryptWithCachedIV(SecretKey key, byte[] plaintext) throws Except // ------------------------------- // 3. Indirect IV Reuse via Deterministic Derivation // ------------------------------- - /** - * Encrypts plaintext using AES-GCM with an IV derived deterministically from a - * constant. - * This method computes a SHA-256 hash of a constant string and uses the first - * 12 bytes as the IV. - * Such derived IVs are fixed and must not be reused. + * Encrypts plaintext using AES-GCM with an IV derived deterministically + * from a constant. This method computes a SHA-256 hash of a constant string + * and uses the first 12 bytes as the IV. Such derived IVs are fixed and + * must not be reused. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -166,14 +162,12 @@ public byte[] encryptWithDerivedIV(SecretKey key, byte[] plaintext) throws Excep // ------------------------------- // 4. Reusing a Single IV Across Multiple Messages // ------------------------------- - /** - * Encrypts an array of plaintext messages using AES-GCM with the same IV for - * every message. - * Reusing an IV across messages is insecure in authenticated encryption - * schemes. + * Encrypts an array of plaintext messages using AES-GCM with the same IV + * for every message. Reusing an IV across messages is insecure in + * authenticated encryption schemes. * - * @param key The AES key. + * @param key The AES key. * @param plaintexts An array of plaintext messages. * @return An array of ciphertexts. * @throws Exception if encryption fails. @@ -194,8 +188,8 @@ public byte[][] encryptMultipleMessagesWithSameIV(SecretKey key, byte[][] plaint /** * Encrypts the given plaintext using AES-GCM with the provided key and IV. * - * @param key The AES key. - * @param ivSpec The IV specification. + * @param key The AES key. + * @param ivSpec The IV specification. * @param plaintext The plaintext to encrypt. * @return The ciphertext (IV is not prepended here for clarity). * @throws Exception if encryption fails. @@ -212,10 +206,10 @@ public byte[] encrypt(SecretKey key, IvParameterSpec ivSpec, byte[] plaintext) t * Example 1: Reuses the same IvParameterSpec object across two encryption * calls. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return An array containing two ciphertexts generated with the same - * IvParameterSpec. + * IvParameterSpec. * @throws Exception if encryption fails. */ public byte[][] encryptUsingSameIvParameterSpec(SecretKey key, byte[] plaintext) throws Exception { @@ -225,18 +219,17 @@ public byte[][] encryptUsingSameIvParameterSpec(SecretKey key, byte[] plaintext) // Encrypt the plaintext twice using the same IvParameterSpec. byte[] ciphertext1 = encrypt(key, fixedIvSpec, plaintext); byte[] ciphertext2 = encrypt(key, fixedIvSpec, plaintext); - return new byte[][] { ciphertext1, ciphertext2 }; + return new byte[][]{ciphertext1, ciphertext2}; } /** - * Example 2: Creates two different IvParameterSpec objects that share the same - * underlying IV array. + * Example 2: Creates two different IvParameterSpec objects that share the + * same underlying IV array. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return An array containing two ciphertexts generated with two - * IvParameterSpec objects - * constructed from the same IV array. + * IvParameterSpec objects constructed from the same IV array. * @throws Exception if encryption fails. */ public byte[][] encryptUsingDifferentIvSpecSameIVArray(SecretKey key, byte[] plaintext) throws Exception { @@ -248,13 +241,12 @@ public byte[][] encryptUsingDifferentIvSpecSameIVArray(SecretKey key, byte[] pla // Encrypt the plaintext twice. byte[] ciphertext1 = encrypt(key, ivSpec1, plaintext); byte[] ciphertext2 = encrypt(key, ivSpec2, plaintext); - return new byte[][] { ciphertext1, ciphertext2 }; + return new byte[][]{ciphertext1, ciphertext2}; } // ------------------------------- // Main Method for Demonstration // ------------------------------- - public static void main(String[] args) { try { IVArtifact test = new IVArtifact(); @@ -280,7 +272,7 @@ public static void main(String[] args) { System.out.println("Derived IV Encryption: " + Base64.getEncoder().encodeToString(derivedIVCipher)); // Example 4: Reusing the same IV across multiple messages - byte[][] messages = { "Message One".getBytes(), "Message Two".getBytes(), "Message Three".getBytes() }; + byte[][] messages = {"Message One".getBytes(), "Message Two".getBytes(), "Message Three".getBytes()}; byte[][] multiCiphers = test.encryptMultipleMessagesWithSameIV(key, messages); for (int i = 0; i < multiCiphers.length; i++) { System.out.println("Multi-message Encryption " + (i + 1) + ": " diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java index aca75f15133d..6f9bd06b4e77 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyAgreementHybridCryptosystem.java @@ -2,7 +2,10 @@ // import org.bouncycastle.jce.provider.BouncyCastleProvider; // import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; - +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; import javax.crypto.KeyGenerator; @@ -13,35 +16,24 @@ import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Arrays; -import java.util.Base64; /** * KeyAgreementHybridCryptosystem demonstrates two hybrid cryptosystems: * - * 1. ECDH + AES-GCM: - * - Secure Flow: Uses ephemeral ECDH key pairs on secp256r1, applies a simple - * KDF (SHA-256) - * to derive a 128-bit AES key, and uses AES-GCM with a random 12-byte nonce. - * - Insecure Flow: Reuses a static key pair, uses raw shared secret truncation, - * and employs - * a fixed (zero) IV. + * 1. ECDH + AES-GCM: - Secure Flow: Uses ephemeral ECDH key pairs on secp256r1, + * applies a simple KDF (SHA-256) to derive a 128-bit AES key, and uses AES-GCM + * with a random 12-byte nonce. - Insecure Flow: Reuses a static key pair, uses + * raw shared secret truncation, and employs a fixed (zero) IV. * - * 2. X25519 + ChaCha20-Poly1305: - * - Secure Flow: Uses ephemeral X25519 key pairs, applies a KDF (SHA-256) to - * derive a 256-bit key, - * and uses ChaCha20-Poly1305 with a random nonce. - * - Insecure Flow: Reuses a static key pair, directly truncates the shared - * secret without a proper KDF, - * and uses a fixed nonce. + * 2. X25519 + ChaCha20-Poly1305: - Secure Flow: Uses ephemeral X25519 key + * pairs, applies a KDF (SHA-256) to derive a 256-bit key, and uses + * ChaCha20-Poly1305 with a random nonce. - Insecure Flow: Reuses a static key + * pair, directly truncates the shared secret without a proper KDF, and uses a + * fixed nonce. * - * SAST/CBOM Notes: - * - Secure flows use proper ephemeral key generation, a simple KDF, and random - * nonces. - * - Insecure flows use static keys, fixed nonces, and raw shared secret - * truncation. + * SAST/CBOM Notes: - Secure flows use proper ephemeral key generation, a simple + * KDF, and random nonces. - Insecure flows use static keys, fixed nonces, and + * raw shared secret truncation. */ public class KeyAgreementHybridCryptosystem { @@ -49,9 +41,7 @@ public class KeyAgreementHybridCryptosystem { // Security.addProvider(new BouncyCastleProvider()); // Security.addProvider(new BouncyCastlePQCProvider()); // } - // ---------- Helper Methods ---------- - /** * Generates an ephemeral ECDH key pair on secp256r1. */ @@ -103,11 +93,10 @@ public byte[] concatenate(byte[] a, byte[] b) { // =============================================== // 1. ECDH + AES-GCM Flows // =============================================== - /** - * Secure hybrid encryption using ECDH and AES-GCM. - * Uses ephemeral key pairs, applies a simple KDF to derive a 128-bit AES key, - * and uses AES-GCM with a random 12-byte nonce. + * Secure hybrid encryption using ECDH and AES-GCM. Uses ephemeral key + * pairs, applies a simple KDF to derive a 128-bit AES key, and uses AES-GCM + * with a random 12-byte nonce. */ public byte[] secureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { KeyPair aliceKP = generateECDHKeyPair(); @@ -127,10 +116,9 @@ public byte[] secureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { } /** - * Insecure hybrid encryption using ECDH and AES-GCM. - * Reuses a static key pair, uses raw shared secret truncation without a proper - * KDF, - * and employs a fixed IV (all zeros). + * Insecure hybrid encryption using ECDH and AES-GCM. Reuses a static key + * pair, uses raw shared secret truncation without a proper KDF, and employs + * a fixed IV (all zeros). */ public byte[] insecureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { KeyPair staticKP = generateECDHKeyPair(); @@ -150,11 +138,10 @@ public byte[] insecureECDH_AESGCMEncryption(byte[] plaintext) throws Exception { // =============================================== // 2. X25519 + ChaCha20-Poly1305 Flows // =============================================== - /** - * Secure hybrid encryption using X25519 and ChaCha20-Poly1305. - * Uses ephemeral key pairs, applies a KDF (SHA-256) to derive a 256-bit key, - * and uses ChaCha20-Poly1305 with a random 12-byte nonce. + * Secure hybrid encryption using X25519 and ChaCha20-Poly1305. Uses + * ephemeral key pairs, applies a KDF (SHA-256) to derive a 256-bit key, and + * uses ChaCha20-Poly1305 with a random 12-byte nonce. */ public byte[] secureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { KeyPair aliceKP = generateX25519KeyPair(); @@ -173,10 +160,9 @@ public byte[] secureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws E } /** - * Insecure hybrid encryption using X25519 and ChaCha20-Poly1305. - * Reuses a static key pair, directly truncates the shared secret without a - * proper KDF, - * and employs a fixed nonce. + * Insecure hybrid encryption using X25519 and ChaCha20-Poly1305. Reuses a + * static key pair, directly truncates the shared secret without a proper + * KDF, and employs a fixed nonce. */ public byte[] insecureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws Exception { KeyPair staticKP = generateX25519KeyPair(); @@ -195,11 +181,9 @@ public byte[] insecureX25519_Chacha20Poly1305Encryption(byte[] plaintext) throws // =============================================== // 3. Dynamic Hybrid Selection // =============================================== - /** * Dynamically selects a hybrid encryption flow based on a configuration - * property. - * If the config is unknown, defaults to an insecure flow. + * property. If the config is unknown, defaults to an insecure flow. */ public String dynamicHybridEncryption(String config, byte[] plaintext) throws Exception { byte[] result; @@ -221,11 +205,9 @@ public String dynamicHybridEncryption(String config, byte[] plaintext) throws Ex // =============================================== // 4. Further Key Derivation from Symmetric Keys // =============================================== - /** * Derives two keys from a symmetric key using PBKDF2, then uses one key for - * AES-GCM encryption - * and the other for computing a MAC over the ciphertext. + * AES-GCM encryption and the other for computing a MAC over the ciphertext. */ public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plaintext) throws Exception { String keyAsString = Base64.getEncoder().encodeToString(key.getEncoded()); @@ -259,7 +241,6 @@ public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plain // =============================================== // 5. Output/Storage Methods // =============================================== - /** * Stores the output securely. */ @@ -271,7 +252,6 @@ public void storeOutput(byte[] output) { // =============================================== // 6. Helper Methods for Key/Nonce Generation // =============================================== - /** * Generates a secure 256-bit AES key. */ diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java index 041a1fce4f08..4c80246050a4 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyArtifact.java @@ -1,19 +1,18 @@ package com.example.crypto.artifacts; // import org.bouncycastle.jce.provider.BouncyCastleProvider; -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; +import java.io.FileInputStream; import java.security.*; import java.security.spec.*; import java.util.Properties; -import java.io.FileInputStream; +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; public class KeyArtifact { // static { // Security.addProvider(new BouncyCastleProvider()); // } - public void generateSymmetricKeys() throws NoSuchAlgorithmException { // AES Key Generation (Default Provider) KeyGenerator keyGen = KeyGenerator.getInstance("AES"); @@ -76,7 +75,7 @@ public KeyPair generateKeyPair(String algorithm) throws NoSuchAlgorithmException public void keySelectionFromArray() throws NoSuchAlgorithmException { // Selecting Algorithm Dynamically from an Array - String[] algorithms = { "RSA", "EC", "Ed25519" }; + String[] algorithms = {"RSA", "EC", "Ed25519"}; KeyPair[] keyPairs = new KeyPair[algorithms.length]; for (int i = 0; i < algorithms.length; i++) { diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java index 6dd2c33b93f1..c5fc44a6b467 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java @@ -3,81 +3,67 @@ // import org.bouncycastle.crypto.generators.Argon2BytesGenerator; // import org.bouncycastle.crypto.params.Argon2Parameters; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import javax.crypto.Mac; -import javax.crypto.SecretKey; -import javax.crypto.SecretKeyFactory; -import javax.crypto.spec.PBEKeySpec; -import javax.crypto.spec.SecretKeySpec; import java.io.FileInputStream; import java.io.IOException; import java.security.MessageDigest; import java.security.SecureRandom; -import java.security.Security; import java.util.Arrays; import java.util.Base64; import java.util.Properties; +import javax.crypto.Mac; +import javax.crypto.SecretKey; +import javax.crypto.SecretKeyFactory; +import javax.crypto.spec.PBEKeySpec; +import javax.crypto.spec.SecretKeySpec; /** * This class demonstrates multiple key derivation functions (KDFs) including - * PBKDF2, scrypt, Argon2, raw hash derivation, - * HKDF, and dynamic algorithm selection. + * PBKDF2, scrypt, Argon2, raw hash derivation, HKDF, and dynamic algorithm + * selection. * * SAST/CBOM Classification Notes: * - * 1. PBKDF2 Examples: - * - Parent Classification: Password-Based Key Derivation Function (PBKDF). - * - SAST: - * * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 with 10,000 iterations - - * acceptable if parameters meet current standards. - * * pbkdf2LowIteration: Uses only 10 iterations – flagged as insecure due to - * insufficient iteration count. - * * pbkdf2HighIteration: Uses 1,000,000 iterations – secure (though performance - * may be impacted). - * * pbkdf2HmacSHA1: Uses PBKDF2WithHmacSHA1 – flagged as weaker compared to - * SHA-256, though sometimes seen in legacy systems. - * * pbkdf2HmacSHA512: Uses PBKDF2WithHmacSHA512 – classified as secure. + * 1. PBKDF2 Examples: - Parent Classification: Password-Based Key Derivation + * Function (PBKDF). - SAST: * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 + * with 10,000 iterations - acceptable if parameters meet current standards. * + * pbkdf2LowIteration: Uses only 10 iterations – flagged as insecure due to + * insufficient iteration count. * pbkdf2HighIteration: Uses 1,000,000 + * iterations – secure (though performance may be impacted). * pbkdf2HmacSHA1: + * Uses PBKDF2WithHmacSHA1 – flagged as weaker compared to SHA-256, though + * sometimes seen in legacy systems. * pbkdf2HmacSHA512: Uses + * PBKDF2WithHmacSHA512 – classified as secure. * - * 2. Scrypt Examples: - * - Parent Classification: Memory-Hard Key Derivation Function. - * - SAST: - * * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) – flagged as insecure. - * * scryptStrong: Uses stronger parameters (n=16384, r=8, p=1) – considered - * secure. + * 2. Scrypt Examples: - Parent Classification: Memory-Hard Key Derivation + * Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) – + * flagged as insecure. * scryptStrong: Uses stronger parameters (n=16384, r=8, + * p=1) – considered secure. * - * 3. Argon2 Examples: - * - Parent Classification: Memory-Hard Key Derivation Function (Argon2id). - * - SAST: - * * argon2Derivation: Uses moderate memory and iterations – considered secure. - * * argon2HighMemory: Uses high memory (128MB) and more iterations – secure, - * though resource intensive. + * 3. Argon2 Examples: - Parent Classification: Memory-Hard Key Derivation + * Function (Argon2id). - SAST: * argon2Derivation: Uses moderate memory and + * iterations – considered secure. * argon2HighMemory: Uses high memory (128MB) + * and more iterations – secure, though resource intensive. * - * 4. Insecure Raw Hash Derivation: - * - Parent Classification: Raw Hash Usage for Key Derivation. - * - SAST: Using a single SHA-256 hash as a key and then using it with insecure - * AES/ECB mode is highly discouraged. + * 4. Insecure Raw Hash Derivation: - Parent Classification: Raw Hash Usage for + * Key Derivation. - SAST: Using a single SHA-256 hash as a key and then using + * it with insecure AES/ECB mode is highly discouraged. * - * 5. HKDF Examples: - * - Parent Classification: Key Derivation Function (HKDF). - * - SAST: The provided HKDF implementation is simplistic (single-block - * expansion) and may be flagged. + * 5. HKDF Examples: - Parent Classification: Key Derivation Function (HKDF). - + * SAST: The provided HKDF implementation is simplistic (single-block expansion) + * and may be flagged. * - * 6. Multi-Step Hybrid Derivation: - * - Parent Classification: Composite KDF (PBKDF2 followed by HKDF). - * - SAST: Combining two KDFs is acceptable if done carefully; however, custom - * implementations should be reviewed. + * 6. Multi-Step Hybrid Derivation: - Parent Classification: Composite KDF + * (PBKDF2 followed by HKDF). - SAST: Combining two KDFs is acceptable if done + * carefully; however, custom implementations should be reviewed. * - * 7. Dynamic KDF Selection: - * - Parent Classification: Dynamic/Configurable Key Derivation. - * - SAST: Loading KDF parameters from configuration introduces ambiguity and - * risk if misconfigured. + * 7. Dynamic KDF Selection: - Parent Classification: Dynamic/Configurable Key + * Derivation. - SAST: Loading KDF parameters from configuration introduces + * ambiguity and risk if misconfigured. */ public class KeyDerivation1 { // static { // Security.addProvider(new BouncyCastleProvider()); // } - ////////////////////////////////////// // 1. PBKDF2 EXAMPLES ////////////////////////////////////// @@ -100,11 +86,8 @@ public void pbkdf2DerivationBasic(String password) throws Exception { /** * PBKDF2 derivation with a very low iteration count. * - * SAST/CBOM: - * - Parent: PBKDF2. - * - Iteration count is only 10, which is far below acceptable security - * standards. - * - Flagged as insecure. + * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far + * below acceptable security standards. - Flagged as insecure. */ public void pbkdf2LowIteration(String password) throws Exception { byte[] salt = generateSalt(16); @@ -117,9 +100,8 @@ public void pbkdf2LowIteration(String password) throws Exception { /** * PBKDF2 derivation with a high iteration count. * - * SAST/CBOM: - * - Parent: PBKDF2. - * - Uses 1,000,000 iterations; this is secure but may impact performance. + * SAST/CBOM: - Parent: PBKDF2. - Uses 1,000,000 iterations; this is secure + * but may impact performance. */ public void pbkdf2HighIteration(String password) throws Exception { byte[] salt = generateSalt(16); @@ -132,10 +114,8 @@ public void pbkdf2HighIteration(String password) throws Exception { /** * PBKDF2 derivation using HmacSHA1. * - * SAST/CBOM: - * - Parent: PBKDF2. - * - Uses HMAC-SHA1, which is considered weaker than SHA-256; may be acceptable - * only for legacy systems. + * SAST/CBOM: - Parent: PBKDF2. - Uses HMAC-SHA1, which is considered weaker + * than SHA-256; may be acceptable only for legacy systems. */ public void pbkdf2HmacSHA1(String password) throws Exception { byte[] salt = generateSalt(16); @@ -148,9 +128,8 @@ public void pbkdf2HmacSHA1(String password) throws Exception { /** * PBKDF2 derivation using HmacSHA512. * - * SAST/CBOM: - * - Parent: PBKDF2. - * - Uses HMAC-SHA512 with 160,000 iterations; classified as secure. + * SAST/CBOM: - Parent: PBKDF2. - Uses HMAC-SHA512 with 160,000 iterations; + * classified as secure. */ public void pbkdf2HmacSHA512(String password) throws Exception { byte[] salt = generateSalt(16); @@ -184,9 +163,8 @@ public void scryptWeak(String password) throws Exception { /** * Scrypt derivation with stronger parameters. * - * SAST/CBOM: - * - Parent: Scrypt. - * - Parameters (n=16384, r=8, p=1) provide a secure work factor. + * SAST/CBOM: - Parent: Scrypt. - Parameters (n=16384, r=8, p=1) provide a + * secure work factor. */ public void scryptStrong(String password) throws Exception { byte[] salt = generateSalt(16); @@ -298,10 +276,9 @@ public void hkdfDerivation(byte[] ikm) throws Exception { * Multi-step hybrid derivation: first using PBKDF2, then applying HKDF * expansion. * - * SAST/CBOM: - * - Parent: Composite KDF. - * - Combining PBKDF2 and HKDF is a non-standard approach and may be flagged; - * ensure that each step meets security requirements. + * SAST/CBOM: - Parent: Composite KDF. - Combining PBKDF2 and HKDF is a + * non-standard approach and may be flagged; ensure that each step meets + * security requirements. */ public void multiStepHybridDerivation(String password, byte[] sharedSecret) throws Exception { byte[] pbkdf2Key = derivePBKDF2Key(password); @@ -361,10 +338,8 @@ private byte[] derivePBKDF2Key(String password) throws Exception { /** * A simplistic HKDF expansion function using HMAC-SHA256. * - * SAST/CBOM: - * - Parent: HKDF. - * - Uses a single-block expansion ("hkdf-expansion") which is non-standard and - * may be flagged. + * SAST/CBOM: - Parent: HKDF. - Uses a single-block expansion + * ("hkdf-expansion") which is non-standard and may be flagged. */ private byte[] hkdfExpand(byte[] ikm, byte[] salt, int length) throws Exception { Mac hmac = Mac.getInstance("HmacSHA256"); @@ -382,9 +357,8 @@ private byte[] hkdfExpand(byte[] ikm, byte[] salt, int length) throws Exception /** * Generates a secure random salt of the specified length. * - * SAST/CBOM: - * - Parent: Secure Random Salt Generation. - * - Uses SecureRandom; considered best practice. + * SAST/CBOM: - Parent: Secure Random Salt Generation. - Uses SecureRandom; + * considered best practice. */ private byte[] generateSalt(int length) { byte[] salt = new byte[length]; diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java index 7d18f6f875ca..df787496d779 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyEncapsulation.java @@ -4,38 +4,35 @@ // import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider; // import org.bouncycastle.pqc.jcajce.spec.KyberParameterSpec; // import org.bouncycastle.util.Strings; - +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyAgreement; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Base64; /** * Demonstrates various Key Encapsulation Mechanisms (KEMs), including: * - * 1) RSA-KEM (emulated using RSA-OAEP for ephemeral key wrapping) - * - CBOM/SAST: Classified as a Hybrid Cryptosystem (public-key based key - * encapsulation). + * 1) RSA-KEM (emulated using RSA-OAEP for ephemeral key wrapping) - CBOM/SAST: + * Classified as a Hybrid Cryptosystem (public-key based key encapsulation). * While RSA-OAEP is secure, using it to emulate KEM (without a standard scheme) * may be flagged. * - * 2) ECIES (Elliptic Curve Integrated Encryption Scheme) - * - CBOM/SAST: Classified as a Hybrid Cryptosystem (KEM+DEM) based on ECDH and - * AES. - * Note: Directly using the raw ECDH shared secret as key material is insecure - * in production. + * 2) ECIES (Elliptic Curve Integrated Encryption Scheme) - CBOM/SAST: + * Classified as a Hybrid Cryptosystem (KEM+DEM) based on ECDH and AES. Note: + * Directly using the raw ECDH shared secret as key material is insecure in + * production. * - * 3) Kyber (Post-Quantum KEM using BouncyCastle PQC) - * - CBOM/SAST: Classified as a Post-Quantum Key Encapsulation mechanism. - * This is modern and secure when using standardized parameters. + * 3) Kyber (Post-Quantum KEM using BouncyCastle PQC) - CBOM/SAST: Classified as + * a Post-Quantum Key Encapsulation mechanism. This is modern and secure when + * using standardized parameters. * - * 4) Basic ephemeral flows that mimic KEM logic using ephemeral ECDH. - * - CBOM/SAST: Classified as a simple KEM mimic based on ephemeral ECDH. + * 4) Basic ephemeral flows that mimic KEM logic using ephemeral ECDH. - + * CBOM/SAST: Classified as a simple KEM mimic based on ephemeral ECDH. */ public class KeyEncapsulation { @@ -44,7 +41,6 @@ public class KeyEncapsulation { // Security.addProvider(new BouncyCastleProvider()); // Security.addProvider(new BouncyCastlePQCProvider()); // } - ////////////////////////////////////// // 1. RSA-KEM-Like Flow ////////////////////////////////////// @@ -86,11 +82,10 @@ public void rsaKEMEncapsulation(PublicKey rsaPub) throws Exception { /** * Performs RSA decapsulation by decrypting the wrapped AES key. * - * SAST/CBOM Classification: - * - Parent: Hybrid Cryptosystem (RSA-OAEP based key decapsulation). - * - Note: Secure when used with matching RSA key pairs. + * SAST/CBOM Classification: - Parent: Hybrid Cryptosystem (RSA-OAEP based + * key decapsulation). - Note: Secure when used with matching RSA key pairs. * - * @param rsaPriv The RSA private key corresponding to the public key used. + * @param rsaPriv The RSA private key corresponding to the public key used. * @param wrappedKey The RSA-wrapped ephemeral AES key. */ public void rsaKEMDecapsulation(PrivateKey rsaPriv, byte[] wrappedKey) throws Exception { @@ -225,7 +220,6 @@ public void runKeyEncapsulationDemos() throws Exception { // kyberKpg.initialize(KyberParameterSpec.kyber512); // KeyPair kyberKP = kyberKpg.generateKeyPair(); // kyberEncapsulate(kyberKP); - // 4) Ephemeral ECDH Mimic KEM: // For demonstration, we use an EC key pair and mimic KEM by deriving a shared // secret. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java index 056d81b46be0..ef4d5b94c86f 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyExchange.java @@ -1,35 +1,30 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import javax.crypto.KeyAgreement; import java.security.*; import java.security.spec.ECGenParameterSpec; import java.util.Arrays; import java.util.Base64; +import javax.crypto.KeyAgreement; /** * Demonstrates various Key Exchange mechanisms using standard Java and * BouncyCastle: * - * 1) Classic DH (Diffie-Hellman) with multiple key sizes: - * - 512-bit: Insecure/deprecated (flagged as unsafe by SAST). - * - 2048-bit: Standard secure level. - * - 4096-bit: High-security (but can be slow). + * 1) Classic DH (Diffie-Hellman) with multiple key sizes: - 512-bit: + * Insecure/deprecated (flagged as unsafe by SAST). - 2048-bit: Standard secure + * level. - 4096-bit: High-security (but can be slow). * - * 2) ECDH (using secp256r1): - * - Classified as a secure elliptic-curve key exchange. + * 2) ECDH (using secp256r1): - Classified as a secure elliptic-curve key + * exchange. * - * 3) X25519: - * - A modern and efficient elliptic-curve key exchange protocol. + * 3) X25519: - A modern and efficient elliptic-curve key exchange protocol. * - * 4) X448: - * - Provides a higher security level for key exchange. + * 4) X448: - Provides a higher security level for key exchange. * * In addition, the class now includes a nuanced insecure example that - * demonstrates: - * - Reusing static key pairs instead of generating fresh ephemeral keys. - * - Using weak parameters (512-bit DH) in a key exchange. + * demonstrates: - Reusing static key pairs instead of generating fresh + * ephemeral keys. - Using weak parameters (512-bit DH) in a key exchange. * * The runAllExchanges() method demonstrates generating keys for each algorithm, * deriving shared secrets, and comparing safe vs. insecure practices. @@ -40,7 +35,6 @@ public class KeyExchange { // // Add the BouncyCastle provider to support additional algorithms. // Security.addProvider(new BouncyCastleProvider()); // } - ////////////////////////////////////////// // 1. Classic DH (Diffie-Hellman) ////////////////////////////////////////// @@ -64,8 +58,7 @@ public KeyPair generateDHKeyPair() throws Exception { * Generates a deprecated/unsafe Diffie-Hellman key pair using a 512-bit * modulus. * - * CBOM/SAST Classification: - * - Parent: Classic Diffie-Hellman Key Exchange. + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. * - 512-bit DH is considered insecure and should be flagged by SAST tools. * * @return A 512-bit (insecure) DH KeyPair. @@ -78,10 +71,10 @@ public KeyPair generateDHDeprecated() throws Exception { } /** - * Generates a high-security Diffie-Hellman key pair using a 4096-bit modulus. + * Generates a high-security Diffie-Hellman key pair using a 4096-bit + * modulus. * - * CBOM/SAST Classification: - * - Parent: Classic Diffie-Hellman Key Exchange. + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. * - 4096-bit DH offers high security, though it may be slower in practice. * * @return A 4096-bit DH KeyPair. @@ -95,12 +88,11 @@ public KeyPair generateDHHighSecurity() throws Exception { /** * Derives a shared secret from a DH key pair. * - * CBOM/SAST Classification: - * - Parent: Classic Diffie-Hellman Key Exchange. + * CBOM/SAST Classification: - Parent: Classic Diffie-Hellman Key Exchange. * - Properly deriving the shared secret is secure if using a safe key size. * * @param privateKey The private key of one party. - * @param publicKey The public key of the other party. + * @param publicKey The public key of the other party. * @return The derived shared secret as a byte array. */ public byte[] deriveDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { @@ -133,12 +125,11 @@ public KeyPair generateECDHKeyPair() throws Exception { /** * Derives a shared secret using ECDH. * - * CBOM/SAST Classification: - * - Parent: Elliptic Curve Diffie-Hellman (ECDH). + * CBOM/SAST Classification: - Parent: Elliptic Curve Diffie-Hellman (ECDH). * - Secure when using appropriate curves and proper randomness. * * @param privateKey The ECDH private key. - * @param publicKey The corresponding public key. + * @param publicKey The corresponding public key. * @return The derived ECDH shared secret. */ public byte[] deriveECDHSecret(PrivateKey privateKey, PublicKey publicKey) throws Exception { @@ -171,12 +162,11 @@ public KeyPair generateX25519KeyPair() throws Exception { /** * Derives a shared secret using the X25519 key agreement. * - * CBOM/SAST Classification: - * - Parent: Modern Elliptic-Curve Key Exchange. - * - X25519 is highly recommended for its security and efficiency. + * CBOM/SAST Classification: - Parent: Modern Elliptic-Curve Key Exchange. - + * X25519 is highly recommended for its security and efficiency. * * @param privateKey The X25519 private key. - * @param publicKey The corresponding public key. + * @param publicKey The corresponding public key. * @return The derived X25519 shared secret. */ public byte[] deriveX25519Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { @@ -209,12 +199,11 @@ public KeyPair generateX448KeyPair() throws Exception { /** * Derives a shared secret using the X448 key agreement. * - * CBOM/SAST Classification: - * - Parent: Modern Elliptic-Curve Key Exchange. - * - X448 is considered secure and suitable for high-security applications. + * CBOM/SAST Classification: - Parent: Modern Elliptic-Curve Key Exchange. - + * X448 is considered secure and suitable for high-security applications. * * @param privateKey The X448 private key. - * @param publicKey The corresponding public key. + * @param publicKey The corresponding public key. * @return The derived X448 shared secret. */ public byte[] deriveX448Secret(PrivateKey privateKey, PublicKey publicKey) throws Exception { @@ -248,8 +237,8 @@ public void insecureKeyExchangeExample() throws Exception { KeyPair staticDHKeyPair = generateDHDeprecated(); // Reusing the same static DH key pair for both parties. byte[] staticDHSecret = deriveDHSecret(staticDHKeyPair.getPrivate(), staticDHKeyPair.getPublic()); - System.out.println("Static DH (512-bit) shared secret (reused): " + - Base64.getEncoder().encodeToString(staticDHSecret)); + System.out.println("Static DH (512-bit) shared secret (reused): " + + Base64.getEncoder().encodeToString(staticDHSecret)); // SAST Note: 512-bit DH is considered insecure and static key reuse prevents // forward secrecy. @@ -259,8 +248,8 @@ public void insecureKeyExchangeExample() throws Exception { // Using the same key pair for both sides leads to a shared secret that is // easily derived. byte[] reusedECDHSecret = deriveECDHSecret(reusedECDHKeyPair.getPrivate(), reusedECDHKeyPair.getPublic()); - System.out.println("Reused ECDH shared secret: " + - Base64.getEncoder().encodeToString(reusedECDHSecret)); + System.out.println("Reused ECDH shared secret: " + + Base64.getEncoder().encodeToString(reusedECDHSecret)); // SAST Note: Proper key exchange requires fresh ephemeral keys for each session // to ensure forward secrecy. } diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java index 6994048d1c8b..e1e9d3205be2 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -1,17 +1,16 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - +import java.security.*; +import java.util.Arrays; +import java.util.Base64; import javax.crypto.Cipher; +import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.SecretKeyFactory; -import javax.crypto.KeyGenerator; import javax.crypto.spec.PBEKeySpec; import javax.crypto.spec.SecretKeySpec; -import java.security.*; -import java.util.Arrays; -import java.util.Base64; /** * MACOperation demonstrates various Message Authentication Code (MAC) @@ -20,47 +19,42 @@ * * Flows include: * - * 1. Secure HMAC‑SHA2 (HMAC‑SHA256) – a widely accepted MAC. - * 2. Secure HMAC‑SHA3 (HMAC‑SHA3-256) – an alternative using the SHA‑3 family. - * 3. Secure Poly1305 MAC – using BouncyCastle’s implementation. - * 4. Secure GMAC – using AES‑GCM’s authentication tag in a dedicated MAC mode. - * 5. Secure KMAC – using KMAC128 (from the SHA‑3 family). + * 1. Secure HMAC-SHA2 (HMAC-SHA256) – a widely accepted MAC. 2. Secure + * HMAC-SHA3 (HMAC-SHA3-256) – an alternative using the SHA-3 family. 3. Secure + * Poly1305 MAC – using BouncyCastle’s implementation. 4. Secure GMAC – using + * AES-GCM’s authentication tag in a dedicated MAC mode. 5. Secure KMAC – using + * KMAC128 (from the SHA-3 family). * * Insecure examples include: * - * 6. Insecure HMAC‑SHA1 – which is deprecated. + * 6. Insecure HMAC-SHA1 – which is deprecated. * * Further flows: * * A. processMACOutput: Uses the MAC output directly as key material for AES - * encryption. - * (Note: This is acceptable only if the MAC is produced by a secure function.) + * encryption. (Note: This is acceptable only if the MAC is produced by a secure + * function.) * * B. alternativeMACFlow: Uses the MAC output as an identifier that is then * encrypted. * * C. furtherUseMACForKeyDerivation: Uses PBKDF2 to split a MAC output into two - * keys, - * one for encryption and one for MACing ciphertext. + * keys, one for encryption and one for MACing ciphertext. * - * SAST/CBOM Notes: - * - Secure MAC algorithms (HMAC‑SHA256, HMAC‑SHA3-256, Poly1305, GMAC, KMAC128) - * are acceptable if used correctly. - * - HMAC‑SHA1 is flagged as insecure. - * - Using a raw MAC output directly as key material is ambiguous unless the MAC - * is produced by a secure KDF. + * SAST/CBOM Notes: - Secure MAC algorithms (HMAC-SHA256, HMAC-SHA3-256, + * Poly1305, GMAC, KMAC128) are acceptable if used correctly. - HMAC-SHA1 is + * flagged as insecure. - Using a raw MAC output directly as key material is + * ambiguous unless the MAC is produced by a secure KDF. */ public class MACOperation { // static { // Security.addProvider(new BouncyCastleProvider()); // } - // ---------- MAC Operations ---------- - /** - * Secure MAC using HMAC-SHA256. - * SAST: HMAC-SHA256 is widely considered secure. + * Secure MAC using HMAC-SHA256. SAST: HMAC-SHA256 is widely considered + * secure. */ public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("HmacSHA256", "BC"); @@ -70,8 +64,8 @@ public byte[] secureHMACSHA256(String message, byte[] key) throws Exception { } /** - * Secure MAC using HMAC-SHA3-256. - * SAST: HMAC-SHA3 is a modern alternative from the SHA-3 family. + * Secure MAC using HMAC-SHA3-256. SAST: HMAC-SHA3 is a modern alternative + * from the SHA-3 family. */ public byte[] secureHMACSHA3(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("HmacSHA3-256", "BC"); @@ -81,9 +75,8 @@ public byte[] secureHMACSHA3(String message, byte[] key) throws Exception { } /** - * Secure MAC using Poly1305. - * SAST: Poly1305 is secure when used with a one-time key from a cipher (e.g. - * ChaCha20). + * Secure MAC using Poly1305. SAST: Poly1305 is secure when used with a + * one-time key from a cipher (e.g. ChaCha20). */ public byte[] securePoly1305(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("Poly1305", "BC"); @@ -93,8 +86,8 @@ public byte[] securePoly1305(String message, byte[] key) throws Exception { } /** - * Secure MAC using GMAC. - * SAST: GMAC (the MAC part of AES-GCM) is secure when used correctly. + * Secure MAC using GMAC. SAST: GMAC (the MAC part of AES-GCM) is secure + * when used correctly. */ public byte[] secureGMAC(String message, byte[] key) throws Exception { // For GMAC, we use the GMac algorithm as provided by BC. @@ -107,8 +100,8 @@ public byte[] secureGMAC(String message, byte[] key) throws Exception { } /** - * Secure MAC using KMAC128. - * SAST: KMAC128 is part of the SHA-3 family and is secure when used properly. + * Secure MAC using KMAC128. SAST: KMAC128 is part of the SHA-3 family and + * is secure when used properly. */ public byte[] secureKMAC(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("KMAC128", "BC"); @@ -118,8 +111,8 @@ public byte[] secureKMAC(String message, byte[] key) throws Exception { } /** - * Insecure MAC using HMAC-SHA1. - * SAST: HMAC-SHA1 is considered deprecated and weak. + * Insecure MAC using HMAC-SHA1. SAST: HMAC-SHA1 is considered deprecated + * and weak. */ public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { Mac mac = Mac.getInstance("HmacSHA1", "BC"); @@ -129,12 +122,10 @@ public byte[] insecureHMACSHA1(String message, byte[] key) throws Exception { } // ---------- Further Use of MAC Outputs ---------- - /** * Processes the MAC output by using it as key material for AES encryption. - * SAST: Using a raw MAC output as key material is acceptable only if the MAC - * was - * produced by a secure function; otherwise, this is ambiguous. + * SAST: Using a raw MAC output as key material is acceptable only if the + * MAC was produced by a secure function; otherwise, this is ambiguous. * * @param macOutput The computed MAC output. * @throws Exception if encryption fails. @@ -149,9 +140,9 @@ public void processMACOutput(byte[] macOutput) throws Exception { } /** - * Alternative flow: Uses the MAC output as an identifier and then encrypts it. - * SAST: Using a MAC as an identifier is common; subsequent encryption must be - * secure. + * Alternative flow: Uses the MAC output as an identifier and then encrypts + * it. SAST: Using a MAC as an identifier is common; subsequent encryption + * must be secure. * * @param macOutput The computed MAC output. * @throws Exception if encryption fails. @@ -163,10 +154,11 @@ public void alternativeMACFlow(byte[] macOutput) throws Exception { /** * Further use: Derives two separate keys from the MAC output using PBKDF2, - * then uses one key for encryption and one for computing an additional MAC over - * the ciphertext. + * then uses one key for encryption and one for computing an additional MAC + * over the ciphertext. * - * SAST: This key-splitting technique is acceptable if PBKDF2 is used securely. + * SAST: This key-splitting technique is acceptable if PBKDF2 is used + * securely. * * @param macOutput The MAC output to derive keys from. * @throws Exception if key derivation or encryption fails. @@ -202,7 +194,6 @@ public void furtherUseMACForKeyDerivation(byte[] macOutput) throws Exception { } // ---------- Output/Storage Methods ---------- - /** * Simulates secure storage or transmission of an encrypted MAC output. * SAST: In production, storage and transmission must be protected. @@ -215,8 +206,8 @@ public void storeEncryptedMAC(byte[] encryptedMAC) { } /** - * Encrypts data using AES-GCM and simulates secure transmission. - * SAST: Uses a securely generated AES key. + * Encrypts data using AES-GCM and simulates secure transmission. SAST: Uses + * a securely generated AES key. * * @param data The data to encrypt. * @throws Exception if encryption fails. @@ -230,10 +221,9 @@ public void encryptAndSend(byte[] data) throws Exception { } // ---------- Helper Methods ---------- - /** - * Generates a secure 256-bit AES key. - * SAST: Uses a strong RNG for key generation. + * Generates a secure 256-bit AES key. SAST: Uses a strong RNG for key + * generation. * * @return A SecretKey for AES. * @throws NoSuchAlgorithmException if AES is unsupported. @@ -245,8 +235,8 @@ private SecretKey generateAESKey() throws NoSuchAlgorithmException { } /** - * Generates a random salt of the specified length using SecureRandom. - * SAST: Salting is essential for secure key derivation. + * Generates a random salt of the specified length using SecureRandom. SAST: + * Salting is essential for secure key derivation. * * @param length The salt length. * @return A byte array representing the salt. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java index 3d1803c2d40e..c99113d7a016 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/Nonce.java @@ -15,7 +15,6 @@ public class Nonce { // static { // Security.addProvider(new BouncyCastleProvider()); // Ensure BouncyCastle is available // } - /** * Simple Case: Generates a secure nonce and uses it in HMAC. */ diff --git a/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java index 59f1c121e0f4..313c4fd4e872 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/PrngTest.java @@ -10,28 +10,23 @@ * PrngTest demonstrates various approaches for generating random data using * PRNG/RNG APIs. * - * It covers: - * 1) Secure random generation using SecureRandom (default and - * getInstanceStrong). - * 2) Insecure random generation using java.util.Random. - * 3) Flawed PRNG usage by setting a fixed seed. - * 4) Dynamic PRNG selection based on configuration. - * 5) Usage of random data as nonces/IVs in symmetric encryption. + * It covers: 1) Secure random generation using SecureRandom (default and + * getInstanceStrong). 2) Insecure random generation using java.util.Random. 3) + * Flawed PRNG usage by setting a fixed seed. 4) Dynamic PRNG selection based on + * configuration. 5) Usage of random data as nonces/IVs in symmetric encryption. * - * SAST/CBOM Notes: - * - SecureRandom (and SecureRandom.getInstanceStrong) are recommended. - * - java.util.Random is not suitable for cryptographic purposes. - * - Re-seeding or using a fixed seed with SecureRandom makes it predictable. - * - IVs and nonces must be unique for each operation; reusing fixed values is + * SAST/CBOM Notes: - SecureRandom (and SecureRandom.getInstanceStrong) are + * recommended. - java.util.Random is not suitable for cryptographic purposes. - + * Re-seeding or using a fixed seed with SecureRandom makes it predictable. - + * IVs and nonces must be unique for each operation; reusing fixed values is * insecure. */ public class PrngTest { // ---------- Secure Random Generation ---------- - /** - * Generates random bytes using the default SecureRandom. - * SAST: SecureRandom is recommended for cryptographically secure random data. + * Generates random bytes using the default SecureRandom. SAST: SecureRandom + * is recommended for cryptographically secure random data. * * @param numBytes Number of bytes to generate. * @return A byte array of random data. @@ -44,8 +39,8 @@ public byte[] generateSecureRandomBytes(int numBytes) { } /** - * Generates random bytes using SecureRandom.getInstanceStrong(). - * SAST: getInstanceStrong() returns a strong RNG (may block in some + * Generates random bytes using SecureRandom.getInstanceStrong(). SAST: + * getInstanceStrong() returns a strong RNG (may block in some * environments). * * @param numBytes Number of bytes to generate. @@ -60,11 +55,9 @@ public byte[] generateSecureRandomBytesStrong(int numBytes) throws NoSuchAlgorit } // ---------- Insecure Random Generation ---------- - /** - * Generates random bytes using java.util.Random. - * SAST: java.util.Random is predictable and insecure for cryptographic - * purposes. + * Generates random bytes using java.util.Random. SAST: java.util.Random is + * predictable and insecure for cryptographic purposes. * * @param numBytes Number of bytes to generate. * @return A byte array of random data. @@ -77,8 +70,8 @@ public byte[] generateInsecureRandomBytes(int numBytes) { } /** - * Generates random bytes using SecureRandom with a fixed seed. - * SAST: Fixed seeding makes SecureRandom predictable and insecure. + * Generates random bytes using SecureRandom with a fixed seed. SAST: Fixed + * seeding makes SecureRandom predictable and insecure. * * @param numBytes Number of bytes to generate. * @return A byte array of predictable random data. @@ -93,15 +86,14 @@ public byte[] generatePredictableRandomBytes(int numBytes) { } // ---------- Dynamic PRNG Selection ---------- - /** * Dynamically selects a PRNG algorithm based on a configuration property. * If the algorithm is unknown, falls back to java.util.Random (insecure). * SAST: Dynamic selection may introduce risk if an insecure RNG is chosen. * * @param algorithmName The PRNG algorithm name (e.g. "SHA1PRNG", - * "NativePRNGNonBlocking", "getInstanceStrong"). - * @param numBytes Number of bytes to generate. + * "NativePRNGNonBlocking", "getInstanceStrong"). + * @param numBytes Number of bytes to generate. * @return A byte array of random data. * @throws NoSuchAlgorithmException if the algorithm is not available. */ @@ -128,10 +120,9 @@ public byte[] dynamicRandomGeneration(String algorithmName, int numBytes) throws // ---------- Usage Examples: Nonce/IV Generation for Symmetric Encryption // ---------- - /** - * Demonstrates secure generation of an IV for AES-GCM encryption. - * SAST: A unique, random IV is required for each encryption operation. + * Demonstrates secure generation of an IV for AES-GCM encryption. SAST: A + * unique, random IV is required for each encryption operation. * * @return A 12-byte IV. */ @@ -140,8 +131,8 @@ public byte[] generateRandomIVForGCM() { } /** - * Demonstrates insecure use of a fixed IV for AES-GCM encryption. - * SAST: Reusing a fixed IV in AES-GCM compromises security. + * Demonstrates insecure use of a fixed IV for AES-GCM encryption. SAST: + * Reusing a fixed IV in AES-GCM compromises security. * * @return A fixed 12-byte IV (all zeros). */ @@ -150,10 +141,9 @@ public byte[] generateFixedIVForGCM() { } // ---------- Example: Using PRNG for Key Generation ---------- - /** - * Generates a secure 256-bit AES key using SecureRandom. - * SAST: Strong key generation is critical for symmetric cryptography. + * Generates a secure 256-bit AES key using SecureRandom. SAST: Strong key + * generation is critical for symmetric cryptography. * * @return A new AES SecretKey. * @throws Exception if key generation fails. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java index 2649db688edd..d238aab173c7 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignEncryptCombinations.java @@ -1,15 +1,14 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - +import java.security.*; +import java.security.spec.ECGenParameterSpec; +import java.util.Arrays; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.Mac; import javax.crypto.SecretKey; import javax.crypto.spec.GCMParameterSpec; -import java.security.*; -import java.security.spec.ECGenParameterSpec; -import java.util.Arrays; /** * This class demonstrates cryptographic flows combining signing, encryption, @@ -18,26 +17,21 @@ * It intentionally includes both safe and unsafe patterns so that a SAST tool * can detect: * - * 1. **Sign then Encrypt (Unsafe)** - * - Signs the plaintext and encrypts only the signature, leaving the plaintext - * in cleartext. - * - *Issue:* The message is exposed, which could lead to replay or modification - * attacks. + * 1. **Sign then Encrypt (Unsafe)** - Signs the plaintext and encrypts only the + * signature, leaving the plaintext in cleartext. - *Issue:* The message is + * exposed, which could lead to replay or modification attacks. * - * 2. **Encrypt then Sign (Safe with caveats)** - * - Encrypts the plaintext and then signs the ciphertext. - * - *Caveat:* The signature is in the clear; metadata (e.g. ciphertext length) - * may be exposed. + * 2. **Encrypt then Sign (Safe with caveats)** - Encrypts the plaintext and + * then signs the ciphertext. - *Caveat:* The signature is in the clear; + * metadata (e.g. ciphertext length) may be exposed. * - * 3. **MAC then Encrypt (Unsafe)** - * - Computes a MAC on the plaintext and appends it before encryption. - * - *Issue:* Operating on plaintext for MAC generation can leak information and - * is discouraged. + * 3. **MAC then Encrypt (Unsafe)** - Computes a MAC on the plaintext and + * appends it before encryption. - *Issue:* Operating on plaintext for MAC + * generation can leak information and is discouraged. * - * 4. **Encrypt then MAC (Safe)** - * - Encrypts the plaintext and computes a MAC over the ciphertext. - * - *Benefit:* Provides a robust authenticated encryption construction when not - * using an AEAD cipher. + * 4. **Encrypt then MAC (Safe)** - Encrypts the plaintext and computes a MAC + * over the ciphertext. - *Benefit:* Provides a robust authenticated encryption + * construction when not using an AEAD cipher. * * Note: AES/GCM already provides authentication, so adding an external MAC is * redundant. @@ -49,7 +43,6 @@ public class SignEncryptCombinations { // static { // Security.addProvider(new BouncyCastleProvider()); // } - /////////////////////////////////////////////// // Key Generation for ECDSA on secp256r1 /////////////////////////////////////////////// @@ -92,8 +85,8 @@ public SecretKey generateAESKey() throws Exception { } /** - * Encrypts data using AES-GCM with a 12-byte IV and a 128-bit tag. - * Returns the concatenation of IV and ciphertext. + * Encrypts data using AES-GCM with a 12-byte IV and a 128-bit tag. Returns + * the concatenation of IV and ciphertext. */ public byte[] encryptAESGCM(SecretKey key, byte[] plaintext) throws Exception { Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding"); @@ -176,14 +169,14 @@ public boolean decryptThenVerify(SecretKey encryptionKey, PublicKey verifyingKey * *

    * **Benefit:** The plaintext is fully encrypted and remains confidential. - * **Caveat:** The signature is transmitted in the clear. Although this does not - * compromise - * the message, it might reveal metadata (like ciphertext length). + * **Caveat:** The signature is transmitted in the clear. Although this does + * not compromise the message, it might reveal metadata (like ciphertext + * length). *

    * * @param encryptionKey AES key for encryption. - * @param signingKey ECDSA private key for signing. - * @param data The plaintext message. + * @param signingKey ECDSA private key for signing. + * @param data The plaintext message. * @return The concatenation of the ciphertext and its signature. */ public byte[] encryptThenSign(SecretKey encryptionKey, PrivateKey signingKey, byte[] data) throws Exception { @@ -200,20 +193,18 @@ public byte[] encryptThenSign(SecretKey encryptionKey, PrivateKey signingKey, by } /** - * Extracts and verifies the signature from the combined ciphertext-signature - * bundle, - * then decrypts the ciphertext. + * Extracts and verifies the signature from the combined + * ciphertext-signature bundle, then decrypts the ciphertext. * *

    - * **Issue:** Here we assume a fixed signature length (70 bytes). In production, - * the signature length - * should be explicitly stored. Hard-coding a length is an unsafe pattern and - * may trigger SAST warnings. + * **Issue:** Here we assume a fixed signature length (70 bytes). In + * production, the signature length should be explicitly stored. Hard-coding + * a length is an unsafe pattern and may trigger SAST warnings. *

    * - * @param verifyingKey ECDSA public key for signature verification. + * @param verifyingKey ECDSA public key for signature verification. * @param encryptionKey AES key for decryption. - * @param combined The combined ciphertext and signature. + * @param combined The combined ciphertext and signature. * @return The decrypted plaintext message. */ public byte[] verifyThenDecrypt(PublicKey verifyingKey, SecretKey encryptionKey, byte[] combined) throws Exception { @@ -268,8 +259,8 @@ public byte[] macThenEncrypt(SecretKey macKey, SecretKey encKey, byte[] data) th /** * Decrypts the combined data and verifies the MAC. * - * @param macKey AES key used as the HMAC key. - * @param encKey AES key for decryption. + * @param macKey AES key used as the HMAC key. + * @param encKey AES key for decryption. * @param ciphertext The encrypted bundle containing plaintext and MAC. * @return true if the MAC is valid; false otherwise. */ @@ -289,14 +280,13 @@ public boolean decryptThenVerifyMac(SecretKey macKey, SecretKey encKey, byte[] c * ciphertext. * *

    - * **Benefit:** This "encrypt-then-MAC" construction ensures that the ciphertext - * is both confidential - * and tamper-evident. + * **Benefit:** This "encrypt-then-MAC" construction ensures that the + * ciphertext is both confidential and tamper-evident. *

    * * @param encKey AES key for encryption. * @param macKey AES key used as the HMAC key. - * @param data The plaintext message. + * @param data The plaintext message. * @return The concatenation of ciphertext and MAC. */ public byte[] encryptThenMac(SecretKey encKey, SecretKey macKey, byte[] data) throws Exception { @@ -314,8 +304,8 @@ public byte[] encryptThenMac(SecretKey encKey, SecretKey macKey, byte[] data) th /** * Verifies the MAC and then decrypts the ciphertext. * - * @param encKey AES key for decryption. - * @param macKey AES key used as the HMAC key. + * @param encKey AES key for decryption. + * @param macKey AES key used as the HMAC key. * @param combined The combined ciphertext and MAC. * @return The decrypted plaintext message. */ diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java index 74fc4a99c044..2efba7c5c770 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SignatureOperation.java @@ -1,7 +1,6 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - import java.security.*; import java.security.spec.ECGenParameterSpec; import java.util.Base64; @@ -10,32 +9,27 @@ /** * Demonstrates various digital signature operations: * - * 1) RSA-PSS (modern, safer) - * - CBOM/SAST: Classified as a Modern Digital Signature scheme using RSA-PSS. - * RSA-PSS with SHA-256 is recommended. + * 1) RSA-PSS (modern, safer) - CBOM/SAST: Classified as a Modern Digital + * Signature scheme using RSA-PSS. RSA-PSS with SHA-256 is recommended. * - * 2) ECDSA with secp256r1 - * - CBOM/SAST: Classified as an Elliptic Curve Digital Signature Algorithm. - * Secure when used with a strong curve and proper randomness. + * 2) ECDSA with secp256r1 - CBOM/SAST: Classified as an Elliptic Curve Digital + * Signature Algorithm. Secure when used with a strong curve and proper + * randomness. * - * 3) Ed25519 (RFC 8032) - * - CBOM/SAST: Classified as a modern, high-performance signature scheme. + * 3) Ed25519 (RFC 8032) - CBOM/SAST: Classified as a modern, high-performance + * signature scheme. * - * 4) SHA1withRSA (deprecated/unsafe example) - * - CBOM/SAST: Classified as a legacy digital signature scheme. - * SHA-1 and 1024-bit RSA are deprecated. + * 4) SHA1withRSA (deprecated/unsafe example) - CBOM/SAST: Classified as a + * legacy digital signature scheme. SHA-1 and 1024-bit RSA are deprecated. * * Additional nuanced examples: * - * - Signing and verifying an empty message. - * - Signing data with non-ASCII characters. - * - Demonstrating signature tampering and its detection. - * - A dynamic (runtime-selected) signature algorithm scenario ("known - * unknown"). + * - Signing and verifying an empty message. - Signing data with non-ASCII + * characters. - Demonstrating signature tampering and its detection. - A + * dynamic (runtime-selected) signature algorithm scenario ("known unknown"). * - * Requirements: - * - BouncyCastle for ECDSA, Ed25519, and RSA-PSS (if needed). - * - Java 11+ for native Ed25519 support or using BC for older versions. + * Requirements: - BouncyCastle for ECDSA, Ed25519, and RSA-PSS (if needed). - + * Java 11+ for native Ed25519 support or using BC for older versions. */ public class SignatureOperation { @@ -43,7 +37,6 @@ public class SignatureOperation { // // Register the BouncyCastle provider. // Security.addProvider(new BouncyCastleProvider()); // } - /////////////////////////////////////// // 1. RSA-PSS (Recommended) /////////////////////////////////////// @@ -64,8 +57,7 @@ public KeyPair generateRSAPSSKeyPair() throws Exception { /** * Sign data using RSA-PSS with SHA-256. * - * CBOM/SAST Notes: - * - Parent: Modern Digital Signature (RSA-PSS). + * CBOM/SAST Notes: - Parent: Modern Digital Signature (RSA-PSS). */ public byte[] signRSAPSS(PrivateKey privateKey, byte[] data) throws Exception { Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); @@ -77,8 +69,7 @@ public byte[] signRSAPSS(PrivateKey privateKey, byte[] data) throws Exception { /** * Verify data using RSA-PSS with SHA-256. * - * CBOM/SAST Notes: - * - Parent: Modern Digital Signature (RSA-PSS). + * CBOM/SAST Notes: - Parent: Modern Digital Signature (RSA-PSS). */ public boolean verifyRSAPSS(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { Signature signature = Signature.getInstance("SHA256withRSAandMGF1"); @@ -106,8 +97,7 @@ public KeyPair generateECDSAKeyPair() throws Exception { /** * Sign data using ECDSA with SHA-256. * - * CBOM/SAST Notes: - * - Parent: Elliptic Curve Digital Signature. + * CBOM/SAST Notes: - Parent: Elliptic Curve Digital Signature. */ public byte[] signECDSA(PrivateKey privateKey, byte[] data) throws Exception { Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); @@ -119,8 +109,7 @@ public byte[] signECDSA(PrivateKey privateKey, byte[] data) throws Exception { /** * Verify data using ECDSA with SHA-256. * - * CBOM/SAST Notes: - * - Parent: Elliptic Curve Digital Signature. + * CBOM/SAST Notes: - Parent: Elliptic Curve Digital Signature. */ public boolean verifyECDSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { Signature signature = Signature.getInstance("SHA256withECDSA", "BC"); @@ -147,8 +136,7 @@ public KeyPair generateEd25519KeyPair() throws Exception { /** * Sign data using Ed25519. * - * CBOM/SAST Notes: - * - Parent: Modern Digital Signature (EdDSA). + * CBOM/SAST Notes: - Parent: Modern Digital Signature (EdDSA). */ public byte[] signEd25519(PrivateKey privateKey, byte[] data) throws Exception { Signature signature = Signature.getInstance("Ed25519", "BC"); @@ -160,8 +148,7 @@ public byte[] signEd25519(PrivateKey privateKey, byte[] data) throws Exception { /** * Verify data using Ed25519. * - * CBOM/SAST Notes: - * - Parent: Modern Digital Signature (EdDSA). + * CBOM/SAST Notes: - Parent: Modern Digital Signature (EdDSA). */ public boolean verifyEd25519(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { Signature signature = Signature.getInstance("Ed25519", "BC"); @@ -191,9 +178,8 @@ public KeyPair generateRSAUnsafeKeyPair() throws Exception { /** * Sign data using SHA1withRSA. * - * CBOM/SAST Notes: - * - Parent: Legacy Digital Signature. - * - SHA-1 is deprecated and RSA with 1024 bits is considered weak. + * CBOM/SAST Notes: - Parent: Legacy Digital Signature. - SHA-1 is + * deprecated and RSA with 1024 bits is considered weak. */ public byte[] signSHA1withRSA(PrivateKey privateKey, byte[] data) throws Exception { Signature signature = Signature.getInstance("SHA1withRSA"); @@ -205,9 +191,8 @@ public byte[] signSHA1withRSA(PrivateKey privateKey, byte[] data) throws Excepti /** * Verify data using SHA1withRSA. * - * CBOM/SAST Notes: - * - Parent: Legacy Digital Signature. - * - Verification of SHA1withRSA is insecure. + * CBOM/SAST Notes: - Parent: Legacy Digital Signature. - Verification of + * SHA1withRSA is insecure. */ public boolean verifySHA1withRSA(PublicKey publicKey, byte[] data, byte[] sigBytes) throws Exception { Signature signature = Signature.getInstance("SHA1withRSA"); @@ -239,9 +224,8 @@ public void signAndVerifyEmptyMessage() throws Exception { * Demonstrates that even a slight tampering with the signature will cause * verification to fail. * - * CBOM/SAST Notes: - * - Edge Case: Signature integrity is critical. Any change—even a single - * byte—should invalidate the signature. + * CBOM/SAST Notes: - Edge Case: Signature integrity is critical. Any + * change-even a single byte-should invalidate the signature. */ public void tamperSignatureEdgeCase() throws Exception { byte[] message = "Important Message".getBytes(); @@ -257,14 +241,13 @@ public void tamperSignatureEdgeCase() throws Exception { } /** - * Demonstrates dynamic signature algorithm selection. - * This is a "known unknown" scenario where the algorithm is chosen at runtime - * based on configuration. If the configuration is compromised or misconfigured, - * an insecure algorithm might be selected. + * Demonstrates dynamic signature algorithm selection. This is a "known + * unknown" scenario where the algorithm is chosen at runtime based on + * configuration. If the configuration is compromised or misconfigured, an + * insecure algorithm might be selected. * - * CBOM/SAST Notes: - * - Known Unknown: Dynamic configuration introduces ambiguity and risk. - * - Ensure that fallback defaults are secure. + * CBOM/SAST Notes: - Known Unknown: Dynamic configuration introduces + * ambiguity and risk. - Ensure that fallback defaults are secure. */ public void dynamicSignatureSelectionDemo() throws Exception { // Simulate loading a configuration. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java index 1c9d90780f3e..ce07eab5b596 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricAlgorithm.java @@ -1,7 +1,6 @@ package com.example.crypto.algorithms; // import org.bouncycastle.jce.provider.BouncyCastleProvider; - import java.security.*; import javax.crypto.Cipher; @@ -19,39 +18,31 @@ /** * SymmetricAlgorithmTest demonstrates various symmetric encryption flows and - * key derivation - * scenarios that can be analyzed by SAST tools. + * key derivation scenarios that can be analyzed by SAST tools. * - * It includes: - * 1) AES-GCM encryption with random nonce (secure). - * 2) AES-GCM encryption with fixed nonce (insecure). - * 3) AES-CBC encryption with random IV (secure). - * 4) AES-ECB encryption (insecure). - * 5) RC4 encryption (insecure). - * 6) DES and TripleDES encryption (insecure/weak). - * 7) ChaCha20 encryption (secure, if available). - * 8) KMAC-based key derivation used to derive a key for AES encryption. - * 9) Dynamic symmetric encryption selection based on configuration. + * It includes: 1) AES-GCM encryption with random nonce (secure). 2) AES-GCM + * encryption with fixed nonce (insecure). 3) AES-CBC encryption with random IV + * (secure). 4) AES-ECB encryption (insecure). 5) RC4 encryption (insecure). 6) + * DES and TripleDES encryption (insecure/weak). 7) ChaCha20 encryption (secure, + * if available). 8) KMAC-based key derivation used to derive a key for AES + * encryption. 9) Dynamic symmetric encryption selection based on configuration. * 10) Further use: deriving two keys from symmetric key material via PBKDF2. * - * SAST/CBOM notes: - * - Nonce/IV reuse (e.g., fixed nonce) must be flagged. - * - Insecure algorithms (RC4, DES, TripleDES, AES/ECB) are marked as unsafe. - * - Dynamic selection may lead to insecure fallback if misconfigured. + * SAST/CBOM notes: - Nonce/IV reuse (e.g., fixed nonce) must be flagged. - + * Insecure algorithms (RC4, DES, TripleDES, AES/ECB) are marked as unsafe. - + * Dynamic selection may lead to insecure fallback if misconfigured. */ public class SymmetricAlgorithm { // static { // Security.addProvider(new BouncyCastleProvider()); // } - // ---------- Secure Symmetric Encryption Flows ---------- - /** - * AES-GCM encryption using a 12-byte random nonce. - * SAST: AES-GCM is secure when a unique nonce is used per encryption. + * AES-GCM encryption using a 12-byte random nonce. SAST: AES-GCM is secure + * when a unique nonce is used per encryption. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The IV prepended to the ciphertext. * @throws Exception if encryption fails. @@ -70,11 +61,10 @@ public byte[] aesGcmEncryptSafe(SecretKey key, byte[] plaintext) throws Exceptio } /** - * AES-GCM encryption using a fixed (constant) nonce. - * SAST: Fixed nonce reuse in AES-GCM is insecure as it destroys - * confidentiality. + * AES-GCM encryption using a fixed (constant) nonce. SAST: Fixed nonce + * reuse in AES-GCM is insecure as it destroys confidentiality. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The fixed IV prepended to the ciphertext. * @throws Exception if encryption fails. @@ -92,10 +82,10 @@ public byte[] aesGcmEncryptUnsafe(SecretKey key, byte[] plaintext) throws Except } /** - * AES-CBC encryption using a random IV. - * SAST: AES-CBC is secure if IVs are random and not reused. + * AES-CBC encryption using a random IV. SAST: AES-CBC is secure if IVs are + * random and not reused. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The IV prepended to the ciphertext. * @throws Exception if encryption fails. @@ -114,10 +104,10 @@ public byte[] aesCbcEncryptSafe(SecretKey key, byte[] plaintext) throws Exceptio } /** - * AES-ECB encryption. - * SAST: ECB mode is insecure as it does not use an IV, revealing data patterns. + * AES-ECB encryption. SAST: ECB mode is insecure as it does not use an IV, + * revealing data patterns. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -129,12 +119,10 @@ public byte[] aesEcbEncryptUnsafe(SecretKey key, byte[] plaintext) throws Except } // ---------- Other Symmetric Algorithms ---------- - /** - * RC4 encryption. - * SAST: RC4 is deprecated due to vulnerabilities. + * RC4 encryption. SAST: RC4 is deprecated due to vulnerabilities. * - * @param key The RC4 key. + * @param key The RC4 key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -146,10 +134,10 @@ public byte[] rc4EncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception } /** - * DES encryption. - * SAST: DES is insecure due to its 56-bit effective key size. + * DES encryption. SAST: DES is insecure due to its 56-bit effective key + * size. * - * @param key The DES key. + * @param key The DES key. * @param plaintext The plaintext to encrypt. * @return The IV prepended to the ciphertext. * @throws Exception if encryption fails. @@ -168,10 +156,10 @@ public byte[] desEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exception } /** - * TripleDES (DESede) encryption. - * SAST: TripleDES is weak by modern standards and is deprecated. + * TripleDES (DESede) encryption. SAST: TripleDES is weak by modern + * standards and is deprecated. * - * @param key The TripleDES key. + * @param key The TripleDES key. * @param plaintext The plaintext to encrypt. * @return The IV prepended to the ciphertext. * @throws Exception if encryption fails. @@ -190,10 +178,10 @@ public byte[] tripleDesEncryptUnsafe(SecretKey key, byte[] plaintext) throws Exc } /** - * ChaCha20 encryption. - * SAST: ChaCha20 is considered secure and is a modern alternative to AES. + * ChaCha20 encryption. SAST: ChaCha20 is considered secure and is a modern + * alternative to AES. * - * @param key The ChaCha20 key. + * @param key The ChaCha20 key. * @param plaintext The plaintext to encrypt. * @return The nonce prepended to the ciphertext. * @throws Exception if encryption fails. @@ -215,10 +203,10 @@ public byte[] chacha20EncryptSafe(SecretKey key, byte[] plaintext) throws Except * KMAC-based flow: Uses KMAC128 to derive key material for AES encryption. * SAST: KMAC128 is secure as part of the SHA-3 family when used correctly. * - * @param key The KMAC key. + * @param key The KMAC key. * @param plaintext The plaintext to encrypt. * @return The ciphertext (with IV) resulting from encryption with a derived - * key. + * key. * @throws Exception if encryption fails. */ public byte[] kmacEncryptFlow(SecretKey key, byte[] plaintext) throws Exception { @@ -240,17 +228,15 @@ public byte[] kmacEncryptFlow(SecretKey key, byte[] plaintext) throws Exception } // ---------- Dynamic Algorithm Selection ---------- - /** - * Dynamically selects a symmetric encryption algorithm based on a configuration - * property. - * If the algorithm is unknown or ambiguous, falls back to an insecure default - * (AES/ECB). + * Dynamically selects a symmetric encryption algorithm based on a + * configuration property. If the algorithm is unknown or ambiguous, falls + * back to an insecure default (AES/ECB). * * SAST: Dynamic selection introduces a known unknown risk. * * @param algorithm The algorithm name from configuration. - * @param key The symmetric key. + * @param key The symmetric key. * @param plaintext The plaintext to encrypt. * @return The ciphertext. * @throws Exception if encryption fails. @@ -273,10 +259,9 @@ public byte[] dynamicSymmetricEncryption(String algorithm, SecretKey key, byte[] } // ---------- Further Use of Symmetric Keys ---------- - /** - * Derives a key from an input key by simple truncation. - * SAST: This approach is ambiguous; a proper KDF should be used. + * Derives a key from an input key by simple truncation. SAST: This approach + * is ambiguous; a proper KDF should be used. * * @param key The input symmetric key. * @return A derived 128-bit key. @@ -288,10 +273,10 @@ public byte[] deriveKeyFromKey(SecretKey key) { /** * Further use: Derives two separate keys from a symmetric key using PBKDF2, - * then uses one key for encryption and one for MACing ciphertext. - * SAST: This key-splitting approach is acceptable if PBKDF2 is used securely. + * then uses one key for encryption and one for MACing ciphertext. SAST: + * This key-splitting approach is acceptable if PBKDF2 is used securely. * - * @param key The input key material. + * @param key The input key material. * @param plaintext The plaintext to encrypt. * @return The concatenated ciphertext and its MAC. * @throws Exception if key derivation or encryption fails. @@ -325,8 +310,8 @@ public byte[] furtherUseSymmetricKeyForKeyDerivation(SecretKey key, byte[] plain } /** - * Stores the encrypted output. - * SAST: In production, secure storage/transmission is required. + * Stores the encrypted output. SAST: In production, secure + * storage/transmission is required. * * @param output The output to store. */ @@ -335,10 +320,9 @@ public void storeEncryptedOutput(byte[] output) { } // ---------- Helper Methods ---------- - /** - * Generates a secure 256-bit AES key. - * SAST: Uses a strong RNG for key generation. + * Generates a secure 256-bit AES key. SAST: Uses a strong RNG for key + * generation. * * @return A new AES SecretKey. * @throws Exception if key generation fails. @@ -350,8 +334,8 @@ public SecretKey generateAESKey() throws Exception { } /** - * Generates a random salt of the specified length using SecureRandom. - * SAST: Salting is essential for secure key derivation. + * Generates a random salt of the specified length using SecureRandom. SAST: + * Salting is essential for secure key derivation. * * @param length The salt length. * @return A byte array representing the salt. diff --git a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java index 4ea75ab8d8c2..18df2602a7dd 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/SymmetricModesTest.java @@ -1,33 +1,28 @@ package com.example.crypto.algorithms; //import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import java.security.*; +import java.security.SecureRandom; +import java.util.Base64; import javax.crypto.Cipher; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; -import java.security.SecureRandom; -import java.util.Base64; /** * SymmetricModesTest demonstrates the use of advanced cipher modes for * symmetric encryption: * * 1. AES/KWP/NoPadding: Uses AES Key Wrap with Padding (KWP) to securely wrap - * (encrypt) a key. - * - Secure usage: Uses a randomly generated wrapping key. + * (encrypt) a key. - Secure usage: Uses a randomly generated wrapping key. * * 2. AES/OFB8/NoPadding: Uses AES in Output Feedback mode with an 8-bit - * feedback size. - * - Secure usage: Uses a random IV for each encryption. - * - Insecure usage: Using a fixed IV (or nonce) in OFB mode compromises + * feedback size. - Secure usage: Uses a random IV for each encryption. - + * Insecure usage: Using a fixed IV (or nonce) in OFB mode compromises * confidentiality. * * In production, algorithm parameters (such as mode, padding, and IV - * generation) should be - * externalized via configuration files to support crypto agility. + * generation) should be externalized via configuration files to support crypto + * agility. */ public class SymmetricModesTest { @@ -35,18 +30,15 @@ public class SymmetricModesTest { // // Register BouncyCastle provider for additional cipher modes. // Security.addProvider(new BouncyCastleProvider()); // } - // --------------------------- // AES/KWP/NoPadding Example // --------------------------- - /** * Securely wraps a target AES key using AES/KWP/NoPadding. * - * Best Practice: - * - The wrapping key must be generated randomly. - * - AES/KWP provides key wrapping with padding, suitable for keys whose lengths - * are not multiples of the block size. + * Best Practice: - The wrapping key must be generated randomly. - AES/KWP + * provides key wrapping with padding, suitable for keys whose lengths are + * not multiples of the block size. * * @return The Base64-encoded wrapped key. * @throws Exception if an error occurs during key wrapping. @@ -72,15 +64,13 @@ public String secureAESKWPWrap() throws Exception { // --------------------------- // AES/OFB8/NoPadding Examples // --------------------------- - /** - * Securely encrypts plaintext using AES in OFB mode with an 8-bit feedback size - * (AES/OFB8/NoPadding). + * Securely encrypts plaintext using AES in OFB mode with an 8-bit feedback + * size (AES/OFB8/NoPadding). * - * Best Practice: - * - Use a fresh, random IV for each encryption operation. + * Best Practice: - Use a fresh, random IV for each encryption operation. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext (Base64-encoded) with the IV prepended. * @throws Exception if encryption fails. @@ -100,15 +90,13 @@ public String secureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws Ex } /** - * Insecurely encrypts plaintext using AES in OFB mode with an 8-bit feedback - * size (AES/OFB8/NoPadding) - * by using a fixed IV. + * Insecurely encrypts plaintext using AES in OFB mode with an 8-bit + * feedback size (AES/OFB8/NoPadding) by using a fixed IV. * - * Best Practice Violation: - * - Using a fixed IV (or nonce) with any encryption mode (including OFB) - * compromises the cipher's security. + * Best Practice Violation: - Using a fixed IV (or nonce) with any + * encryption mode (including OFB) compromises the cipher's security. * - * @param key The AES key. + * @param key The AES key. * @param plaintext The plaintext to encrypt. * @return The ciphertext (Base64-encoded) with the fixed IV prepended. * @throws Exception if encryption fails. @@ -129,7 +117,6 @@ public String insecureAesOfb8Encryption(SecretKey key, byte[] plaintext) throws // --------------------------- // Helper Methods // --------------------------- - /** * Generates a secure 256-bit AES key. * diff --git a/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java index 74b5b3b6184d..43a508951f88 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/UniversalFlowTest.java @@ -14,35 +14,36 @@ import java.io.IOException; public class UniversalFlowTest { + public void simpleAESEncryption() throws Exception { - String algorithm = "AES"; - String otherAlgorithm = loadAlgorithmFromDisk(); + String algorithm = "AES"; + String otherAlgorithm = loadAlgorithmFromDisk(); - // Randomly select between the known algorithm and the one loaded from disk - String selectedAlgorithm = (new Random().nextInt(2) == 0) ? algorithm : otherAlgorithm; + // Randomly select between the known algorithm and the one loaded from disk + String selectedAlgorithm = (new Random().nextInt(2) == 0) ? algorithm : otherAlgorithm; - KeyGenerator keyGen = KeyGenerator.getInstance(selectedAlgorithm); - keyGen.init(256); // 256-bit AES key. - SecretKey key = keyGen.generateKey(); - String algorithm2 = "AES/GCM/NoPadding"; - Cipher cipher = Cipher.getInstance(algorithm2); - byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. - new SecureRandom().nextBytes(iv); - GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. - cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); - byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); -} + KeyGenerator keyGen = KeyGenerator.getInstance(selectedAlgorithm); + keyGen.init(256); // 256-bit AES key. + SecretKey key = keyGen.generateKey(); + String algorithm2 = "AES/GCM/NoPadding"; + Cipher cipher = Cipher.getInstance(algorithm2); + byte[] iv = new byte[12]; // 12-byte IV recommended for GCM. + new SecureRandom().nextBytes(iv); + GCMParameterSpec gcmSpec = new GCMParameterSpec(128, iv); // 128-bit authentication tag. + cipher.init(Cipher.ENCRYPT_MODE, key, gcmSpec); + byte[] encryptedData = cipher.doFinal("Sensitive Data".getBytes()); + } // Method to load algorithm from disk -private String loadAlgorithmFromDisk() { - try { - // Implementation to load algorithm name from a file - Path path = Paths.get("algorithm.txt"); - return Files.readString(path).trim(); - } catch (IOException e) { - // Fallback to default algorithm if loading fails - System.err.println("Failed to load algorithm from disk: " + e.getMessage()); - return "AES"; + private String loadAlgorithmFromDisk() { + try { + // Implementation to load algorithm name from a file + Path path = Paths.get("algorithm.txt"); + return Files.readString(path).trim(); + } catch (IOException e) { + // Fallback to default algorithm if loading fails + System.err.println("Failed to load algorithm from disk: " + e.getMessage()); + return "AES"; + } } } -} \ No newline at end of file diff --git a/java/ql/test/experimental/library-tests/quantum/node_edges.expected b/java/ql/test/experimental/library-tests/quantum/node_edges.expected index 871e2fec3b5d..94e4d2bf0561 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_edges.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_edges.expected @@ -1,494 +1,494 @@ -| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | -| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | Source | jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:76:29:76:50 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | Source | jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | -| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | Source | jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:99:29:99:50 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | Source | jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | -| jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | -| jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | Source | jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | -| jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | -| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | Source | jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | Source | jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | -| jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | -| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | Source | jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | Source | jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | Source | jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | -| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:162:29:162:64 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | -| jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | -| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | Source | jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | Source | jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | Source | jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | -| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:190:29:190:64 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | Source | jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | Source | jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:67:29:67:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | Source | jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | Algorithm | jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | Output | jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | Source | jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Algorithm | jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Input | jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Key | jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Nonce | jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | Output | jca/AesWrapAndPBEWith.java:89:29:89:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | Source | jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | Source | jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | +| jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | Source | jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | H | jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | PRF | jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | +| jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | Source | jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | Source | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | Source | jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Algorithm | jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Input | jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Output | jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Salt | jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Mode | jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | Source | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | Source | jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Algorithm | jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Input | jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Key | jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Nonce | jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | Output | jca/AesWrapAndPBEWith.java:178:29:178:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | Source | jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | PeerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | ServerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Digest | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | MD | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | MGF1Hash | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | Source | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | -| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | Source | jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | Source | jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:29:44:29:52 | Message | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:28:42:28:44 | Key | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:29:29:29:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:29:44:29:52 | Message | Source | jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | Source | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | -| jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | Source | jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:40:31:40:40 | Message | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:39:42:39:44 | Key | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:40:16:40:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:40:31:40:40 | Message | Source | jca/ChainedEncryptionTest.java:40:31:40:40 | Message | -| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | Source | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | -| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | Source | jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | Source | jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:49:44:49:52 | Message | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:48:42:48:44 | Key | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:49:29:49:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:49:44:49:52 | Message | Source | jca/ChainedEncryptionTest.java:49:44:49:52 | Message | -| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | Source | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | -| jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | Source | jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:59:31:59:40 | Message | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:58:42:58:44 | Key | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:59:16:59:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:59:31:59:40 | Message | Source | jca/ChainedEncryptionTest.java:59:31:59:40 | Message | -| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:86:30:86:49 | Key | -| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:90:30:90:52 | Key | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | Source | jca/ChainedEncryptionTest.java:86:30:86:49 | Key | -| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | Source | jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | Source | jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:98:52:98:61 | Message | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:97:45:97:52 | Key | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:98:52:98:61 | Message | Source | jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | -| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | Source | jca/ChainedEncryptionTest.java:90:30:90:52 | Key | -| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | Source | jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | Source | jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:105:55:105:69 | Message | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:104:48:104:55 | Key | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:105:55:105:69 | Message | Source | jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | Source | jca/ChainedEncryptionTest.java:109:45:109:52 | Key | -| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | Source | jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | Source | jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:61:110:75 | Message | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:109:45:109:52 | Key | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:110:61:110:75 | Message | Source | jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | Source | jca/ChainedEncryptionTest.java:114:42:114:49 | Key | -| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | Source | jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | Source | jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:115:52:115:75 | Message | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:114:42:114:49 | Key | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:115:37:115:76 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:115:52:115:75 | Message | Source | jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:124:28:124:47 | Key | -| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:129:31:129:53 | Key | -| jca/Digest.java:56:23:56:66 | Digest | Source | jca/Digest.java:56:23:56:66 | Digest | -| jca/Digest.java:56:23:56:66 | HashOperation | Algorithm | jca/Digest.java:55:58:55:66 | HashAlgorithm | -| jca/Digest.java:56:23:56:66 | HashOperation | Digest | jca/Digest.java:56:23:56:66 | Digest | -| jca/Digest.java:56:23:56:66 | HashOperation | Message | jca/Digest.java:56:37:56:65 | Message | -| jca/Digest.java:56:37:56:65 | Message | Source | jca/Digest.java:56:37:56:54 | Constant | -| jca/Digest.java:66:23:66:70 | Digest | Source | jca/Digest.java:66:23:66:70 | Digest | -| jca/Digest.java:66:23:66:70 | HashOperation | Algorithm | jca/Digest.java:65:61:65:65 | HashAlgorithm | -| jca/Digest.java:66:23:66:70 | HashOperation | Digest | jca/Digest.java:66:23:66:70 | Digest | -| jca/Digest.java:66:23:66:70 | HashOperation | Message | jca/Digest.java:66:40:66:69 | Message | -| jca/Digest.java:66:40:66:69 | Message | Source | jca/Digest.java:66:40:66:58 | Constant | -| jca/Digest.java:76:23:76:62 | Digest | Source | jca/Digest.java:76:23:76:62 | Digest | -| jca/Digest.java:76:23:76:62 | HashOperation | Algorithm | jca/Digest.java:75:64:75:72 | HashAlgorithm | -| jca/Digest.java:76:23:76:62 | HashOperation | Digest | jca/Digest.java:76:23:76:62 | Digest | -| jca/Digest.java:76:23:76:62 | HashOperation | Message | jca/Digest.java:76:43:76:61 | Message | -| jca/Digest.java:76:43:76:61 | Message | Source | jca/Digest.java:74:49:74:63 | Parameter | -| jca/Digest.java:87:23:87:26 | Message | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | -| jca/Digest.java:87:23:87:26 | Message | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | -| jca/Digest.java:88:23:88:56 | Digest | Source | jca/Digest.java:88:23:88:56 | Digest | -| jca/Digest.java:88:23:88:56 | HashOperation | Algorithm | jca/Digest.java:86:58:86:66 | HashAlgorithm | -| jca/Digest.java:88:23:88:56 | HashOperation | Digest | jca/Digest.java:88:23:88:56 | Digest | -| jca/Digest.java:88:23:88:56 | HashOperation | Message | jca/Digest.java:87:23:87:26 | Message | -| jca/Digest.java:88:23:88:56 | HashOperation | Message | jca/Digest.java:88:37:88:55 | Message | -| jca/Digest.java:88:37:88:55 | Message | Source | jca/Digest.java:84:37:84:51 | Parameter | -| jca/Digest.java:98:42:98:63 | Message | Source | jca/Digest.java:96:37:96:51 | Parameter | -| jca/Digest.java:98:66:98:69 | Salt | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | -| jca/Digest.java:98:66:98:69 | Salt | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | -| jca/Digest.java:99:65:99:86 | HMACAlgorithm | H | jca/Digest.java:99:65:99:86 | HashAlgorithm | -| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:99:65:99:86 | HMACAlgorithm | -| jca/Digest.java:100:23:100:50 | KeyDerivation | Algorithm | jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | -| jca/Digest.java:100:23:100:50 | KeyDerivation | Input | jca/Digest.java:98:42:98:63 | Message | -| jca/Digest.java:100:23:100:50 | KeyDerivation | Output | jca/Digest.java:100:23:100:50 | Key | -| jca/Digest.java:100:23:100:50 | KeyDerivation | Salt | jca/Digest.java:98:66:98:69 | Salt | -| jca/Digest.java:110:23:110:57 | Digest | Source | jca/Digest.java:110:23:110:57 | Digest | -| jca/Digest.java:110:23:110:57 | HashOperation | Algorithm | jca/Digest.java:109:62:109:68 | HashAlgorithm | -| jca/Digest.java:110:23:110:57 | HashOperation | Digest | jca/Digest.java:110:23:110:57 | Digest | -| jca/Digest.java:110:23:110:57 | HashOperation | Message | jca/Digest.java:110:41:110:56 | Message | -| jca/Digest.java:110:41:110:56 | Message | Source | jca/Digest.java:108:40:108:51 | Parameter | -| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | -| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | -| jca/Digest.java:121:19:121:27 | Key | Source | jca/Digest.java:118:49:118:58 | Parameter | -| jca/Digest.java:122:23:122:52 | MACOperation | Algorithm | jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | -| jca/Digest.java:122:23:122:52 | MACOperation | HashAlgorithm | jca/Digest.java:122:23:122:52 | MACOperation | -| jca/Digest.java:122:23:122:52 | MACOperation | Input | jca/Digest.java:122:36:122:51 | Message | -| jca/Digest.java:122:23:122:52 | MACOperation | Key | jca/Digest.java:121:19:121:27 | Key | -| jca/Digest.java:122:23:122:52 | MACOperation | Message | jca/Digest.java:122:36:122:51 | Message | -| jca/Digest.java:122:23:122:52 | MACOperation | Nonce | jca/Digest.java:122:23:122:52 | MACOperation | -| jca/Digest.java:122:23:122:52 | MACOperation | Output | jca/Digest.java:122:23:122:52 | KeyOperationOutput | -| jca/Digest.java:122:36:122:51 | Message | Source | jca/Digest.java:118:35:118:46 | Parameter | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:141:44:141:62 | ModeOfOperation | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:141:44:141:62 | PaddingAlgorithm | -| jca/Digest.java:142:42:142:44 | Key | Source | jca/Digest.java:142:42:142:44 | Key | -| jca/Digest.java:143:32:143:74 | EncryptOperation | Algorithm | jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | -| jca/Digest.java:143:32:143:74 | EncryptOperation | Input | jca/Digest.java:143:47:143:73 | Message | -| jca/Digest.java:143:32:143:74 | EncryptOperation | Key | jca/Digest.java:142:42:142:44 | Key | -| jca/Digest.java:143:32:143:74 | EncryptOperation | Nonce | jca/Digest.java:143:32:143:74 | EncryptOperation | -| jca/Digest.java:143:32:143:74 | EncryptOperation | Output | jca/Digest.java:143:32:143:74 | KeyOperationOutput | -| jca/Digest.java:143:47:143:73 | Message | Source | jca/Digest.java:143:47:143:62 | Constant | -| jca/Digest.java:177:42:177:71 | Message | Source | jca/Digest.java:172:50:172:62 | Parameter | -| jca/Digest.java:177:74:177:77 | Salt | Source | jca/Digest.java:254:9:254:42 | RandomNumberGeneration | -| jca/Digest.java:177:74:177:77 | Salt | Source | jca/Digest.java:254:38:254:41 | RandomNumberGeneration | -| jca/Digest.java:178:65:178:86 | HMACAlgorithm | H | jca/Digest.java:178:65:178:86 | HashAlgorithm | -| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:178:65:178:86 | HMACAlgorithm | -| jca/Digest.java:179:30:179:57 | KeyDerivation | Algorithm | jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | -| jca/Digest.java:179:30:179:57 | KeyDerivation | Input | jca/Digest.java:177:42:177:71 | Message | -| jca/Digest.java:179:30:179:57 | KeyDerivation | Output | jca/Digest.java:179:30:179:57 | Key | -| jca/Digest.java:179:30:179:57 | KeyDerivation | Salt | jca/Digest.java:177:74:177:77 | Salt | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:187:44:187:62 | ModeOfOperation | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:187:44:187:62 | PaddingAlgorithm | -| jca/Digest.java:188:42:188:54 | Key | Source | jca/Digest.java:188:42:188:54 | Key | -| jca/Digest.java:189:29:189:78 | EncryptOperation | Algorithm | jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | -| jca/Digest.java:189:29:189:78 | EncryptOperation | Input | jca/Digest.java:189:44:189:77 | Message | -| jca/Digest.java:189:29:189:78 | EncryptOperation | Key | jca/Digest.java:188:42:188:54 | Key | -| jca/Digest.java:189:29:189:78 | EncryptOperation | Nonce | jca/Digest.java:189:29:189:78 | EncryptOperation | -| jca/Digest.java:189:29:189:78 | EncryptOperation | Output | jca/Digest.java:189:29:189:78 | KeyOperationOutput | -| jca/Digest.java:189:44:189:77 | Message | Source | jca/Digest.java:189:44:189:66 | Constant | -| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | -| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | -| jca/Digest.java:193:18:193:23 | Key | Source | jca/Digest.java:193:18:193:23 | Key | -| jca/Digest.java:194:30:194:52 | MACOperation | Algorithm | jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | -| jca/Digest.java:194:30:194:52 | MACOperation | HashAlgorithm | jca/Digest.java:194:30:194:52 | MACOperation | -| jca/Digest.java:194:30:194:52 | MACOperation | Input | jca/Digest.java:194:42:194:51 | Message | -| jca/Digest.java:194:30:194:52 | MACOperation | Key | jca/Digest.java:193:18:193:23 | Key | -| jca/Digest.java:194:30:194:52 | MACOperation | Message | jca/Digest.java:194:42:194:51 | Message | -| jca/Digest.java:194:30:194:52 | MACOperation | Nonce | jca/Digest.java:194:30:194:52 | MACOperation | -| jca/Digest.java:194:30:194:52 | MACOperation | Output | jca/Digest.java:194:30:194:52 | KeyOperationOutput | -| jca/Digest.java:194:42:194:51 | Message | Source | jca/Digest.java:189:29:189:78 | KeyOperationOutput | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:211:44:211:62 | ModeOfOperation | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:211:44:211:62 | PaddingAlgorithm | -| jca/Digest.java:213:42:213:44 | Key | Source | jca/Digest.java:242:16:242:35 | Key | -| jca/Digest.java:214:32:214:51 | EncryptOperation | Algorithm | jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | -| jca/Digest.java:214:32:214:51 | EncryptOperation | Input | jca/Digest.java:214:47:214:50 | Message | -| jca/Digest.java:214:32:214:51 | EncryptOperation | Key | jca/Digest.java:213:42:213:44 | Key | -| jca/Digest.java:214:32:214:51 | EncryptOperation | Nonce | jca/Digest.java:214:32:214:51 | EncryptOperation | -| jca/Digest.java:214:32:214:51 | EncryptOperation | Output | jca/Digest.java:214:32:214:51 | KeyOperationOutput | -| jca/Digest.java:214:47:214:50 | Message | Source | jca/Digest.java:156:39:156:51 | Parameter | -| jca/Digest.java:242:16:242:35 | KeyGeneration | Algorithm | jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | -| jca/Digest.java:242:16:242:35 | KeyGeneration | Output | jca/Digest.java:242:16:242:35 | Key | -| jca/EllipticCurve1.java:48:16:48:36 | Key | Algorithm | jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | -| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | -| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | Output | jca/EllipticCurve1.java:48:16:48:36 | Key | -| jca/EllipticCurve1.java:58:16:58:36 | Key | Algorithm | jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | -| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | -| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | Output | jca/EllipticCurve1.java:58:16:58:36 | Key | -| jca/EllipticCurve1.java:68:16:68:36 | Key | Algorithm | jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | -| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | -| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | Output | jca/EllipticCurve1.java:68:16:68:36 | Key | -| jca/EllipticCurve1.java:77:16:77:36 | Key | Algorithm | jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | Output | jca/EllipticCurve1.java:77:16:77:36 | Key | -| jca/EllipticCurve1.java:85:16:85:36 | Key | Algorithm | jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | Output | jca/EllipticCurve1.java:85:16:85:36 | Key | -| jca/EllipticCurve1.java:96:16:96:36 | Key | Algorithm | jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | -| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | -| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | Output | jca/EllipticCurve1.java:96:16:96:36 | Key | -| jca/EllipticCurve1.java:107:16:107:36 | Key | Algorithm | jca/EllipticCurve1.java:106:66:106:76 | Constant | -| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:106:66:106:76 | Constant | -| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | Output | jca/EllipticCurve1.java:107:16:107:36 | Key | -| jca/EllipticCurve1.java:116:16:116:36 | Key | Algorithm | jca/EllipticCurve1.java:115:61:115:69 | Constant | -| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:115:61:115:69 | Constant | -| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | Output | jca/EllipticCurve1.java:116:16:116:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | PeerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | ServerKey | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Digest | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | MD | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | MGF1Hash | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Mode | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | HashAlgorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Input | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Key | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Message | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Nonce | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | Source | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Algorithm | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | Output | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | Source | jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:24:44:24:52 | Message | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:23:42:23:44 | Key | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:24:44:24:52 | Message | Source | jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | Source | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | Source | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:34:42:34:44 | Key | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | Source | jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | Source | jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:43:42:43:44 | Key | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | Source | jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | Source | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | Source | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:53:42:53:44 | Key | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | Source | jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | Source | jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:93:52:93:61 | Message | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:92:45:92:52 | Key | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:93:52:93:61 | Message | Source | jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | Source | jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Algorithm | jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Input | jca/ChainedEncryptionTest.java:100:55:100:69 | Message | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Key | jca/ChainedEncryptionTest.java:99:48:99:55 | Key | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Nonce | jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | Output | jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:100:55:100:69 | Message | Source | jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | Source | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | Source | jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:105:61:105:75 | Message | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:61:105:75 | Message | Source | jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | Source | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | Source | jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Algorithm | jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Input | jca/ChainedEncryptionTest.java:110:52:110:75 | Message | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Key | jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Nonce | jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | Output | jca/ChainedEncryptionTest.java:110:37:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:52:110:75 | Message | Source | jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | Algorithm | jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | Output | jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/Digest.java:55:23:55:66 | Digest | Source | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | Algorithm | jca/Digest.java:54:58:54:66 | HashAlgorithm | +| jca/Digest.java:55:23:55:66 | HashOperation | Digest | jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | Message | jca/Digest.java:55:37:55:65 | Message | +| jca/Digest.java:55:37:55:65 | Message | Source | jca/Digest.java:55:37:55:54 | Constant | +| jca/Digest.java:65:23:65:70 | Digest | Source | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | Algorithm | jca/Digest.java:64:61:64:65 | HashAlgorithm | +| jca/Digest.java:65:23:65:70 | HashOperation | Digest | jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | Message | jca/Digest.java:65:40:65:69 | Message | +| jca/Digest.java:65:40:65:69 | Message | Source | jca/Digest.java:65:40:65:58 | Constant | +| jca/Digest.java:75:23:75:62 | Digest | Source | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | Algorithm | jca/Digest.java:74:64:74:72 | HashAlgorithm | +| jca/Digest.java:75:23:75:62 | HashOperation | Digest | jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | Message | jca/Digest.java:75:43:75:61 | Message | +| jca/Digest.java:75:43:75:61 | Message | Source | jca/Digest.java:73:49:73:63 | Parameter | +| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:86:23:86:26 | Message | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:87:23:87:56 | Digest | Source | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | Algorithm | jca/Digest.java:85:58:85:66 | HashAlgorithm | +| jca/Digest.java:87:23:87:56 | HashOperation | Digest | jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:86:23:86:26 | Message | +| jca/Digest.java:87:23:87:56 | HashOperation | Message | jca/Digest.java:87:37:87:55 | Message | +| jca/Digest.java:87:37:87:55 | Message | Source | jca/Digest.java:83:37:83:51 | Parameter | +| jca/Digest.java:97:42:97:63 | Message | Source | jca/Digest.java:95:37:95:51 | Parameter | +| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:97:66:97:69 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | H | jca/Digest.java:98:65:98:86 | HashAlgorithm | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:98:65:98:86 | HMACAlgorithm | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Algorithm | jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Input | jca/Digest.java:97:42:97:63 | Message | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Output | jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Salt | jca/Digest.java:97:66:97:69 | Salt | +| jca/Digest.java:109:23:109:57 | Digest | Source | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | Algorithm | jca/Digest.java:108:62:108:68 | HashAlgorithm | +| jca/Digest.java:109:23:109:57 | HashOperation | Digest | jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | Message | jca/Digest.java:109:41:109:56 | Message | +| jca/Digest.java:109:41:109:56 | Message | Source | jca/Digest.java:107:40:107:51 | Parameter | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Mode | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Padding | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:120:19:120:27 | Key | Source | jca/Digest.java:117:49:117:58 | Parameter | +| jca/Digest.java:121:23:121:52 | MACOperation | Algorithm | jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:121:23:121:52 | MACOperation | HashAlgorithm | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Input | jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:121:23:121:52 | MACOperation | Key | jca/Digest.java:120:19:120:27 | Key | +| jca/Digest.java:121:23:121:52 | MACOperation | Message | jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:121:23:121:52 | MACOperation | Nonce | jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:23:121:52 | MACOperation | Output | jca/Digest.java:121:23:121:52 | KeyOperationOutput | +| jca/Digest.java:121:36:121:51 | Message | Source | jca/Digest.java:117:35:117:46 | Parameter | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:140:44:140:62 | ModeOfOperation | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:140:44:140:62 | PaddingAlgorithm | +| jca/Digest.java:141:42:141:44 | Key | Source | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Algorithm | jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Input | jca/Digest.java:142:47:142:73 | Message | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Key | jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Nonce | jca/Digest.java:142:32:142:74 | EncryptOperation | +| jca/Digest.java:142:32:142:74 | EncryptOperation | Output | jca/Digest.java:142:32:142:74 | KeyOperationOutput | +| jca/Digest.java:142:47:142:73 | Message | Source | jca/Digest.java:142:47:142:62 | Constant | +| jca/Digest.java:176:42:176:71 | Message | Source | jca/Digest.java:171:50:171:62 | Parameter | +| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:176:74:176:77 | Salt | Source | jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | H | jca/Digest.java:177:65:177:86 | HashAlgorithm | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | PRF | jca/Digest.java:177:65:177:86 | HMACAlgorithm | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Algorithm | jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Input | jca/Digest.java:176:42:176:71 | Message | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Output | jca/Digest.java:178:30:178:57 | Key | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Salt | jca/Digest.java:176:74:176:77 | Salt | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:186:44:186:62 | ModeOfOperation | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:186:44:186:62 | PaddingAlgorithm | +| jca/Digest.java:187:42:187:54 | Key | Source | jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Algorithm | jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Input | jca/Digest.java:188:44:188:77 | Message | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Key | jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Nonce | jca/Digest.java:188:29:188:78 | EncryptOperation | +| jca/Digest.java:188:29:188:78 | EncryptOperation | Output | jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:188:44:188:77 | Message | Source | jca/Digest.java:188:44:188:66 | Constant | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Mode | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Padding | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:192:18:192:23 | Key | Source | jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | MACOperation | Algorithm | jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:193:30:193:52 | MACOperation | HashAlgorithm | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Input | jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:193:30:193:52 | MACOperation | Key | jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | MACOperation | Message | jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:193:30:193:52 | MACOperation | Nonce | jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:30:193:52 | MACOperation | Output | jca/Digest.java:193:30:193:52 | KeyOperationOutput | +| jca/Digest.java:193:42:193:51 | Message | Source | jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Mode | jca/Digest.java:210:44:210:62 | ModeOfOperation | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Padding | jca/Digest.java:210:44:210:62 | PaddingAlgorithm | +| jca/Digest.java:212:42:212:44 | Key | Source | jca/Digest.java:241:16:241:35 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Algorithm | jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Input | jca/Digest.java:213:47:213:50 | Message | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Key | jca/Digest.java:212:42:212:44 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Nonce | jca/Digest.java:213:32:213:51 | EncryptOperation | +| jca/Digest.java:213:32:213:51 | EncryptOperation | Output | jca/Digest.java:213:32:213:51 | KeyOperationOutput | +| jca/Digest.java:213:47:213:50 | Message | Source | jca/Digest.java:155:39:155:51 | Parameter | +| jca/Digest.java:241:16:241:35 | KeyGeneration | Algorithm | jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | +| jca/Digest.java:241:16:241:35 | KeyGeneration | Output | jca/Digest.java:241:16:241:35 | Key | +| jca/EllipticCurve1.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | Output | jca/EllipticCurve1.java:47:16:47:36 | Key | +| jca/EllipticCurve1.java:57:16:57:36 | Key | Algorithm | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | Output | jca/EllipticCurve1.java:57:16:57:36 | Key | +| jca/EllipticCurve1.java:67:16:67:36 | Key | Algorithm | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | Output | jca/EllipticCurve1.java:67:16:67:36 | Key | +| jca/EllipticCurve1.java:76:16:76:36 | Key | Algorithm | jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | Output | jca/EllipticCurve1.java:76:16:76:36 | Key | +| jca/EllipticCurve1.java:84:16:84:36 | Key | Algorithm | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | Output | jca/EllipticCurve1.java:84:16:84:36 | Key | +| jca/EllipticCurve1.java:95:16:95:36 | Key | Algorithm | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | Output | jca/EllipticCurve1.java:95:16:95:36 | Key | +| jca/EllipticCurve1.java:106:16:106:36 | Key | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | Output | jca/EllipticCurve1.java:106:16:106:36 | Key | +| jca/EllipticCurve1.java:115:16:115:36 | Key | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Algorithm | jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | Output | jca/EllipticCurve1.java:115:16:115:36 | Key | +| jca/EllipticCurve2.java:47:16:47:36 | Key | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | Output | jca/EllipticCurve2.java:47:16:47:36 | Key | | jca/EllipticCurve2.java:56:16:56:36 | Key | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | | jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | | jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | Output | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:65:16:65:36 | Key | Algorithm | jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | -| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | Key | Algorithm | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | +| jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | | jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | Output | jca/EllipticCurve2.java:65:16:65:36 | Key | -| jca/EllipticCurve2.java:74:16:74:36 | Key | Algorithm | jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | -| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | -| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | Output | jca/EllipticCurve2.java:74:16:74:36 | Key | -| jca/EllipticCurve2.java:82:16:82:36 | Key | Algorithm | jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | Output | jca/EllipticCurve2.java:82:16:82:36 | Key | -| jca/EllipticCurve2.java:90:16:90:36 | Key | Algorithm | jca/EllipticCurve2.java:89:61:89:69 | Constant | -| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:89:61:89:69 | Constant | -| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | Output | jca/EllipticCurve2.java:90:16:90:36 | Key | -| jca/EllipticCurve2.java:116:17:116:36 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:117:20:117:36 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | -| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:117:20:117:36 | Key | -| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:116:17:116:36 | Key | -| jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | Source | jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | -| jca/EllipticCurve2.java:130:17:130:37 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:131:20:131:39 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | -| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:131:20:131:39 | Key | -| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:130:17:130:37 | Key | -| jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | Source | jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | -| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:149:28:149:42 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:150:26:150:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Input | jca/EllipticCurve2.java:150:26:150:32 | Message | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Key | jca/EllipticCurve2.java:149:28:149:42 | Key | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | Output | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | -| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:164:30:164:43 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:165:26:165:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Input | jca/EllipticCurve2.java:165:26:165:32 | Message | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Key | jca/EllipticCurve2.java:164:30:164:43 | Key | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | -| jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | Source | jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | -| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:179:28:179:42 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | -| jca/EllipticCurve2.java:180:26:180:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:181:16:181:31 | SignOperation | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Input | jca/EllipticCurve2.java:180:26:180:32 | Message | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Key | jca/EllipticCurve2.java:179:28:179:42 | Key | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | Output | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | -| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:194:30:194:43 | Key | Source | jca/EllipticCurve2.java:90:16:90:36 | Key | -| jca/EllipticCurve2.java:195:26:195:32 | Message | Source | jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Input | jca/EllipticCurve2.java:195:26:195:32 | Message | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Key | jca/EllipticCurve2.java:194:30:194:43 | Key | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | -| jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | Source | jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | -| jca/EllipticCurve2.java:222:17:222:37 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:223:20:223:41 | Key | Source | jca/EllipticCurve2.java:56:16:56:36 | Key | -| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | -| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:223:20:223:41 | Key | -| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:222:17:222:37 | Key | -| jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | Source | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | -| jca/EllipticCurve2.java:229:29:229:55 | Digest | Source | jca/EllipticCurve2.java:229:29:229:55 | Digest | -| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Algorithm | jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | -| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Digest | jca/EllipticCurve2.java:229:29:229:55 | Digest | -| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | Message | jca/EllipticCurve2.java:229:43:229:54 | Message | -| jca/EllipticCurve2.java:229:43:229:54 | Message | Source | jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | -| jca/EllipticCurve2.java:238:42:238:47 | Key | Source | jca/EllipticCurve2.java:238:42:238:47 | Key | -| jca/EllipticCurve2.java:238:50:238:53 | Nonce | Source | jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | -| jca/EllipticCurve2.java:238:50:238:53 | Nonce | Source | jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Input | jca/EllipticCurve2.java:239:44:239:52 | Message | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Key | jca/EllipticCurve2.java:238:42:238:47 | Key | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Nonce | jca/EllipticCurve2.java:238:50:238:53 | Nonce | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | Output | jca/EllipticCurve2.java:239:29:239:53 | KeyOperationOutput | -| jca/EllipticCurve2.java:239:44:239:52 | Message | Source | jca/EllipticCurve2.java:274:62:274:83 | Constant | +| jca/EllipticCurve2.java:73:16:73:36 | Key | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | Output | jca/EllipticCurve2.java:73:16:73:36 | Key | +| jca/EllipticCurve2.java:81:16:81:36 | Key | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Algorithm | jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | Output | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:106:17:106:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:107:20:107:36 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:107:20:107:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:106:17:106:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | Source | jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:120:17:120:37 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:121:20:121:39 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:121:20:121:39 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:120:17:120:37 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | Source | jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:137:28:137:42 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:138:26:138:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Input | jca/EllipticCurve2.java:138:26:138:32 | Message | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Key | jca/EllipticCurve2.java:137:28:137:42 | Key | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | Output | jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:152:30:152:43 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:153:26:153:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Input | jca/EllipticCurve2.java:153:26:153:32 | Message | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Key | jca/EllipticCurve2.java:152:30:152:43 | Key | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | +| jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | Source | jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:167:28:167:42 | Key | Source | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:168:26:168:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Algorithm | jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | HashAlgorithm | jca/EllipticCurve2.java:169:16:169:31 | SignOperation | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Input | jca/EllipticCurve2.java:168:26:168:32 | Message | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Key | jca/EllipticCurve2.java:167:28:167:42 | Key | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | Output | jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:182:30:182:43 | Key | Source | jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:183:26:183:32 | Message | Source | jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Algorithm | jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | HashAlgorithm | jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Input | jca/EllipticCurve2.java:183:26:183:32 | Message | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Key | jca/EllipticCurve2.java:182:30:182:43 | Key | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | Signature | jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | +| jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | Source | jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:207:17:207:37 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:208:20:208:41 | Key | Source | jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | Algorithm | jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | Output | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | PeerKey | jca/EllipticCurve2.java:208:20:208:41 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | ServerKey | jca/EllipticCurve2.java:207:17:207:37 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | Source | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:214:29:214:55 | Digest | Source | jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Algorithm | jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Digest | jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | Message | jca/EllipticCurve2.java:214:43:214:54 | Message | +| jca/EllipticCurve2.java:214:43:214:54 | Message | Source | jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Mode | jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Padding | jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:223:42:223:47 | Key | Source | jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | Source | jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Algorithm | jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Input | jca/EllipticCurve2.java:224:44:224:52 | Message | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Key | jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Nonce | jca/EllipticCurve2.java:223:50:223:53 | Nonce | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | Output | jca/EllipticCurve2.java:224:29:224:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:224:44:224:52 | Message | Source | jca/EllipticCurve2.java:258:62:258:83 | Constant | | jca/Encryption1.java:62:25:62:44 | KeyGeneration | Algorithm | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | | jca/Encryption1.java:62:25:62:44 | KeyGeneration | Output | jca/Encryption1.java:62:25:62:44 | Key | | jca/Encryption1.java:63:44:63:62 | KeyOperationAlgorithm | Mode | jca/Encryption1.java:63:44:63:62 | ModeOfOperation | @@ -572,152 +572,152 @@ | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Nonce | jca/Encryption1.java:175:53:175:59 | Nonce | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | Output | jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | | jca/Encryption1.java:176:50:176:64 | Message | Source | jca/Encryption1.java:159:58:159:68 | Parameter | -| jca/Encryption2.java:64:16:64:49 | Key | Algorithm | jca/Encryption2.java:63:60:63:70 | EllipticCurve | -| jca/Encryption2.java:64:16:64:49 | KeyGeneration | Algorithm | jca/Encryption2.java:63:60:63:70 | EllipticCurve | -| jca/Encryption2.java:64:16:64:49 | KeyGeneration | Output | jca/Encryption2.java:64:16:64:49 | Key | -| jca/Encryption2.java:81:27:81:36 | Key | Source | jca/Encryption2.java:64:16:64:49 | Key | -| jca/Encryption2.java:82:30:82:38 | Key | Source | jca/Encryption2.java:103:38:103:65 | Parameter | -| jca/Encryption2.java:82:30:82:38 | Key | Source | jca/Encryption2.java:149:45:149:65 | Parameter | -| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | Algorithm | jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | -| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | Output | jca/Encryption2.java:83:16:83:44 | SharedSecret | -| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | PeerKey | jca/Encryption2.java:82:30:82:38 | Key | -| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | ServerKey | jca/Encryption2.java:81:27:81:36 | Key | -| jca/Encryption2.java:83:16:83:44 | SharedSecret | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | -| jca/Encryption2.java:113:30:113:56 | Digest | Source | jca/Encryption2.java:113:30:113:56 | Digest | -| jca/Encryption2.java:113:30:113:56 | HashOperation | Algorithm | jca/Encryption2.java:112:58:112:66 | HashAlgorithm | -| jca/Encryption2.java:113:30:113:56 | HashOperation | Digest | jca/Encryption2.java:113:30:113:56 | Digest | -| jca/Encryption2.java:113:30:113:56 | HashOperation | Message | jca/Encryption2.java:113:44:113:55 | Message | -| jca/Encryption2.java:113:44:113:55 | Message | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:118:47:118:65 | ModeOfOperation | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | -| jca/Encryption2.java:122:45:122:50 | Key | Source | jca/Encryption2.java:122:45:122:50 | Key | -| jca/Encryption2.java:122:53:122:59 | Nonce | Source | jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | -| jca/Encryption2.java:122:53:122:59 | Nonce | Source | jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Algorithm | jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Input | jca/Encryption2.java:123:50:123:64 | Message | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Key | jca/Encryption2.java:122:45:122:50 | Key | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Nonce | jca/Encryption2.java:122:53:122:59 | Nonce | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | Output | jca/Encryption2.java:123:32:123:65 | KeyOperationOutput | -| jca/Encryption2.java:123:50:123:64 | Message | Source | jca/Encryption2.java:103:68:103:78 | Parameter | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:162:47:162:65 | ModeOfOperation | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | -| jca/Encryption2.java:166:45:166:50 | Key | Source | jca/Encryption2.java:166:45:166:50 | Key | -| jca/Encryption2.java:166:53:166:59 | Nonce | Source | jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | -| jca/Encryption2.java:166:53:166:59 | Nonce | Source | jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Algorithm | jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Input | jca/Encryption2.java:167:50:167:97 | Message | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Key | jca/Encryption2.java:166:45:166:50 | Key | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Nonce | jca/Encryption2.java:166:53:166:59 | Nonce | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | Output | jca/Encryption2.java:167:32:167:98 | KeyOperationOutput | -| jca/Encryption2.java:167:50:167:97 | Message | Source | jca/Encryption2.java:167:50:167:86 | Constant | -| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:194:19:194:27 | Key | Source | jca/Encryption2.java:149:68:149:88 | Parameter | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Algorithm | jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:195:31:195:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:195:31:195:52 | MACOperation | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Input | jca/Encryption2.java:195:44:195:51 | Message | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Key | jca/Encryption2.java:194:19:194:27 | Key | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Message | jca/Encryption2.java:195:44:195:51 | Message | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Nonce | jca/Encryption2.java:195:31:195:52 | MACOperation | -| jca/Encryption2.java:195:31:195:52 | MACOperation | Output | jca/Encryption2.java:195:31:195:52 | KeyOperationOutput | -| jca/Encryption2.java:195:44:195:51 | Message | Source | jca/Encryption2.java:83:16:83:44 | SharedSecret | -| jca/Hash.java:88:23:88:66 | Digest | Source | jca/Hash.java:88:23:88:66 | Digest | -| jca/Hash.java:88:23:88:66 | HashOperation | Algorithm | jca/Hash.java:87:58:87:66 | HashAlgorithm | -| jca/Hash.java:88:23:88:66 | HashOperation | Digest | jca/Hash.java:88:23:88:66 | Digest | -| jca/Hash.java:88:23:88:66 | HashOperation | Message | jca/Hash.java:88:37:88:65 | Message | -| jca/Hash.java:88:37:88:65 | Message | Source | jca/Hash.java:88:37:88:54 | Constant | -| jca/Hash.java:102:23:102:70 | Digest | Source | jca/Hash.java:102:23:102:70 | Digest | -| jca/Hash.java:102:23:102:70 | HashOperation | Algorithm | jca/Hash.java:101:61:101:65 | HashAlgorithm | -| jca/Hash.java:102:23:102:70 | HashOperation | Digest | jca/Hash.java:102:23:102:70 | Digest | -| jca/Hash.java:102:23:102:70 | HashOperation | Message | jca/Hash.java:102:40:102:69 | Message | -| jca/Hash.java:102:40:102:69 | Message | Source | jca/Hash.java:102:40:102:58 | Constant | -| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | -| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | -| jca/Hash.java:152:28:152:37 | Key | Source | jca/Hash.java:150:43:150:63 | Parameter | -| jca/Hash.java:153:26:153:41 | Message | Source | jca/Hash.java:150:29:150:40 | Parameter | -| jca/Hash.java:154:29:154:44 | SignOperation | Algorithm | jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | -| jca/Hash.java:154:29:154:44 | SignOperation | HashAlgorithm | jca/Hash.java:151:53:151:67 | HashAlgorithm | -| jca/Hash.java:154:29:154:44 | SignOperation | Input | jca/Hash.java:153:26:153:41 | Message | -| jca/Hash.java:154:29:154:44 | SignOperation | Key | jca/Hash.java:152:28:152:37 | Key | -| jca/Hash.java:154:29:154:44 | SignOperation | Output | jca/Hash.java:154:29:154:44 | SignatureOutput | -| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | -| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | -| jca/Hash.java:174:30:174:38 | Key | Source | jca/Hash.java:172:73:172:91 | Parameter | -| jca/Hash.java:175:26:175:41 | Message | Source | jca/Hash.java:172:40:172:51 | Parameter | -| jca/Hash.java:176:16:176:43 | VerifyOperation | Algorithm | jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | -| jca/Hash.java:176:16:176:43 | VerifyOperation | HashAlgorithm | jca/Hash.java:173:53:173:67 | HashAlgorithm | -| jca/Hash.java:176:16:176:43 | VerifyOperation | Input | jca/Hash.java:175:26:175:41 | Message | -| jca/Hash.java:176:16:176:43 | VerifyOperation | Key | jca/Hash.java:174:30:174:38 | Key | -| jca/Hash.java:176:16:176:43 | VerifyOperation | Signature | jca/Hash.java:176:33:176:42 | SignatureInput | -| jca/Hash.java:176:33:176:42 | SignatureInput | Source | jca/Hash.java:172:54:172:70 | Parameter | -| jca/Hash.java:193:23:193:52 | Digest | Source | jca/Hash.java:193:23:193:52 | Digest | -| jca/Hash.java:193:23:193:52 | HashOperation | Algorithm | jca/Hash.java:192:58:192:66 | HashAlgorithm | -| jca/Hash.java:193:23:193:52 | HashOperation | Digest | jca/Hash.java:193:23:193:52 | Digest | -| jca/Hash.java:193:23:193:52 | HashOperation | Message | jca/Hash.java:193:37:193:51 | Message | -| jca/Hash.java:193:37:193:51 | Message | Source | jca/Hash.java:191:43:191:53 | Parameter | -| jca/Hash.java:215:27:215:57 | Digest | Source | jca/Hash.java:215:27:215:57 | Digest | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:33:211:39 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:42:211:50 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:53:211:61 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:64:211:72 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:75:211:83 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:86:211:95 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:211:98:211:107 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:17:212:29 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:32:212:44 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Algorithm | jca/Hash.java:212:47:212:51 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | HashOperation | Digest | jca/Hash.java:215:27:215:57 | Digest | -| jca/Hash.java:215:27:215:57 | HashOperation | Message | jca/Hash.java:215:41:215:56 | Message | -| jca/Hash.java:215:41:215:56 | Message | Source | jca/Hash.java:210:43:210:54 | Parameter | -| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | -| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | -| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | -| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | -| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | -| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | -| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | -| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | -| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | -| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | -| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Mode | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | -| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Padding | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | -| jca/Hash.java:238:22:238:30 | Key | Source | jca/Hash.java:233:57:233:66 | Parameter | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | Algorithm | jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | -| jca/Hash.java:239:27:239:55 | MACOperation | HashAlgorithm | jca/Hash.java:239:27:239:55 | MACOperation | -| jca/Hash.java:239:27:239:55 | MACOperation | Input | jca/Hash.java:239:39:239:54 | Message | -| jca/Hash.java:239:27:239:55 | MACOperation | Key | jca/Hash.java:238:22:238:30 | Key | -| jca/Hash.java:239:27:239:55 | MACOperation | Message | jca/Hash.java:239:39:239:54 | Message | -| jca/Hash.java:239:27:239:55 | MACOperation | Nonce | jca/Hash.java:239:27:239:55 | MACOperation | -| jca/Hash.java:239:27:239:55 | MACOperation | Output | jca/Hash.java:239:27:239:55 | KeyOperationOutput | -| jca/Hash.java:239:39:239:54 | Message | Source | jca/Hash.java:233:43:233:54 | Parameter | -| jca/Hash.java:259:42:259:63 | Message | Source | jca/Hash.java:256:40:256:54 | Parameter | -| jca/Hash.java:259:66:259:69 | Salt | Source | jca/Hash.java:338:9:338:42 | RandomNumberGeneration | -| jca/Hash.java:259:66:259:69 | Salt | Source | jca/Hash.java:338:38:338:41 | RandomNumberGeneration | -| jca/Hash.java:260:65:260:86 | HMACAlgorithm | H | jca/Hash.java:260:65:260:86 | HashAlgorithm | -| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:260:65:260:86 | HMACAlgorithm | -| jca/Hash.java:261:23:261:50 | KeyDerivation | Algorithm | jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | -| jca/Hash.java:261:23:261:50 | KeyDerivation | Input | jca/Hash.java:259:42:259:63 | Message | -| jca/Hash.java:261:23:261:50 | KeyDerivation | Output | jca/Hash.java:261:23:261:50 | Key | -| jca/Hash.java:261:23:261:50 | KeyDerivation | Salt | jca/Hash.java:259:66:259:69 | Salt | -| jca/Hash.java:277:23:277:70 | Digest | Source | jca/Hash.java:277:23:277:70 | Digest | -| jca/Hash.java:277:23:277:70 | HashOperation | Algorithm | jca/Hash.java:321:16:321:66 | LocalData | -| jca/Hash.java:277:23:277:70 | HashOperation | Algorithm | jca/Hash.java:321:57:321:65 | HashAlgorithm | -| jca/Hash.java:277:23:277:70 | HashOperation | Digest | jca/Hash.java:277:23:277:70 | Digest | -| jca/Hash.java:277:23:277:70 | HashOperation | Message | jca/Hash.java:277:37:277:69 | Message | -| jca/Hash.java:277:37:277:69 | Message | Source | jca/Hash.java:277:37:277:58 | Constant | -| jca/Hash.java:296:27:296:30 | Message | Source | jca/Hash.java:295:27:295:38 | Constant | -| jca/Hash.java:297:40:297:54 | Digest | Source | jca/Hash.java:297:40:297:54 | Digest | -| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:33:292:41 | HashAlgorithm | -| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:44:292:52 | HashAlgorithm | -| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:55:292:64 | HashAlgorithm | -| jca/Hash.java:297:40:297:54 | HashOperation | Algorithm | jca/Hash.java:292:67:292:76 | HashAlgorithm | -| jca/Hash.java:297:40:297:54 | HashOperation | Digest | jca/Hash.java:297:40:297:54 | Digest | -| jca/Hash.java:297:40:297:54 | HashOperation | Message | jca/Hash.java:296:27:296:30 | Message | +| jca/Encryption2.java:56:16:56:49 | Key | Algorithm | jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | Algorithm | jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | Output | jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:72:27:72:36 | Key | Source | jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:73:30:73:38 | Key | Source | jca/Encryption2.java:90:38:90:65 | Parameter | +| jca/Encryption2.java:73:30:73:38 | Key | Source | jca/Encryption2.java:132:45:132:65 | Parameter | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | Algorithm | jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | Output | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | PeerKey | jca/Encryption2.java:73:30:73:38 | Key | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | ServerKey | jca/Encryption2.java:72:27:72:36 | Key | +| jca/Encryption2.java:74:16:74:44 | SharedSecret | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:100:30:100:56 | Digest | Source | jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Algorithm | jca/Encryption2.java:99:58:99:66 | HashAlgorithm | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Digest | jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | Message | jca/Encryption2.java:100:44:100:55 | Message | +| jca/Encryption2.java:100:44:100:55 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:105:47:105:65 | ModeOfOperation | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | +| jca/Encryption2.java:109:45:109:50 | Key | Source | jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:109:53:109:59 | Nonce | Source | jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Algorithm | jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Input | jca/Encryption2.java:110:50:110:64 | Message | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Key | jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Nonce | jca/Encryption2.java:109:53:109:59 | Nonce | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | Output | jca/Encryption2.java:110:32:110:65 | KeyOperationOutput | +| jca/Encryption2.java:110:50:110:64 | Message | Source | jca/Encryption2.java:90:68:90:78 | Parameter | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:145:47:145:65 | ModeOfOperation | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | +| jca/Encryption2.java:149:45:149:50 | Key | Source | jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | +| jca/Encryption2.java:149:53:149:59 | Nonce | Source | jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Algorithm | jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Input | jca/Encryption2.java:150:50:150:97 | Message | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Key | jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Nonce | jca/Encryption2.java:149:53:149:59 | Nonce | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | Output | jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | +| jca/Encryption2.java:150:50:150:97 | Message | Source | jca/Encryption2.java:150:50:150:86 | Constant | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Mode | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Padding | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:175:19:175:27 | Key | Source | jca/Encryption2.java:132:68:132:88 | Parameter | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Algorithm | jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:176:31:176:52 | MACOperation | HashAlgorithm | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Input | jca/Encryption2.java:176:44:176:51 | Message | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Key | jca/Encryption2.java:175:19:175:27 | Key | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Message | jca/Encryption2.java:176:44:176:51 | Message | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Nonce | jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:31:176:52 | MACOperation | Output | jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | +| jca/Encryption2.java:176:44:176:51 | Message | Source | jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Hash.java:76:23:76:66 | Digest | Source | jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | Algorithm | jca/Hash.java:75:58:75:66 | HashAlgorithm | +| jca/Hash.java:76:23:76:66 | HashOperation | Digest | jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | Message | jca/Hash.java:76:37:76:65 | Message | +| jca/Hash.java:76:37:76:65 | Message | Source | jca/Hash.java:76:37:76:54 | Constant | +| jca/Hash.java:89:23:89:70 | Digest | Source | jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | Algorithm | jca/Hash.java:88:61:88:65 | HashAlgorithm | +| jca/Hash.java:89:23:89:70 | HashOperation | Digest | jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | Message | jca/Hash.java:89:40:89:69 | Message | +| jca/Hash.java:89:40:89:69 | Message | Source | jca/Hash.java:89:40:89:58 | Constant | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:135:28:135:37 | Key | Source | jca/Hash.java:133:43:133:63 | Parameter | +| jca/Hash.java:136:26:136:41 | Message | Source | jca/Hash.java:133:29:133:40 | Parameter | +| jca/Hash.java:137:29:137:44 | SignOperation | Algorithm | jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:137:29:137:44 | SignOperation | HashAlgorithm | jca/Hash.java:134:53:134:67 | HashAlgorithm | +| jca/Hash.java:137:29:137:44 | SignOperation | Input | jca/Hash.java:136:26:136:41 | Message | +| jca/Hash.java:137:29:137:44 | SignOperation | Key | jca/Hash.java:135:28:135:37 | Key | +| jca/Hash.java:137:29:137:44 | SignOperation | Output | jca/Hash.java:137:29:137:44 | SignatureOutput | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Mode | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Padding | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:156:30:156:38 | Key | Source | jca/Hash.java:154:73:154:91 | Parameter | +| jca/Hash.java:157:26:157:41 | Message | Source | jca/Hash.java:154:40:154:51 | Parameter | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Algorithm | jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:158:16:158:43 | VerifyOperation | HashAlgorithm | jca/Hash.java:155:53:155:67 | HashAlgorithm | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Input | jca/Hash.java:157:26:157:41 | Message | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Key | jca/Hash.java:156:30:156:38 | Key | +| jca/Hash.java:158:16:158:43 | VerifyOperation | Signature | jca/Hash.java:158:33:158:42 | SignatureInput | +| jca/Hash.java:158:33:158:42 | SignatureInput | Source | jca/Hash.java:154:54:154:70 | Parameter | +| jca/Hash.java:174:23:174:52 | Digest | Source | jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | Algorithm | jca/Hash.java:173:58:173:66 | HashAlgorithm | +| jca/Hash.java:174:23:174:52 | HashOperation | Digest | jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | Message | jca/Hash.java:174:37:174:51 | Message | +| jca/Hash.java:174:37:174:51 | Message | Source | jca/Hash.java:172:43:172:53 | Parameter | +| jca/Hash.java:195:27:195:57 | Digest | Source | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:32:191:38 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:41:191:49 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:52:191:60 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:63:191:71 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:74:191:82 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:85:191:94 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:191:97:191:106 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:13:192:25 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:28:192:40 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Algorithm | jca/Hash.java:192:43:192:47 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | HashOperation | Digest | jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | Message | jca/Hash.java:195:41:195:56 | Message | +| jca/Hash.java:195:41:195:56 | Message | Source | jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Mode | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Padding | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:216:22:216:30 | Key | Source | jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | Algorithm | jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:217:27:217:55 | MACOperation | HashAlgorithm | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Input | jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:217:27:217:55 | MACOperation | Key | jca/Hash.java:216:22:216:30 | Key | +| jca/Hash.java:217:27:217:55 | MACOperation | Message | jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:217:27:217:55 | MACOperation | Nonce | jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:27:217:55 | MACOperation | Output | jca/Hash.java:217:27:217:55 | KeyOperationOutput | +| jca/Hash.java:217:39:217:54 | Message | Source | jca/Hash.java:211:43:211:54 | Parameter | +| jca/Hash.java:235:42:235:63 | Message | Source | jca/Hash.java:232:40:232:54 | Parameter | +| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:9:310:42 | RandomNumberGeneration | +| jca/Hash.java:235:66:235:69 | Salt | Source | jca/Hash.java:310:38:310:41 | RandomNumberGeneration | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | H | jca/Hash.java:236:65:236:86 | HashAlgorithm | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | PRF | jca/Hash.java:236:65:236:86 | HMACAlgorithm | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Algorithm | jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Input | jca/Hash.java:235:42:235:63 | Message | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Output | jca/Hash.java:237:23:237:50 | Key | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Salt | jca/Hash.java:235:66:235:69 | Salt | +| jca/Hash.java:252:23:252:70 | Digest | Source | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:16:294:66 | LocalData | +| jca/Hash.java:252:23:252:70 | HashOperation | Algorithm | jca/Hash.java:294:57:294:65 | HashAlgorithm | +| jca/Hash.java:252:23:252:70 | HashOperation | Digest | jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | Message | jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:252:37:252:69 | Message | Source | jca/Hash.java:252:37:252:58 | Constant | +| jca/Hash.java:270:27:270:30 | Message | Source | jca/Hash.java:269:27:269:38 | Constant | +| jca/Hash.java:271:40:271:54 | Digest | Source | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:32:266:40 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:43:266:51 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:54:266:63 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Algorithm | jca/Hash.java:266:66:266:75 | HashAlgorithm | +| jca/Hash.java:271:40:271:54 | HashOperation | Digest | jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | Message | jca/Hash.java:270:27:270:30 | Message | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | | jca/IVArtifact.java:31:42:31:44 | Key | Source | jca/IVArtifact.java:76:16:76:35 | Key | @@ -744,982 +744,982 @@ | jca/IVArtifact.java:70:59:70:80 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:70:59:70:80 | PaddingAlgorithm | | jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Algorithm | jca/IVArtifact.java:74:56:74:60 | KeyOperationAlgorithm | | jca/IVArtifact.java:76:16:76:35 | KeyGeneration | Output | jca/IVArtifact.java:76:16:76:35 | Key | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | -| jca/IVArtifact.java:109:42:109:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | -| jca/IVArtifact.java:109:47:109:50 | Nonce | Source | jca/IVArtifact.java:109:47:109:50 | Nonce | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Input | jca/IVArtifact.java:110:31:110:39 | Message | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Key | jca/IVArtifact.java:109:42:109:44 | Key | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Nonce | jca/IVArtifact.java:109:47:109:50 | Nonce | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | Output | jca/IVArtifact.java:110:16:110:40 | KeyOperationOutput | -| jca/IVArtifact.java:110:31:110:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | -| jca/IVArtifact.java:136:42:136:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | -| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:118:31:118:34 | Constant | -| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | -| jca/IVArtifact.java:136:47:136:50 | Nonce | Source | jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Input | jca/IVArtifact.java:137:31:137:39 | Message | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Key | jca/IVArtifact.java:136:42:136:44 | Key | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Nonce | jca/IVArtifact.java:136:47:136:50 | Nonce | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | Output | jca/IVArtifact.java:137:16:137:40 | KeyOperationOutput | -| jca/IVArtifact.java:137:31:137:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | -| jca/IVArtifact.java:158:31:158:78 | Digest | Source | jca/IVArtifact.java:158:31:158:78 | Digest | -| jca/IVArtifact.java:158:31:158:78 | HashOperation | Algorithm | jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | -| jca/IVArtifact.java:158:31:158:78 | HashOperation | Digest | jca/IVArtifact.java:158:31:158:78 | Digest | -| jca/IVArtifact.java:158:31:158:78 | HashOperation | Message | jca/IVArtifact.java:158:45:158:77 | Message | -| jca/IVArtifact.java:158:45:158:77 | Message | Source | jca/IVArtifact.java:158:45:158:59 | Constant | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | -| jca/IVArtifact.java:162:42:162:44 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | -| jca/IVArtifact.java:162:47:162:50 | Nonce | Source | jca/IVArtifact.java:162:47:162:50 | Nonce | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Input | jca/IVArtifact.java:163:31:163:39 | Message | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Key | jca/IVArtifact.java:162:42:162:44 | Key | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Nonce | jca/IVArtifact.java:162:47:162:50 | Nonce | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | Output | jca/IVArtifact.java:163:16:163:40 | KeyOperationOutput | -| jca/IVArtifact.java:163:31:163:39 | Message | Source | jca/IVArtifact.java:264:32:264:47 | Constant | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | -| jca/IVArtifact.java:188:46:188:48 | Key | Source | jca/IVArtifact.java:263:29:263:44 | Key | -| jca/IVArtifact.java:188:51:188:54 | Nonce | Source | jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | -| jca/IVArtifact.java:188:51:188:54 | Nonce | Source | jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Input | jca/IVArtifact.java:189:45:189:57 | Message | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Key | jca/IVArtifact.java:188:46:188:48 | Key | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Nonce | jca/IVArtifact.java:188:51:188:54 | Nonce | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | Output | jca/IVArtifact.java:189:30:189:58 | KeyOperationOutput | -| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:35:283:47 | Constant | -| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:61:283:73 | Constant | -| jca/IVArtifact.java:189:45:189:57 | Message | Source | jca/IVArtifact.java:283:87:283:101 | Constant | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | -| jca/IVArtifact.java:207:42:207:44 | Key | Source | jca/IVArtifact.java:221:53:221:65 | Parameter | -| jca/IVArtifact.java:207:42:207:44 | Key | Source | jca/IVArtifact.java:242:60:242:72 | Parameter | -| jca/IVArtifact.java:207:47:207:50 | Nonce | Source | jca/IVArtifact.java:207:47:207:50 | Nonce | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Input | jca/IVArtifact.java:208:31:208:39 | Message | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Key | jca/IVArtifact.java:207:42:207:44 | Key | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Nonce | jca/IVArtifact.java:207:47:207:50 | Nonce | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | Output | jca/IVArtifact.java:208:16:208:40 | KeyOperationOutput | -| jca/IVArtifact.java:208:31:208:39 | Message | Source | jca/IVArtifact.java:221:68:221:83 | Parameter | -| jca/IVArtifact.java:208:31:208:39 | Message | Source | jca/IVArtifact.java:242:75:242:90 | Parameter | -| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | Algorithm | jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | -| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | Output | jca/IVArtifact.java:263:29:263:44 | Key | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | Output | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | PeerKey | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | ServerKey | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | -| jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | -| jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | -| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Input | jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Output | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Salt | jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | Output | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | -| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | Algorithm | jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | Output | jca/KeyArtifact.java:21:31:21:50 | Key | -| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | Algorithm | jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | Output | jca/KeyArtifact.java:26:30:26:49 | Key | -| jca/KeyArtifact.java:33:30:33:57 | Key | Algorithm | jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | Algorithm | jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | Output | jca/KeyArtifact.java:33:30:33:57 | Key | -| jca/KeyArtifact.java:38:29:38:56 | Key | Algorithm | jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | Algorithm | jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | Output | jca/KeyArtifact.java:38:29:38:56 | Key | -| jca/KeyArtifact.java:43:26:43:53 | Key | Algorithm | jca/KeyArtifact.java:43:26:43:53 | Key | -| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | -| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | Output | jca/KeyArtifact.java:43:26:43:53 | Key | -| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:63:28:63:73 | LocalData | -| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | Output | jca/KeyArtifact.java:67:32:67:51 | Key | -| jca/KeyArtifact.java:74:16:74:43 | Key | Algorithm | jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:74:16:74:43 | Key | Algorithm | jca/KeyArtifact.java:79:46:79:54 | Constant | -| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:79:46:79:54 | Constant | -| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | Output | jca/KeyArtifact.java:74:16:74:43 | Key | -| jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:39:92:53 | Parameter | -| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | +| jca/IVArtifact.java:108:42:108:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:108:47:108:50 | Nonce | Source | jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Input | jca/IVArtifact.java:109:31:109:39 | Message | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Key | jca/IVArtifact.java:108:42:108:44 | Key | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Nonce | jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | Output | jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | +| jca/IVArtifact.java:109:31:109:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | +| jca/IVArtifact.java:134:42:134:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:116:31:116:34 | Constant | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | +| jca/IVArtifact.java:134:47:134:50 | Nonce | Source | jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Input | jca/IVArtifact.java:135:31:135:39 | Message | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Key | jca/IVArtifact.java:134:42:134:44 | Key | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Nonce | jca/IVArtifact.java:134:47:134:50 | Nonce | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | Output | jca/IVArtifact.java:135:16:135:40 | KeyOperationOutput | +| jca/IVArtifact.java:135:31:135:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:154:31:154:78 | Digest | Source | jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Algorithm | jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Digest | jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | Message | jca/IVArtifact.java:154:45:154:77 | Message | +| jca/IVArtifact.java:154:45:154:77 | Message | Source | jca/IVArtifact.java:154:45:154:59 | Constant | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | +| jca/IVArtifact.java:158:42:158:44 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:158:47:158:50 | Nonce | Source | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Input | jca/IVArtifact.java:159:31:159:39 | Message | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Key | jca/IVArtifact.java:158:42:158:44 | Key | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Nonce | jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | Output | jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | +| jca/IVArtifact.java:159:31:159:39 | Message | Source | jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | +| jca/IVArtifact.java:182:46:182:48 | Key | Source | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | +| jca/IVArtifact.java:182:51:182:54 | Nonce | Source | jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Algorithm | jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Input | jca/IVArtifact.java:183:45:183:57 | Message | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Key | jca/IVArtifact.java:182:46:182:48 | Key | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Nonce | jca/IVArtifact.java:182:51:182:54 | Nonce | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | Output | jca/IVArtifact.java:183:30:183:58 | KeyOperationOutput | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:34:275:46 | Constant | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:60:275:72 | Constant | +| jca/IVArtifact.java:183:45:183:57 | Message | Source | jca/IVArtifact.java:275:86:275:100 | Constant | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Mode | jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Padding | jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | +| jca/IVArtifact.java:201:42:201:44 | Key | Source | jca/IVArtifact.java:215:53:215:65 | Parameter | +| jca/IVArtifact.java:201:42:201:44 | Key | Source | jca/IVArtifact.java:235:60:235:72 | Parameter | +| jca/IVArtifact.java:201:47:201:50 | Nonce | Source | jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Algorithm | jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Input | jca/IVArtifact.java:202:31:202:39 | Message | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Key | jca/IVArtifact.java:201:42:201:44 | Key | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Nonce | jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | Output | jca/IVArtifact.java:202:16:202:40 | KeyOperationOutput | +| jca/IVArtifact.java:202:31:202:39 | Message | Source | jca/IVArtifact.java:215:68:215:83 | Parameter | +| jca/IVArtifact.java:202:31:202:39 | Message | Source | jca/IVArtifact.java:235:75:235:90 | Parameter | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | Algorithm | jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | Output | jca/IVArtifact.java:255:29:255:44 | Key | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | Algorithm | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | Output | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | PeerKey | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | ServerKey | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | Source | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Digest | jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | Message | jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | Source | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | H | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | PRF | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Input | jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Output | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Salt | jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | Source | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Input | jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Key | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | Output | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Mode | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Padding | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | Source | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Algorithm | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | HashAlgorithm | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Input | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Key | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Message | jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Nonce | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | Output | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | Source | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | Algorithm | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | Output | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | Algorithm | jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | Output | jca/KeyArtifact.java:20:31:20:50 | Key | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | Algorithm | jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | Output | jca/KeyArtifact.java:25:30:25:49 | Key | +| jca/KeyArtifact.java:32:30:32:57 | Key | Algorithm | jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | Algorithm | jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | Output | jca/KeyArtifact.java:32:30:32:57 | Key | +| jca/KeyArtifact.java:37:29:37:56 | Key | Algorithm | jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | Algorithm | jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | Output | jca/KeyArtifact.java:37:29:37:56 | Key | +| jca/KeyArtifact.java:42:26:42:53 | Key | Algorithm | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Algorithm | jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | Output | jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:28:62:73 | LocalData | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Algorithm | jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | Output | jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | Key | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Algorithm | jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | Output | jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyDerivation1.java:80:42:80:63 | Message | Source | jca/KeyDerivation1.java:78:39:78:53 | Parameter | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Input | jca/KeyDerivation1.java:80:42:80:63 | Message | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Output | jca/KeyDerivation1.java:82:22:82:49 | Key | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:80:66:80:69 | Salt | +| jca/KeyDerivation1.java:94:42:94:63 | Message | Source | jca/KeyDerivation1.java:92:36:92:50 | Parameter | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:94:66:94:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Input | jca/KeyDerivation1.java:94:42:94:63 | Message | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Output | jca/KeyDerivation1.java:96:22:96:49 | Key | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:94:66:94:69 | Salt | -| jca/KeyDerivation1.java:111:42:111:63 | Message | Source | jca/KeyDerivation1.java:109:36:109:50 | Parameter | -| jca/KeyDerivation1.java:111:66:111:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:111:66:111:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | -| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Input | jca/KeyDerivation1.java:111:42:111:63 | Message | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Output | jca/KeyDerivation1.java:113:22:113:49 | Key | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:111:66:111:69 | Salt | -| jca/KeyDerivation1.java:126:42:126:63 | Message | Source | jca/KeyDerivation1.java:124:37:124:51 | Parameter | -| jca/KeyDerivation1.java:126:66:126:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:126:66:126:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | -| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Input | jca/KeyDerivation1.java:126:42:126:63 | Message | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Output | jca/KeyDerivation1.java:128:22:128:49 | Key | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:126:66:126:69 | Salt | -| jca/KeyDerivation1.java:142:42:142:63 | Message | Source | jca/KeyDerivation1.java:140:32:140:46 | Parameter | -| jca/KeyDerivation1.java:142:66:142:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:142:66:142:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | -| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Input | jca/KeyDerivation1.java:142:42:142:63 | Message | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Output | jca/KeyDerivation1.java:144:22:144:49 | Key | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:142:66:142:69 | Salt | -| jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:155:34:155:48 | Parameter | -| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | -| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:108:42:108:63 | Message | Source | jca/KeyDerivation1.java:106:37:106:51 | Parameter | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Input | jca/KeyDerivation1.java:108:42:108:63 | Message | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Output | jca/KeyDerivation1.java:110:22:110:49 | Key | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:108:66:108:69 | Salt | +| jca/KeyDerivation1.java:122:42:122:63 | Message | Source | jca/KeyDerivation1.java:120:32:120:46 | Parameter | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | H | jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Input | jca/KeyDerivation1.java:122:42:122:63 | Message | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Output | jca/KeyDerivation1.java:124:22:124:49 | Key | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:122:66:122:69 | Salt | +| jca/KeyDerivation1.java:136:42:136:63 | Message | Source | jca/KeyDerivation1.java:134:34:134:48 | Parameter | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Input | jca/KeyDerivation1.java:136:42:136:63 | Message | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Output | jca/KeyDerivation1.java:138:22:138:49 | Key | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:136:66:136:69 | Salt | +| jca/KeyDerivation1.java:157:42:157:63 | Message | Source | jca/KeyDerivation1.java:154:28:154:42 | Parameter | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:157:66:157:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:158:65:158:72 | Constant | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Input | jca/KeyDerivation1.java:157:42:157:63 | Message | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Output | jca/KeyDerivation1.java:159:22:159:49 | Key | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:157:66:157:69 | Salt | -| jca/KeyDerivation1.java:178:42:178:63 | Message | Source | jca/KeyDerivation1.java:175:28:175:42 | Parameter | -| jca/KeyDerivation1.java:178:66:178:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:178:66:178:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:179:65:179:72 | Constant | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Input | jca/KeyDerivation1.java:178:42:178:63 | Message | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Output | jca/KeyDerivation1.java:180:22:180:49 | Key | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:178:66:178:69 | Salt | -| jca/KeyDerivation1.java:194:42:194:63 | Message | Source | jca/KeyDerivation1.java:191:30:191:44 | Parameter | -| jca/KeyDerivation1.java:194:66:194:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:194:66:194:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:195:65:195:72 | Constant | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Input | jca/KeyDerivation1.java:194:42:194:63 | Message | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Output | jca/KeyDerivation1.java:196:22:196:49 | Key | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:194:66:194:69 | Salt | -| jca/KeyDerivation1.java:266:29:266:59 | Digest | Source | jca/KeyDerivation1.java:266:29:266:59 | Digest | -| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Algorithm | jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | -| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Digest | jca/KeyDerivation1.java:266:29:266:59 | Digest | -| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | Message | jca/KeyDerivation1.java:266:43:266:58 | Message | -| jca/KeyDerivation1.java:266:43:266:58 | Message | Source | jca/KeyDerivation1.java:264:45:264:56 | Parameter | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | -| jca/KeyDerivation1.java:272:55:272:57 | Key | Source | jca/KeyDerivation1.java:272:55:272:57 | Key | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Input | jca/KeyDerivation1.java:273:44:273:73 | Message | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Key | jca/KeyDerivation1.java:272:55:272:57 | Key | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Nonce | jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | Output | jca/KeyDerivation1.java:273:29:273:74 | KeyOperationOutput | -| jca/KeyDerivation1.java:273:44:273:73 | Message | Source | jca/KeyDerivation1.java:273:44:273:62 | Constant | -| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | -| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | -| jca/KeyDerivation1.java:337:42:337:63 | Message | Source | jca/KeyDerivation1.java:325:37:325:51 | Parameter | -| jca/KeyDerivation1.java:337:66:337:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:337:66:337:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:332:25:332:76 | LocalData | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Input | jca/KeyDerivation1.java:337:42:337:63 | Message | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Output | jca/KeyDerivation1.java:339:26:339:53 | Key | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:337:66:337:69 | Salt | -| jca/KeyDerivation1.java:356:42:356:63 | Message | Source | jca/KeyDerivation1.java:306:43:306:57 | Parameter | -| jca/KeyDerivation1.java:356:66:356:69 | Salt | Source | jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:356:66:356:69 | Salt | Source | jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | -| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Input | jca/KeyDerivation1.java:356:42:356:63 | Message | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Output | jca/KeyDerivation1.java:358:16:358:43 | Key | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:356:66:356:69 | Salt | -| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:372:19:372:27 | Key | Source | jca/KeyDerivation1.java:372:19:372:27 | Key | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:373:22:373:38 | MACOperation | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Input | jca/KeyDerivation1.java:373:35:373:37 | Message | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Key | jca/KeyDerivation1.java:372:19:372:27 | Key | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Message | jca/KeyDerivation1.java:373:35:373:37 | Message | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Nonce | jca/KeyDerivation1.java:373:22:373:38 | MACOperation | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | Output | jca/KeyDerivation1.java:373:22:373:38 | KeyOperationOutput | -| jca/KeyDerivation1.java:373:35:373:37 | Message | Source | jca/KeyDerivation1.java:291:32:291:41 | Parameter | -| jca/KeyDerivation1.java:373:35:373:37 | Message | Source | jca/KeyDerivation1.java:306:60:306:78 | Parameter | -| jca/KeyDerivation1.java:377:19:377:54 | Key | Source | jca/KeyDerivation1.java:377:19:377:54 | Key | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:378:22:378:62 | MACOperation | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Input | jca/KeyDerivation1.java:378:35:378:61 | Message | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Key | jca/KeyDerivation1.java:372:19:372:27 | Key | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Key | jca/KeyDerivation1.java:377:19:377:54 | Key | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Message | jca/KeyDerivation1.java:378:35:378:61 | Message | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Nonce | jca/KeyDerivation1.java:378:22:378:62 | MACOperation | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | Output | jca/KeyDerivation1.java:378:22:378:62 | KeyOperationOutput | -| jca/KeyDerivation1.java:378:35:378:61 | Message | Source | jca/KeyDerivation1.java:378:35:378:50 | Constant | -| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | Output | jca/KeyEncapsulation.java:66:28:66:47 | Key | -| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | -| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | -| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:72:45:72:50 | Key | Source | jca/KeyEncapsulation.java:214:25:214:48 | Key | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Input | jca/KeyEncapsulation.java:73:47:73:65 | Message | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Key | jca/KeyEncapsulation.java:72:45:72:50 | Key | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | Output | jca/KeyEncapsulation.java:73:29:73:66 | KeyOperationOutput | -| jca/KeyEncapsulation.java:73:47:73:65 | Message | Source | jca/KeyEncapsulation.java:66:28:66:47 | Key | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:81:45:81:50 | Key | Source | jca/KeyEncapsulation.java:66:28:66:47 | Key | -| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | Source | jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | Source | jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:82:47:82:79 | Message | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Key | jca/KeyEncapsulation.java:81:45:81:50 | Key | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:81:53:81:59 | Nonce | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | Output | jca/KeyEncapsulation.java:82:29:82:80 | KeyOperationOutput | -| jca/KeyEncapsulation.java:82:47:82:79 | Message | Source | jca/KeyEncapsulation.java:82:47:82:68 | Constant | -| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | -| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | -| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:98:45:98:51 | Key | Source | jca/KeyEncapsulation.java:96:37:96:54 | Parameter | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Algorithm | jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Input | jca/KeyEncapsulation.java:99:48:99:57 | Message | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Key | jca/KeyEncapsulation.java:98:45:98:51 | Key | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Nonce | jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | Output | jca/KeyEncapsulation.java:99:30:99:58 | KeyOperationOutput | -| jca/KeyEncapsulation.java:99:48:99:57 | Message | Source | jca/KeyEncapsulation.java:96:57:96:73 | Parameter | -| jca/KeyEncapsulation.java:123:31:123:51 | Key | Algorithm | jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | -| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | -| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:123:31:123:51 | Key | -| jca/KeyEncapsulation.java:127:17:127:40 | Key | Source | jca/KeyEncapsulation.java:123:31:123:51 | Key | -| jca/KeyEncapsulation.java:128:20:128:24 | Key | Source | jca/KeyEncapsulation.java:220:24:220:46 | Key | -| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | -| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | -| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:128:20:128:24 | Key | -| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:127:17:127:40 | Key | -| jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | Source | jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:141:45:141:50 | Key | Source | jca/KeyEncapsulation.java:141:45:141:50 | Key | -| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | Source | jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | Source | jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:142:47:142:72 | Message | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Key | jca/KeyEncapsulation.java:141:45:141:50 | Key | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:141:53:141:81 | Nonce | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | Output | jca/KeyEncapsulation.java:142:29:142:73 | KeyOperationOutput | -| jca/KeyEncapsulation.java:142:47:142:72 | Message | Source | jca/KeyEncapsulation.java:142:47:142:61 | Constant | -| jca/KeyEncapsulation.java:192:31:192:51 | Key | Algorithm | jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | -| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | -| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:192:31:192:51 | Key | -| jca/KeyEncapsulation.java:194:17:194:40 | Key | Source | jca/KeyEncapsulation.java:192:31:192:51 | Key | -| jca/KeyEncapsulation.java:195:20:195:34 | Key | Source | jca/KeyEncapsulation.java:232:31:232:53 | Key | -| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | -| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | -| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:195:20:195:34 | Key | -| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:194:17:194:40 | Key | -| jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | Source | jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | -| jca/KeyEncapsulation.java:214:25:214:48 | Key | Algorithm | jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | Output | jca/KeyEncapsulation.java:214:25:214:48 | Key | -| jca/KeyEncapsulation.java:220:24:220:46 | Key | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | -| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | -| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | Output | jca/KeyEncapsulation.java:220:24:220:46 | Key | -| jca/KeyEncapsulation.java:232:31:232:53 | Key | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | -| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | -| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | Output | jca/KeyEncapsulation.java:232:31:232:53 | Key | -| jca/KeyExchange.java:60:16:60:38 | Key | Algorithm | jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | Output | jca/KeyExchange.java:60:16:60:38 | Key | -| jca/KeyExchange.java:77:16:77:38 | Key | Algorithm | jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | Output | jca/KeyExchange.java:77:16:77:38 | Key | -| jca/KeyExchange.java:92:16:92:38 | Key | Algorithm | jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | Output | jca/KeyExchange.java:92:16:92:38 | Key | -| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:60:16:60:38 | Key | -| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:77:16:77:38 | Key | -| jca/KeyExchange.java:108:17:108:26 | Key | Source | jca/KeyExchange.java:92:16:92:38 | Key | -| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:60:16:60:38 | Key | -| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:77:16:77:38 | Key | -| jca/KeyExchange.java:109:20:109:28 | Key | Source | jca/KeyExchange.java:92:16:92:38 | Key | -| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:110:16:110:34 | SharedSecret | -| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:109:20:109:28 | Key | -| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:108:17:108:26 | Key | -| jca/KeyExchange.java:110:16:110:34 | SharedSecret | Source | jca/KeyExchange.java:110:16:110:34 | SharedSecret | -| jca/KeyExchange.java:130:16:130:38 | Key | Algorithm | jca/KeyExchange.java:129:49:129:59 | EllipticCurve | -| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:129:49:129:59 | EllipticCurve | -| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | Output | jca/KeyExchange.java:130:16:130:38 | Key | -| jca/KeyExchange.java:146:17:146:26 | Key | Source | jca/KeyExchange.java:130:16:130:38 | Key | -| jca/KeyExchange.java:147:20:147:28 | Key | Source | jca/KeyExchange.java:130:16:130:38 | Key | -| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:148:16:148:34 | SharedSecret | -| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:147:20:147:28 | Key | -| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:146:17:146:26 | Key | -| jca/KeyExchange.java:148:16:148:34 | SharedSecret | Source | jca/KeyExchange.java:148:16:148:34 | SharedSecret | -| jca/KeyExchange.java:168:16:168:36 | Key | Algorithm | jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | Output | jca/KeyExchange.java:168:16:168:36 | Key | -| jca/KeyExchange.java:184:17:184:26 | Key | Source | jca/KeyExchange.java:168:16:168:36 | Key | -| jca/KeyExchange.java:185:20:185:28 | Key | Source | jca/KeyExchange.java:168:16:168:36 | Key | -| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:186:16:186:34 | SharedSecret | -| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:185:20:185:28 | Key | -| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:184:17:184:26 | Key | -| jca/KeyExchange.java:186:16:186:34 | SharedSecret | Source | jca/KeyExchange.java:186:16:186:34 | SharedSecret | -| jca/KeyExchange.java:206:16:206:36 | Key | Algorithm | jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | Output | jca/KeyExchange.java:206:16:206:36 | Key | -| jca/KeyExchange.java:222:17:222:26 | Key | Source | jca/KeyExchange.java:206:16:206:36 | Key | -| jca/KeyExchange.java:223:20:223:28 | Key | Source | jca/KeyExchange.java:206:16:206:36 | Key | -| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:224:16:224:34 | SharedSecret | -| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:223:20:223:28 | Key | -| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:222:17:222:26 | Key | -| jca/KeyExchange.java:224:16:224:34 | SharedSecret | Source | jca/KeyExchange.java:224:16:224:34 | SharedSecret | -| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:68:18:68:26 | Key | Source | jca/MACOperation.java:65:52:65:61 | Parameter | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Algorithm | jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:69:16:69:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:69:16:69:46 | MACOperation | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Input | jca/MACOperation.java:69:28:69:45 | Message | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Key | jca/MACOperation.java:68:18:68:26 | Key | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Message | jca/MACOperation.java:69:28:69:45 | Message | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Nonce | jca/MACOperation.java:69:16:69:46 | MACOperation | -| jca/MACOperation.java:69:16:69:46 | MACOperation | Output | jca/MACOperation.java:69:16:69:46 | KeyOperationOutput | -| jca/MACOperation.java:69:28:69:45 | Message | Source | jca/MACOperation.java:65:36:65:49 | Parameter | -| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:79:18:79:26 | Key | Source | jca/MACOperation.java:76:50:76:59 | Parameter | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Algorithm | jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:80:16:80:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:80:16:80:46 | MACOperation | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Input | jca/MACOperation.java:80:28:80:45 | Message | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Key | jca/MACOperation.java:79:18:79:26 | Key | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Message | jca/MACOperation.java:80:28:80:45 | Message | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Nonce | jca/MACOperation.java:80:16:80:46 | MACOperation | -| jca/MACOperation.java:80:16:80:46 | MACOperation | Output | jca/MACOperation.java:80:16:80:46 | KeyOperationOutput | -| jca/MACOperation.java:80:28:80:45 | Message | Source | jca/MACOperation.java:76:34:76:47 | Parameter | -| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:91:18:91:26 | Key | Source | jca/MACOperation.java:88:50:88:59 | Parameter | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Algorithm | jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:92:16:92:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:92:16:92:46 | MACOperation | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Input | jca/MACOperation.java:92:28:92:45 | Message | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Key | jca/MACOperation.java:91:18:91:26 | Key | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Message | jca/MACOperation.java:92:28:92:45 | Message | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Nonce | jca/MACOperation.java:92:16:92:46 | MACOperation | -| jca/MACOperation.java:92:16:92:46 | MACOperation | Output | jca/MACOperation.java:92:16:92:46 | KeyOperationOutput | -| jca/MACOperation.java:92:28:92:45 | Message | Source | jca/MACOperation.java:88:34:88:47 | Parameter | -| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | -| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | -| jca/MACOperation.java:105:18:105:26 | Key | Source | jca/MACOperation.java:99:46:99:55 | Parameter | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Algorithm | jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | -| jca/MACOperation.java:106:16:106:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:106:16:106:46 | MACOperation | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Input | jca/MACOperation.java:106:28:106:45 | Message | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Key | jca/MACOperation.java:105:18:105:26 | Key | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Message | jca/MACOperation.java:106:28:106:45 | Message | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Nonce | jca/MACOperation.java:106:16:106:46 | MACOperation | -| jca/MACOperation.java:106:16:106:46 | MACOperation | Output | jca/MACOperation.java:106:16:106:46 | KeyOperationOutput | -| jca/MACOperation.java:106:28:106:45 | Message | Source | jca/MACOperation.java:99:30:99:43 | Parameter | -| jca/MACOperation.java:116:18:116:26 | Key | Source | jca/MACOperation.java:113:46:113:55 | Parameter | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Algorithm | jca/MACOperation.java:114:35:114:43 | Constant | -| jca/MACOperation.java:117:16:117:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:117:16:117:46 | MACOperation | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Input | jca/MACOperation.java:117:28:117:45 | Message | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Key | jca/MACOperation.java:116:18:116:26 | Key | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Message | jca/MACOperation.java:117:28:117:45 | Message | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Nonce | jca/MACOperation.java:117:16:117:46 | MACOperation | -| jca/MACOperation.java:117:16:117:46 | MACOperation | Output | jca/MACOperation.java:117:16:117:46 | KeyOperationOutput | -| jca/MACOperation.java:117:28:117:45 | Message | Source | jca/MACOperation.java:113:30:113:43 | Parameter | -| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:127:18:127:26 | Key | Source | jca/MACOperation.java:124:52:124:61 | Parameter | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Algorithm | jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:128:16:128:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:128:16:128:46 | MACOperation | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Input | jca/MACOperation.java:128:28:128:45 | Message | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Key | jca/MACOperation.java:127:18:127:26 | Key | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Message | jca/MACOperation.java:128:28:128:45 | Message | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Nonce | jca/MACOperation.java:128:16:128:46 | MACOperation | -| jca/MACOperation.java:128:16:128:46 | MACOperation | Output | jca/MACOperation.java:128:16:128:46 | KeyOperationOutput | -| jca/MACOperation.java:128:28:128:45 | Message | Source | jca/MACOperation.java:124:36:124:49 | Parameter | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:145:44:145:62 | ModeOfOperation | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | -| jca/MACOperation.java:146:42:146:44 | Key | Source | jca/MACOperation.java:142:34:142:49 | Parameter | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Algorithm | jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Input | jca/MACOperation.java:147:47:147:73 | Message | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Key | jca/MACOperation.java:146:42:146:44 | Key | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Nonce | jca/MACOperation.java:147:32:147:74 | EncryptOperation | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | Output | jca/MACOperation.java:147:32:147:74 | KeyOperationOutput | -| jca/MACOperation.java:147:47:147:73 | Message | Source | jca/MACOperation.java:147:47:147:62 | Constant | -| jca/MACOperation.java:178:42:178:68 | Message | Source | jca/MACOperation.java:174:47:174:62 | Parameter | -| jca/MACOperation.java:178:71:178:74 | Salt | Source | jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | -| jca/MACOperation.java:178:71:178:74 | Salt | Source | jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | -| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | H | jca/MACOperation.java:179:65:179:86 | HashAlgorithm | -| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Algorithm | jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Input | jca/MACOperation.java:178:42:178:68 | Message | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Output | jca/MACOperation.java:180:30:180:57 | Key | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Salt | jca/MACOperation.java:178:71:178:74 | Salt | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:188:44:188:62 | ModeOfOperation | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | -| jca/MACOperation.java:189:42:189:54 | Key | Source | jca/MACOperation.java:189:42:189:54 | Key | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Algorithm | jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Input | jca/MACOperation.java:190:44:190:77 | Message | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Key | jca/MACOperation.java:189:42:189:54 | Key | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Nonce | jca/MACOperation.java:190:29:190:78 | EncryptOperation | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | Output | jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | -| jca/MACOperation.java:190:44:190:77 | Message | Source | jca/MACOperation.java:190:44:190:66 | Constant | -| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:194:18:194:30 | Key | Source | jca/MACOperation.java:194:18:194:30 | Key | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Algorithm | jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:195:30:195:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:195:30:195:52 | MACOperation | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Input | jca/MACOperation.java:195:42:195:51 | Message | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Key | jca/MACOperation.java:194:18:194:30 | Key | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Message | jca/MACOperation.java:195:42:195:51 | Message | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Nonce | jca/MACOperation.java:195:30:195:52 | MACOperation | -| jca/MACOperation.java:195:30:195:52 | MACOperation | Output | jca/MACOperation.java:195:30:195:52 | KeyOperationOutput | -| jca/MACOperation.java:195:42:195:51 | Message | Source | jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:225:44:225:62 | ModeOfOperation | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | -| jca/MACOperation.java:227:42:227:44 | Key | Source | jca/MACOperation.java:244:16:244:35 | Key | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Algorithm | jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Input | jca/MACOperation.java:228:47:228:50 | Message | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Key | jca/MACOperation.java:227:42:227:44 | Key | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Nonce | jca/MACOperation.java:228:32:228:51 | EncryptOperation | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | Output | jca/MACOperation.java:228:32:228:51 | KeyOperationOutput | -| jca/MACOperation.java:228:47:228:50 | Message | Source | jca/MACOperation.java:159:36:159:51 | Parameter | -| jca/MACOperation.java:244:16:244:35 | KeyGeneration | Algorithm | jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | -| jca/MACOperation.java:244:16:244:35 | KeyGeneration | Output | jca/MACOperation.java:244:16:244:35 | Key | -| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | -| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | -| jca/Nonce.java:26:18:26:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | -| jca/Nonce.java:28:28:28:69 | MACOperation | Algorithm | jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | -| jca/Nonce.java:28:28:28:69 | MACOperation | HashAlgorithm | jca/Nonce.java:28:28:28:69 | MACOperation | -| jca/Nonce.java:28:28:28:69 | MACOperation | Input | jca/Nonce.java:28:40:28:68 | Message | -| jca/Nonce.java:28:28:28:69 | MACOperation | Key | jca/Nonce.java:26:18:26:20 | Key | -| jca/Nonce.java:28:28:28:69 | MACOperation | Message | jca/Nonce.java:28:40:28:68 | Message | -| jca/Nonce.java:28:28:28:69 | MACOperation | Nonce | jca/Nonce.java:28:28:28:69 | MACOperation | -| jca/Nonce.java:28:28:28:69 | MACOperation | Output | jca/Nonce.java:28:28:28:69 | KeyOperationOutput | -| jca/Nonce.java:28:40:28:68 | Message | Source | jca/Nonce.java:28:40:28:57 | Constant | -| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | -| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | -| jca/Nonce.java:39:18:39:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | -| jca/Nonce.java:41:28:41:67 | MACOperation | Algorithm | jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | -| jca/Nonce.java:41:28:41:67 | MACOperation | HashAlgorithm | jca/Nonce.java:41:28:41:67 | MACOperation | -| jca/Nonce.java:41:28:41:67 | MACOperation | Input | jca/Nonce.java:41:40:41:66 | Message | -| jca/Nonce.java:41:28:41:67 | MACOperation | Key | jca/Nonce.java:39:18:39:20 | Key | -| jca/Nonce.java:41:28:41:67 | MACOperation | Message | jca/Nonce.java:41:40:41:66 | Message | -| jca/Nonce.java:41:28:41:67 | MACOperation | Nonce | jca/Nonce.java:41:28:41:67 | MACOperation | -| jca/Nonce.java:41:28:41:67 | MACOperation | Output | jca/Nonce.java:41:28:41:67 | KeyOperationOutput | -| jca/Nonce.java:41:40:41:66 | Message | Source | jca/Nonce.java:41:40:41:55 | Constant | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:51:44:51:62 | ModeOfOperation | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | -| jca/Nonce.java:52:42:52:44 | Key | Source | jca/Nonce.java:48:39:48:51 | Parameter | -| jca/Nonce.java:52:47:52:53 | Nonce | Source | jca/Nonce.java:113:16:113:33 | Constant | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | Algorithm | jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | Input | jca/Nonce.java:53:44:53:52 | Message | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | Key | jca/Nonce.java:52:42:52:44 | Key | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | Nonce | jca/Nonce.java:52:47:52:53 | Nonce | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | Output | jca/Nonce.java:53:29:53:53 | KeyOperationOutput | -| jca/Nonce.java:53:44:53:52 | Message | Source | jca/Nonce.java:48:54:48:69 | Parameter | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:62:44:62:62 | ModeOfOperation | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | -| jca/Nonce.java:63:42:63:44 | Key | Source | jca/Nonce.java:59:37:59:49 | Parameter | -| jca/Nonce.java:63:47:63:53 | Nonce | Source | jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | -| jca/Nonce.java:63:47:63:53 | Nonce | Source | jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | Algorithm | jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | Input | jca/Nonce.java:64:44:64:52 | Message | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | Key | jca/Nonce.java:63:42:63:44 | Key | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | Nonce | jca/Nonce.java:63:47:63:53 | Nonce | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | Output | jca/Nonce.java:64:29:64:53 | KeyOperationOutput | -| jca/Nonce.java:64:44:64:52 | Message | Source | jca/Nonce.java:59:52:59:67 | Parameter | -| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | -| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | -| jca/Nonce.java:79:18:79:20 | Key | Source | jca/Nonce.java:94:16:94:35 | Key | -| jca/Nonce.java:81:28:81:67 | MACOperation | Algorithm | jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | -| jca/Nonce.java:81:28:81:67 | MACOperation | HashAlgorithm | jca/Nonce.java:81:28:81:67 | MACOperation | -| jca/Nonce.java:81:28:81:67 | MACOperation | Input | jca/Nonce.java:81:40:81:66 | Message | -| jca/Nonce.java:81:28:81:67 | MACOperation | Key | jca/Nonce.java:79:18:79:20 | Key | -| jca/Nonce.java:81:28:81:67 | MACOperation | Message | jca/Nonce.java:81:40:81:66 | Message | -| jca/Nonce.java:81:28:81:67 | MACOperation | Nonce | jca/Nonce.java:81:28:81:67 | MACOperation | -| jca/Nonce.java:81:28:81:67 | MACOperation | Output | jca/Nonce.java:81:28:81:67 | KeyOperationOutput | -| jca/Nonce.java:81:40:81:66 | Message | Source | jca/Nonce.java:81:40:81:55 | Constant | -| jca/Nonce.java:94:16:94:35 | KeyGeneration | Algorithm | jca/Nonce.java:93:56:93:67 | Constant | -| jca/Nonce.java:94:16:94:35 | KeyGeneration | Output | jca/Nonce.java:94:16:94:35 | Key | -| jca/PrngTest.java:164:16:164:35 | KeyGeneration | Algorithm | jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | -| jca/PrngTest.java:164:16:164:35 | KeyGeneration | Output | jca/PrngTest.java:164:16:164:35 | Key | -| jca/SignEncryptCombinations.java:60:16:60:38 | Key | Algorithm | jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | -| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | -| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | Output | jca/SignEncryptCombinations.java:60:16:60:38 | Key | +| jca/KeyDerivation1.java:172:42:172:63 | Message | Source | jca/KeyDerivation1.java:169:30:169:44 | Parameter | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:173:65:173:72 | Constant | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Input | jca/KeyDerivation1.java:172:42:172:63 | Message | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Output | jca/KeyDerivation1.java:174:22:174:49 | Key | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Salt | jca/KeyDerivation1.java:172:66:172:69 | Salt | +| jca/KeyDerivation1.java:244:29:244:59 | Digest | Source | jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Algorithm | jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Digest | jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | Message | jca/KeyDerivation1.java:244:43:244:58 | Message | +| jca/KeyDerivation1.java:244:43:244:58 | Message | Source | jca/KeyDerivation1.java:242:45:242:56 | Parameter | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:250:55:250:57 | Key | Source | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Algorithm | jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Input | jca/KeyDerivation1.java:251:44:251:73 | Message | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Key | jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Nonce | jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | Output | jca/KeyDerivation1.java:251:29:251:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:251:44:251:73 | Message | Source | jca/KeyDerivation1.java:251:44:251:62 | Constant | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | H | jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:314:42:314:63 | Message | Source | jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:25:309:76 | LocalData | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Input | jca/KeyDerivation1.java:314:42:314:63 | Message | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Output | jca/KeyDerivation1.java:316:26:316:53 | Key | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Salt | jca/KeyDerivation1.java:314:66:314:69 | Salt | +| jca/KeyDerivation1.java:333:42:333:63 | Message | Source | jca/KeyDerivation1.java:283:43:283:57 | Parameter | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | Source | jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | H | jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | PRF | jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Algorithm | jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Input | jca/KeyDerivation1.java:333:42:333:63 | Message | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Output | jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Salt | jca/KeyDerivation1.java:333:66:333:69 | Salt | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Mode | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Padding | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:347:19:347:27 | Key | Source | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Input | jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Message | jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Nonce | jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | Output | jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:269:32:269:41 | Parameter | +| jca/KeyDerivation1.java:348:35:348:37 | Message | Source | jca/KeyDerivation1.java:283:60:283:78 | Parameter | +| jca/KeyDerivation1.java:352:19:352:54 | Key | Source | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Algorithm | jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | HashAlgorithm | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Input | jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Key | jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Message | jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Nonce | jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | Output | jca/KeyDerivation1.java:353:22:353:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:353:35:353:61 | Message | Source | jca/KeyDerivation1.java:353:35:353:50 | Constant | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | Output | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | Source | jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Input | jca/KeyEncapsulation.java:69:47:69:65 | Message | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Key | jca/KeyEncapsulation.java:68:45:68:50 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | Output | jca/KeyEncapsulation.java:69:29:69:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:69:47:69:65 | Message | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | Source | jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | Source | jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Input | jca/KeyEncapsulation.java:78:47:78:79 | Message | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Key | jca/KeyEncapsulation.java:77:45:77:50 | Key | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:77:53:77:59 | Nonce | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | Output | jca/KeyEncapsulation.java:78:29:78:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:78:47:78:79 | Message | Source | jca/KeyEncapsulation.java:78:47:78:68 | Constant | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | MD | jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | MGF1Hash | jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | Source | jca/KeyEncapsulation.java:91:37:91:54 | Parameter | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Algorithm | jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Input | jca/KeyEncapsulation.java:94:48:94:57 | Message | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Key | jca/KeyEncapsulation.java:93:45:93:51 | Key | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Nonce | jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | Output | jca/KeyEncapsulation.java:94:30:94:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:94:48:94:57 | Message | Source | jca/KeyEncapsulation.java:91:57:91:73 | Parameter | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | Algorithm | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | Source | jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | Source | jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:123:20:123:24 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:122:17:122:40 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | Source | jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Mode | jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Padding | jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | Source | jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | Source | jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Algorithm | jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Input | jca/KeyEncapsulation.java:137:47:137:72 | Message | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Key | jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Nonce | jca/KeyEncapsulation.java:136:53:136:81 | Nonce | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | Output | jca/KeyEncapsulation.java:137:29:137:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:137:47:137:72 | Message | Source | jca/KeyEncapsulation.java:137:47:137:61 | Constant | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | Algorithm | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | Output | jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | Source | jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | Source | jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | Algorithm | jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | Output | jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | PeerKey | jca/KeyEncapsulation.java:190:20:190:34 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | ServerKey | jca/KeyEncapsulation.java:189:17:189:40 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | Source | jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | Algorithm | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | Output | jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | Output | jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | Algorithm | jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | Output | jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyExchange.java:54:16:54:38 | Key | Algorithm | jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | Output | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:70:16:70:38 | Key | Algorithm | jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | Output | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:85:16:85:38 | Key | Algorithm | jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | Output | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:100:17:100:26 | Key | Source | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | Source | jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:101:20:101:28 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:100:17:100:26 | Key | +| jca/KeyExchange.java:102:16:102:34 | SharedSecret | Source | jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:122:16:122:38 | Key | Algorithm | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | Algorithm | jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | Output | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:137:17:137:26 | Key | Source | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:138:20:138:28 | Key | Source | jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:138:20:138:28 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:137:17:137:26 | Key | +| jca/KeyExchange.java:139:16:139:34 | SharedSecret | Source | jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:159:16:159:36 | Key | Algorithm | jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | Output | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:174:17:174:26 | Key | Source | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:175:20:175:28 | Key | Source | jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:175:20:175:28 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:174:17:174:26 | Key | +| jca/KeyExchange.java:176:16:176:34 | SharedSecret | Source | jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:196:16:196:36 | Key | Algorithm | jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | Algorithm | jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | Output | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:211:17:211:26 | Key | Source | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:212:20:212:28 | Key | Source | jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | Algorithm | jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | Output | jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | PeerKey | jca/KeyExchange.java:212:20:212:28 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | ServerKey | jca/KeyExchange.java:211:17:211:26 | Key | +| jca/KeyExchange.java:213:16:213:34 | SharedSecret | Source | jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:62:18:62:26 | Key | Source | jca/MACOperation.java:59:52:59:61 | Parameter | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Algorithm | jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:63:16:63:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Input | jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Key | jca/MACOperation.java:62:18:62:26 | Key | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Message | jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Nonce | jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:16:63:46 | MACOperation | Output | jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | +| jca/MACOperation.java:63:28:63:45 | Message | Source | jca/MACOperation.java:59:36:59:49 | Parameter | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:73:18:73:26 | Key | Source | jca/MACOperation.java:70:50:70:59 | Parameter | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Algorithm | jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:74:16:74:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Input | jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Key | jca/MACOperation.java:73:18:73:26 | Key | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Message | jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Nonce | jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:16:74:46 | MACOperation | Output | jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | +| jca/MACOperation.java:74:28:74:45 | Message | Source | jca/MACOperation.java:70:34:70:47 | Parameter | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:84:18:84:26 | Key | Source | jca/MACOperation.java:81:50:81:59 | Parameter | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Algorithm | jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:85:16:85:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Input | jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Key | jca/MACOperation.java:84:18:84:26 | Key | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Message | jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Nonce | jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:16:85:46 | MACOperation | Output | jca/MACOperation.java:85:16:85:46 | KeyOperationOutput | +| jca/MACOperation.java:85:28:85:45 | Message | Source | jca/MACOperation.java:81:34:81:47 | Parameter | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:98:18:98:26 | Key | Source | jca/MACOperation.java:92:46:92:55 | Parameter | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Algorithm | jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:99:16:99:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Input | jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Key | jca/MACOperation.java:98:18:98:26 | Key | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Message | jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Nonce | jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:16:99:46 | MACOperation | Output | jca/MACOperation.java:99:16:99:46 | KeyOperationOutput | +| jca/MACOperation.java:99:28:99:45 | Message | Source | jca/MACOperation.java:92:30:92:43 | Parameter | +| jca/MACOperation.java:109:18:109:26 | Key | Source | jca/MACOperation.java:106:46:106:55 | Parameter | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Algorithm | jca/MACOperation.java:107:35:107:43 | Constant | +| jca/MACOperation.java:110:16:110:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Input | jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Key | jca/MACOperation.java:109:18:109:26 | Key | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Message | jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Nonce | jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:16:110:46 | MACOperation | Output | jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | +| jca/MACOperation.java:110:28:110:45 | Message | Source | jca/MACOperation.java:106:30:106:43 | Parameter | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:120:18:120:26 | Key | Source | jca/MACOperation.java:117:52:117:61 | Parameter | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Algorithm | jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:121:16:121:46 | MACOperation | HashAlgorithm | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Input | jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Key | jca/MACOperation.java:120:18:120:26 | Key | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Message | jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Nonce | jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:16:121:46 | MACOperation | Output | jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | +| jca/MACOperation.java:121:28:121:45 | Message | Source | jca/MACOperation.java:117:36:117:49 | Parameter | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:136:44:136:62 | ModeOfOperation | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | +| jca/MACOperation.java:137:42:137:44 | Key | Source | jca/MACOperation.java:133:34:133:49 | Parameter | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Algorithm | jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Input | jca/MACOperation.java:138:47:138:73 | Message | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Key | jca/MACOperation.java:137:42:137:44 | Key | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Nonce | jca/MACOperation.java:138:32:138:74 | EncryptOperation | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | Output | jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | +| jca/MACOperation.java:138:47:138:73 | Message | Source | jca/MACOperation.java:138:47:138:62 | Constant | +| jca/MACOperation.java:170:42:170:68 | Message | Source | jca/MACOperation.java:166:47:166:62 | Parameter | +| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | +| jca/MACOperation.java:170:71:170:74 | Salt | Source | jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | H | jca/MACOperation.java:171:65:171:86 | HashAlgorithm | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | PRF | jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Algorithm | jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Input | jca/MACOperation.java:170:42:170:68 | Message | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Output | jca/MACOperation.java:172:30:172:57 | Key | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Salt | jca/MACOperation.java:170:71:170:74 | Salt | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:180:44:180:62 | ModeOfOperation | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | +| jca/MACOperation.java:181:42:181:54 | Key | Source | jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Algorithm | jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Input | jca/MACOperation.java:182:44:182:77 | Message | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Key | jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Nonce | jca/MACOperation.java:182:29:182:78 | EncryptOperation | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | Output | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:182:44:182:77 | Message | Source | jca/MACOperation.java:182:44:182:66 | Constant | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:186:18:186:30 | Key | Source | jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Algorithm | jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:187:30:187:52 | MACOperation | HashAlgorithm | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Input | jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Key | jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Message | jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Nonce | jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:30:187:52 | MACOperation | Output | jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | +| jca/MACOperation.java:187:42:187:51 | Message | Source | jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Mode | jca/MACOperation.java:216:44:216:62 | ModeOfOperation | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Padding | jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | +| jca/MACOperation.java:218:42:218:44 | Key | Source | jca/MACOperation.java:234:16:234:35 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Algorithm | jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Input | jca/MACOperation.java:219:47:219:50 | Message | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Key | jca/MACOperation.java:218:42:218:44 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Nonce | jca/MACOperation.java:219:32:219:51 | EncryptOperation | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | Output | jca/MACOperation.java:219:32:219:51 | KeyOperationOutput | +| jca/MACOperation.java:219:47:219:50 | Message | Source | jca/MACOperation.java:150:36:150:51 | Parameter | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | Algorithm | jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | Output | jca/MACOperation.java:234:16:234:35 | Key | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:25:18:25:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Algorithm | jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:27:28:27:69 | MACOperation | HashAlgorithm | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Input | jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:27:28:27:69 | MACOperation | Key | jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | MACOperation | Message | jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:27:28:27:69 | MACOperation | Nonce | jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:28:27:69 | MACOperation | Output | jca/Nonce.java:27:28:27:69 | KeyOperationOutput | +| jca/Nonce.java:27:40:27:68 | Message | Source | jca/Nonce.java:27:40:27:57 | Constant | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Mode | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Padding | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:38:18:38:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Algorithm | jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:40:28:40:67 | MACOperation | HashAlgorithm | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Input | jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:40:28:40:67 | MACOperation | Key | jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | MACOperation | Message | jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:40:28:40:67 | MACOperation | Nonce | jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:28:40:67 | MACOperation | Output | jca/Nonce.java:40:28:40:67 | KeyOperationOutput | +| jca/Nonce.java:40:40:40:66 | Message | Source | jca/Nonce.java:40:40:40:55 | Constant | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:50:44:50:62 | ModeOfOperation | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | +| jca/Nonce.java:51:42:51:44 | Key | Source | jca/Nonce.java:47:39:47:51 | Parameter | +| jca/Nonce.java:51:47:51:53 | Nonce | Source | jca/Nonce.java:112:16:112:33 | Constant | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Algorithm | jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Input | jca/Nonce.java:52:44:52:52 | Message | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Key | jca/Nonce.java:51:42:51:44 | Key | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Nonce | jca/Nonce.java:51:47:51:53 | Nonce | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | Output | jca/Nonce.java:52:29:52:53 | KeyOperationOutput | +| jca/Nonce.java:52:44:52:52 | Message | Source | jca/Nonce.java:47:54:47:69 | Parameter | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Mode | jca/Nonce.java:61:44:61:62 | ModeOfOperation | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Padding | jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | +| jca/Nonce.java:62:42:62:44 | Key | Source | jca/Nonce.java:58:37:58:49 | Parameter | +| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | +| jca/Nonce.java:62:47:62:53 | Nonce | Source | jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Algorithm | jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Input | jca/Nonce.java:63:44:63:52 | Message | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Key | jca/Nonce.java:62:42:62:44 | Key | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Nonce | jca/Nonce.java:62:47:62:53 | Nonce | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | Output | jca/Nonce.java:63:29:63:53 | KeyOperationOutput | +| jca/Nonce.java:63:44:63:52 | Message | Source | jca/Nonce.java:58:52:58:67 | Parameter | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Mode | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Padding | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:78:18:78:20 | Key | Source | jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Algorithm | jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:80:28:80:67 | MACOperation | HashAlgorithm | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Input | jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:80:28:80:67 | MACOperation | Key | jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | MACOperation | Message | jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:80:28:80:67 | MACOperation | Nonce | jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:28:80:67 | MACOperation | Output | jca/Nonce.java:80:28:80:67 | KeyOperationOutput | +| jca/Nonce.java:80:40:80:66 | Message | Source | jca/Nonce.java:80:40:80:55 | Constant | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | Algorithm | jca/Nonce.java:92:56:92:67 | Constant | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | Output | jca/Nonce.java:93:16:93:35 | Key | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | Algorithm | jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | Output | jca/PrngTest.java:154:16:154:35 | Key | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | Algorithm | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | Output | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Input | jca/SignEncryptCombinations.java:63:26:63:29 | Message | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Key | jca/SignEncryptCombinations.java:62:28:62:34 | Key | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | Output | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:69:28:69:34 | Key | Source | jca/SignEncryptCombinations.java:60:16:60:38 | Key | -| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Key | jca/SignEncryptCombinations.java:69:28:69:34 | Key | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | Output | jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | -| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:76:30:76:35 | Key | Source | jca/SignEncryptCombinations.java:60:16:60:38 | Key | -| jca/SignEncryptCombinations.java:77:26:77:29 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:77:26:77:29 | Message | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:76:30:76:35 | Key | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | -| jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:91:16:91:31 | Key | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:103:42:103:44 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | -| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | Source | jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | -| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | Source | jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:104:44:104:52 | Message | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Key | jca/SignEncryptCombinations.java:103:42:103:44 | Key | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:104:29:104:53 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:104:44:104:52 | Message | Source | jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | -| jca/SignEncryptCombinations.java:104:44:104:52 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:119:42:119:44 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | -| jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | Source | jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:120:31:120:40 | Message | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:119:42:119:44 | Key | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:120:31:120:40 | Message | Source | jca/SignEncryptCombinations.java:120:31:120:40 | Message | -| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:129:18:129:20 | Key | Source | jca/SignEncryptCombinations.java:91:16:91:31 | Key | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Input | jca/SignEncryptCombinations.java:130:28:130:31 | Message | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Key | jca/SignEncryptCombinations.java:129:18:129:20 | Key | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Message | jca/SignEncryptCombinations.java:130:28:130:31 | Message | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | Output | jca/SignEncryptCombinations.java:130:16:130:32 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:130:28:130:31 | Message | Source | jca/SignEncryptCombinations.java:345:26:345:47 | Constant | -| jca/SignatureOperation.java:61:16:61:36 | Key | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | Output | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:72:28:72:37 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:73:26:73:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Algorithm | jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Input | jca/SignatureOperation.java:73:26:73:29 | Message | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Key | jca/SignatureOperation.java:72:28:72:37 | Key | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | Output | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | -| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:85:30:85:38 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:86:26:86:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Input | jca/SignatureOperation.java:86:26:86:29 | Message | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Key | jca/SignatureOperation.java:85:30:85:38 | Key | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | Signature | jca/SignatureOperation.java:87:33:87:40 | SignatureInput | -| jca/SignatureOperation.java:87:33:87:40 | SignatureInput | Source | jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | -| jca/SignatureOperation.java:103:16:103:38 | Key | Algorithm | jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | -| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | Algorithm | jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | -| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | Output | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:114:28:114:37 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:247:26:247:44 | Constant | -| jca/SignatureOperation.java:115:26:115:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Algorithm | jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Input | jca/SignatureOperation.java:115:26:115:29 | Message | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Key | jca/SignatureOperation.java:114:28:114:37 | Key | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | Output | jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | -| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:127:30:127:38 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:247:26:247:44 | Constant | -| jca/SignatureOperation.java:128:26:128:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Input | jca/SignatureOperation.java:128:26:128:29 | Message | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Key | jca/SignatureOperation.java:127:30:127:38 | Key | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | Signature | jca/SignatureOperation.java:129:33:129:40 | SignatureInput | -| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | -| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | Source | jca/SignatureOperation.java:252:27:252:30 | Constant | -| jca/SignatureOperation.java:144:16:144:36 | Key | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | -| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:143:61:143:69 | Constant | -| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | Output | jca/SignatureOperation.java:144:16:144:36 | Key | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | Source | jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:70:26:70:29 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Algorithm | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | HashAlgorithm | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Input | jca/SignEncryptCombinations.java:70:26:70:29 | Message | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Key | jca/SignEncryptCombinations.java:69:30:69:35 | Key | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | Signature | jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | Source | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Algorithm | jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | Output | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | Source | jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Algorithm | jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Input | jca/SignEncryptCombinations.java:97:44:97:52 | Message | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Key | jca/SignEncryptCombinations.java:96:42:96:44 | Key | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Nonce | jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | Output | jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | Source | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Algorithm | jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Input | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Key | jca/SignEncryptCombinations.java:112:42:112:44 | Key | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Nonce | jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | Output | jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | Source | jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Mode | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Padding | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | Source | jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Algorithm | jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | HashAlgorithm | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Input | jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Key | jca/SignEncryptCombinations.java:122:18:122:20 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Message | jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Nonce | jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | Output | jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | Source | jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignatureOperation.java:54:16:54:36 | Key | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | Output | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:64:28:64:37 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:65:26:65:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Algorithm | jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Input | jca/SignatureOperation.java:65:26:65:29 | Message | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Key | jca/SignatureOperation.java:64:28:64:37 | Key | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | Output | jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:76:30:76:38 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:77:26:77:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Input | jca/SignatureOperation.java:77:26:77:29 | Message | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Key | jca/SignatureOperation.java:76:30:76:38 | Key | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | Signature | jca/SignatureOperation.java:78:33:78:40 | SignatureInput | +| jca/SignatureOperation.java:78:33:78:40 | SignatureInput | Source | jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:94:16:94:38 | Key | Algorithm | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | Algorithm | jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | Output | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:104:28:104:37 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:105:26:105:29 | Message | Source | jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:105:26:105:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Algorithm | jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Input | jca/SignatureOperation.java:105:26:105:29 | Message | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Key | jca/SignatureOperation.java:104:28:104:37 | Key | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | Output | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:116:30:116:38 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:117:26:117:29 | Message | Source | jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:117:26:117:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Input | jca/SignatureOperation.java:117:26:117:29 | Message | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Key | jca/SignatureOperation.java:116:30:116:38 | Key | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | Signature | jca/SignatureOperation.java:118:33:118:40 | SignatureInput | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | Source | jca/SignatureOperation.java:236:27:236:30 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | Key | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | Output | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:143:28:143:37 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:144:26:144:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Algorithm | jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:145:16:145:31 | SignOperation | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Input | jca/SignatureOperation.java:144:26:144:29 | Message | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Key | jca/SignatureOperation.java:143:28:143:37 | Key | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | Output | jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:155:28:155:37 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:31 | SignOperation | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Key | jca/SignatureOperation.java:155:28:155:37 | Key | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | Output | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | -| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:168:30:168:38 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:169:26:169:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Input | jca/SignatureOperation.java:169:26:169:29 | Message | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Key | jca/SignatureOperation.java:168:30:168:38 | Key | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | Signature | jca/SignatureOperation.java:170:33:170:40 | SignatureInput | -| jca/SignatureOperation.java:170:33:170:40 | SignatureInput | Source | jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | -| jca/SignatureOperation.java:188:16:188:36 | Key | Algorithm | jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | Output | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:200:28:200:37 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:201:26:201:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Algorithm | jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Input | jca/SignatureOperation.java:201:26:201:29 | Message | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Key | jca/SignatureOperation.java:200:28:200:37 | Key | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | Output | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | -| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:214:30:214:38 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:215:26:215:29 | Message | Source | jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Input | jca/SignatureOperation.java:215:26:215:29 | Message | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Key | jca/SignatureOperation.java:214:30:214:38 | Key | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | Signature | jca/SignatureOperation.java:216:33:216:40 | SignatureInput | -| jca/SignatureOperation.java:216:33:216:40 | SignatureInput | Source | jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | -| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:300:28:300:42 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:301:26:301:32 | Message | Source | jca/SignatureOperation.java:299:26:299:49 | Constant | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Algorithm | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Input | jca/SignatureOperation.java:301:26:301:32 | Message | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Key | jca/SignatureOperation.java:300:28:300:42 | Key | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | Output | jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | -| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:304:30:304:43 | Key | Source | jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:305:26:305:32 | Message | Source | jca/SignatureOperation.java:305:26:305:32 | Message | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Input | jca/SignatureOperation.java:301:26:301:32 | Message | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Input | jca/SignatureOperation.java:305:26:305:32 | Message | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Key | jca/SignatureOperation.java:300:28:300:42 | Key | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Key | jca/SignatureOperation.java:304:30:304:43 | Key | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | Signature | jca/SignatureOperation.java:306:45:306:52 | SignatureInput | -| jca/SignatureOperation.java:306:45:306:52 | SignatureInput | Source | jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | Source | jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | Source | jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:65:44:65:52 | Message | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:64:42:64:44 | Key | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:65:29:65:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:65:44:65:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | Source | jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | -| jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | Source | jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:87:44:87:52 | Message | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:86:42:86:44 | Key | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:87:29:87:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:87:44:87:52 | Message | Source | jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | Source | jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | Source | jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:109:44:109:52 | Message | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:108:42:108:44 | Key | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:109:29:109:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:109:44:109:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:128:31:128:39 | Message | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:127:42:127:44 | Key | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:128:16:128:40 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:128:31:128:39 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:145:31:145:39 | Message | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:144:42:144:44 | Key | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:145:16:145:40 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:145:31:145:39 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | Source | jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | -| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | Source | jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | Source | jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:163:44:163:52 | Message | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:162:42:162:44 | Key | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:163:29:163:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:163:44:163:52 | Message | Source | jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | -| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | Source | jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | -| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | Source | jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | Source | jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:185:44:185:52 | Message | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:184:42:184:44 | Key | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:185:29:185:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:185:44:185:52 | Message | Source | jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | Source | jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | Source | jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | Source | jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:207:44:207:52 | Message | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:206:42:206:44 | Key | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:207:29:207:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:207:44:207:52 | Message | Source | jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | Source | jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Input | jca/SymmetricAlgorithm.java:227:42:227:50 | Message | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Key | jca/SymmetricAlgorithm.java:226:19:226:21 | Key | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Message | jca/SymmetricAlgorithm.java:227:42:227:50 | Message | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | Output | jca/SymmetricAlgorithm.java:227:29:227:51 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:227:42:227:50 | Message | Source | jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | Source | jca/SymmetricAlgorithm.java:234:42:234:51 | Key | -| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | Source | jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | Source | jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:235:44:235:52 | Message | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:234:42:234:51 | Key | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:235:29:235:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:235:44:235:52 | Message | Source | jca/SymmetricAlgorithm.java:235:44:235:52 | Message | -| jca/SymmetricAlgorithm.java:302:42:302:66 | Message | Source | jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | -| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | Source | jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | Source | jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | -| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Algorithm | jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Input | jca/SymmetricAlgorithm.java:302:42:302:66 | Message | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Output | jca/SymmetricAlgorithm.java:304:26:304:53 | Key | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Salt | jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | Source | jca/SymmetricAlgorithm.java:313:42:313:47 | Key | -| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | Source | jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | Source | jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:314:44:314:52 | Message | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:313:42:313:47 | Key | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:314:44:314:52 | Message | Source | jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | -| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | Source | jca/SymmetricAlgorithm.java:317:18:317:30 | Key | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:318:42:318:51 | Message | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:317:18:317:30 | Key | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:318:42:318:51 | Message | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | Output | jca/SymmetricAlgorithm.java:318:30:318:52 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:318:42:318:51 | Message | Source | jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | Algorithm | jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | Output | jca/SymmetricAlgorithm.java:349:16:349:31 | Key | -| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | Output | jca/SymmetricModesTest.java:58:33:58:48 | Key | -| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | Output | jca/SymmetricModesTest.java:62:31:62:46 | Key | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:66:39:66:49 | Key | Source | jca/SymmetricModesTest.java:58:33:58:48 | Key | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Algorithm | jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Input | jca/SymmetricModesTest.java:67:41:67:49 | Message | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Key | jca/SymmetricModesTest.java:66:39:66:49 | Key | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Nonce | jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | Output | jca/SymmetricModesTest.java:67:29:67:50 | KeyOperationOutput | -| jca/SymmetricModesTest.java:67:41:67:49 | Message | Source | jca/SymmetricModesTest.java:62:31:62:46 | Key | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:93:42:93:44 | Key | Source | jca/SymmetricModesTest.java:88:43:88:55 | Parameter | -| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | Source | jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | -| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | Source | jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:94:44:94:52 | Message | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:93:42:93:44 | Key | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:93:47:93:52 | Nonce | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:94:29:94:53 | KeyOperationOutput | -| jca/SymmetricModesTest.java:94:44:94:52 | Message | Source | jca/SymmetricModesTest.java:88:58:88:73 | Parameter | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:121:42:121:44 | Key | Source | jca/SymmetricModesTest.java:116:45:116:57 | Parameter | -| jca/SymmetricModesTest.java:121:47:121:52 | Nonce | Source | jca/SymmetricModesTest.java:121:47:121:52 | Nonce | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:122:44:122:52 | Message | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:121:42:121:44 | Key | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:121:47:121:52 | Nonce | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:122:29:122:53 | KeyOperationOutput | -| jca/SymmetricModesTest.java:122:44:122:52 | Message | Source | jca/SymmetricModesTest.java:116:60:116:75 | Parameter | -| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | Output | jca/SymmetricModesTest.java:142:16:142:31 | Key | -| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | -| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | -| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | Output | jca/UniversalFlowTest.java:26:21:26:40 | Key | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | -| jca/UniversalFlowTest.java:32:38:32:40 | Key | Source | jca/UniversalFlowTest.java:26:21:26:40 | Key | -| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | Source | jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | -| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | Source | jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Input | jca/UniversalFlowTest.java:33:43:33:69 | Message | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Key | jca/UniversalFlowTest.java:32:38:32:40 | Key | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Nonce | jca/UniversalFlowTest.java:32:43:32:49 | Nonce | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | Output | jca/UniversalFlowTest.java:33:28:33:70 | KeyOperationOutput | -| jca/UniversalFlowTest.java:33:43:33:69 | Message | Source | jca/UniversalFlowTest.java:33:43:33:58 | Constant | +| jca/SignatureOperation.java:155:30:155:38 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:156:26:156:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Input | jca/SignatureOperation.java:156:26:156:29 | Message | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Key | jca/SignatureOperation.java:155:30:155:38 | Key | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | Signature | jca/SignatureOperation.java:157:33:157:40 | SignatureInput | +| jca/SignatureOperation.java:157:33:157:40 | SignatureInput | Source | jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | +| jca/SignatureOperation.java:175:16:175:36 | Key | Algorithm | jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | Algorithm | jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | Output | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:186:28:186:37 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:187:26:187:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Algorithm | jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Input | jca/SignatureOperation.java:187:26:187:29 | Message | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Key | jca/SignatureOperation.java:186:28:186:37 | Key | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | Output | jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:199:30:199:38 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:200:26:200:29 | Message | Source | jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Algorithm | jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Input | jca/SignatureOperation.java:200:26:200:29 | Message | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Key | jca/SignatureOperation.java:199:30:199:38 | Key | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | Signature | jca/SignatureOperation.java:201:33:201:40 | SignatureInput | +| jca/SignatureOperation.java:201:33:201:40 | SignatureInput | Source | jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Mode | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Padding | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:283:28:283:42 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:284:26:284:32 | Message | Source | jca/SignatureOperation.java:282:26:282:49 | Constant | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Algorithm | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | HashAlgorithm | jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Input | jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Key | jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | Output | jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:287:30:287:43 | Key | Source | jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:288:26:288:32 | Message | Source | jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Algorithm | jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | HashAlgorithm | jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Input | jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Input | jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Key | jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Key | jca/SignatureOperation.java:287:30:287:43 | Key | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | Signature | jca/SignatureOperation.java:289:45:289:52 | SignatureInput | +| jca/SignatureOperation.java:289:45:289:52 | SignatureInput | Source | jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | Source | jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:56:44:56:52 | Message | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:55:42:55:44 | Key | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:56:29:56:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:56:44:56:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | Source | jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | +| jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | Source | jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:77:44:77:52 | Message | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:76:42:76:44 | Key | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:77:29:77:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:77:44:77:52 | Message | Source | jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | Source | jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:99:44:99:52 | Message | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:98:42:98:44 | Key | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:99:29:99:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:99:44:99:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:118:31:118:39 | Message | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:117:42:117:44 | Key | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:118:16:118:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:118:31:118:39 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:133:31:133:39 | Message | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:132:42:132:44 | Key | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:133:16:133:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:133:31:133:39 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | Source | jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | Source | jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:151:44:151:52 | Message | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:150:42:150:44 | Key | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:151:29:151:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:151:44:151:52 | Message | Source | jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | Source | jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | Source | jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:173:44:173:52 | Message | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:172:42:172:44 | Key | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:173:44:173:52 | Message | Source | jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | Source | jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | Source | jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:195:44:195:52 | Message | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:194:42:194:44 | Key | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:195:29:195:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:195:44:195:52 | Message | Source | jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | Source | jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Input | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Key | jca/SymmetricAlgorithm.java:214:19:214:21 | Key | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Message | jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | Output | jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:215:42:215:50 | Message | Source | jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | Source | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | Source | jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:223:44:223:52 | Message | Source | jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:287:42:287:66 | Message | Source | jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | Source | jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | H | jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | PRF | jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Algorithm | jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Input | jca/SymmetricAlgorithm.java:287:42:287:66 | Message | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Output | jca/SymmetricAlgorithm.java:289:26:289:53 | Key | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Salt | jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | Source | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | Source | jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Algorithm | jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Input | jca/SymmetricAlgorithm.java:299:44:299:52 | Message | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Key | jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Nonce | jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | Output | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:299:44:299:52 | Message | Source | jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Mode | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Padding | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | Source | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Algorithm | jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | HashAlgorithm | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Input | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Key | jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Message | jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Nonce | jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | Output | jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:303:42:303:51 | Message | Source | jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | Algorithm | jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | Output | jca/SymmetricAlgorithm.java:333:16:333:31 | Key | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | Output | jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | Output | jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | Source | jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Algorithm | jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Input | jca/SymmetricModesTest.java:59:41:59:49 | Message | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Key | jca/SymmetricModesTest.java:58:39:58:49 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Nonce | jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | Output | jca/SymmetricModesTest.java:59:29:59:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:59:41:59:49 | Message | Source | jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | Source | jca/SymmetricModesTest.java:78:43:78:55 | Parameter | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | Source | jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:84:44:84:52 | Message | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:83:42:83:44 | Key | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:83:47:83:52 | Nonce | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:84:29:84:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:84:44:84:52 | Message | Source | jca/SymmetricModesTest.java:78:58:78:73 | Parameter | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Mode | jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Padding | jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | Source | jca/SymmetricModesTest.java:104:45:104:57 | Parameter | +| jca/SymmetricModesTest.java:109:47:109:52 | Nonce | Source | jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Algorithm | jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Input | jca/SymmetricModesTest.java:110:44:110:52 | Message | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Key | jca/SymmetricModesTest.java:109:42:109:44 | Key | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Nonce | jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | Output | jca/SymmetricModesTest.java:110:29:110:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:110:44:110:52 | Message | Source | jca/SymmetricModesTest.java:104:60:104:75 | Parameter | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | Algorithm | jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | Output | jca/SymmetricModesTest.java:129:16:129:31 | Key | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Algorithm | jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | Output | jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Mode | jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Padding | jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | Source | jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | Source | jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Algorithm | jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Input | jca/UniversalFlowTest.java:34:47:34:73 | Message | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Key | jca/UniversalFlowTest.java:33:42:33:44 | Key | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Nonce | jca/UniversalFlowTest.java:33:47:33:53 | Nonce | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | Output | jca/UniversalFlowTest.java:34:32:34:74 | KeyOperationOutput | +| jca/UniversalFlowTest.java:34:47:34:73 | Message | Source | jca/UniversalFlowTest.java:34:47:34:62 | Constant | diff --git a/java/ql/test/experimental/library-tests/quantum/node_properties.expected b/java/ql/test/experimental/library-tests/quantum/node_properties.expected index 620760455bc7..ea071871fd94 100644 --- a/java/ql/test/experimental/library-tests/quantum/node_properties.expected +++ b/java/ql/test/experimental/library-tests/quantum/node_properties.expected @@ -1,476 +1,476 @@ -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:71:17:71:19 | jca/AesWrapAndPBEWith.java:71:17:71:19 | -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:68:17:68:19 | jca/AesWrapAndPBEWith.java:68:17:68:19 | -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:67:52:67:56 | jca/AesWrapAndPBEWith.java:67:52:67:56 | -| jca/AesWrapAndPBEWith.java:68:17:68:19 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:68:17:68:19 | jca/AesWrapAndPBEWith.java:68:17:68:19 | -| jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:69:33:69:48 | jca/AesWrapAndPBEWith.java:69:33:69:48 | -| jca/AesWrapAndPBEWith.java:71:17:71:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:71:17:71:19 | jca/AesWrapAndPBEWith.java:71:17:71:19 | -| jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:72:31:72:46 | jca/AesWrapAndPBEWith.java:72:31:72:46 | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:74:44:74:52 | jca/AesWrapAndPBEWith.java:74:44:74:52 | -| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:75:39:75:49 | jca/AesWrapAndPBEWith.java:75:39:75:49 | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:76:29:76:50 | jca/AesWrapAndPBEWith.java:76:29:76:50 | -| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:94:17:94:19 | jca/AesWrapAndPBEWith.java:94:17:94:19 | -| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | -| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | -| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:93:52:93:56 | jca/AesWrapAndPBEWith.java:93:52:93:56 | -| jca/AesWrapAndPBEWith.java:94:17:94:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:94:17:94:19 | jca/AesWrapAndPBEWith.java:94:17:94:19 | -| jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:95:31:95:46 | jca/AesWrapAndPBEWith.java:95:31:95:46 | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:97:44:97:52 | jca/AesWrapAndPBEWith.java:97:44:97:52 | -| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:98:39:98:49 | jca/AesWrapAndPBEWith.java:98:39:98:49 | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:99:29:99:50 | jca/AesWrapAndPBEWith.java:99:29:99:50 | -| jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | Description | 0x00 | jca/AesWrapAndPBEWith.java:117:34:117:37 | jca/AesWrapAndPBEWith.java:117:34:117:37 | -| jca/AesWrapAndPBEWith.java:118:72:118:75 | Constant | Description | 1000 | jca/AesWrapAndPBEWith.java:118:72:118:75 | jca/AesWrapAndPBEWith.java:118:72:118:75 | -| jca/AesWrapAndPBEWith.java:118:78:118:79 | Constant | Description | 64 | jca/AesWrapAndPBEWith.java:118:78:118:79 | jca/AesWrapAndPBEWith.java:118:78:118:79 | -| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | Name | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:119:65:119:82 | jca/AesWrapAndPBEWith.java:119:65:119:82 | -| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | RawName | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:119:65:119:82 | jca/AesWrapAndPBEWith.java:119:65:119:82 | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:120:27:120:54 | jca/AesWrapAndPBEWith.java:120:27:120:54 | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:118:72:118:75 | jca/AesWrapAndPBEWith.java:118:72:118:75 | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:118:78:118:79 | jca/AesWrapAndPBEWith.java:118:78:118:79 | -| jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:133:9:133:42 | jca/AesWrapAndPBEWith.java:133:9:133:42 | -| jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:133:38:133:41 | jca/AesWrapAndPBEWith.java:133:38:133:41 | -| jca/AesWrapAndPBEWith.java:134:72:134:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:134:72:134:76 | jca/AesWrapAndPBEWith.java:134:72:134:76 | -| jca/AesWrapAndPBEWith.java:134:79:134:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:134:79:134:81 | jca/AesWrapAndPBEWith.java:134:79:134:81 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | Name | HMAC | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | DigestSize | 256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | Name | SHA2 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:135:65:135:86 | jca/AesWrapAndPBEWith.java:135:65:135:86 | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:136:27:136:54 | jca/AesWrapAndPBEWith.java:136:27:136:54 | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:134:72:134:76 | jca/AesWrapAndPBEWith.java:134:72:134:76 | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:134:79:134:81 | jca/AesWrapAndPBEWith.java:134:79:134:81 | -| jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:151:9:151:42 | jca/AesWrapAndPBEWith.java:151:9:151:42 | -| jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:151:38:151:41 | jca/AesWrapAndPBEWith.java:151:38:151:41 | -| jca/AesWrapAndPBEWith.java:152:72:152:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:152:72:152:76 | jca/AesWrapAndPBEWith.java:152:72:152:76 | -| jca/AesWrapAndPBEWith.java:152:79:152:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:152:79:152:81 | jca/AesWrapAndPBEWith.java:152:79:152:81 | -| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | Name | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:153:65:153:98 | jca/AesWrapAndPBEWith.java:153:65:153:98 | -| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | RawName | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:153:65:153:98 | jca/AesWrapAndPBEWith.java:153:65:153:98 | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:154:28:154:55 | jca/AesWrapAndPBEWith.java:154:28:154:55 | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:152:72:152:76 | jca/AesWrapAndPBEWith.java:152:72:152:76 | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:152:79:152:81 | jca/AesWrapAndPBEWith.java:152:79:152:81 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:157:44:157:65 | jca/AesWrapAndPBEWith.java:157:44:157:65 | -| jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:159:9:159:40 | jca/AesWrapAndPBEWith.java:159:9:159:40 | -| jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:159:38:159:39 | jca/AesWrapAndPBEWith.java:159:38:159:39 | -| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:161:42:161:47 | jca/AesWrapAndPBEWith.java:161:42:161:47 | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:162:29:162:64 | jca/AesWrapAndPBEWith.java:162:29:162:64 | -| jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:179:9:179:42 | jca/AesWrapAndPBEWith.java:179:9:179:42 | -| jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:179:38:179:41 | jca/AesWrapAndPBEWith.java:179:38:179:41 | -| jca/AesWrapAndPBEWith.java:180:72:180:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:180:72:180:76 | jca/AesWrapAndPBEWith.java:180:72:180:76 | -| jca/AesWrapAndPBEWith.java:180:79:180:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:180:79:180:81 | jca/AesWrapAndPBEWith.java:180:79:180:81 | -| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | Name | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:181:65:181:96 | jca/AesWrapAndPBEWith.java:181:65:181:96 | -| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | RawName | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:181:65:181:96 | jca/AesWrapAndPBEWith.java:181:65:181:96 | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:182:28:182:55 | jca/AesWrapAndPBEWith.java:182:28:182:55 | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:180:72:180:76 | jca/AesWrapAndPBEWith.java:180:72:180:76 | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:180:79:180:81 | jca/AesWrapAndPBEWith.java:180:79:180:81 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:185:44:185:65 | jca/AesWrapAndPBEWith.java:185:44:185:65 | -| jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:187:9:187:40 | jca/AesWrapAndPBEWith.java:187:9:187:40 | -| jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:187:38:187:39 | jca/AesWrapAndPBEWith.java:187:38:187:39 | -| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:189:42:189:47 | jca/AesWrapAndPBEWith.java:189:42:189:47 | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:190:29:190:64 | jca/AesWrapAndPBEWith.java:190:29:190:64 | -| jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:214:55:214:69 | jca/AesWrapAndPBEWith.java:214:55:214:69 | -| jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:214:72:214:87 | jca/AesWrapAndPBEWith.java:214:72:214:87 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | RawName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:62:17:62:19 | jca/AesWrapAndPBEWith.java:62:17:62:19 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:59:17:59:19 | jca/AesWrapAndPBEWith.java:59:17:59:19 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:58:52:58:56 | jca/AesWrapAndPBEWith.java:58:52:58:56 | +| jca/AesWrapAndPBEWith.java:59:17:59:19 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:59:17:59:19 | jca/AesWrapAndPBEWith.java:59:17:59:19 | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:60:33:60:48 | jca/AesWrapAndPBEWith.java:60:33:60:48 | +| jca/AesWrapAndPBEWith.java:62:17:62:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:62:17:62:19 | jca/AesWrapAndPBEWith.java:62:17:62:19 | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:63:31:63:46 | jca/AesWrapAndPBEWith.java:63:31:63:46 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:65:44:65:52 | jca/AesWrapAndPBEWith.java:65:44:65:52 | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:66:39:66:49 | jca/AesWrapAndPBEWith.java:66:39:66:49 | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:67:29:67:50 | jca/AesWrapAndPBEWith.java:67:29:67:50 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:84:17:84:19 | jca/AesWrapAndPBEWith.java:84:17:84:19 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | RawName | AES | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:83:52:83:56 | jca/AesWrapAndPBEWith.java:83:52:83:56 | +| jca/AesWrapAndPBEWith.java:84:17:84:19 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:84:17:84:19 | jca/AesWrapAndPBEWith.java:84:17:84:19 | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:85:31:85:46 | jca/AesWrapAndPBEWith.java:85:31:85:46 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | RawName | AESWrap | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:87:44:87:52 | jca/AesWrapAndPBEWith.java:87:44:87:52 | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:88:39:88:49 | jca/AesWrapAndPBEWith.java:88:39:88:49 | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/AesWrapAndPBEWith.java:89:29:89:50 | jca/AesWrapAndPBEWith.java:89:29:89:50 | +| jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | Description | 0x00 | jca/AesWrapAndPBEWith.java:106:34:106:37 | jca/AesWrapAndPBEWith.java:106:34:106:37 | +| jca/AesWrapAndPBEWith.java:107:72:107:75 | Constant | Description | 1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | +| jca/AesWrapAndPBEWith.java:107:78:107:79 | Constant | Description | 64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | Name | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:108:65:108:82 | jca/AesWrapAndPBEWith.java:108:65:108:82 | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | RawName | PBEWithMD5AndDES | jca/AesWrapAndPBEWith.java:108:65:108:82 | jca/AesWrapAndPBEWith.java:108:65:108:82 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:109:27:109:54 | jca/AesWrapAndPBEWith.java:109:27:109:54 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | Iterations | Constant:1000 | jca/AesWrapAndPBEWith.java:107:72:107:75 | jca/AesWrapAndPBEWith.java:107:72:107:75 | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | KeySize | Constant:64 | jca/AesWrapAndPBEWith.java:107:78:107:79 | jca/AesWrapAndPBEWith.java:107:78:107:79 | +| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:122:9:122:42 | jca/AesWrapAndPBEWith.java:122:9:122:42 | +| jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:122:38:122:41 | jca/AesWrapAndPBEWith.java:122:38:122:41 | +| jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | +| jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | Description | 256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | Name | HMAC | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | DigestSize | 256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | Name | SHA2 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/AesWrapAndPBEWith.java:124:65:124:86 | jca/AesWrapAndPBEWith.java:124:65:124:86 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:125:27:125:54 | jca/AesWrapAndPBEWith.java:125:27:125:54 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:123:72:123:76 | jca/AesWrapAndPBEWith.java:123:72:123:76 | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | KeySize | Constant:256 | jca/AesWrapAndPBEWith.java:123:79:123:81 | jca/AesWrapAndPBEWith.java:123:79:123:81 | +| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:140:9:140:42 | jca/AesWrapAndPBEWith.java:140:9:140:42 | +| jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:140:38:140:41 | jca/AesWrapAndPBEWith.java:140:38:140:41 | +| jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | +| jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | Name | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:142:65:142:98 | jca/AesWrapAndPBEWith.java:142:65:142:98 | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | RawName | PBEWithSHA256And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:142:65:142:98 | jca/AesWrapAndPBEWith.java:142:65:142:98 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:143:28:143:55 | jca/AesWrapAndPBEWith.java:143:28:143:55 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:141:72:141:76 | jca/AesWrapAndPBEWith.java:141:72:141:76 | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:141:79:141:81 | jca/AesWrapAndPBEWith.java:141:79:141:81 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:146:44:146:65 | jca/AesWrapAndPBEWith.java:146:44:146:65 | +| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:148:9:148:40 | jca/AesWrapAndPBEWith.java:148:9:148:40 | +| jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:148:38:148:39 | jca/AesWrapAndPBEWith.java:148:38:148:39 | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:150:42:150:47 | jca/AesWrapAndPBEWith.java:150:42:150:47 | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:151:29:151:64 | jca/AesWrapAndPBEWith.java:151:29:151:64 | +| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:167:9:167:42 | jca/AesWrapAndPBEWith.java:167:9:167:42 | +| jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:167:38:167:41 | jca/AesWrapAndPBEWith.java:167:38:167:41 | +| jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | Description | 10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | +| jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | Description | 128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | Name | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:169:65:169:96 | jca/AesWrapAndPBEWith.java:169:65:169:96 | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | RawName | PBEWithSHA1And128BitAES-CBC-BC | jca/AesWrapAndPBEWith.java:169:65:169:96 | jca/AesWrapAndPBEWith.java:169:65:169:96 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | KeyType | Symmetric | jca/AesWrapAndPBEWith.java:170:28:170:55 | jca/AesWrapAndPBEWith.java:170:28:170:55 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | Iterations | Constant:10000 | jca/AesWrapAndPBEWith.java:168:72:168:76 | jca/AesWrapAndPBEWith.java:168:72:168:76 | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | KeySize | Constant:128 | jca/AesWrapAndPBEWith.java:168:79:168:81 | jca/AesWrapAndPBEWith.java:168:79:168:81 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Name | AES | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | Structure | Block | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | Name | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | RawName | CBC | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | Name | PKCS7 | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/AesWrapAndPBEWith.java:173:44:173:65 | jca/AesWrapAndPBEWith.java:173:44:173:65 | +| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | Description | nextBytes | jca/AesWrapAndPBEWith.java:175:9:175:40 | jca/AesWrapAndPBEWith.java:175:9:175:40 | +| jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AesWrapAndPBEWith.java:175:38:175:39 | jca/AesWrapAndPBEWith.java:175:38:175:39 | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | KeyType | Unknown | jca/AesWrapAndPBEWith.java:177:42:177:47 | jca/AesWrapAndPBEWith.java:177:42:177:47 | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AesWrapAndPBEWith.java:178:29:178:64 | jca/AesWrapAndPBEWith.java:178:29:178:64 | +| jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | Description | password | jca/AesWrapAndPBEWith.java:200:55:200:69 | jca/AesWrapAndPBEWith.java:200:55:200:69 | +| jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | Description | plaintext | jca/AesWrapAndPBEWith.java:200:72:200:87 | jca/AesWrapAndPBEWith.java:200:72:200:87 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | KeySize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | Name | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | ParsedName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | RawName | secp256r1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | Name | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | Constant | Description | 255 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | Name | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | Constant | Description | 255 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | RawName | SHA-256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | Constant | Description | 2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | Constant | Description | 1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | Name | OAEP | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | RawName | RSA/ECB/PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | RawName | PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | RawName | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | Constant | Description | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | KeyType | Symmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:24:44:24:62 | jca/ChainedEncryptionTest.java:24:44:24:62 | -| jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:26:9:26:40 | jca/ChainedEncryptionTest.java:26:9:26:40 | -| jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:26:38:26:39 | jca/ChainedEncryptionTest.java:26:38:26:39 | -| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:28:42:28:44 | jca/ChainedEncryptionTest.java:28:42:28:44 | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:29:29:29:53 | jca/ChainedEncryptionTest.java:29:29:29:53 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:37:44:37:62 | jca/ChainedEncryptionTest.java:37:44:37:62 | -| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:39:42:39:44 | jca/ChainedEncryptionTest.java:39:42:39:44 | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:40:16:40:41 | jca/ChainedEncryptionTest.java:40:16:40:41 | -| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:45:44:45:62 | jca/ChainedEncryptionTest.java:45:44:45:62 | -| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:45:44:45:62 | jca/ChainedEncryptionTest.java:45:44:45:62 | -| jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:47:9:47:43 | jca/ChainedEncryptionTest.java:47:9:47:43 | -| jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:47:38:47:42 | jca/ChainedEncryptionTest.java:47:38:47:42 | -| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:48:42:48:44 | jca/ChainedEncryptionTest.java:48:42:48:44 | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:49:29:49:53 | jca/ChainedEncryptionTest.java:49:29:49:53 | -| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:57:44:57:62 | jca/ChainedEncryptionTest.java:57:44:57:62 | -| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:57:44:57:62 | jca/ChainedEncryptionTest.java:57:44:57:62 | -| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:58:42:58:44 | jca/ChainedEncryptionTest.java:58:42:58:44 | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:59:16:59:41 | jca/ChainedEncryptionTest.java:59:16:59:41 | -| jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | Description | plaintext | jca/ChainedEncryptionTest.java:80:46:80:61 | jca/ChainedEncryptionTest.java:80:46:80:61 | -| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:85:21:85:23 | jca/ChainedEncryptionTest.java:85:21:85:23 | -| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | -| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | -| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:84:56:84:60 | jca/ChainedEncryptionTest.java:84:56:84:60 | -| jca/ChainedEncryptionTest.java:85:21:85:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:85:21:85:23 | jca/ChainedEncryptionTest.java:85:21:85:23 | -| jca/ChainedEncryptionTest.java:86:30:86:49 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:86:30:86:49 | jca/ChainedEncryptionTest.java:86:30:86:49 | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:89:24:89:26 | jca/ChainedEncryptionTest.java:89:24:89:26 | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:88:59:88:68 | jca/ChainedEncryptionTest.java:88:59:88:68 | -| jca/ChainedEncryptionTest.java:89:24:89:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:89:24:89:26 | jca/ChainedEncryptionTest.java:89:24:89:26 | -| jca/ChainedEncryptionTest.java:90:30:90:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:90:30:90:52 | jca/ChainedEncryptionTest.java:90:30:90:52 | -| jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:94:9:94:43 | jca/ChainedEncryptionTest.java:94:9:94:43 | -| jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:94:38:94:42 | jca/ChainedEncryptionTest.java:94:38:94:42 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:95:47:95:65 | jca/ChainedEncryptionTest.java:95:47:95:65 | -| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:97:45:97:52 | jca/ChainedEncryptionTest.java:97:45:97:52 | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:98:34:98:62 | jca/ChainedEncryptionTest.java:98:34:98:62 | -| jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:102:9:102:49 | jca/ChainedEncryptionTest.java:102:9:102:49 | -| jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:102:38:102:48 | jca/ChainedEncryptionTest.java:102:38:102:48 | -| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:103:50:103:68 | jca/ChainedEncryptionTest.java:103:50:103:68 | -| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:103:50:103:68 | jca/ChainedEncryptionTest.java:103:50:103:68 | -| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:104:48:104:55 | jca/ChainedEncryptionTest.java:104:48:104:55 | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:105:34:105:70 | jca/ChainedEncryptionTest.java:105:34:105:70 | -| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:108:47:108:65 | jca/ChainedEncryptionTest.java:108:47:108:65 | -| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:108:47:108:65 | jca/ChainedEncryptionTest.java:108:47:108:65 | -| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:109:45:109:52 | jca/ChainedEncryptionTest.java:109:45:109:52 | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:110:43:110:76 | jca/ChainedEncryptionTest.java:110:43:110:76 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:113:44:113:62 | jca/ChainedEncryptionTest.java:113:44:113:62 | -| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:114:42:114:49 | jca/ChainedEncryptionTest.java:114:42:114:49 | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:115:37:115:76 | jca/ChainedEncryptionTest.java:115:37:115:76 | -| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:123:21:123:23 | jca/ChainedEncryptionTest.java:123:21:123:23 | -| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | -| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | -| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:122:56:122:60 | jca/ChainedEncryptionTest.java:122:56:122:60 | -| jca/ChainedEncryptionTest.java:123:21:123:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:123:21:123:23 | jca/ChainedEncryptionTest.java:123:21:123:23 | -| jca/ChainedEncryptionTest.java:124:28:124:47 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:124:28:124:47 | jca/ChainedEncryptionTest.java:124:28:124:47 | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:128:24:128:26 | jca/ChainedEncryptionTest.java:128:24:128:26 | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:127:59:127:68 | jca/ChainedEncryptionTest.java:127:59:127:68 | -| jca/ChainedEncryptionTest.java:128:24:128:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:128:24:128:26 | jca/ChainedEncryptionTest.java:128:24:128:26 | -| jca/ChainedEncryptionTest.java:129:31:129:53 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:129:31:129:53 | jca/ChainedEncryptionTest.java:129:31:129:53 | -| jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | Description | "This is a secret message." | jca/ChainedEncryptionTest.java:131:31:131:57 | jca/ChainedEncryptionTest.java:131:31:131:57 | -| jca/Digest.java:55:58:55:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | -| jca/Digest.java:55:58:55:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | -| jca/Digest.java:55:58:55:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:55:58:55:66 | jca/Digest.java:55:58:55:66 | -| jca/Digest.java:56:37:56:54 | Constant | Description | "Simple Test Data" | jca/Digest.java:56:37:56:54 | jca/Digest.java:56:37:56:54 | -| jca/Digest.java:65:61:65:65 | HashAlgorithm | DigestSize | 128 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | -| jca/Digest.java:65:61:65:65 | HashAlgorithm | Name | MD5 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | -| jca/Digest.java:65:61:65:65 | HashAlgorithm | RawName | MD5 | jca/Digest.java:65:61:65:65 | jca/Digest.java:65:61:65:65 | -| jca/Digest.java:66:40:66:58 | Constant | Description | "Weak Hash Example" | jca/Digest.java:66:40:66:58 | jca/Digest.java:66:40:66:58 | -| jca/Digest.java:74:49:74:63 | Parameter | Description | password | jca/Digest.java:74:49:74:63 | jca/Digest.java:74:49:74:63 | -| jca/Digest.java:75:64:75:72 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | -| jca/Digest.java:75:64:75:72 | HashAlgorithm | Name | SHA2 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | -| jca/Digest.java:75:64:75:72 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:75:64:75:72 | jca/Digest.java:75:64:75:72 | -| jca/Digest.java:84:37:84:51 | Parameter | Description | password | jca/Digest.java:84:37:84:51 | jca/Digest.java:84:37:84:51 | -| jca/Digest.java:86:58:86:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | -| jca/Digest.java:86:58:86:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | -| jca/Digest.java:86:58:86:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:86:58:86:66 | jca/Digest.java:86:58:86:66 | -| jca/Digest.java:96:37:96:51 | Parameter | Description | password | jca/Digest.java:96:37:96:51 | jca/Digest.java:96:37:96:51 | -| jca/Digest.java:98:72:98:76 | Constant | Description | 10000 | jca/Digest.java:98:72:98:76 | jca/Digest.java:98:72:98:76 | -| jca/Digest.java:98:79:98:81 | Constant | Description | 256 | jca/Digest.java:98:79:98:81 | jca/Digest.java:98:79:98:81 | -| jca/Digest.java:99:65:99:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:99:65:99:86 | jca/Digest.java:99:65:99:86 | -| jca/Digest.java:100:23:100:50 | Key | KeyType | Symmetric | jca/Digest.java:100:23:100:50 | jca/Digest.java:100:23:100:50 | -| jca/Digest.java:100:23:100:50 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:98:72:98:76 | jca/Digest.java:98:72:98:76 | -| jca/Digest.java:100:23:100:50 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:98:79:98:81 | jca/Digest.java:98:79:98:81 | -| jca/Digest.java:108:40:108:51 | Parameter | Description | input | jca/Digest.java:108:40:108:51 | jca/Digest.java:108:40:108:51 | -| jca/Digest.java:109:62:109:68 | HashAlgorithm | DigestSize | 160 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | -| jca/Digest.java:109:62:109:68 | HashAlgorithm | Name | SHA1 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | -| jca/Digest.java:109:62:109:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:109:62:109:68 | jca/Digest.java:109:62:109:68 | -| jca/Digest.java:118:35:118:46 | Parameter | Description | input | jca/Digest.java:118:35:118:46 | jca/Digest.java:118:35:118:46 | -| jca/Digest.java:118:49:118:58 | Parameter | Description | key | jca/Digest.java:118:49:118:58 | jca/Digest.java:118:49:118:58 | -| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:119:36:119:47 | jca/Digest.java:119:36:119:47 | -| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:119:36:119:47 | jca/Digest.java:119:36:119:47 | -| jca/Digest.java:121:19:121:27 | Key | KeyType | Unknown | jca/Digest.java:121:19:121:27 | jca/Digest.java:121:19:121:27 | -| jca/Digest.java:122:23:122:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:122:23:122:52 | jca/Digest.java:122:23:122:52 | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | ModeOfOperation | Name | GCM | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:141:44:141:62 | jca/Digest.java:141:44:141:62 | -| jca/Digest.java:142:42:142:44 | Key | KeyType | Unknown | jca/Digest.java:142:42:142:44 | jca/Digest.java:142:42:142:44 | -| jca/Digest.java:143:32:143:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:143:32:143:74 | jca/Digest.java:143:32:143:74 | -| jca/Digest.java:143:47:143:62 | Constant | Description | "Sensitive Data" | jca/Digest.java:143:47:143:62 | jca/Digest.java:143:47:143:62 | -| jca/Digest.java:156:39:156:51 | Parameter | Description | digest | jca/Digest.java:156:39:156:51 | jca/Digest.java:156:39:156:51 | -| jca/Digest.java:172:50:172:62 | Parameter | Description | digest | jca/Digest.java:172:50:172:62 | jca/Digest.java:172:50:172:62 | -| jca/Digest.java:177:80:177:84 | Constant | Description | 10000 | jca/Digest.java:177:80:177:84 | jca/Digest.java:177:80:177:84 | -| jca/Digest.java:177:87:177:89 | Constant | Description | 256 | jca/Digest.java:177:87:177:89 | jca/Digest.java:177:87:177:89 | -| jca/Digest.java:178:65:178:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:178:65:178:86 | jca/Digest.java:178:65:178:86 | -| jca/Digest.java:179:30:179:57 | Key | KeyType | Symmetric | jca/Digest.java:179:30:179:57 | jca/Digest.java:179:30:179:57 | -| jca/Digest.java:179:30:179:57 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:177:80:177:84 | jca/Digest.java:177:80:177:84 | -| jca/Digest.java:179:30:179:57 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:177:87:177:89 | jca/Digest.java:177:87:177:89 | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | ModeOfOperation | Name | GCM | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:187:44:187:62 | jca/Digest.java:187:44:187:62 | -| jca/Digest.java:188:42:188:54 | Key | KeyType | Unknown | jca/Digest.java:188:42:188:54 | jca/Digest.java:188:42:188:54 | -| jca/Digest.java:189:29:189:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:189:29:189:78 | jca/Digest.java:189:29:189:78 | -| jca/Digest.java:189:44:189:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:189:44:189:66 | jca/Digest.java:189:44:189:66 | -| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:192:35:192:46 | jca/Digest.java:192:35:192:46 | -| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:192:35:192:46 | jca/Digest.java:192:35:192:46 | -| jca/Digest.java:193:18:193:23 | Key | KeyType | Unknown | jca/Digest.java:193:18:193:23 | jca/Digest.java:193:18:193:23 | -| jca/Digest.java:194:30:194:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:194:30:194:52 | jca/Digest.java:194:30:194:52 | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | ModeOfOperation | Name | GCM | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:211:44:211:62 | jca/Digest.java:211:44:211:62 | -| jca/Digest.java:213:42:213:44 | Key | KeyType | Unknown | jca/Digest.java:213:42:213:44 | jca/Digest.java:213:42:213:44 | -| jca/Digest.java:214:32:214:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:214:32:214:51 | jca/Digest.java:214:32:214:51 | -| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Digest.java:241:21:241:23 | jca/Digest.java:241:21:241:23 | -| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | -| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | RawName | AES | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | -| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:240:56:240:60 | jca/Digest.java:240:56:240:60 | -| jca/Digest.java:241:21:241:23 | Constant | Description | 256 | jca/Digest.java:241:21:241:23 | jca/Digest.java:241:21:241:23 | -| jca/Digest.java:242:16:242:35 | Key | KeyType | Symmetric | jca/Digest.java:242:16:242:35 | jca/Digest.java:242:16:242:35 | -| jca/Digest.java:254:9:254:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:254:9:254:42 | jca/Digest.java:254:9:254:42 | -| jca/Digest.java:254:38:254:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:254:38:254:41 | jca/Digest.java:254:38:254:41 | -| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | -| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | -| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | -| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:47:66:47:76 | jca/EllipticCurve1.java:47:66:47:76 | -| jca/EllipticCurve1.java:48:16:48:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:48:16:48:36 | jca/EllipticCurve1.java:48:16:48:36 | -| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | -| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | -| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | -| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:57:66:57:76 | jca/EllipticCurve1.java:57:66:57:76 | -| jca/EllipticCurve1.java:58:16:58:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:58:16:58:36 | jca/EllipticCurve1.java:58:16:58:36 | -| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | -| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | -| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | -| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve1.java:67:66:67:82 | jca/EllipticCurve1.java:67:66:67:82 | -| jca/EllipticCurve1.java:68:16:68:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:68:16:68:36 | jca/EllipticCurve1.java:68:16:68:36 | -| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve1.java:75:61:75:68 | jca/EllipticCurve1.java:75:61:75:68 | -| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve1.java:75:61:75:68 | jca/EllipticCurve1.java:75:61:75:68 | -| jca/EllipticCurve1.java:77:16:77:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:77:16:77:36 | jca/EllipticCurve1.java:77:16:77:36 | -| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:84:61:84:66 | jca/EllipticCurve1.java:84:61:84:66 | -| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:84:61:84:66 | jca/EllipticCurve1.java:84:61:84:66 | -| jca/EllipticCurve1.java:85:16:85:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:85:16:85:36 | jca/EllipticCurve1.java:85:16:85:36 | -| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | -| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | -| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | -| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | RawName | sect163r2 | jca/EllipticCurve1.java:95:66:95:76 | jca/EllipticCurve1.java:95:66:95:76 | -| jca/EllipticCurve1.java:96:16:96:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:96:16:96:36 | jca/EllipticCurve1.java:96:16:96:36 | -| jca/EllipticCurve1.java:106:66:106:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:106:66:106:76 | jca/EllipticCurve1.java:106:66:106:76 | -| jca/EllipticCurve1.java:107:16:107:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:107:16:107:36 | jca/EllipticCurve1.java:107:16:107:36 | -| jca/EllipticCurve1.java:115:61:115:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:115:61:115:69 | jca/EllipticCurve1.java:115:61:115:69 | -| jca/EllipticCurve1.java:116:16:116:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:116:16:116:36 | jca/EllipticCurve1.java:116:16:116:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | RawName | SHA-256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | Constant | Description | 2048 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | RawName | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | Constant | Description | 1024 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | KeyType | Asymmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | DigestSize | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | Name | SHA2 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | Name | OAEP | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | Name | RSA | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | RawName | RSA/ECB/PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | Name | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | RawName | ECB | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | RawName | PKCS1Padding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | KeyOperationSubtype | Wrap | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | Name | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | Name | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | RawName | GCM | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | Name | UnknownPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | RawName | NoPadding | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | Description | plaintext | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | Name | HMAC | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | KeyType | Unknown | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | KeyOperationSubtype | Mac | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | Name | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | RawName | AES | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | Structure | Block | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | Constant | Description | 256 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | KeyType | Symmetric | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:19:44:19:62 | jca/ChainedEncryptionTest.java:19:44:19:62 | +| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:21:9:21:40 | jca/ChainedEncryptionTest.java:21:9:21:40 | +| jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:21:38:21:39 | jca/ChainedEncryptionTest.java:21:38:21:39 | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:23:42:23:44 | jca/ChainedEncryptionTest.java:23:42:23:44 | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:24:29:24:53 | jca/ChainedEncryptionTest.java:24:29:24:53 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:32:44:32:62 | jca/ChainedEncryptionTest.java:32:44:32:62 | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:34:42:34:44 | jca/ChainedEncryptionTest.java:34:42:34:44 | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:35:16:35:41 | jca/ChainedEncryptionTest.java:35:16:35:41 | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:40:44:40:62 | jca/ChainedEncryptionTest.java:40:44:40:62 | +| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:42:9:42:43 | jca/ChainedEncryptionTest.java:42:9:42:43 | +| jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:42:38:42:42 | jca/ChainedEncryptionTest.java:42:38:42:42 | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:43:42:43:44 | jca/ChainedEncryptionTest.java:43:42:43:44 | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:44:29:44:53 | jca/ChainedEncryptionTest.java:44:29:44:53 | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:52:44:52:62 | jca/ChainedEncryptionTest.java:52:44:52:62 | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:52:44:52:62 | jca/ChainedEncryptionTest.java:52:44:52:62 | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:53:42:53:44 | jca/ChainedEncryptionTest.java:53:42:53:44 | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:54:16:54:41 | jca/ChainedEncryptionTest.java:54:16:54:41 | +| jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | Description | plaintext | jca/ChainedEncryptionTest.java:75:46:75:61 | jca/ChainedEncryptionTest.java:75:46:75:61 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:80:21:80:23 | jca/ChainedEncryptionTest.java:80:21:80:23 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:79:56:79:60 | jca/ChainedEncryptionTest.java:79:56:79:60 | +| jca/ChainedEncryptionTest.java:80:21:80:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:80:21:80:23 | jca/ChainedEncryptionTest.java:80:21:80:23 | +| jca/ChainedEncryptionTest.java:81:30:81:49 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:81:30:81:49 | jca/ChainedEncryptionTest.java:81:30:81:49 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:83:59:83:68 | jca/ChainedEncryptionTest.java:83:59:83:68 | +| jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:84:24:84:26 | jca/ChainedEncryptionTest.java:84:24:84:26 | +| jca/ChainedEncryptionTest.java:85:30:85:52 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:85:30:85:52 | jca/ChainedEncryptionTest.java:85:30:85:52 | +| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:89:9:89:43 | jca/ChainedEncryptionTest.java:89:9:89:43 | +| jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:89:38:89:42 | jca/ChainedEncryptionTest.java:89:38:89:42 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:90:47:90:65 | jca/ChainedEncryptionTest.java:90:47:90:65 | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:92:45:92:52 | jca/ChainedEncryptionTest.java:92:45:92:52 | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:93:34:93:62 | jca/ChainedEncryptionTest.java:93:34:93:62 | +| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | Description | nextBytes | jca/ChainedEncryptionTest.java:97:9:97:49 | jca/ChainedEncryptionTest.java:97:9:97:49 | +| jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/ChainedEncryptionTest.java:97:38:97:48 | jca/ChainedEncryptionTest.java:97:38:97:48 | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:98:50:98:68 | jca/ChainedEncryptionTest.java:98:50:98:68 | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:99:48:99:55 | jca/ChainedEncryptionTest.java:99:48:99:55 | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/ChainedEncryptionTest.java:100:34:100:70 | jca/ChainedEncryptionTest.java:100:34:100:70 | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | Name | Unknown | jca/ChainedEncryptionTest.java:103:47:103:65 | jca/ChainedEncryptionTest.java:103:47:103:65 | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/ChainedEncryptionTest.java:103:47:103:65 | jca/ChainedEncryptionTest.java:103:47:103:65 | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:104:45:104:52 | jca/ChainedEncryptionTest.java:104:45:104:52 | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:105:43:105:76 | jca/ChainedEncryptionTest.java:105:43:105:76 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | Name | GCM | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/ChainedEncryptionTest.java:108:44:108:62 | jca/ChainedEncryptionTest.java:108:44:108:62 | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | KeyType | Unknown | jca/ChainedEncryptionTest.java:109:42:109:49 | jca/ChainedEncryptionTest.java:109:42:109:49 | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/ChainedEncryptionTest.java:110:37:110:76 | jca/ChainedEncryptionTest.java:110:37:110:76 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:118:21:118:23 | jca/ChainedEncryptionTest.java:118:21:118:23 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | Name | AES | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | RawName | AES | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | Structure | Block | jca/ChainedEncryptionTest.java:117:56:117:60 | jca/ChainedEncryptionTest.java:117:56:117:60 | +| jca/ChainedEncryptionTest.java:118:21:118:23 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:118:21:118:23 | jca/ChainedEncryptionTest.java:118:21:118:23 | +| jca/ChainedEncryptionTest.java:119:28:119:47 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:119:28:119:47 | jca/ChainedEncryptionTest.java:119:28:119:47 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | KeySize | 256 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/ChainedEncryptionTest.java:123:24:123:26 | jca/ChainedEncryptionTest.java:123:24:123:26 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | Name | ChaCha20 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | Structure | Stream | jca/ChainedEncryptionTest.java:122:59:122:68 | jca/ChainedEncryptionTest.java:122:59:122:68 | +| jca/ChainedEncryptionTest.java:123:24:123:26 | Constant | Description | 256 | jca/ChainedEncryptionTest.java:123:24:123:26 | jca/ChainedEncryptionTest.java:123:24:123:26 | +| jca/ChainedEncryptionTest.java:124:31:124:53 | Key | KeyType | Symmetric | jca/ChainedEncryptionTest.java:124:31:124:53 | jca/ChainedEncryptionTest.java:124:31:124:53 | +| jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | Description | "This is a secret message." | jca/ChainedEncryptionTest.java:126:31:126:57 | jca/ChainedEncryptionTest.java:126:31:126:57 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:54:58:54:66 | jca/Digest.java:54:58:54:66 | +| jca/Digest.java:55:37:55:54 | Constant | Description | "Simple Test Data" | jca/Digest.java:55:37:55:54 | jca/Digest.java:55:37:55:54 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | DigestSize | 128 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | Name | MD5 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | RawName | MD5 | jca/Digest.java:64:61:64:65 | jca/Digest.java:64:61:64:65 | +| jca/Digest.java:65:40:65:58 | Constant | Description | "Weak Hash Example" | jca/Digest.java:65:40:65:58 | jca/Digest.java:65:40:65:58 | +| jca/Digest.java:73:49:73:63 | Parameter | Description | password | jca/Digest.java:73:49:73:63 | jca/Digest.java:73:49:73:63 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | Name | SHA2 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:74:64:74:72 | jca/Digest.java:74:64:74:72 | +| jca/Digest.java:83:37:83:51 | Parameter | Description | password | jca/Digest.java:83:37:83:51 | jca/Digest.java:83:37:83:51 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | Name | SHA2 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | RawName | SHA-256 | jca/Digest.java:85:58:85:66 | jca/Digest.java:85:58:85:66 | +| jca/Digest.java:95:37:95:51 | Parameter | Description | password | jca/Digest.java:95:37:95:51 | jca/Digest.java:95:37:95:51 | +| jca/Digest.java:97:72:97:76 | Constant | Description | 10000 | jca/Digest.java:97:72:97:76 | jca/Digest.java:97:72:97:76 | +| jca/Digest.java:97:79:97:81 | Constant | Description | 256 | jca/Digest.java:97:79:97:81 | jca/Digest.java:97:79:97:81 | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:98:65:98:86 | jca/Digest.java:98:65:98:86 | +| jca/Digest.java:99:23:99:50 | Key | KeyType | Symmetric | jca/Digest.java:99:23:99:50 | jca/Digest.java:99:23:99:50 | +| jca/Digest.java:99:23:99:50 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:97:72:97:76 | jca/Digest.java:97:72:97:76 | +| jca/Digest.java:99:23:99:50 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:97:79:97:81 | jca/Digest.java:97:79:97:81 | +| jca/Digest.java:107:40:107:51 | Parameter | Description | input | jca/Digest.java:107:40:107:51 | jca/Digest.java:107:40:107:51 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | DigestSize | 160 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | Name | SHA1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | RawName | SHA-1 | jca/Digest.java:108:62:108:68 | jca/Digest.java:108:62:108:68 | +| jca/Digest.java:117:35:117:46 | Parameter | Description | input | jca/Digest.java:117:35:117:46 | jca/Digest.java:117:35:117:46 | +| jca/Digest.java:117:49:117:58 | Parameter | Description | key | jca/Digest.java:117:49:117:58 | jca/Digest.java:117:49:117:58 | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:118:36:118:47 | jca/Digest.java:118:36:118:47 | +| jca/Digest.java:120:19:120:27 | Key | KeyType | Unknown | jca/Digest.java:120:19:120:27 | jca/Digest.java:120:19:120:27 | +| jca/Digest.java:121:23:121:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:121:23:121:52 | jca/Digest.java:121:23:121:52 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | Name | GCM | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:140:44:140:62 | jca/Digest.java:140:44:140:62 | +| jca/Digest.java:141:42:141:44 | Key | KeyType | Unknown | jca/Digest.java:141:42:141:44 | jca/Digest.java:141:42:141:44 | +| jca/Digest.java:142:32:142:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:142:32:142:74 | jca/Digest.java:142:32:142:74 | +| jca/Digest.java:142:47:142:62 | Constant | Description | "Sensitive Data" | jca/Digest.java:142:47:142:62 | jca/Digest.java:142:47:142:62 | +| jca/Digest.java:155:39:155:51 | Parameter | Description | digest | jca/Digest.java:155:39:155:51 | jca/Digest.java:155:39:155:51 | +| jca/Digest.java:171:50:171:62 | Parameter | Description | digest | jca/Digest.java:171:50:171:62 | jca/Digest.java:171:50:171:62 | +| jca/Digest.java:176:80:176:84 | Constant | Description | 10000 | jca/Digest.java:176:80:176:84 | jca/Digest.java:176:80:176:84 | +| jca/Digest.java:176:87:176:89 | Constant | Description | 256 | jca/Digest.java:176:87:176:89 | jca/Digest.java:176:87:176:89 | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | Name | HMAC | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | DigestSize | 256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | Name | SHA2 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Digest.java:177:65:177:86 | jca/Digest.java:177:65:177:86 | +| jca/Digest.java:178:30:178:57 | Key | KeyType | Symmetric | jca/Digest.java:178:30:178:57 | jca/Digest.java:178:30:178:57 | +| jca/Digest.java:178:30:178:57 | KeyDerivation | Iterations | Constant:10000 | jca/Digest.java:176:80:176:84 | jca/Digest.java:176:80:176:84 | +| jca/Digest.java:178:30:178:57 | KeyDerivation | KeySize | Constant:256 | jca/Digest.java:176:87:176:89 | jca/Digest.java:176:87:176:89 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | Name | GCM | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:186:44:186:62 | jca/Digest.java:186:44:186:62 | +| jca/Digest.java:187:42:187:54 | Key | KeyType | Unknown | jca/Digest.java:187:42:187:54 | jca/Digest.java:187:42:187:54 | +| jca/Digest.java:188:29:188:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:188:29:188:78 | jca/Digest.java:188:29:188:78 | +| jca/Digest.java:188:44:188:66 | Constant | Description | "Further Use Test Data" | jca/Digest.java:188:44:188:66 | jca/Digest.java:188:44:188:66 | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | Name | HMAC | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Digest.java:191:35:191:46 | jca/Digest.java:191:35:191:46 | +| jca/Digest.java:192:18:192:23 | Key | KeyType | Unknown | jca/Digest.java:192:18:192:23 | jca/Digest.java:192:18:192:23 | +| jca/Digest.java:193:30:193:52 | MACOperation | KeyOperationSubtype | Mac | jca/Digest.java:193:30:193:52 | jca/Digest.java:193:30:193:52 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | Name | GCM | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | RawName | GCM | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | RawName | NoPadding | jca/Digest.java:210:44:210:62 | jca/Digest.java:210:44:210:62 | +| jca/Digest.java:212:42:212:44 | Key | KeyType | Unknown | jca/Digest.java:212:42:212:44 | jca/Digest.java:212:42:212:44 | +| jca/Digest.java:213:32:213:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Digest.java:213:32:213:51 | jca/Digest.java:213:32:213:51 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Name | AES | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | RawName | AES | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | Structure | Block | jca/Digest.java:239:56:239:60 | jca/Digest.java:239:56:239:60 | +| jca/Digest.java:240:21:240:23 | Constant | Description | 256 | jca/Digest.java:240:21:240:23 | jca/Digest.java:240:21:240:23 | +| jca/Digest.java:241:16:241:35 | Key | KeyType | Symmetric | jca/Digest.java:241:16:241:35 | jca/Digest.java:241:16:241:35 | +| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | Description | nextBytes | jca/Digest.java:253:9:253:42 | jca/Digest.java:253:9:253:42 | +| jca/Digest.java:253:38:253:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Digest.java:253:38:253:41 | jca/Digest.java:253:38:253:41 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve1.java:46:66:46:76 | jca/EllipticCurve1.java:46:66:46:76 | +| jca/EllipticCurve1.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:47:16:47:36 | jca/EllipticCurve1.java:47:16:47:36 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve1.java:56:66:56:76 | jca/EllipticCurve1.java:56:66:56:76 | +| jca/EllipticCurve1.java:57:16:57:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:57:16:57:36 | jca/EllipticCurve1.java:57:16:57:36 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | KeySize | 256 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve1.java:66:66:66:82 | jca/EllipticCurve1.java:66:66:66:82 | +| jca/EllipticCurve1.java:67:16:67:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:67:16:67:36 | jca/EllipticCurve1.java:67:16:67:36 | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve1.java:74:61:74:68 | jca/EllipticCurve1.java:74:61:74:68 | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve1.java:74:61:74:68 | jca/EllipticCurve1.java:74:61:74:68 | +| jca/EllipticCurve1.java:76:16:76:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:76:16:76:36 | jca/EllipticCurve1.java:76:16:76:36 | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | Name | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | RawName | X448 | jca/EllipticCurve1.java:83:61:83:66 | jca/EllipticCurve1.java:83:61:83:66 | +| jca/EllipticCurve1.java:84:16:84:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:84:16:84:36 | jca/EllipticCurve1.java:84:16:84:36 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | KeySize | 163 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | Name | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | ParsedName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | RawName | sect163r2 | jca/EllipticCurve1.java:94:66:94:76 | jca/EllipticCurve1.java:94:66:94:76 | +| jca/EllipticCurve1.java:95:16:95:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:95:16:95:36 | jca/EllipticCurve1.java:95:16:95:36 | +| jca/EllipticCurve1.java:105:66:105:76 | Constant | Description | "sm2p256v1" | jca/EllipticCurve1.java:105:66:105:76 | jca/EllipticCurve1.java:105:66:105:76 | +| jca/EllipticCurve1.java:106:16:106:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:106:16:106:36 | jca/EllipticCurve1.java:106:16:106:36 | +| jca/EllipticCurve1.java:114:61:114:69 | Constant | Description | "Ed25519" | jca/EllipticCurve1.java:114:61:114:69 | jca/EllipticCurve1.java:114:61:114:69 | +| jca/EllipticCurve1.java:115:16:115:36 | Key | KeyType | Asymmetric | jca/EllipticCurve1.java:115:16:115:36 | jca/EllipticCurve1.java:115:16:115:36 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:46:47:46:57 | jca/EllipticCurve2.java:46:47:46:57 | +| jca/EllipticCurve2.java:47:16:47:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:47:16:47:36 | jca/EllipticCurve2.java:47:16:47:36 | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | -| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | -| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | -| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256r1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | +| jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:55:47:55:57 | jca/EllipticCurve2.java:55:47:55:57 | | jca/EllipticCurve2.java:56:16:56:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:56:16:56:36 | jca/EllipticCurve2.java:56:16:56:36 | -| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | -| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | Name | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | -| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | ParsedName | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | -| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | RawName | secp256k1 | jca/EllipticCurve2.java:64:47:64:57 | jca/EllipticCurve2.java:64:47:64:57 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve2.java:64:47:64:63 | jca/EllipticCurve2.java:64:47:64:63 | | jca/EllipticCurve2.java:65:16:65:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:65:16:65:36 | jca/EllipticCurve2.java:65:16:65:36 | -| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | KeySize | 256 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | -| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | Name | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | -| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | ParsedName | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | -| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | RawName | brainpoolP256r1 | jca/EllipticCurve2.java:73:47:73:63 | jca/EllipticCurve2.java:73:47:73:63 | -| jca/EllipticCurve2.java:74:16:74:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:74:16:74:36 | jca/EllipticCurve2.java:74:16:74:36 | -| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:81:61:81:68 | jca/EllipticCurve2.java:81:61:81:68 | -| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:81:61:81:68 | jca/EllipticCurve2.java:81:61:81:68 | -| jca/EllipticCurve2.java:82:16:82:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:82:16:82:36 | jca/EllipticCurve2.java:82:16:82:36 | -| jca/EllipticCurve2.java:89:61:89:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:89:61:89:69 | jca/EllipticCurve2.java:89:61:89:69 | -| jca/EllipticCurve2.java:90:16:90:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:90:16:90:36 | jca/EllipticCurve2.java:90:16:90:36 | -| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:115:52:115:57 | jca/EllipticCurve2.java:115:52:115:57 | -| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:115:52:115:57 | jca/EllipticCurve2.java:115:52:115:57 | -| jca/EllipticCurve2.java:116:17:116:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:116:17:116:36 | jca/EllipticCurve2.java:116:17:116:36 | -| jca/EllipticCurve2.java:117:20:117:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:117:20:117:36 | jca/EllipticCurve2.java:117:20:117:36 | -| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:129:52:129:57 | jca/EllipticCurve2.java:129:52:129:57 | -| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:129:52:129:57 | jca/EllipticCurve2.java:129:52:129:57 | -| jca/EllipticCurve2.java:130:17:130:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:130:17:130:37 | jca/EllipticCurve2.java:130:17:130:37 | -| jca/EllipticCurve2.java:131:20:131:39 | Key | KeyType | Unknown | jca/EllipticCurve2.java:131:20:131:39 | jca/EllipticCurve2.java:131:20:131:39 | -| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | -| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | -| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | -| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | -| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:148:53:148:69 | jca/EllipticCurve2.java:148:53:148:69 | -| jca/EllipticCurve2.java:149:28:149:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:149:28:149:42 | jca/EllipticCurve2.java:149:28:149:42 | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:151:16:151:31 | jca/EllipticCurve2.java:151:16:151:31 | -| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | -| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | -| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | -| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | -| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:163:53:163:69 | jca/EllipticCurve2.java:163:53:163:69 | -| jca/EllipticCurve2.java:164:30:164:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:164:30:164:43 | jca/EllipticCurve2.java:164:30:164:43 | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:166:16:166:47 | jca/EllipticCurve2.java:166:16:166:47 | -| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | -| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:178:53:178:61 | jca/EllipticCurve2.java:178:53:178:61 | -| jca/EllipticCurve2.java:179:28:179:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:179:28:179:42 | jca/EllipticCurve2.java:179:28:179:42 | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:181:16:181:31 | jca/EllipticCurve2.java:181:16:181:31 | -| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | -| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:193:53:193:61 | jca/EllipticCurve2.java:193:53:193:61 | -| jca/EllipticCurve2.java:194:30:194:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:194:30:194:43 | jca/EllipticCurve2.java:194:30:194:43 | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:196:16:196:47 | jca/EllipticCurve2.java:196:16:196:47 | -| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:221:52:221:57 | jca/EllipticCurve2.java:221:52:221:57 | -| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:221:52:221:57 | jca/EllipticCurve2.java:221:52:221:57 | -| jca/EllipticCurve2.java:222:17:222:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:222:17:222:37 | jca/EllipticCurve2.java:222:17:222:37 | -| jca/EllipticCurve2.java:223:20:223:41 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:20:223:41 | jca/EllipticCurve2.java:223:20:223:41 | -| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | -| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | -| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | RawName | SHA-256 | jca/EllipticCurve2.java:228:58:228:66 | jca/EllipticCurve2.java:228:58:228:66 | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Name | AES | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | Structure | Block | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | Name | GCM | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:234:44:234:62 | jca/EllipticCurve2.java:234:44:234:62 | -| jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:236:9:236:40 | jca/EllipticCurve2.java:236:9:236:40 | -| jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:236:38:236:39 | jca/EllipticCurve2.java:236:38:236:39 | -| jca/EllipticCurve2.java:238:42:238:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:238:42:238:47 | jca/EllipticCurve2.java:238:42:238:47 | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:239:29:239:53 | jca/EllipticCurve2.java:239:29:239:53 | -| jca/EllipticCurve2.java:261:30:261:53 | Constant | Description | "Test message for ECDSA" | jca/EllipticCurve2.java:261:30:261:53 | jca/EllipticCurve2.java:261:30:261:53 | -| jca/EllipticCurve2.java:274:62:274:83 | Constant | Description | "Secret ECIES Message" | jca/EllipticCurve2.java:274:62:274:83 | jca/EllipticCurve2.java:274:62:274:83 | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | Name | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/EllipticCurve2.java:72:61:72:68 | jca/EllipticCurve2.java:72:61:72:68 | +| jca/EllipticCurve2.java:73:16:73:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:73:16:73:36 | jca/EllipticCurve2.java:73:16:73:36 | +| jca/EllipticCurve2.java:80:61:80:69 | Constant | Description | "Ed25519" | jca/EllipticCurve2.java:80:61:80:69 | jca/EllipticCurve2.java:80:61:80:69 | +| jca/EllipticCurve2.java:81:16:81:36 | Key | KeyType | Asymmetric | jca/EllipticCurve2.java:81:16:81:36 | jca/EllipticCurve2.java:81:16:81:36 | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:105:52:105:57 | jca/EllipticCurve2.java:105:52:105:57 | +| jca/EllipticCurve2.java:106:17:106:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:106:17:106:36 | jca/EllipticCurve2.java:106:17:106:36 | +| jca/EllipticCurve2.java:107:20:107:36 | Key | KeyType | Unknown | jca/EllipticCurve2.java:107:20:107:36 | jca/EllipticCurve2.java:107:20:107:36 | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:119:52:119:57 | jca/EllipticCurve2.java:119:52:119:57 | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:119:52:119:57 | jca/EllipticCurve2.java:119:52:119:57 | +| jca/EllipticCurve2.java:120:17:120:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:120:17:120:37 | jca/EllipticCurve2.java:120:17:120:37 | +| jca/EllipticCurve2.java:121:20:121:39 | Key | KeyType | Unknown | jca/EllipticCurve2.java:121:20:121:39 | jca/EllipticCurve2.java:121:20:121:39 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:136:53:136:69 | jca/EllipticCurve2.java:136:53:136:69 | +| jca/EllipticCurve2.java:137:28:137:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:137:28:137:42 | jca/EllipticCurve2.java:137:28:137:42 | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:139:16:139:31 | jca/EllipticCurve2.java:139:16:139:31 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | Name | ECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/EllipticCurve2.java:151:53:151:69 | jca/EllipticCurve2.java:151:53:151:69 | +| jca/EllipticCurve2.java:152:30:152:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:152:30:152:43 | jca/EllipticCurve2.java:152:30:152:43 | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:154:16:154:47 | jca/EllipticCurve2.java:154:16:154:47 | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:166:53:166:61 | jca/EllipticCurve2.java:166:53:166:61 | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:166:53:166:61 | jca/EllipticCurve2.java:166:53:166:61 | +| jca/EllipticCurve2.java:167:28:167:42 | Key | KeyType | Unknown | jca/EllipticCurve2.java:167:28:167:42 | jca/EllipticCurve2.java:167:28:167:42 | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | KeyOperationSubtype | Sign | jca/EllipticCurve2.java:169:16:169:31 | jca/EllipticCurve2.java:169:16:169:31 | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | Name | EDSA | jca/EllipticCurve2.java:181:53:181:61 | jca/EllipticCurve2.java:181:53:181:61 | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/EllipticCurve2.java:181:53:181:61 | jca/EllipticCurve2.java:181:53:181:61 | +| jca/EllipticCurve2.java:182:30:182:43 | Key | KeyType | Unknown | jca/EllipticCurve2.java:182:30:182:43 | jca/EllipticCurve2.java:182:30:182:43 | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/EllipticCurve2.java:184:16:184:47 | jca/EllipticCurve2.java:184:16:184:47 | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | Name | ECDH | jca/EllipticCurve2.java:206:52:206:57 | jca/EllipticCurve2.java:206:52:206:57 | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/EllipticCurve2.java:206:52:206:57 | jca/EllipticCurve2.java:206:52:206:57 | +| jca/EllipticCurve2.java:207:17:207:37 | Key | KeyType | Unknown | jca/EllipticCurve2.java:207:17:207:37 | jca/EllipticCurve2.java:207:17:207:37 | +| jca/EllipticCurve2.java:208:20:208:41 | Key | KeyType | Unknown | jca/EllipticCurve2.java:208:20:208:41 | jca/EllipticCurve2.java:208:20:208:41 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | DigestSize | 256 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | Name | SHA2 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | RawName | SHA-256 | jca/EllipticCurve2.java:213:58:213:66 | jca/EllipticCurve2.java:213:58:213:66 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Name | AES | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | Structure | Block | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | Name | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | RawName | GCM | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | Name | UnknownPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | RawName | NoPadding | jca/EllipticCurve2.java:219:44:219:62 | jca/EllipticCurve2.java:219:44:219:62 | +| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | Description | nextBytes | jca/EllipticCurve2.java:221:9:221:40 | jca/EllipticCurve2.java:221:9:221:40 | +| jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/EllipticCurve2.java:221:38:221:39 | jca/EllipticCurve2.java:221:38:221:39 | +| jca/EllipticCurve2.java:223:42:223:47 | Key | KeyType | Unknown | jca/EllipticCurve2.java:223:42:223:47 | jca/EllipticCurve2.java:223:42:223:47 | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/EllipticCurve2.java:224:29:224:53 | jca/EllipticCurve2.java:224:29:224:53 | +| jca/EllipticCurve2.java:245:30:245:53 | Constant | Description | "Test message for ECDSA" | jca/EllipticCurve2.java:245:30:245:53 | jca/EllipticCurve2.java:245:30:245:53 | +| jca/EllipticCurve2.java:258:62:258:83 | Constant | Description | "Secret ECIES Message" | jca/EllipticCurve2.java:258:62:258:83 | jca/EllipticCurve2.java:258:62:258:83 | | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/Encryption1.java:61:21:61:23 | jca/Encryption1.java:61:21:61:23 | | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | RawName | AES | jca/Encryption1.java:60:56:60:60 | jca/Encryption1.java:60:56:60:60 | @@ -579,157 +579,157 @@ | jca/Encryption1.java:173:38:173:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption1.java:173:38:173:39 | jca/Encryption1.java:173:38:173:39 | | jca/Encryption1.java:175:45:175:50 | Key | KeyType | Unknown | jca/Encryption1.java:175:45:175:50 | jca/Encryption1.java:175:45:175:50 | | jca/Encryption1.java:176:32:176:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption1.java:176:32:176:65 | jca/Encryption1.java:176:32:176:65 | -| jca/Encryption2.java:63:60:63:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | -| jca/Encryption2.java:63:60:63:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | -| jca/Encryption2.java:63:60:63:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | -| jca/Encryption2.java:63:60:63:70 | EllipticCurve | RawName | secp256r1 | jca/Encryption2.java:63:60:63:70 | jca/Encryption2.java:63:60:63:70 | -| jca/Encryption2.java:64:16:64:49 | Key | KeyType | Asymmetric | jca/Encryption2.java:64:16:64:49 | jca/Encryption2.java:64:16:64:49 | -| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | Name | ECDH | jca/Encryption2.java:80:62:80:67 | jca/Encryption2.java:80:62:80:67 | -| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | RawName | ECDH | jca/Encryption2.java:80:62:80:67 | jca/Encryption2.java:80:62:80:67 | -| jca/Encryption2.java:81:27:81:36 | Key | KeyType | Unknown | jca/Encryption2.java:81:27:81:36 | jca/Encryption2.java:81:27:81:36 | -| jca/Encryption2.java:82:30:82:38 | Key | KeyType | Unknown | jca/Encryption2.java:82:30:82:38 | jca/Encryption2.java:82:30:82:38 | -| jca/Encryption2.java:103:38:103:65 | Parameter | Description | recipientPublicKey | jca/Encryption2.java:103:38:103:65 | jca/Encryption2.java:103:38:103:65 | -| jca/Encryption2.java:103:68:103:78 | Parameter | Description | data | jca/Encryption2.java:103:68:103:78 | jca/Encryption2.java:103:68:103:78 | -| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | -| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | -| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | RawName | SHA-256 | jca/Encryption2.java:112:58:112:66 | jca/Encryption2.java:112:58:112:66 | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:118:47:118:65 | jca/Encryption2.java:118:47:118:65 | -| jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:120:9:120:40 | jca/Encryption2.java:120:9:120:40 | -| jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:120:38:120:39 | jca/Encryption2.java:120:38:120:39 | -| jca/Encryption2.java:122:45:122:50 | Key | KeyType | Unknown | jca/Encryption2.java:122:45:122:50 | jca/Encryption2.java:122:45:122:50 | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:123:32:123:65 | jca/Encryption2.java:123:32:123:65 | -| jca/Encryption2.java:149:45:149:65 | Parameter | Description | ecPublicKey | jca/Encryption2.java:149:45:149:65 | jca/Encryption2.java:149:45:149:65 | -| jca/Encryption2.java:149:68:149:88 | Parameter | Description | pqSharedSecret | jca/Encryption2.java:149:68:149:88 | jca/Encryption2.java:149:68:149:88 | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:162:47:162:65 | jca/Encryption2.java:162:47:162:65 | -| jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:164:9:164:40 | jca/Encryption2.java:164:9:164:40 | -| jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:164:38:164:39 | jca/Encryption2.java:164:38:164:39 | -| jca/Encryption2.java:166:45:166:50 | Key | KeyType | Unknown | jca/Encryption2.java:166:45:166:50 | jca/Encryption2.java:166:45:166:50 | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:167:32:167:98 | jca/Encryption2.java:167:32:167:98 | -| jca/Encryption2.java:167:50:167:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:167:50:167:86 | jca/Encryption2.java:167:50:167:86 | -| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:192:36:192:47 | jca/Encryption2.java:192:36:192:47 | -| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:192:36:192:47 | jca/Encryption2.java:192:36:192:47 | -| jca/Encryption2.java:194:19:194:27 | Key | KeyType | Unknown | jca/Encryption2.java:194:19:194:27 | jca/Encryption2.java:194:19:194:27 | -| jca/Encryption2.java:195:31:195:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:195:31:195:52 | jca/Encryption2.java:195:31:195:52 | -| jca/Hash.java:87:58:87:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | -| jca/Hash.java:87:58:87:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | -| jca/Hash.java:87:58:87:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:87:58:87:66 | jca/Hash.java:87:58:87:66 | -| jca/Hash.java:88:37:88:54 | Constant | Description | "Simple Test Data" | jca/Hash.java:88:37:88:54 | jca/Hash.java:88:37:88:54 | -| jca/Hash.java:101:61:101:65 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | -| jca/Hash.java:101:61:101:65 | HashAlgorithm | Name | MD5 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | -| jca/Hash.java:101:61:101:65 | HashAlgorithm | RawName | MD5 | jca/Hash.java:101:61:101:65 | jca/Hash.java:101:61:101:65 | -| jca/Hash.java:102:40:102:58 | Constant | Description | "Weak Hash Example" | jca/Hash.java:102:40:102:58 | jca/Hash.java:102:40:102:58 | -| jca/Hash.java:150:29:150:40 | Parameter | Description | input | jca/Hash.java:150:29:150:40 | jca/Hash.java:150:29:150:40 | -| jca/Hash.java:150:43:150:63 | Parameter | Description | privateKey | jca/Hash.java:150:43:150:63 | jca/Hash.java:150:43:150:63 | -| jca/Hash.java:151:53:151:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | -| jca/Hash.java:151:53:151:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | -| jca/Hash.java:151:53:151:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | -| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | -| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:151:53:151:67 | jca/Hash.java:151:53:151:67 | -| jca/Hash.java:152:28:152:37 | Key | KeyType | Unknown | jca/Hash.java:152:28:152:37 | jca/Hash.java:152:28:152:37 | -| jca/Hash.java:154:29:154:44 | SignOperation | KeyOperationSubtype | Sign | jca/Hash.java:154:29:154:44 | jca/Hash.java:154:29:154:44 | -| jca/Hash.java:172:40:172:51 | Parameter | Description | input | jca/Hash.java:172:40:172:51 | jca/Hash.java:172:40:172:51 | -| jca/Hash.java:172:54:172:70 | Parameter | Description | signedHash | jca/Hash.java:172:54:172:70 | jca/Hash.java:172:54:172:70 | -| jca/Hash.java:172:73:172:91 | Parameter | Description | publicKey | jca/Hash.java:172:73:172:91 | jca/Hash.java:172:73:172:91 | -| jca/Hash.java:173:53:173:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | -| jca/Hash.java:173:53:173:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | -| jca/Hash.java:173:53:173:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | -| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | -| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:173:53:173:67 | jca/Hash.java:173:53:173:67 | -| jca/Hash.java:174:30:174:38 | Key | KeyType | Unknown | jca/Hash.java:174:30:174:38 | jca/Hash.java:174:30:174:38 | -| jca/Hash.java:176:16:176:43 | VerifyOperation | KeyOperationSubtype | Verify | jca/Hash.java:176:16:176:43 | jca/Hash.java:176:16:176:43 | -| jca/Hash.java:191:43:191:53 | Parameter | Description | data | jca/Hash.java:191:43:191:53 | jca/Hash.java:191:43:191:53 | -| jca/Hash.java:192:58:192:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | -| jca/Hash.java:192:58:192:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | -| jca/Hash.java:192:58:192:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:192:58:192:66 | jca/Hash.java:192:58:192:66 | -| jca/Hash.java:210:43:210:54 | Parameter | Description | input | jca/Hash.java:210:43:210:54 | jca/Hash.java:210:43:210:54 | -| jca/Hash.java:211:33:211:39 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | -| jca/Hash.java:211:33:211:39 | HashAlgorithm | Name | SHA1 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | -| jca/Hash.java:211:33:211:39 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:211:33:211:39 | jca/Hash.java:211:33:211:39 | -| jca/Hash.java:211:42:211:50 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | -| jca/Hash.java:211:42:211:50 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:211:42:211:50 | jca/Hash.java:211:42:211:50 | -| jca/Hash.java:211:53:211:61 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | -| jca/Hash.java:211:53:211:61 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | -| jca/Hash.java:211:53:211:61 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:211:53:211:61 | jca/Hash.java:211:53:211:61 | -| jca/Hash.java:211:64:211:72 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | -| jca/Hash.java:211:64:211:72 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | -| jca/Hash.java:211:64:211:72 | HashAlgorithm | RawName | SHA-384 | jca/Hash.java:211:64:211:72 | jca/Hash.java:211:64:211:72 | -| jca/Hash.java:211:75:211:83 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | -| jca/Hash.java:211:75:211:83 | HashAlgorithm | Name | SHA2 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | -| jca/Hash.java:211:75:211:83 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:211:75:211:83 | jca/Hash.java:211:75:211:83 | -| jca/Hash.java:211:86:211:95 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | -| jca/Hash.java:211:86:211:95 | HashAlgorithm | Name | SHA3 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | -| jca/Hash.java:211:86:211:95 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:211:86:211:95 | jca/Hash.java:211:86:211:95 | -| jca/Hash.java:211:98:211:107 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | -| jca/Hash.java:211:98:211:107 | HashAlgorithm | Name | SHA3 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | -| jca/Hash.java:211:98:211:107 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:211:98:211:107 | jca/Hash.java:211:98:211:107 | -| jca/Hash.java:212:17:212:29 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | -| jca/Hash.java:212:17:212:29 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:212:17:212:29 | jca/Hash.java:212:17:212:29 | -| jca/Hash.java:212:32:212:44 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | -| jca/Hash.java:212:32:212:44 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:212:32:212:44 | jca/Hash.java:212:32:212:44 | -| jca/Hash.java:212:47:212:51 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | -| jca/Hash.java:212:47:212:51 | HashAlgorithm | Name | MD5 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | -| jca/Hash.java:212:47:212:51 | HashAlgorithm | RawName | MD5 | jca/Hash.java:212:47:212:51 | jca/Hash.java:212:47:212:51 | -| jca/Hash.java:233:43:233:54 | Parameter | Description | input | jca/Hash.java:233:43:233:54 | jca/Hash.java:233:43:233:54 | -| jca/Hash.java:233:57:233:66 | Parameter | Description | key | jca/Hash.java:233:57:233:66 | jca/Hash.java:233:57:233:66 | -| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:33:234:42 | jca/Hash.java:234:33:234:42 | -| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:234:33:234:42 | jca/Hash.java:234:33:234:42 | -| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:45:234:56 | jca/Hash.java:234:45:234:56 | -| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:234:45:234:56 | jca/Hash.java:234:45:234:56 | -| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:59:234:70 | jca/Hash.java:234:59:234:70 | -| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:234:59:234:70 | jca/Hash.java:234:59:234:70 | -| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:73:234:84 | jca/Hash.java:234:73:234:84 | -| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:234:73:234:84 | jca/Hash.java:234:73:234:84 | -| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:87:234:100 | jca/Hash.java:234:87:234:100 | -| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:234:87:234:100 | jca/Hash.java:234:87:234:100 | -| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:234:103:234:116 | jca/Hash.java:234:103:234:116 | -| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:234:103:234:116 | jca/Hash.java:234:103:234:116 | -| jca/Hash.java:238:22:238:30 | Key | KeyType | Unknown | jca/Hash.java:238:22:238:30 | jca/Hash.java:238:22:238:30 | -| jca/Hash.java:239:27:239:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:239:27:239:55 | jca/Hash.java:239:27:239:55 | -| jca/Hash.java:256:40:256:54 | Parameter | Description | password | jca/Hash.java:256:40:256:54 | jca/Hash.java:256:40:256:54 | -| jca/Hash.java:259:72:259:76 | Constant | Description | 10000 | jca/Hash.java:259:72:259:76 | jca/Hash.java:259:72:259:76 | -| jca/Hash.java:259:79:259:81 | Constant | Description | 256 | jca/Hash.java:259:79:259:81 | jca/Hash.java:259:79:259:81 | -| jca/Hash.java:260:65:260:86 | HMACAlgorithm | Name | HMAC | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | HashAlgorithm | Name | SHA2 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:260:65:260:86 | jca/Hash.java:260:65:260:86 | -| jca/Hash.java:261:23:261:50 | Key | KeyType | Symmetric | jca/Hash.java:261:23:261:50 | jca/Hash.java:261:23:261:50 | -| jca/Hash.java:261:23:261:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:259:72:259:76 | jca/Hash.java:259:72:259:76 | -| jca/Hash.java:261:23:261:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:259:79:259:81 | jca/Hash.java:259:79:259:81 | -| jca/Hash.java:277:37:277:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:277:37:277:58 | jca/Hash.java:277:37:277:58 | -| jca/Hash.java:292:33:292:41 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | -| jca/Hash.java:292:33:292:41 | HashAlgorithm | Name | SHA2 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | -| jca/Hash.java:292:33:292:41 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:292:33:292:41 | jca/Hash.java:292:33:292:41 | -| jca/Hash.java:292:44:292:52 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | -| jca/Hash.java:292:44:292:52 | HashAlgorithm | Name | SHA2 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | -| jca/Hash.java:292:44:292:52 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:292:44:292:52 | jca/Hash.java:292:44:292:52 | -| jca/Hash.java:292:55:292:64 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | -| jca/Hash.java:292:55:292:64 | HashAlgorithm | Name | SHA3 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | -| jca/Hash.java:292:55:292:64 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:292:55:292:64 | jca/Hash.java:292:55:292:64 | -| jca/Hash.java:292:67:292:76 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | -| jca/Hash.java:292:67:292:76 | HashAlgorithm | Name | SHA3 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | -| jca/Hash.java:292:67:292:76 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:292:67:292:76 | jca/Hash.java:292:67:292:76 | -| jca/Hash.java:295:27:295:38 | Constant | Description | "fixed-seed" | jca/Hash.java:295:27:295:38 | jca/Hash.java:295:27:295:38 | -| jca/Hash.java:321:16:321:66 | LocalData | Description | getProperty(...) | jca/Hash.java:321:16:321:66 | jca/Hash.java:321:16:321:66 | -| jca/Hash.java:321:57:321:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | -| jca/Hash.java:321:57:321:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | -| jca/Hash.java:321:57:321:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:321:57:321:65 | jca/Hash.java:321:57:321:65 | -| jca/Hash.java:338:9:338:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:338:9:338:42 | jca/Hash.java:338:9:338:42 | -| jca/Hash.java:338:38:338:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:338:38:338:41 | jca/Hash.java:338:38:338:41 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | KeySize | 256 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | Name | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | ParsedName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | RawName | secp256r1 | jca/Encryption2.java:55:60:55:70 | jca/Encryption2.java:55:60:55:70 | +| jca/Encryption2.java:56:16:56:49 | Key | KeyType | Asymmetric | jca/Encryption2.java:56:16:56:49 | jca/Encryption2.java:56:16:56:49 | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | Name | ECDH | jca/Encryption2.java:71:62:71:67 | jca/Encryption2.java:71:62:71:67 | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | RawName | ECDH | jca/Encryption2.java:71:62:71:67 | jca/Encryption2.java:71:62:71:67 | +| jca/Encryption2.java:72:27:72:36 | Key | KeyType | Unknown | jca/Encryption2.java:72:27:72:36 | jca/Encryption2.java:72:27:72:36 | +| jca/Encryption2.java:73:30:73:38 | Key | KeyType | Unknown | jca/Encryption2.java:73:30:73:38 | jca/Encryption2.java:73:30:73:38 | +| jca/Encryption2.java:90:38:90:65 | Parameter | Description | recipientPublicKey | jca/Encryption2.java:90:38:90:65 | jca/Encryption2.java:90:38:90:65 | +| jca/Encryption2.java:90:68:90:78 | Parameter | Description | data | jca/Encryption2.java:90:68:90:78 | jca/Encryption2.java:90:68:90:78 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | DigestSize | 256 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | Name | SHA2 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | RawName | SHA-256 | jca/Encryption2.java:99:58:99:66 | jca/Encryption2.java:99:58:99:66 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:105:47:105:65 | jca/Encryption2.java:105:47:105:65 | +| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:107:9:107:40 | jca/Encryption2.java:107:9:107:40 | +| jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:107:38:107:39 | jca/Encryption2.java:107:38:107:39 | +| jca/Encryption2.java:109:45:109:50 | Key | KeyType | Unknown | jca/Encryption2.java:109:45:109:50 | jca/Encryption2.java:109:45:109:50 | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:110:32:110:65 | jca/Encryption2.java:110:32:110:65 | +| jca/Encryption2.java:132:45:132:65 | Parameter | Description | ecPublicKey | jca/Encryption2.java:132:45:132:65 | jca/Encryption2.java:132:45:132:65 | +| jca/Encryption2.java:132:68:132:88 | Parameter | Description | pqSharedSecret | jca/Encryption2.java:132:68:132:88 | jca/Encryption2.java:132:68:132:88 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Name | AES | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | Structure | Block | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | Name | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | RawName | GCM | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | Name | UnknownPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | RawName | NoPadding | jca/Encryption2.java:145:47:145:65 | jca/Encryption2.java:145:47:145:65 | +| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | Description | nextBytes | jca/Encryption2.java:147:9:147:40 | jca/Encryption2.java:147:9:147:40 | +| jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Encryption2.java:147:38:147:39 | jca/Encryption2.java:147:38:147:39 | +| jca/Encryption2.java:149:45:149:50 | Key | KeyType | Unknown | jca/Encryption2.java:149:45:149:50 | jca/Encryption2.java:149:45:149:50 | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Encryption2.java:150:32:150:98 | jca/Encryption2.java:150:32:150:98 | +| jca/Encryption2.java:150:50:150:86 | Constant | Description | "Post-Quantum Hybrid Encryption Data" | jca/Encryption2.java:150:50:150:86 | jca/Encryption2.java:150:50:150:86 | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | Name | HMAC | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Encryption2.java:173:36:173:47 | jca/Encryption2.java:173:36:173:47 | +| jca/Encryption2.java:175:19:175:27 | Key | KeyType | Unknown | jca/Encryption2.java:175:19:175:27 | jca/Encryption2.java:175:19:175:27 | +| jca/Encryption2.java:176:31:176:52 | MACOperation | KeyOperationSubtype | Mac | jca/Encryption2.java:176:31:176:52 | jca/Encryption2.java:176:31:176:52 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:75:58:75:66 | jca/Hash.java:75:58:75:66 | +| jca/Hash.java:76:37:76:54 | Constant | Description | "Simple Test Data" | jca/Hash.java:76:37:76:54 | jca/Hash.java:76:37:76:54 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | Name | MD5 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | RawName | MD5 | jca/Hash.java:88:61:88:65 | jca/Hash.java:88:61:88:65 | +| jca/Hash.java:89:40:89:58 | Constant | Description | "Weak Hash Example" | jca/Hash.java:89:40:89:58 | jca/Hash.java:89:40:89:58 | +| jca/Hash.java:133:29:133:40 | Parameter | Description | input | jca/Hash.java:133:29:133:40 | jca/Hash.java:133:29:133:40 | +| jca/Hash.java:133:43:133:63 | Parameter | Description | privateKey | jca/Hash.java:133:43:133:63 | jca/Hash.java:133:43:133:63 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:134:53:134:67 | jca/Hash.java:134:53:134:67 | +| jca/Hash.java:135:28:135:37 | Key | KeyType | Unknown | jca/Hash.java:135:28:135:37 | jca/Hash.java:135:28:135:37 | +| jca/Hash.java:137:29:137:44 | SignOperation | KeyOperationSubtype | Sign | jca/Hash.java:137:29:137:44 | jca/Hash.java:137:29:137:44 | +| jca/Hash.java:154:40:154:51 | Parameter | Description | input | jca/Hash.java:154:40:154:51 | jca/Hash.java:154:40:154:51 | +| jca/Hash.java:154:54:154:70 | Parameter | Description | signedHash | jca/Hash.java:154:54:154:70 | jca/Hash.java:154:54:154:70 | +| jca/Hash.java:154:73:154:91 | Parameter | Description | publicKey | jca/Hash.java:154:73:154:91 | jca/Hash.java:154:73:154:91 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | Name | SHA2 | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | RawName | SHA256withRSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | Name | RSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | RawName | SHA256withRSA | jca/Hash.java:155:53:155:67 | jca/Hash.java:155:53:155:67 | +| jca/Hash.java:156:30:156:38 | Key | KeyType | Unknown | jca/Hash.java:156:30:156:38 | jca/Hash.java:156:30:156:38 | +| jca/Hash.java:158:16:158:43 | VerifyOperation | KeyOperationSubtype | Verify | jca/Hash.java:158:16:158:43 | jca/Hash.java:158:16:158:43 | +| jca/Hash.java:172:43:172:53 | Parameter | Description | data | jca/Hash.java:172:43:172:53 | jca/Hash.java:172:43:172:53 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | Name | SHA2 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:173:58:173:66 | jca/Hash.java:173:58:173:66 | +| jca/Hash.java:190:43:190:54 | Parameter | Description | input | jca/Hash.java:190:43:190:54 | jca/Hash.java:190:43:190:54 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | DigestSize | 160 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | Name | SHA1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | RawName | SHA-1 | jca/Hash.java:191:32:191:38 | jca/Hash.java:191:32:191:38 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | RawName | SHA-224 | jca/Hash.java:191:41:191:49 | jca/Hash.java:191:41:191:49 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:191:52:191:60 | jca/Hash.java:191:52:191:60 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | DigestSize | 384 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | RawName | SHA-384 | jca/Hash.java:191:63:191:71 | jca/Hash.java:191:63:191:71 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | Name | SHA2 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:191:74:191:82 | jca/Hash.java:191:74:191:82 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:191:85:191:94 | jca/Hash.java:191:85:191:94 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | Name | SHA3 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:191:97:191:106 | jca/Hash.java:191:97:191:106 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | RawName | BLAKE2B-512 | jca/Hash.java:192:13:192:25 | jca/Hash.java:192:13:192:25 | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | DigestSize | | file://:0:0:0:0 | file://:0:0:0:0 | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | RawName | BLAKE2S-256 | jca/Hash.java:192:28:192:40 | jca/Hash.java:192:28:192:40 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | DigestSize | 128 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | Name | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | RawName | MD5 | jca/Hash.java:192:43:192:47 | jca/Hash.java:192:43:192:47 | +| jca/Hash.java:211:43:211:54 | Parameter | Description | input | jca/Hash.java:211:43:211:54 | jca/Hash.java:211:43:211:54 | +| jca/Hash.java:211:57:211:66 | Parameter | Description | key | jca/Hash.java:211:57:211:66 | jca/Hash.java:211:57:211:66 | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/Hash.java:212:32:212:41 | jca/Hash.java:212:32:212:41 | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Hash.java:212:44:212:55 | jca/Hash.java:212:44:212:55 | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | RawName | HmacSHA384 | jca/Hash.java:212:58:212:69 | jca/Hash.java:212:58:212:69 | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | RawName | HmacSHA512 | jca/Hash.java:212:72:212:83 | jca/Hash.java:212:72:212:83 | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/Hash.java:212:86:212:99 | jca/Hash.java:212:86:212:99 | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | Name | HMAC | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | RawName | HmacSHA3-512 | jca/Hash.java:212:102:212:115 | jca/Hash.java:212:102:212:115 | +| jca/Hash.java:216:22:216:30 | Key | KeyType | Unknown | jca/Hash.java:216:22:216:30 | jca/Hash.java:216:22:216:30 | +| jca/Hash.java:217:27:217:55 | MACOperation | KeyOperationSubtype | Mac | jca/Hash.java:217:27:217:55 | jca/Hash.java:217:27:217:55 | +| jca/Hash.java:232:40:232:54 | Parameter | Description | password | jca/Hash.java:232:40:232:54 | jca/Hash.java:232:40:232:54 | +| jca/Hash.java:235:72:235:76 | Constant | Description | 10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | +| jca/Hash.java:235:79:235:81 | Constant | Description | 256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | Name | HMAC | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | Name | SHA2 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/Hash.java:236:65:236:86 | jca/Hash.java:236:65:236:86 | +| jca/Hash.java:237:23:237:50 | Key | KeyType | Symmetric | jca/Hash.java:237:23:237:50 | jca/Hash.java:237:23:237:50 | +| jca/Hash.java:237:23:237:50 | KeyDerivation | Iterations | Constant:10000 | jca/Hash.java:235:72:235:76 | jca/Hash.java:235:72:235:76 | +| jca/Hash.java:237:23:237:50 | KeyDerivation | KeySize | Constant:256 | jca/Hash.java:235:79:235:81 | jca/Hash.java:235:79:235:81 | +| jca/Hash.java:252:37:252:58 | Constant | Description | "Config-based Hashing" | jca/Hash.java:252:37:252:58 | jca/Hash.java:252:37:252:58 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:266:32:266:40 | jca/Hash.java:266:32:266:40 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | Name | SHA2 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | RawName | SHA-512 | jca/Hash.java:266:43:266:51 | jca/Hash.java:266:43:266:51 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | RawName | SHA3-256 | jca/Hash.java:266:54:266:63 | jca/Hash.java:266:54:266:63 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | DigestSize | 512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | Name | SHA3 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | RawName | SHA3-512 | jca/Hash.java:266:66:266:75 | jca/Hash.java:266:66:266:75 | +| jca/Hash.java:269:27:269:38 | Constant | Description | "fixed-seed" | jca/Hash.java:269:27:269:38 | jca/Hash.java:269:27:269:38 | +| jca/Hash.java:294:16:294:66 | LocalData | Description | getProperty(...) | jca/Hash.java:294:16:294:66 | jca/Hash.java:294:16:294:66 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | DigestSize | 256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | Name | SHA2 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | RawName | SHA-256 | jca/Hash.java:294:57:294:65 | jca/Hash.java:294:57:294:65 | +| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | Description | nextBytes | jca/Hash.java:310:9:310:42 | jca/Hash.java:310:9:310:42 | +| jca/Hash.java:310:38:310:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Hash.java:310:38:310:41 | jca/Hash.java:310:38:310:41 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:30:44:30:65 | jca/IVArtifact.java:30:44:30:65 | @@ -760,207 +760,220 @@ | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:81:9:81:40 | jca/IVArtifact.java:81:9:81:40 | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:81:38:81:39 | jca/IVArtifact.java:81:38:81:39 | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | Description | java.util.Random | jca/IVArtifact.java:87:32:87:33 | jca/IVArtifact.java:87:32:87:33 | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:106:44:106:62 | jca/IVArtifact.java:106:44:106:62 | -| jca/IVArtifact.java:109:42:109:44 | Key | KeyType | Unknown | jca/IVArtifact.java:109:42:109:44 | jca/IVArtifact.java:109:42:109:44 | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:110:16:110:40 | jca/IVArtifact.java:110:16:110:40 | -| jca/IVArtifact.java:118:31:118:34 | Constant | Description | null | jca/IVArtifact.java:118:31:118:34 | jca/IVArtifact.java:118:31:118:34 | -| jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:132:13:132:50 | jca/IVArtifact.java:132:13:132:50 | -| jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:132:42:132:49 | jca/IVArtifact.java:132:42:132:49 | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:134:44:134:62 | jca/IVArtifact.java:134:44:134:62 | -| jca/IVArtifact.java:136:42:136:44 | Key | KeyType | Unknown | jca/IVArtifact.java:136:42:136:44 | jca/IVArtifact.java:136:42:136:44 | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:137:16:137:40 | jca/IVArtifact.java:137:16:137:40 | -| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | DigestSize | 256 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | -| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | Name | SHA2 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | -| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | RawName | SHA-256 | jca/IVArtifact.java:157:58:157:66 | jca/IVArtifact.java:157:58:157:66 | -| jca/IVArtifact.java:158:45:158:59 | Constant | Description | "fixedConstant" | jca/IVArtifact.java:158:45:158:59 | jca/IVArtifact.java:158:45:158:59 | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:160:44:160:62 | jca/IVArtifact.java:160:44:160:62 | -| jca/IVArtifact.java:162:42:162:44 | Key | KeyType | Unknown | jca/IVArtifact.java:162:42:162:44 | jca/IVArtifact.java:162:42:162:44 | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:163:16:163:40 | jca/IVArtifact.java:163:16:163:40 | -| jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:183:9:183:40 | jca/IVArtifact.java:183:9:183:40 | -| jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:183:38:183:39 | jca/IVArtifact.java:183:38:183:39 | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:186:48:186:66 | jca/IVArtifact.java:186:48:186:66 | -| jca/IVArtifact.java:188:46:188:48 | Key | KeyType | Unknown | jca/IVArtifact.java:188:46:188:48 | jca/IVArtifact.java:188:46:188:48 | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:189:30:189:58 | jca/IVArtifact.java:189:30:189:58 | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:204:44:204:62 | jca/IVArtifact.java:204:44:204:62 | -| jca/IVArtifact.java:207:42:207:44 | Key | KeyType | Unknown | jca/IVArtifact.java:207:42:207:44 | jca/IVArtifact.java:207:42:207:44 | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:208:16:208:40 | jca/IVArtifact.java:208:16:208:40 | -| jca/IVArtifact.java:221:53:221:65 | Parameter | Description | key | jca/IVArtifact.java:221:53:221:65 | jca/IVArtifact.java:221:53:221:65 | -| jca/IVArtifact.java:221:68:221:83 | Parameter | Description | plaintext | jca/IVArtifact.java:221:68:221:83 | jca/IVArtifact.java:221:68:221:83 | -| jca/IVArtifact.java:242:60:242:72 | Parameter | Description | key | jca/IVArtifact.java:242:60:242:72 | jca/IVArtifact.java:242:60:242:72 | -| jca/IVArtifact.java:242:75:242:90 | Parameter | Description | plaintext | jca/IVArtifact.java:242:75:242:90 | jca/IVArtifact.java:242:75:242:90 | -| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:262:21:262:23 | jca/IVArtifact.java:262:21:262:23 | -| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | -| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | -| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:261:56:261:60 | jca/IVArtifact.java:261:56:261:60 | -| jca/IVArtifact.java:262:21:262:23 | Constant | Description | 256 | jca/IVArtifact.java:262:21:262:23 | jca/IVArtifact.java:262:21:262:23 | -| jca/IVArtifact.java:263:29:263:44 | Key | KeyType | Symmetric | jca/IVArtifact.java:263:29:263:44 | jca/IVArtifact.java:263:29:263:44 | -| jca/IVArtifact.java:264:32:264:47 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:264:32:264:47 | jca/IVArtifact.java:264:32:264:47 | -| jca/IVArtifact.java:283:35:283:47 | Constant | Description | "Message One" | jca/IVArtifact.java:283:35:283:47 | jca/IVArtifact.java:283:35:283:47 | -| jca/IVArtifact.java:283:61:283:73 | Constant | Description | "Message Two" | jca/IVArtifact.java:283:61:283:73 | jca/IVArtifact.java:283:61:283:73 | -| jca/IVArtifact.java:283:87:283:101 | Constant | Description | "Message Three" | jca/IVArtifact.java:283:87:283:101 | jca/IVArtifact.java:283:87:283:101 | -| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | -| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | -| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | -| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | RawName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | -| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | -| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | -| jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | Constant | Description | 255 | jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | -| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | -| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | -| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | -| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | -| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | -| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | -| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | -| jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | -| jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | -| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | -| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | -| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | -| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | -| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | -| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | -| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | -| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | -| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | -| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | -| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | -| jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | -| jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | -| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | -| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | -| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | -| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | -| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | -| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | -| jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | -| jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | Description | key | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | -| jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | -| jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | Constant | Description | 10000 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | -| jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | Iterations | Constant:10000 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | -| jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | -| jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | -| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | -| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | -| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | -| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | -| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | -| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | -| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | RawName | AES | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | -| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | -| jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | -| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | -| jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | -| jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | -| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:20:21:20:23 | jca/KeyArtifact.java:20:21:20:23 | -| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | -| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | -| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:19:56:19:60 | jca/KeyArtifact.java:19:56:19:60 | -| jca/KeyArtifact.java:20:21:20:23 | Constant | Description | 256 | jca/KeyArtifact.java:20:21:20:23 | jca/KeyArtifact.java:20:21:20:23 | -| jca/KeyArtifact.java:21:31:21:50 | Key | KeyType | Symmetric | jca/KeyArtifact.java:21:31:21:50 | jca/KeyArtifact.java:21:31:21:50 | -| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:25:21:25:23 | jca/KeyArtifact.java:25:21:25:23 | -| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | -| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | -| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:24:43:24:47 | jca/KeyArtifact.java:24:43:24:47 | -| jca/KeyArtifact.java:25:21:25:23 | Constant | Description | 256 | jca/KeyArtifact.java:25:21:25:23 | jca/KeyArtifact.java:25:21:25:23 | -| jca/KeyArtifact.java:26:30:26:49 | Key | KeyType | Symmetric | jca/KeyArtifact.java:26:30:26:49 | jca/KeyArtifact.java:26:30:26:49 | -| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:32:31:32:34 | jca/KeyArtifact.java:32:31:32:34 | -| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:31:68:31:72 | jca/KeyArtifact.java:31:68:31:72 | -| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:31:68:31:72 | jca/KeyArtifact.java:31:68:31:72 | -| jca/KeyArtifact.java:32:31:32:34 | Constant | Description | 2048 | jca/KeyArtifact.java:32:31:32:34 | jca/KeyArtifact.java:32:31:32:34 | -| jca/KeyArtifact.java:33:30:33:57 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:33:30:33:57 | jca/KeyArtifact.java:33:30:33:57 | -| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:37:31:37:34 | jca/KeyArtifact.java:37:31:37:34 | -| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:36:51:36:55 | jca/KeyArtifact.java:36:51:36:55 | -| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:36:51:36:55 | jca/KeyArtifact.java:36:51:36:55 | -| jca/KeyArtifact.java:37:31:37:34 | Constant | Description | 2048 | jca/KeyArtifact.java:37:31:37:34 | jca/KeyArtifact.java:37:31:37:34 | -| jca/KeyArtifact.java:38:29:38:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:38:29:38:56 | jca/KeyArtifact.java:38:29:38:56 | -| jca/KeyArtifact.java:42:31:42:33 | Constant | Description | 256 | jca/KeyArtifact.java:42:31:42:33 | jca/KeyArtifact.java:42:31:42:33 | -| jca/KeyArtifact.java:43:26:43:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:43:26:43:53 | jca/KeyArtifact.java:43:26:43:53 | -| jca/KeyArtifact.java:63:28:63:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:63:28:63:73 | jca/KeyArtifact.java:63:28:63:73 | -| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:66:21:66:23 | jca/KeyArtifact.java:66:21:66:23 | -| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | -| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | -| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:63:68:63:72 | jca/KeyArtifact.java:63:68:63:72 | -| jca/KeyArtifact.java:66:21:66:23 | Constant | Description | 256 | jca/KeyArtifact.java:66:21:66:23 | jca/KeyArtifact.java:66:21:66:23 | -| jca/KeyArtifact.java:67:32:67:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:67:32:67:51 | jca/KeyArtifact.java:67:32:67:51 | -| jca/KeyArtifact.java:73:31:73:34 | Constant | Description | 2048 | jca/KeyArtifact.java:73:31:73:34 | jca/KeyArtifact.java:73:31:73:34 | -| jca/KeyArtifact.java:74:16:74:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:74:16:74:43 | jca/KeyArtifact.java:74:16:74:43 | -| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:73:31:73:34 | jca/KeyArtifact.java:73:31:73:34 | -| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:79:33:79:37 | jca/KeyArtifact.java:79:33:79:37 | -| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:79:33:79:37 | jca/KeyArtifact.java:79:33:79:37 | -| jca/KeyArtifact.java:79:46:79:54 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:79:46:79:54 | jca/KeyArtifact.java:79:46:79:54 | -| jca/KeyDerivation1.java:92:39:92:53 | Parameter | Description | password | jca/KeyDerivation1.java:92:39:92:53 | jca/KeyDerivation1.java:92:39:92:53 | -| jca/KeyDerivation1.java:94:72:94:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:94:72:94:76 | jca/KeyDerivation1.java:94:72:94:76 | -| jca/KeyDerivation1.java:94:79:94:81 | Constant | Description | 256 | jca/KeyDerivation1.java:94:79:94:81 | jca/KeyDerivation1.java:94:79:94:81 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:105:44:105:62 | jca/IVArtifact.java:105:44:105:62 | +| jca/IVArtifact.java:108:42:108:44 | Key | KeyType | Unknown | jca/IVArtifact.java:108:42:108:44 | jca/IVArtifact.java:108:42:108:44 | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:109:16:109:40 | jca/IVArtifact.java:109:16:109:40 | +| jca/IVArtifact.java:116:31:116:34 | Constant | Description | null | jca/IVArtifact.java:116:31:116:34 | jca/IVArtifact.java:116:31:116:34 | +| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:130:13:130:50 | jca/IVArtifact.java:130:13:130:50 | +| jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:130:42:130:49 | jca/IVArtifact.java:130:42:130:49 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:132:44:132:62 | jca/IVArtifact.java:132:44:132:62 | +| jca/IVArtifact.java:134:42:134:44 | Key | KeyType | Unknown | jca/IVArtifact.java:134:42:134:44 | jca/IVArtifact.java:134:42:134:44 | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:135:16:135:40 | jca/IVArtifact.java:135:16:135:40 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | DigestSize | 256 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | Name | SHA2 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | RawName | SHA-256 | jca/IVArtifact.java:153:58:153:66 | jca/IVArtifact.java:153:58:153:66 | +| jca/IVArtifact.java:154:45:154:59 | Constant | Description | "fixedConstant" | jca/IVArtifact.java:154:45:154:59 | jca/IVArtifact.java:154:45:154:59 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:156:44:156:62 | jca/IVArtifact.java:156:44:156:62 | +| jca/IVArtifact.java:158:42:158:44 | Key | KeyType | Unknown | jca/IVArtifact.java:158:42:158:44 | jca/IVArtifact.java:158:42:158:44 | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:159:16:159:40 | jca/IVArtifact.java:159:16:159:40 | +| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | Description | nextBytes | jca/IVArtifact.java:177:9:177:40 | jca/IVArtifact.java:177:9:177:40 | +| jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/IVArtifact.java:177:38:177:39 | jca/IVArtifact.java:177:38:177:39 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:180:48:180:66 | jca/IVArtifact.java:180:48:180:66 | +| jca/IVArtifact.java:182:46:182:48 | Key | KeyType | Unknown | jca/IVArtifact.java:182:46:182:48 | jca/IVArtifact.java:182:46:182:48 | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:183:30:183:58 | jca/IVArtifact.java:183:30:183:58 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | Name | GCM | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | RawName | GCM | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | Name | UnknownPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | RawName | NoPadding | jca/IVArtifact.java:198:44:198:62 | jca/IVArtifact.java:198:44:198:62 | +| jca/IVArtifact.java:201:42:201:44 | Key | KeyType | Unknown | jca/IVArtifact.java:201:42:201:44 | jca/IVArtifact.java:201:42:201:44 | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/IVArtifact.java:202:16:202:40 | jca/IVArtifact.java:202:16:202:40 | +| jca/IVArtifact.java:215:53:215:65 | Parameter | Description | key | jca/IVArtifact.java:215:53:215:65 | jca/IVArtifact.java:215:53:215:65 | +| jca/IVArtifact.java:215:68:215:83 | Parameter | Description | plaintext | jca/IVArtifact.java:215:68:215:83 | jca/IVArtifact.java:215:68:215:83 | +| jca/IVArtifact.java:235:60:235:72 | Parameter | Description | key | jca/IVArtifact.java:235:60:235:72 | jca/IVArtifact.java:235:60:235:72 | +| jca/IVArtifact.java:235:75:235:90 | Parameter | Description | plaintext | jca/IVArtifact.java:235:75:235:90 | jca/IVArtifact.java:235:75:235:90 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/IVArtifact.java:254:21:254:23 | jca/IVArtifact.java:254:21:254:23 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | Name | AES | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | RawName | AES | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | Structure | Block | jca/IVArtifact.java:253:56:253:60 | jca/IVArtifact.java:253:56:253:60 | +| jca/IVArtifact.java:254:21:254:23 | Constant | Description | 256 | jca/IVArtifact.java:254:21:254:23 | jca/IVArtifact.java:254:21:254:23 | +| jca/IVArtifact.java:255:29:255:44 | Key | KeyType | Symmetric | jca/IVArtifact.java:255:29:255:44 | jca/IVArtifact.java:255:29:255:44 | +| jca/IVArtifact.java:256:32:256:47 | Constant | Description | "Sensitive Data" | jca/IVArtifact.java:256:32:256:47 | jca/IVArtifact.java:256:32:256:47 | +| jca/IVArtifact.java:275:34:275:46 | Constant | Description | "Message One" | jca/IVArtifact.java:275:34:275:46 | jca/IVArtifact.java:275:34:275:46 | +| jca/IVArtifact.java:275:60:275:72 | Constant | Description | "Message Two" | jca/IVArtifact.java:275:60:275:72 | jca/IVArtifact.java:275:60:275:72 | +| jca/IVArtifact.java:275:86:275:100 | Constant | Description | "Message Three" | jca/IVArtifact.java:275:86:275:100 | jca/IVArtifact.java:275:86:275:100 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | KeySize | 256 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | Name | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | RawName | secp256r1 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | +| jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | Constant | Description | 255 | jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | KeyType | Asymmetric | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | +| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | +| jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | RawName | SHA-256 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | +| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | +| jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | Name | Unknown | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | RawName | ChaCha20-Poly1305 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | +| jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | +| jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | Description | key | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | +| jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | Description | plaintext | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | +| jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | Constant | Description | 10000 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | +| jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | DigestSize | 256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | Name | SHA2 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | Iterations | Constant:10000 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | Name | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | RawName | GCM | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | RawName | NoPadding | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | +| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | +| jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | Name | HMAC | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | KeyType | Unknown | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | KeyOperationSubtype | Mac | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Name | AES | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | RawName | AES | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | Structure | Block | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | +| jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | Description | 256 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | KeyType | Symmetric | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | +| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | +| jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:18:56:18:60 | jca/KeyArtifact.java:18:56:18:60 | +| jca/KeyArtifact.java:19:21:19:23 | Constant | Description | 256 | jca/KeyArtifact.java:19:21:19:23 | jca/KeyArtifact.java:19:21:19:23 | +| jca/KeyArtifact.java:20:31:20:50 | Key | KeyType | Symmetric | jca/KeyArtifact.java:20:31:20:50 | jca/KeyArtifact.java:20:31:20:50 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:24:21:24:23 | jca/KeyArtifact.java:24:21:24:23 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:23:43:23:47 | jca/KeyArtifact.java:23:43:23:47 | +| jca/KeyArtifact.java:24:21:24:23 | Constant | Description | 256 | jca/KeyArtifact.java:24:21:24:23 | jca/KeyArtifact.java:24:21:24:23 | +| jca/KeyArtifact.java:25:30:25:49 | Key | KeyType | Symmetric | jca/KeyArtifact.java:25:30:25:49 | jca/KeyArtifact.java:25:30:25:49 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:31:31:31:34 | jca/KeyArtifact.java:31:31:31:34 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:30:68:30:72 | jca/KeyArtifact.java:30:68:30:72 | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:30:68:30:72 | jca/KeyArtifact.java:30:68:30:72 | +| jca/KeyArtifact.java:31:31:31:34 | Constant | Description | 2048 | jca/KeyArtifact.java:31:31:31:34 | jca/KeyArtifact.java:31:31:31:34 | +| jca/KeyArtifact.java:32:30:32:57 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:32:30:32:57 | jca/KeyArtifact.java:32:30:32:57 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:36:31:36:34 | jca/KeyArtifact.java:36:31:36:34 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:35:51:35:55 | jca/KeyArtifact.java:35:51:35:55 | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:35:51:35:55 | jca/KeyArtifact.java:35:51:35:55 | +| jca/KeyArtifact.java:36:31:36:34 | Constant | Description | 2048 | jca/KeyArtifact.java:36:31:36:34 | jca/KeyArtifact.java:36:31:36:34 | +| jca/KeyArtifact.java:37:29:37:56 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:37:29:37:56 | jca/KeyArtifact.java:37:29:37:56 | +| jca/KeyArtifact.java:41:31:41:33 | Constant | Description | 256 | jca/KeyArtifact.java:41:31:41:33 | jca/KeyArtifact.java:41:31:41:33 | +| jca/KeyArtifact.java:42:26:42:53 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:42:26:42:53 | jca/KeyArtifact.java:42:26:42:53 | +| jca/KeyArtifact.java:62:28:62:73 | LocalData | Description | getProperty(...) | jca/KeyArtifact.java:62:28:62:73 | jca/KeyArtifact.java:62:28:62:73 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Name | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | RawName | AES | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | Structure | Block | jca/KeyArtifact.java:62:68:62:72 | jca/KeyArtifact.java:62:68:62:72 | +| jca/KeyArtifact.java:65:21:65:23 | Constant | Description | 256 | jca/KeyArtifact.java:65:21:65:23 | jca/KeyArtifact.java:65:21:65:23 | +| jca/KeyArtifact.java:66:32:66:51 | Key | KeyType | Symmetric | jca/KeyArtifact.java:66:32:66:51 | jca/KeyArtifact.java:66:32:66:51 | +| jca/KeyArtifact.java:72:31:72:34 | Constant | Description | 2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | +| jca/KeyArtifact.java:73:16:73:43 | Key | KeyType | Asymmetric | jca/KeyArtifact.java:73:16:73:43 | jca/KeyArtifact.java:73:16:73:43 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyArtifact.java:72:31:72:34 | jca/KeyArtifact.java:72:31:72:34 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | Name | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | RawName | RSA | jca/KeyArtifact.java:78:32:78:36 | jca/KeyArtifact.java:78:32:78:36 | +| jca/KeyArtifact.java:78:45:78:53 | Constant | Description | "Ed25519" | jca/KeyArtifact.java:78:45:78:53 | jca/KeyArtifact.java:78:45:78:53 | +| jca/KeyDerivation1.java:78:39:78:53 | Parameter | Description | password | jca/KeyDerivation1.java:78:39:78:53 | jca/KeyDerivation1.java:78:39:78:53 | +| jca/KeyDerivation1.java:80:72:80:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | +| jca/KeyDerivation1.java:80:79:80:81 | Constant | Description | 256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:81:65:81:86 | jca/KeyDerivation1.java:81:65:81:86 | +| jca/KeyDerivation1.java:82:22:82:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:82:22:82:49 | jca/KeyDerivation1.java:82:22:82:49 | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:80:72:80:76 | jca/KeyDerivation1.java:80:72:80:76 | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:80:79:80:81 | jca/KeyDerivation1.java:80:79:80:81 | +| jca/KeyDerivation1.java:92:36:92:50 | Parameter | Description | password | jca/KeyDerivation1.java:92:36:92:50 | jca/KeyDerivation1.java:92:36:92:50 | +| jca/KeyDerivation1.java:94:72:94:73 | Constant | Description | 10 | jca/KeyDerivation1.java:94:72:94:73 | jca/KeyDerivation1.java:94:72:94:73 | +| jca/KeyDerivation1.java:94:76:94:78 | Constant | Description | 256 | jca/KeyDerivation1.java:94:76:94:78 | jca/KeyDerivation1.java:94:76:94:78 | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | @@ -969,736 +982,723 @@ | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:95:65:95:86 | jca/KeyDerivation1.java:95:65:95:86 | | jca/KeyDerivation1.java:96:22:96:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:96:22:96:49 | jca/KeyDerivation1.java:96:22:96:49 | -| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:94:72:94:76 | jca/KeyDerivation1.java:94:72:94:76 | -| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:94:79:94:81 | jca/KeyDerivation1.java:94:79:94:81 | -| jca/KeyDerivation1.java:109:36:109:50 | Parameter | Description | password | jca/KeyDerivation1.java:109:36:109:50 | jca/KeyDerivation1.java:109:36:109:50 | -| jca/KeyDerivation1.java:111:72:111:73 | Constant | Description | 10 | jca/KeyDerivation1.java:111:72:111:73 | jca/KeyDerivation1.java:111:72:111:73 | -| jca/KeyDerivation1.java:111:76:111:78 | Constant | Description | 256 | jca/KeyDerivation1.java:111:76:111:78 | jca/KeyDerivation1.java:111:76:111:78 | -| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:112:65:112:86 | jca/KeyDerivation1.java:112:65:112:86 | -| jca/KeyDerivation1.java:113:22:113:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:113:22:113:49 | jca/KeyDerivation1.java:113:22:113:49 | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | Iterations | Constant:10 | jca/KeyDerivation1.java:111:72:111:73 | jca/KeyDerivation1.java:111:72:111:73 | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:111:76:111:78 | jca/KeyDerivation1.java:111:76:111:78 | -| jca/KeyDerivation1.java:124:37:124:51 | Parameter | Description | password | jca/KeyDerivation1.java:124:37:124:51 | jca/KeyDerivation1.java:124:37:124:51 | -| jca/KeyDerivation1.java:126:72:126:80 | Constant | Description | 1_000_000 | jca/KeyDerivation1.java:126:72:126:80 | jca/KeyDerivation1.java:126:72:126:80 | -| jca/KeyDerivation1.java:126:83:126:85 | Constant | Description | 256 | jca/KeyDerivation1.java:126:83:126:85 | jca/KeyDerivation1.java:126:83:126:85 | -| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:127:65:127:86 | jca/KeyDerivation1.java:127:65:127:86 | -| jca/KeyDerivation1.java:128:22:128:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:128:22:128:49 | jca/KeyDerivation1.java:128:22:128:49 | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | Iterations | Constant:1_000_000 | jca/KeyDerivation1.java:126:72:126:80 | jca/KeyDerivation1.java:126:72:126:80 | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:126:83:126:85 | jca/KeyDerivation1.java:126:83:126:85 | -| jca/KeyDerivation1.java:140:32:140:46 | Parameter | Description | password | jca/KeyDerivation1.java:140:32:140:46 | jca/KeyDerivation1.java:140:32:140:46 | -| jca/KeyDerivation1.java:142:72:142:76 | Constant | Description | 80000 | jca/KeyDerivation1.java:142:72:142:76 | jca/KeyDerivation1.java:142:72:142:76 | -| jca/KeyDerivation1.java:142:79:142:81 | Constant | Description | 256 | jca/KeyDerivation1.java:142:79:142:81 | jca/KeyDerivation1.java:142:79:142:81 | -| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | DigestSize | 160 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | Name | SHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:143:65:143:84 | jca/KeyDerivation1.java:143:65:143:84 | -| jca/KeyDerivation1.java:144:22:144:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:144:22:144:49 | jca/KeyDerivation1.java:144:22:144:49 | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | Iterations | Constant:80000 | jca/KeyDerivation1.java:142:72:142:76 | jca/KeyDerivation1.java:142:72:142:76 | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:142:79:142:81 | jca/KeyDerivation1.java:142:79:142:81 | -| jca/KeyDerivation1.java:155:34:155:48 | Parameter | Description | password | jca/KeyDerivation1.java:155:34:155:48 | jca/KeyDerivation1.java:155:34:155:48 | -| jca/KeyDerivation1.java:157:72:157:77 | Constant | Description | 160000 | jca/KeyDerivation1.java:157:72:157:77 | jca/KeyDerivation1.java:157:72:157:77 | -| jca/KeyDerivation1.java:157:80:157:82 | Constant | Description | 256 | jca/KeyDerivation1.java:157:80:157:82 | jca/KeyDerivation1.java:157:80:157:82 | -| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | DigestSize | 512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | -| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:158:65:158:86 | jca/KeyDerivation1.java:158:65:158:86 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | Iterations | Constant:10 | jca/KeyDerivation1.java:94:72:94:73 | jca/KeyDerivation1.java:94:72:94:73 | +| jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:94:76:94:78 | jca/KeyDerivation1.java:94:76:94:78 | +| jca/KeyDerivation1.java:106:37:106:51 | Parameter | Description | password | jca/KeyDerivation1.java:106:37:106:51 | jca/KeyDerivation1.java:106:37:106:51 | +| jca/KeyDerivation1.java:108:72:108:80 | Constant | Description | 1_000_000 | jca/KeyDerivation1.java:108:72:108:80 | jca/KeyDerivation1.java:108:72:108:80 | +| jca/KeyDerivation1.java:108:83:108:85 | Constant | Description | 256 | jca/KeyDerivation1.java:108:83:108:85 | jca/KeyDerivation1.java:108:83:108:85 | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:109:65:109:86 | jca/KeyDerivation1.java:109:65:109:86 | +| jca/KeyDerivation1.java:110:22:110:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:110:22:110:49 | jca/KeyDerivation1.java:110:22:110:49 | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | Iterations | Constant:1_000_000 | jca/KeyDerivation1.java:108:72:108:80 | jca/KeyDerivation1.java:108:72:108:80 | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:108:83:108:85 | jca/KeyDerivation1.java:108:83:108:85 | +| jca/KeyDerivation1.java:120:32:120:46 | Parameter | Description | password | jca/KeyDerivation1.java:120:32:120:46 | jca/KeyDerivation1.java:120:32:120:46 | +| jca/KeyDerivation1.java:122:72:122:76 | Constant | Description | 80000 | jca/KeyDerivation1.java:122:72:122:76 | jca/KeyDerivation1.java:122:72:122:76 | +| jca/KeyDerivation1.java:122:79:122:81 | Constant | Description | 256 | jca/KeyDerivation1.java:122:79:122:81 | jca/KeyDerivation1.java:122:79:122:81 | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | DigestSize | 160 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | Name | SHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA1 | jca/KeyDerivation1.java:123:65:123:84 | jca/KeyDerivation1.java:123:65:123:84 | +| jca/KeyDerivation1.java:124:22:124:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:124:22:124:49 | jca/KeyDerivation1.java:124:22:124:49 | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | Iterations | Constant:80000 | jca/KeyDerivation1.java:122:72:122:76 | jca/KeyDerivation1.java:122:72:122:76 | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:122:79:122:81 | jca/KeyDerivation1.java:122:79:122:81 | +| jca/KeyDerivation1.java:134:34:134:48 | Parameter | Description | password | jca/KeyDerivation1.java:134:34:134:48 | jca/KeyDerivation1.java:134:34:134:48 | +| jca/KeyDerivation1.java:136:72:136:77 | Constant | Description | 160000 | jca/KeyDerivation1.java:136:72:136:77 | jca/KeyDerivation1.java:136:72:136:77 | +| jca/KeyDerivation1.java:136:80:136:82 | Constant | Description | 256 | jca/KeyDerivation1.java:136:80:136:82 | jca/KeyDerivation1.java:136:80:136:82 | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | DigestSize | 512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA512 | jca/KeyDerivation1.java:137:65:137:86 | jca/KeyDerivation1.java:137:65:137:86 | +| jca/KeyDerivation1.java:138:22:138:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:138:22:138:49 | jca/KeyDerivation1.java:138:22:138:49 | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | Iterations | Constant:160000 | jca/KeyDerivation1.java:136:72:136:77 | jca/KeyDerivation1.java:136:72:136:77 | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:136:80:136:82 | jca/KeyDerivation1.java:136:80:136:82 | +| jca/KeyDerivation1.java:154:28:154:42 | Parameter | Description | password | jca/KeyDerivation1.java:154:28:154:42 | jca/KeyDerivation1.java:154:28:154:42 | +| jca/KeyDerivation1.java:157:72:157:75 | Constant | Description | 1024 | jca/KeyDerivation1.java:157:72:157:75 | jca/KeyDerivation1.java:157:72:157:75 | +| jca/KeyDerivation1.java:157:78:157:80 | Constant | Description | 128 | jca/KeyDerivation1.java:157:78:157:80 | jca/KeyDerivation1.java:157:78:157:80 | +| jca/KeyDerivation1.java:158:65:158:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:158:65:158:72 | jca/KeyDerivation1.java:158:65:158:72 | | jca/KeyDerivation1.java:159:22:159:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:159:22:159:49 | jca/KeyDerivation1.java:159:22:159:49 | -| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Iterations | Constant:160000 | jca/KeyDerivation1.java:157:72:157:77 | jca/KeyDerivation1.java:157:72:157:77 | -| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:157:80:157:82 | jca/KeyDerivation1.java:157:80:157:82 | -| jca/KeyDerivation1.java:175:28:175:42 | Parameter | Description | password | jca/KeyDerivation1.java:175:28:175:42 | jca/KeyDerivation1.java:175:28:175:42 | -| jca/KeyDerivation1.java:178:72:178:75 | Constant | Description | 1024 | jca/KeyDerivation1.java:178:72:178:75 | jca/KeyDerivation1.java:178:72:178:75 | -| jca/KeyDerivation1.java:178:78:178:80 | Constant | Description | 128 | jca/KeyDerivation1.java:178:78:178:80 | jca/KeyDerivation1.java:178:78:178:80 | -| jca/KeyDerivation1.java:179:65:179:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:179:65:179:72 | jca/KeyDerivation1.java:179:65:179:72 | -| jca/KeyDerivation1.java:180:22:180:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:180:22:180:49 | jca/KeyDerivation1.java:180:22:180:49 | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | Iterations | Constant:1024 | jca/KeyDerivation1.java:178:72:178:75 | jca/KeyDerivation1.java:178:72:178:75 | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | KeySize | Constant:128 | jca/KeyDerivation1.java:178:78:178:80 | jca/KeyDerivation1.java:178:78:178:80 | -| jca/KeyDerivation1.java:191:30:191:44 | Parameter | Description | password | jca/KeyDerivation1.java:191:30:191:44 | jca/KeyDerivation1.java:191:30:191:44 | -| jca/KeyDerivation1.java:194:72:194:76 | Constant | Description | 16384 | jca/KeyDerivation1.java:194:72:194:76 | jca/KeyDerivation1.java:194:72:194:76 | -| jca/KeyDerivation1.java:194:79:194:81 | Constant | Description | 256 | jca/KeyDerivation1.java:194:79:194:81 | jca/KeyDerivation1.java:194:79:194:81 | -| jca/KeyDerivation1.java:195:65:195:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:195:65:195:72 | jca/KeyDerivation1.java:195:65:195:72 | -| jca/KeyDerivation1.java:196:22:196:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:196:22:196:49 | jca/KeyDerivation1.java:196:22:196:49 | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | Iterations | Constant:16384 | jca/KeyDerivation1.java:194:72:194:76 | jca/KeyDerivation1.java:194:72:194:76 | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:194:79:194:81 | jca/KeyDerivation1.java:194:79:194:81 | -| jca/KeyDerivation1.java:264:45:264:56 | Parameter | Description | input | jca/KeyDerivation1.java:264:45:264:56 | jca/KeyDerivation1.java:264:45:264:56 | -| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | -| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | -| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyDerivation1.java:265:58:265:66 | jca/KeyDerivation1.java:265:58:265:66 | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Name | AES | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | Structure | Block | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | Name | ECB | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | RawName | ECB | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | RawName | NoPadding | jca/KeyDerivation1.java:271:70:271:88 | jca/KeyDerivation1.java:271:70:271:88 | -| jca/KeyDerivation1.java:272:55:272:57 | Key | KeyType | Unknown | jca/KeyDerivation1.java:272:55:272:57 | jca/KeyDerivation1.java:272:55:272:57 | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyDerivation1.java:273:29:273:74 | jca/KeyDerivation1.java:273:29:273:74 | -| jca/KeyDerivation1.java:273:44:273:62 | Constant | Description | "SampleData16Bytes" | jca/KeyDerivation1.java:273:44:273:62 | jca/KeyDerivation1.java:273:44:273:62 | -| jca/KeyDerivation1.java:291:32:291:41 | Parameter | Description | ikm | jca/KeyDerivation1.java:291:32:291:41 | jca/KeyDerivation1.java:291:32:291:41 | -| jca/KeyDerivation1.java:306:43:306:57 | Parameter | Description | password | jca/KeyDerivation1.java:306:43:306:57 | jca/KeyDerivation1.java:306:43:306:57 | -| jca/KeyDerivation1.java:306:60:306:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:306:60:306:78 | jca/KeyDerivation1.java:306:60:306:78 | -| jca/KeyDerivation1.java:325:37:325:51 | Parameter | Description | password | jca/KeyDerivation1.java:325:37:325:51 | jca/KeyDerivation1.java:325:37:325:51 | -| jca/KeyDerivation1.java:332:25:332:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:332:25:332:76 | jca/KeyDerivation1.java:332:25:332:76 | -| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:332:54:332:75 | jca/KeyDerivation1.java:332:54:332:75 | -| jca/KeyDerivation1.java:333:43:333:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:333:43:333:86 | jca/KeyDerivation1.java:333:43:333:86 | -| jca/KeyDerivation1.java:334:40:334:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:334:40:334:78 | jca/KeyDerivation1.java:334:40:334:78 | -| jca/KeyDerivation1.java:339:26:339:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:339:26:339:53 | jca/KeyDerivation1.java:339:26:339:53 | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:333:43:333:86 | jca/KeyDerivation1.java:333:43:333:86 | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:334:40:334:78 | jca/KeyDerivation1.java:334:40:334:78 | -| jca/KeyDerivation1.java:356:72:356:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:356:72:356:76 | jca/KeyDerivation1.java:356:72:356:76 | -| jca/KeyDerivation1.java:356:79:356:81 | Constant | Description | 256 | jca/KeyDerivation1.java:356:79:356:81 | jca/KeyDerivation1.java:356:79:356:81 | -| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:357:65:357:86 | jca/KeyDerivation1.java:357:65:357:86 | -| jca/KeyDerivation1.java:358:16:358:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:358:16:358:43 | jca/KeyDerivation1.java:358:16:358:43 | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:356:72:356:76 | jca/KeyDerivation1.java:356:72:356:76 | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:356:79:356:81 | jca/KeyDerivation1.java:356:79:356:81 | -| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:370:36:370:47 | jca/KeyDerivation1.java:370:36:370:47 | -| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:370:36:370:47 | jca/KeyDerivation1.java:370:36:370:47 | -| jca/KeyDerivation1.java:372:19:372:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:372:19:372:27 | jca/KeyDerivation1.java:372:19:372:27 | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:373:22:373:38 | jca/KeyDerivation1.java:373:22:373:38 | -| jca/KeyDerivation1.java:377:19:377:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:377:19:377:54 | jca/KeyDerivation1.java:377:19:377:54 | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:378:22:378:62 | jca/KeyDerivation1.java:378:22:378:62 | -| jca/KeyDerivation1.java:378:35:378:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:378:35:378:50 | jca/KeyDerivation1.java:378:35:378:50 | -| jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:391:9:391:42 | jca/KeyDerivation1.java:391:9:391:42 | -| jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:391:38:391:41 | jca/KeyDerivation1.java:391:38:391:41 | -| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:65:21:65:23 | jca/KeyEncapsulation.java:65:21:65:23 | -| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | -| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | -| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:64:56:64:60 | jca/KeyEncapsulation.java:64:56:64:60 | -| jca/KeyEncapsulation.java:65:21:65:23 | Constant | Description | 256 | jca/KeyEncapsulation.java:65:21:65:23 | jca/KeyEncapsulation.java:65:21:65:23 | -| jca/KeyEncapsulation.java:66:28:66:47 | Key | KeyType | Symmetric | jca/KeyEncapsulation.java:66:28:66:47 | jca/KeyEncapsulation.java:66:28:66:47 | -| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:71:47:71:85 | jca/KeyEncapsulation.java:71:47:71:85 | -| jca/KeyEncapsulation.java:72:45:72:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:72:45:72:50 | jca/KeyEncapsulation.java:72:45:72:50 | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:73:29:73:66 | jca/KeyEncapsulation.java:73:29:73:66 | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:77:47:77:65 | jca/KeyEncapsulation.java:77:47:77:65 | -| jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:79:9:79:40 | jca/KeyEncapsulation.java:79:9:79:40 | -| jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:79:38:79:39 | jca/KeyEncapsulation.java:79:38:79:39 | -| jca/KeyEncapsulation.java:81:45:81:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:81:45:81:50 | jca/KeyEncapsulation.java:81:45:81:50 | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:82:29:82:80 | jca/KeyEncapsulation.java:82:29:82:80 | -| jca/KeyEncapsulation.java:82:47:82:68 | Constant | Description | "KEM-based encryption" | jca/KeyEncapsulation.java:82:47:82:68 | jca/KeyEncapsulation.java:82:47:82:68 | -| jca/KeyEncapsulation.java:96:37:96:54 | Parameter | Description | rsaPriv | jca/KeyEncapsulation.java:96:37:96:54 | jca/KeyEncapsulation.java:96:37:96:54 | -| jca/KeyEncapsulation.java:96:57:96:73 | Parameter | Description | wrappedKey | jca/KeyEncapsulation.java:96:57:96:73 | jca/KeyEncapsulation.java:96:57:96:73 | -| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:97:47:97:85 | jca/KeyEncapsulation.java:97:47:97:85 | -| jca/KeyEncapsulation.java:98:45:98:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:98:45:98:51 | jca/KeyEncapsulation.java:98:45:98:51 | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:99:30:99:58 | jca/KeyEncapsulation.java:99:30:99:58 | -| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | -| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | -| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | -| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:122:47:122:57 | jca/KeyEncapsulation.java:122:47:122:57 | -| jca/KeyEncapsulation.java:123:31:123:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:123:31:123:51 | jca/KeyEncapsulation.java:123:31:123:51 | -| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:126:52:126:57 | jca/KeyEncapsulation.java:126:52:126:57 | -| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:126:52:126:57 | jca/KeyEncapsulation.java:126:52:126:57 | -| jca/KeyEncapsulation.java:127:17:127:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:127:17:127:40 | jca/KeyEncapsulation.java:127:17:127:40 | -| jca/KeyEncapsulation.java:128:20:128:24 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:128:20:128:24 | jca/KeyEncapsulation.java:128:20:128:24 | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:138:47:138:65 | jca/KeyEncapsulation.java:138:47:138:65 | -| jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:140:9:140:40 | jca/KeyEncapsulation.java:140:9:140:40 | -| jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:140:38:140:39 | jca/KeyEncapsulation.java:140:38:140:39 | -| jca/KeyEncapsulation.java:141:45:141:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:141:45:141:50 | jca/KeyEncapsulation.java:141:45:141:50 | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:142:29:142:73 | jca/KeyEncapsulation.java:142:29:142:73 | -| jca/KeyEncapsulation.java:142:47:142:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:142:47:142:61 | jca/KeyEncapsulation.java:142:47:142:61 | -| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | -| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | -| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | -| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:191:47:191:57 | jca/KeyEncapsulation.java:191:47:191:57 | -| jca/KeyEncapsulation.java:192:31:192:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:192:31:192:51 | jca/KeyEncapsulation.java:192:31:192:51 | -| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:193:52:193:57 | jca/KeyEncapsulation.java:193:52:193:57 | -| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:193:52:193:57 | jca/KeyEncapsulation.java:193:52:193:57 | -| jca/KeyEncapsulation.java:194:17:194:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:194:17:194:40 | jca/KeyEncapsulation.java:194:17:194:40 | -| jca/KeyEncapsulation.java:195:20:195:34 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:195:20:195:34 | jca/KeyEncapsulation.java:195:20:195:34 | -| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyEncapsulation.java:213:27:213:30 | jca/KeyEncapsulation.java:213:27:213:30 | -| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:212:64:212:68 | jca/KeyEncapsulation.java:212:64:212:68 | -| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:212:64:212:68 | jca/KeyEncapsulation.java:212:64:212:68 | -| jca/KeyEncapsulation.java:213:27:213:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:213:27:213:30 | jca/KeyEncapsulation.java:213:27:213:30 | -| jca/KeyEncapsulation.java:214:25:214:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:214:25:214:48 | jca/KeyEncapsulation.java:214:25:214:48 | -| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | -| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | -| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | -| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:219:49:219:59 | jca/KeyEncapsulation.java:219:49:219:59 | -| jca/KeyEncapsulation.java:220:24:220:46 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:220:24:220:46 | jca/KeyEncapsulation.java:220:24:220:46 | -| jca/KeyEncapsulation.java:232:31:232:53 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:232:31:232:53 | jca/KeyEncapsulation.java:232:31:232:53 | -| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:58:63:58:66 | jca/KeyExchange.java:58:63:58:66 | -| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:58:63:58:66 | jca/KeyExchange.java:58:63:58:66 | -| jca/KeyExchange.java:59:26:59:29 | Constant | Description | 2048 | jca/KeyExchange.java:59:26:59:29 | jca/KeyExchange.java:59:26:59:29 | -| jca/KeyExchange.java:60:16:60:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:60:16:60:38 | jca/KeyExchange.java:60:16:60:38 | -| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:74:63:74:66 | jca/KeyExchange.java:74:63:74:66 | -| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:74:63:74:66 | jca/KeyExchange.java:74:63:74:66 | -| jca/KeyExchange.java:76:26:76:28 | Constant | Description | 512 | jca/KeyExchange.java:76:26:76:28 | jca/KeyExchange.java:76:26:76:28 | -| jca/KeyExchange.java:77:16:77:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:77:16:77:38 | jca/KeyExchange.java:77:16:77:38 | -| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:90:63:90:66 | jca/KeyExchange.java:90:63:90:66 | -| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:90:63:90:66 | jca/KeyExchange.java:90:63:90:66 | -| jca/KeyExchange.java:91:26:91:29 | Constant | Description | 4096 | jca/KeyExchange.java:91:26:91:29 | jca/KeyExchange.java:91:26:91:29 | -| jca/KeyExchange.java:92:16:92:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:92:16:92:38 | jca/KeyExchange.java:92:16:92:38 | -| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:107:52:107:55 | jca/KeyExchange.java:107:52:107:55 | -| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:107:52:107:55 | jca/KeyExchange.java:107:52:107:55 | -| jca/KeyExchange.java:108:17:108:26 | Key | KeyType | Unknown | jca/KeyExchange.java:108:17:108:26 | jca/KeyExchange.java:108:17:108:26 | -| jca/KeyExchange.java:109:20:109:28 | Key | KeyType | Unknown | jca/KeyExchange.java:109:20:109:28 | jca/KeyExchange.java:109:20:109:28 | -| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | -| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | -| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | -| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | RawName | secp256r1 | jca/KeyExchange.java:129:49:129:59 | jca/KeyExchange.java:129:49:129:59 | -| jca/KeyExchange.java:130:16:130:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:130:16:130:38 | jca/KeyExchange.java:130:16:130:38 | -| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyExchange.java:145:52:145:57 | jca/KeyExchange.java:145:52:145:57 | -| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyExchange.java:145:52:145:57 | jca/KeyExchange.java:145:52:145:57 | -| jca/KeyExchange.java:146:17:146:26 | Key | KeyType | Unknown | jca/KeyExchange.java:146:17:146:26 | jca/KeyExchange.java:146:17:146:26 | -| jca/KeyExchange.java:147:20:147:28 | Key | KeyType | Unknown | jca/KeyExchange.java:147:20:147:28 | jca/KeyExchange.java:147:20:147:28 | -| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:165:61:165:68 | jca/KeyExchange.java:165:61:165:68 | -| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:165:61:165:68 | jca/KeyExchange.java:165:61:165:68 | -| jca/KeyExchange.java:167:24:167:26 | Constant | Description | 255 | jca/KeyExchange.java:167:24:167:26 | jca/KeyExchange.java:167:24:167:26 | -| jca/KeyExchange.java:168:16:168:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:168:16:168:36 | jca/KeyExchange.java:168:16:168:36 | -| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:183:52:183:59 | jca/KeyExchange.java:183:52:183:59 | -| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:183:52:183:59 | jca/KeyExchange.java:183:52:183:59 | -| jca/KeyExchange.java:184:17:184:26 | Key | KeyType | Unknown | jca/KeyExchange.java:184:17:184:26 | jca/KeyExchange.java:184:17:184:26 | -| jca/KeyExchange.java:185:20:185:28 | Key | KeyType | Unknown | jca/KeyExchange.java:185:20:185:28 | jca/KeyExchange.java:185:20:185:28 | -| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:203:61:203:66 | jca/KeyExchange.java:203:61:203:66 | -| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:203:61:203:66 | jca/KeyExchange.java:203:61:203:66 | -| jca/KeyExchange.java:205:24:205:26 | Constant | Description | 448 | jca/KeyExchange.java:205:24:205:26 | jca/KeyExchange.java:205:24:205:26 | -| jca/KeyExchange.java:206:16:206:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:206:16:206:36 | jca/KeyExchange.java:206:16:206:36 | -| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:221:52:221:57 | jca/KeyExchange.java:221:52:221:57 | -| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:221:52:221:57 | jca/KeyExchange.java:221:52:221:57 | -| jca/KeyExchange.java:222:17:222:26 | Key | KeyType | Unknown | jca/KeyExchange.java:222:17:222:26 | jca/KeyExchange.java:222:17:222:26 | -| jca/KeyExchange.java:223:20:223:28 | Key | KeyType | Unknown | jca/KeyExchange.java:223:20:223:28 | jca/KeyExchange.java:223:20:223:28 | -| jca/MACOperation.java:65:36:65:49 | Parameter | Description | message | jca/MACOperation.java:65:36:65:49 | jca/MACOperation.java:65:36:65:49 | -| jca/MACOperation.java:65:52:65:61 | Parameter | Description | key | jca/MACOperation.java:65:52:65:61 | jca/MACOperation.java:65:52:65:61 | -| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:66:35:66:46 | jca/MACOperation.java:66:35:66:46 | -| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:66:35:66:46 | jca/MACOperation.java:66:35:66:46 | -| jca/MACOperation.java:68:18:68:26 | Key | KeyType | Unknown | jca/MACOperation.java:68:18:68:26 | jca/MACOperation.java:68:18:68:26 | -| jca/MACOperation.java:69:16:69:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:69:16:69:46 | jca/MACOperation.java:69:16:69:46 | -| jca/MACOperation.java:76:34:76:47 | Parameter | Description | message | jca/MACOperation.java:76:34:76:47 | jca/MACOperation.java:76:34:76:47 | -| jca/MACOperation.java:76:50:76:59 | Parameter | Description | key | jca/MACOperation.java:76:50:76:59 | jca/MACOperation.java:76:50:76:59 | -| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:77:35:77:48 | jca/MACOperation.java:77:35:77:48 | -| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:77:35:77:48 | jca/MACOperation.java:77:35:77:48 | -| jca/MACOperation.java:79:18:79:26 | Key | KeyType | Unknown | jca/MACOperation.java:79:18:79:26 | jca/MACOperation.java:79:18:79:26 | -| jca/MACOperation.java:80:16:80:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:80:16:80:46 | jca/MACOperation.java:80:16:80:46 | -| jca/MACOperation.java:88:34:88:47 | Parameter | Description | message | jca/MACOperation.java:88:34:88:47 | jca/MACOperation.java:88:34:88:47 | -| jca/MACOperation.java:88:50:88:59 | Parameter | Description | key | jca/MACOperation.java:88:50:88:59 | jca/MACOperation.java:88:50:88:59 | -| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:89:35:89:44 | jca/MACOperation.java:89:35:89:44 | -| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | RawName | Poly1305 | jca/MACOperation.java:89:35:89:44 | jca/MACOperation.java:89:35:89:44 | -| jca/MACOperation.java:91:18:91:26 | Key | KeyType | Unknown | jca/MACOperation.java:91:18:91:26 | jca/MACOperation.java:91:18:91:26 | -| jca/MACOperation.java:92:16:92:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:92:16:92:46 | jca/MACOperation.java:92:16:92:46 | -| jca/MACOperation.java:99:30:99:43 | Parameter | Description | message | jca/MACOperation.java:99:30:99:43 | jca/MACOperation.java:99:30:99:43 | -| jca/MACOperation.java:99:46:99:55 | Parameter | Description | key | jca/MACOperation.java:99:46:99:55 | jca/MACOperation.java:99:46:99:55 | -| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:101:35:101:40 | jca/MACOperation.java:101:35:101:40 | -| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | RawName | GMac | jca/MACOperation.java:101:35:101:40 | jca/MACOperation.java:101:35:101:40 | -| jca/MACOperation.java:105:18:105:26 | Key | KeyType | Unknown | jca/MACOperation.java:105:18:105:26 | jca/MACOperation.java:105:18:105:26 | -| jca/MACOperation.java:106:16:106:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:106:16:106:46 | jca/MACOperation.java:106:16:106:46 | -| jca/MACOperation.java:113:30:113:43 | Parameter | Description | message | jca/MACOperation.java:113:30:113:43 | jca/MACOperation.java:113:30:113:43 | -| jca/MACOperation.java:113:46:113:55 | Parameter | Description | key | jca/MACOperation.java:113:46:113:55 | jca/MACOperation.java:113:46:113:55 | -| jca/MACOperation.java:114:35:114:43 | Constant | Description | "KMAC128" | jca/MACOperation.java:114:35:114:43 | jca/MACOperation.java:114:35:114:43 | -| jca/MACOperation.java:116:18:116:26 | Key | KeyType | Unknown | jca/MACOperation.java:116:18:116:26 | jca/MACOperation.java:116:18:116:26 | -| jca/MACOperation.java:117:16:117:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:117:16:117:46 | jca/MACOperation.java:117:16:117:46 | -| jca/MACOperation.java:124:36:124:49 | Parameter | Description | message | jca/MACOperation.java:124:36:124:49 | jca/MACOperation.java:124:36:124:49 | -| jca/MACOperation.java:124:52:124:61 | Parameter | Description | key | jca/MACOperation.java:124:52:124:61 | jca/MACOperation.java:124:52:124:61 | -| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:125:35:125:44 | jca/MACOperation.java:125:35:125:44 | -| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:125:35:125:44 | jca/MACOperation.java:125:35:125:44 | -| jca/MACOperation.java:127:18:127:26 | Key | KeyType | Unknown | jca/MACOperation.java:127:18:127:26 | jca/MACOperation.java:127:18:127:26 | -| jca/MACOperation.java:128:16:128:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:128:16:128:46 | jca/MACOperation.java:128:16:128:46 | -| jca/MACOperation.java:142:34:142:49 | Parameter | Description | macOutput | jca/MACOperation.java:142:34:142:49 | jca/MACOperation.java:142:34:142:49 | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:145:44:145:62 | jca/MACOperation.java:145:44:145:62 | -| jca/MACOperation.java:146:42:146:44 | Key | KeyType | Unknown | jca/MACOperation.java:146:42:146:44 | jca/MACOperation.java:146:42:146:44 | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:147:32:147:74 | jca/MACOperation.java:147:32:147:74 | -| jca/MACOperation.java:147:47:147:62 | Constant | Description | "Sensitive Data" | jca/MACOperation.java:147:47:147:62 | jca/MACOperation.java:147:47:147:62 | -| jca/MACOperation.java:159:36:159:51 | Parameter | Description | macOutput | jca/MACOperation.java:159:36:159:51 | jca/MACOperation.java:159:36:159:51 | -| jca/MACOperation.java:174:47:174:62 | Parameter | Description | macOutput | jca/MACOperation.java:174:47:174:62 | jca/MACOperation.java:174:47:174:62 | -| jca/MACOperation.java:178:77:178:81 | Constant | Description | 10000 | jca/MACOperation.java:178:77:178:81 | jca/MACOperation.java:178:77:178:81 | -| jca/MACOperation.java:178:84:178:86 | Constant | Description | 256 | jca/MACOperation.java:178:84:178:86 | jca/MACOperation.java:178:84:178:86 | -| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:179:65:179:86 | jca/MACOperation.java:179:65:179:86 | -| jca/MACOperation.java:180:30:180:57 | Key | KeyType | Symmetric | jca/MACOperation.java:180:30:180:57 | jca/MACOperation.java:180:30:180:57 | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | Iterations | Constant:10000 | jca/MACOperation.java:178:77:178:81 | jca/MACOperation.java:178:77:178:81 | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | KeySize | Constant:256 | jca/MACOperation.java:178:84:178:86 | jca/MACOperation.java:178:84:178:86 | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:188:44:188:62 | jca/MACOperation.java:188:44:188:62 | -| jca/MACOperation.java:189:42:189:54 | Key | KeyType | Unknown | jca/MACOperation.java:189:42:189:54 | jca/MACOperation.java:189:42:189:54 | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:190:29:190:78 | jca/MACOperation.java:190:29:190:78 | -| jca/MACOperation.java:190:44:190:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:190:44:190:66 | jca/MACOperation.java:190:44:190:66 | -| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:193:35:193:46 | jca/MACOperation.java:193:35:193:46 | -| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:193:35:193:46 | jca/MACOperation.java:193:35:193:46 | -| jca/MACOperation.java:194:18:194:30 | Key | KeyType | Unknown | jca/MACOperation.java:194:18:194:30 | jca/MACOperation.java:194:18:194:30 | -| jca/MACOperation.java:195:30:195:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:195:30:195:52 | jca/MACOperation.java:195:30:195:52 | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:225:44:225:62 | jca/MACOperation.java:225:44:225:62 | -| jca/MACOperation.java:227:42:227:44 | Key | KeyType | Unknown | jca/MACOperation.java:227:42:227:44 | jca/MACOperation.java:227:42:227:44 | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:228:32:228:51 | jca/MACOperation.java:228:32:228:51 | -| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/MACOperation.java:243:21:243:23 | jca/MACOperation.java:243:21:243:23 | -| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | -| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | RawName | AES | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | -| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:242:56:242:60 | jca/MACOperation.java:242:56:242:60 | -| jca/MACOperation.java:243:21:243:23 | Constant | Description | 256 | jca/MACOperation.java:243:21:243:23 | jca/MACOperation.java:243:21:243:23 | -| jca/MACOperation.java:244:16:244:35 | Key | KeyType | Symmetric | jca/MACOperation.java:244:16:244:35 | jca/MACOperation.java:244:16:244:35 | -| jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:256:9:256:42 | jca/MACOperation.java:256:9:256:42 | -| jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:256:38:256:41 | jca/MACOperation.java:256:38:256:41 | -| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:25:35:25:46 | jca/Nonce.java:25:35:25:46 | -| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:25:35:25:46 | jca/Nonce.java:25:35:25:46 | -| jca/Nonce.java:26:18:26:20 | Key | KeyType | Unknown | jca/Nonce.java:26:18:26:20 | jca/Nonce.java:26:18:26:20 | -| jca/Nonce.java:28:28:28:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:28:28:28:69 | jca/Nonce.java:28:28:28:69 | -| jca/Nonce.java:28:40:28:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:28:40:28:57 | jca/Nonce.java:28:40:28:57 | -| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:38:35:38:46 | jca/Nonce.java:38:35:38:46 | -| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:38:35:38:46 | jca/Nonce.java:38:35:38:46 | -| jca/Nonce.java:39:18:39:20 | Key | KeyType | Unknown | jca/Nonce.java:39:18:39:20 | jca/Nonce.java:39:18:39:20 | -| jca/Nonce.java:41:28:41:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:41:28:41:67 | jca/Nonce.java:41:28:41:67 | -| jca/Nonce.java:41:40:41:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:41:40:41:55 | jca/Nonce.java:41:40:41:55 | -| jca/Nonce.java:48:39:48:51 | Parameter | Description | key | jca/Nonce.java:48:39:48:51 | jca/Nonce.java:48:39:48:51 | -| jca/Nonce.java:48:54:48:69 | Parameter | Description | plaintext | jca/Nonce.java:48:54:48:69 | jca/Nonce.java:48:54:48:69 | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:51:44:51:62 | jca/Nonce.java:51:44:51:62 | -| jca/Nonce.java:52:42:52:44 | Key | KeyType | Unknown | jca/Nonce.java:52:42:52:44 | jca/Nonce.java:52:42:52:44 | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:53:29:53:53 | jca/Nonce.java:53:29:53:53 | -| jca/Nonce.java:59:37:59:49 | Parameter | Description | key | jca/Nonce.java:59:37:59:49 | jca/Nonce.java:59:37:59:49 | -| jca/Nonce.java:59:52:59:67 | Parameter | Description | plaintext | jca/Nonce.java:59:52:59:67 | jca/Nonce.java:59:52:59:67 | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:62:44:62:62 | jca/Nonce.java:62:44:62:62 | -| jca/Nonce.java:63:42:63:44 | Key | KeyType | Unknown | jca/Nonce.java:63:42:63:44 | jca/Nonce.java:63:42:63:44 | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:64:29:64:53 | jca/Nonce.java:64:29:64:53 | -| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:71:53:71:64 | jca/Nonce.java:71:53:71:64 | -| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:71:53:71:64 | jca/Nonce.java:71:53:71:64 | -| jca/Nonce.java:79:18:79:20 | Key | KeyType | Unknown | jca/Nonce.java:79:18:79:20 | jca/Nonce.java:79:18:79:20 | -| jca/Nonce.java:81:28:81:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:81:28:81:67 | jca/Nonce.java:81:28:81:67 | -| jca/Nonce.java:81:40:81:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:81:40:81:55 | jca/Nonce.java:81:40:81:55 | -| jca/Nonce.java:93:56:93:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:93:56:93:67 | jca/Nonce.java:93:56:93:67 | -| jca/Nonce.java:94:16:94:35 | Key | KeyType | Symmetric | jca/Nonce.java:94:16:94:35 | jca/Nonce.java:94:16:94:35 | -| jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:99:9:99:43 | jca/Nonce.java:99:9:99:43 | -| jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:99:38:99:42 | jca/Nonce.java:99:38:99:42 | -| jca/Nonce.java:113:16:113:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:113:16:113:33 | jca/Nonce.java:113:16:113:33 | -| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:163:21:163:23 | jca/PrngTest.java:163:21:163:23 | -| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | -| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | RawName | AES | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | -| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:162:56:162:60 | jca/PrngTest.java:162:56:162:60 | -| jca/PrngTest.java:163:21:163:23 | Constant | Description | 256 | jca/PrngTest.java:163:21:163:23 | jca/PrngTest.java:163:21:163:23 | -| jca/PrngTest.java:164:16:164:35 | Key | KeyType | Symmetric | jca/PrngTest.java:164:16:164:35 | jca/PrngTest.java:164:16:164:35 | -| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | -| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | -| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | -| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | RawName | secp256r1 | jca/SignEncryptCombinations.java:59:49:59:59 | jca/SignEncryptCombinations.java:59:49:59:59 | -| jca/SignEncryptCombinations.java:60:16:60:38 | Key | KeyType | Asymmetric | jca/SignEncryptCombinations.java:60:16:60:38 | jca/SignEncryptCombinations.java:60:16:60:38 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | Iterations | Constant:1024 | jca/KeyDerivation1.java:157:72:157:75 | jca/KeyDerivation1.java:157:72:157:75 | +| jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | KeySize | Constant:128 | jca/KeyDerivation1.java:157:78:157:80 | jca/KeyDerivation1.java:157:78:157:80 | +| jca/KeyDerivation1.java:169:30:169:44 | Parameter | Description | password | jca/KeyDerivation1.java:169:30:169:44 | jca/KeyDerivation1.java:169:30:169:44 | +| jca/KeyDerivation1.java:172:72:172:76 | Constant | Description | 16384 | jca/KeyDerivation1.java:172:72:172:76 | jca/KeyDerivation1.java:172:72:172:76 | +| jca/KeyDerivation1.java:172:79:172:81 | Constant | Description | 256 | jca/KeyDerivation1.java:172:79:172:81 | jca/KeyDerivation1.java:172:79:172:81 | +| jca/KeyDerivation1.java:173:65:173:72 | Constant | Description | "SCRYPT" | jca/KeyDerivation1.java:173:65:173:72 | jca/KeyDerivation1.java:173:65:173:72 | +| jca/KeyDerivation1.java:174:22:174:49 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:174:22:174:49 | jca/KeyDerivation1.java:174:22:174:49 | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | Iterations | Constant:16384 | jca/KeyDerivation1.java:172:72:172:76 | jca/KeyDerivation1.java:172:72:172:76 | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:172:79:172:81 | jca/KeyDerivation1.java:172:79:172:81 | +| jca/KeyDerivation1.java:242:45:242:56 | Parameter | Description | input | jca/KeyDerivation1.java:242:45:242:56 | jca/KeyDerivation1.java:242:45:242:56 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | RawName | SHA-256 | jca/KeyDerivation1.java:243:58:243:66 | jca/KeyDerivation1.java:243:58:243:66 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Name | AES | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | RawName | AES/ECB/NoPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | Structure | Block | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | Name | ECB | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | RawName | ECB | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | RawName | NoPadding | jca/KeyDerivation1.java:249:70:249:88 | jca/KeyDerivation1.java:249:70:249:88 | +| jca/KeyDerivation1.java:250:55:250:57 | Key | KeyType | Unknown | jca/KeyDerivation1.java:250:55:250:57 | jca/KeyDerivation1.java:250:55:250:57 | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyDerivation1.java:251:29:251:74 | jca/KeyDerivation1.java:251:29:251:74 | +| jca/KeyDerivation1.java:251:44:251:62 | Constant | Description | "SampleData16Bytes" | jca/KeyDerivation1.java:251:44:251:62 | jca/KeyDerivation1.java:251:44:251:62 | +| jca/KeyDerivation1.java:269:32:269:41 | Parameter | Description | ikm | jca/KeyDerivation1.java:269:32:269:41 | jca/KeyDerivation1.java:269:32:269:41 | +| jca/KeyDerivation1.java:283:43:283:57 | Parameter | Description | password | jca/KeyDerivation1.java:283:43:283:57 | jca/KeyDerivation1.java:283:43:283:57 | +| jca/KeyDerivation1.java:283:60:283:78 | Parameter | Description | sharedSecret | jca/KeyDerivation1.java:283:60:283:78 | jca/KeyDerivation1.java:283:60:283:78 | +| jca/KeyDerivation1.java:302:37:302:51 | Parameter | Description | password | jca/KeyDerivation1.java:302:37:302:51 | jca/KeyDerivation1.java:302:37:302:51 | +| jca/KeyDerivation1.java:309:25:309:76 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:309:25:309:76 | jca/KeyDerivation1.java:309:25:309:76 | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:309:54:309:75 | jca/KeyDerivation1.java:309:54:309:75 | +| jca/KeyDerivation1.java:310:43:310:86 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:311:40:311:78 | LocalData | Description | getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | +| jca/KeyDerivation1.java:316:26:316:53 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:316:26:316:53 | jca/KeyDerivation1.java:316:26:316:53 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | Iterations | LocalData:getProperty(...) | jca/KeyDerivation1.java:310:43:310:86 | jca/KeyDerivation1.java:310:43:310:86 | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | KeySize | LocalData:getProperty(...) | jca/KeyDerivation1.java:311:40:311:78 | jca/KeyDerivation1.java:311:40:311:78 | +| jca/KeyDerivation1.java:333:72:333:76 | Constant | Description | 10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | +| jca/KeyDerivation1.java:333:79:333:81 | Constant | Description | 256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | Name | HMAC | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | DigestSize | 256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | Name | SHA2 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/KeyDerivation1.java:334:65:334:86 | jca/KeyDerivation1.java:334:65:334:86 | +| jca/KeyDerivation1.java:335:16:335:43 | Key | KeyType | Symmetric | jca/KeyDerivation1.java:335:16:335:43 | jca/KeyDerivation1.java:335:16:335:43 | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | Iterations | Constant:10000 | jca/KeyDerivation1.java:333:72:333:76 | jca/KeyDerivation1.java:333:72:333:76 | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | KeySize | Constant:256 | jca/KeyDerivation1.java:333:79:333:81 | jca/KeyDerivation1.java:333:79:333:81 | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | Name | HMAC | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/KeyDerivation1.java:345:36:345:47 | jca/KeyDerivation1.java:345:36:345:47 | +| jca/KeyDerivation1.java:347:19:347:27 | Key | KeyType | Unknown | jca/KeyDerivation1.java:347:19:347:27 | jca/KeyDerivation1.java:347:19:347:27 | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:348:22:348:38 | jca/KeyDerivation1.java:348:22:348:38 | +| jca/KeyDerivation1.java:352:19:352:54 | Key | KeyType | Unknown | jca/KeyDerivation1.java:352:19:352:54 | jca/KeyDerivation1.java:352:19:352:54 | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | KeyOperationSubtype | Mac | jca/KeyDerivation1.java:353:22:353:62 | jca/KeyDerivation1.java:353:22:353:62 | +| jca/KeyDerivation1.java:353:35:353:50 | Constant | Description | "hkdf-expansion" | jca/KeyDerivation1.java:353:35:353:50 | jca/KeyDerivation1.java:353:35:353:50 | +| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | Description | nextBytes | jca/KeyDerivation1.java:365:9:365:42 | jca/KeyDerivation1.java:365:9:365:42 | +| jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyDerivation1.java:365:38:365:41 | jca/KeyDerivation1.java:365:38:365:41 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | RawName | AES | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:60:56:60:60 | jca/KeyEncapsulation.java:60:56:60:60 | +| jca/KeyEncapsulation.java:61:21:61:23 | Constant | Description | 256 | jca/KeyEncapsulation.java:61:21:61:23 | jca/KeyEncapsulation.java:61:21:61:23 | +| jca/KeyEncapsulation.java:62:28:62:47 | Key | KeyType | Symmetric | jca/KeyEncapsulation.java:62:28:62:47 | jca/KeyEncapsulation.java:62:28:62:47 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:67:47:67:85 | jca/KeyEncapsulation.java:67:47:67:85 | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:68:45:68:50 | jca/KeyEncapsulation.java:68:45:68:50 | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:69:29:69:66 | jca/KeyEncapsulation.java:69:29:69:66 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:73:47:73:65 | jca/KeyEncapsulation.java:73:47:73:65 | +| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:75:9:75:40 | jca/KeyEncapsulation.java:75:9:75:40 | +| jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:75:38:75:39 | jca/KeyEncapsulation.java:75:38:75:39 | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:77:45:77:50 | jca/KeyEncapsulation.java:77:45:77:50 | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:78:29:78:80 | jca/KeyEncapsulation.java:78:29:78:80 | +| jca/KeyEncapsulation.java:78:47:78:68 | Constant | Description | "KEM-based encryption" | jca/KeyEncapsulation.java:78:47:78:68 | jca/KeyEncapsulation.java:78:47:78:68 | +| jca/KeyEncapsulation.java:91:37:91:54 | Parameter | Description | rsaPriv | jca/KeyEncapsulation.java:91:37:91:54 | jca/KeyEncapsulation.java:91:37:91:54 | +| jca/KeyEncapsulation.java:91:57:91:73 | Parameter | Description | wrappedKey | jca/KeyEncapsulation.java:91:57:91:73 | jca/KeyEncapsulation.java:91:57:91:73 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | DigestSize | 256 | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | Name | SHA2 | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | RawName | RSA/ECB/OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | Name | ECB | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | RawName | ECB | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | Name | OAEP | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | RawName | OAEPWithSHA-256AndMGF1Padding | jca/KeyEncapsulation.java:92:47:92:85 | jca/KeyEncapsulation.java:92:47:92:85 | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:93:45:93:51 | jca/KeyEncapsulation.java:93:45:93:51 | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/KeyEncapsulation.java:94:30:94:58 | jca/KeyEncapsulation.java:94:30:94:58 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:117:47:117:57 | jca/KeyEncapsulation.java:117:47:117:57 | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:118:31:118:51 | jca/KeyEncapsulation.java:118:31:118:51 | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:121:52:121:57 | jca/KeyEncapsulation.java:121:52:121:57 | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:121:52:121:57 | jca/KeyEncapsulation.java:121:52:121:57 | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:122:17:122:40 | jca/KeyEncapsulation.java:122:17:122:40 | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:123:20:123:24 | jca/KeyEncapsulation.java:123:20:123:24 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Name | AES | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | Structure | Block | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | Name | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | RawName | GCM | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | Name | UnknownPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | RawName | NoPadding | jca/KeyEncapsulation.java:133:47:133:65 | jca/KeyEncapsulation.java:133:47:133:65 | +| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | Description | nextBytes | jca/KeyEncapsulation.java:135:9:135:40 | jca/KeyEncapsulation.java:135:9:135:40 | +| jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/KeyEncapsulation.java:135:38:135:39 | jca/KeyEncapsulation.java:135:38:135:39 | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:136:45:136:50 | jca/KeyEncapsulation.java:136:45:136:50 | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/KeyEncapsulation.java:137:29:137:73 | jca/KeyEncapsulation.java:137:29:137:73 | +| jca/KeyEncapsulation.java:137:47:137:61 | Constant | Description | "ECIES message" | jca/KeyEncapsulation.java:137:47:137:61 | jca/KeyEncapsulation.java:137:47:137:61 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:186:47:186:57 | jca/KeyEncapsulation.java:186:47:186:57 | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:187:31:187:51 | jca/KeyEncapsulation.java:187:31:187:51 | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyEncapsulation.java:188:52:188:57 | jca/KeyEncapsulation.java:188:52:188:57 | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyEncapsulation.java:188:52:188:57 | jca/KeyEncapsulation.java:188:52:188:57 | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:189:17:189:40 | jca/KeyEncapsulation.java:189:17:189:40 | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | KeyType | Unknown | jca/KeyEncapsulation.java:190:20:190:34 | jca/KeyEncapsulation.java:190:20:190:34 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | Name | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | RawName | RSA | jca/KeyEncapsulation.java:207:64:207:68 | jca/KeyEncapsulation.java:207:64:207:68 | +| jca/KeyEncapsulation.java:208:27:208:30 | Constant | Description | 2048 | jca/KeyEncapsulation.java:208:27:208:30 | jca/KeyEncapsulation.java:208:27:208:30 | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:209:25:209:48 | jca/KeyEncapsulation.java:209:25:209:48 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | KeySize | 256 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | Name | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | RawName | secp256r1 | jca/KeyEncapsulation.java:214:49:214:59 | jca/KeyEncapsulation.java:214:49:214:59 | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:215:24:215:46 | jca/KeyEncapsulation.java:215:24:215:46 | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | KeyType | Asymmetric | jca/KeyEncapsulation.java:226:31:226:53 | jca/KeyEncapsulation.java:226:31:226:53 | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:52:63:52:66 | jca/KeyExchange.java:52:63:52:66 | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:52:63:52:66 | jca/KeyExchange.java:52:63:52:66 | +| jca/KeyExchange.java:53:26:53:29 | Constant | Description | 2048 | jca/KeyExchange.java:53:26:53:29 | jca/KeyExchange.java:53:26:53:29 | +| jca/KeyExchange.java:54:16:54:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:54:16:54:38 | jca/KeyExchange.java:54:16:54:38 | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:67:63:67:66 | jca/KeyExchange.java:67:63:67:66 | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:67:63:67:66 | jca/KeyExchange.java:67:63:67:66 | +| jca/KeyExchange.java:69:26:69:28 | Constant | Description | 512 | jca/KeyExchange.java:69:26:69:28 | jca/KeyExchange.java:69:26:69:28 | +| jca/KeyExchange.java:70:16:70:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:70:16:70:38 | jca/KeyExchange.java:70:16:70:38 | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:83:63:83:66 | jca/KeyExchange.java:83:63:83:66 | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:83:63:83:66 | jca/KeyExchange.java:83:63:83:66 | +| jca/KeyExchange.java:84:26:84:29 | Constant | Description | 4096 | jca/KeyExchange.java:84:26:84:29 | jca/KeyExchange.java:84:26:84:29 | +| jca/KeyExchange.java:85:16:85:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:85:16:85:38 | jca/KeyExchange.java:85:16:85:38 | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | Name | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | RawName | DH | jca/KeyExchange.java:99:52:99:55 | jca/KeyExchange.java:99:52:99:55 | +| jca/KeyExchange.java:100:17:100:26 | Key | KeyType | Unknown | jca/KeyExchange.java:100:17:100:26 | jca/KeyExchange.java:100:17:100:26 | +| jca/KeyExchange.java:101:20:101:28 | Key | KeyType | Unknown | jca/KeyExchange.java:101:20:101:28 | jca/KeyExchange.java:101:20:101:28 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | KeySize | 256 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | Name | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | ParsedName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | RawName | secp256r1 | jca/KeyExchange.java:121:49:121:59 | jca/KeyExchange.java:121:49:121:59 | +| jca/KeyExchange.java:122:16:122:38 | Key | KeyType | Asymmetric | jca/KeyExchange.java:122:16:122:38 | jca/KeyExchange.java:122:16:122:38 | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | Name | ECDH | jca/KeyExchange.java:136:52:136:57 | jca/KeyExchange.java:136:52:136:57 | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | RawName | ECDH | jca/KeyExchange.java:136:52:136:57 | jca/KeyExchange.java:136:52:136:57 | +| jca/KeyExchange.java:137:17:137:26 | Key | KeyType | Unknown | jca/KeyExchange.java:137:17:137:26 | jca/KeyExchange.java:137:17:137:26 | +| jca/KeyExchange.java:138:20:138:28 | Key | KeyType | Unknown | jca/KeyExchange.java:138:20:138:28 | jca/KeyExchange.java:138:20:138:28 | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:156:61:156:68 | jca/KeyExchange.java:156:61:156:68 | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:156:61:156:68 | jca/KeyExchange.java:156:61:156:68 | +| jca/KeyExchange.java:158:24:158:26 | Constant | Description | 255 | jca/KeyExchange.java:158:24:158:26 | jca/KeyExchange.java:158:24:158:26 | +| jca/KeyExchange.java:159:16:159:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:159:16:159:36 | jca/KeyExchange.java:159:16:159:36 | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | Name | X25519 | jca/KeyExchange.java:173:52:173:59 | jca/KeyExchange.java:173:52:173:59 | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | RawName | X25519 | jca/KeyExchange.java:173:52:173:59 | jca/KeyExchange.java:173:52:173:59 | +| jca/KeyExchange.java:174:17:174:26 | Key | KeyType | Unknown | jca/KeyExchange.java:174:17:174:26 | jca/KeyExchange.java:174:17:174:26 | +| jca/KeyExchange.java:175:20:175:28 | Key | KeyType | Unknown | jca/KeyExchange.java:175:20:175:28 | jca/KeyExchange.java:175:20:175:28 | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:193:61:193:66 | jca/KeyExchange.java:193:61:193:66 | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:193:61:193:66 | jca/KeyExchange.java:193:61:193:66 | +| jca/KeyExchange.java:195:24:195:26 | Constant | Description | 448 | jca/KeyExchange.java:195:24:195:26 | jca/KeyExchange.java:195:24:195:26 | +| jca/KeyExchange.java:196:16:196:36 | Key | KeyType | Asymmetric | jca/KeyExchange.java:196:16:196:36 | jca/KeyExchange.java:196:16:196:36 | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | Name | X448 | jca/KeyExchange.java:210:52:210:57 | jca/KeyExchange.java:210:52:210:57 | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | RawName | X448 | jca/KeyExchange.java:210:52:210:57 | jca/KeyExchange.java:210:52:210:57 | +| jca/KeyExchange.java:211:17:211:26 | Key | KeyType | Unknown | jca/KeyExchange.java:211:17:211:26 | jca/KeyExchange.java:211:17:211:26 | +| jca/KeyExchange.java:212:20:212:28 | Key | KeyType | Unknown | jca/KeyExchange.java:212:20:212:28 | jca/KeyExchange.java:212:20:212:28 | +| jca/MACOperation.java:59:36:59:49 | Parameter | Description | message | jca/MACOperation.java:59:36:59:49 | jca/MACOperation.java:59:36:59:49 | +| jca/MACOperation.java:59:52:59:61 | Parameter | Description | key | jca/MACOperation.java:59:52:59:61 | jca/MACOperation.java:59:52:59:61 | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:60:35:60:46 | jca/MACOperation.java:60:35:60:46 | +| jca/MACOperation.java:62:18:62:26 | Key | KeyType | Unknown | jca/MACOperation.java:62:18:62:26 | jca/MACOperation.java:62:18:62:26 | +| jca/MACOperation.java:63:16:63:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:63:16:63:46 | jca/MACOperation.java:63:16:63:46 | +| jca/MACOperation.java:70:34:70:47 | Parameter | Description | message | jca/MACOperation.java:70:34:70:47 | jca/MACOperation.java:70:34:70:47 | +| jca/MACOperation.java:70:50:70:59 | Parameter | Description | key | jca/MACOperation.java:70:50:70:59 | jca/MACOperation.java:70:50:70:59 | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | RawName | HmacSHA3-256 | jca/MACOperation.java:71:35:71:48 | jca/MACOperation.java:71:35:71:48 | +| jca/MACOperation.java:73:18:73:26 | Key | KeyType | Unknown | jca/MACOperation.java:73:18:73:26 | jca/MACOperation.java:73:18:73:26 | +| jca/MACOperation.java:74:16:74:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:74:16:74:46 | jca/MACOperation.java:74:16:74:46 | +| jca/MACOperation.java:81:34:81:47 | Parameter | Description | message | jca/MACOperation.java:81:34:81:47 | jca/MACOperation.java:81:34:81:47 | +| jca/MACOperation.java:81:50:81:59 | Parameter | Description | key | jca/MACOperation.java:81:50:81:59 | jca/MACOperation.java:81:50:81:59 | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:82:35:82:44 | jca/MACOperation.java:82:35:82:44 | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | RawName | Poly1305 | jca/MACOperation.java:82:35:82:44 | jca/MACOperation.java:82:35:82:44 | +| jca/MACOperation.java:84:18:84:26 | Key | KeyType | Unknown | jca/MACOperation.java:84:18:84:26 | jca/MACOperation.java:84:18:84:26 | +| jca/MACOperation.java:85:16:85:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:85:16:85:46 | jca/MACOperation.java:85:16:85:46 | +| jca/MACOperation.java:92:30:92:43 | Parameter | Description | message | jca/MACOperation.java:92:30:92:43 | jca/MACOperation.java:92:30:92:43 | +| jca/MACOperation.java:92:46:92:55 | Parameter | Description | key | jca/MACOperation.java:92:46:92:55 | jca/MACOperation.java:92:46:92:55 | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | Name | UnknownMac | jca/MACOperation.java:94:35:94:40 | jca/MACOperation.java:94:35:94:40 | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | RawName | GMac | jca/MACOperation.java:94:35:94:40 | jca/MACOperation.java:94:35:94:40 | +| jca/MACOperation.java:98:18:98:26 | Key | KeyType | Unknown | jca/MACOperation.java:98:18:98:26 | jca/MACOperation.java:98:18:98:26 | +| jca/MACOperation.java:99:16:99:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:99:16:99:46 | jca/MACOperation.java:99:16:99:46 | +| jca/MACOperation.java:106:30:106:43 | Parameter | Description | message | jca/MACOperation.java:106:30:106:43 | jca/MACOperation.java:106:30:106:43 | +| jca/MACOperation.java:106:46:106:55 | Parameter | Description | key | jca/MACOperation.java:106:46:106:55 | jca/MACOperation.java:106:46:106:55 | +| jca/MACOperation.java:107:35:107:43 | Constant | Description | "KMAC128" | jca/MACOperation.java:107:35:107:43 | jca/MACOperation.java:107:35:107:43 | +| jca/MACOperation.java:109:18:109:26 | Key | KeyType | Unknown | jca/MACOperation.java:109:18:109:26 | jca/MACOperation.java:109:18:109:26 | +| jca/MACOperation.java:110:16:110:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:110:16:110:46 | jca/MACOperation.java:110:16:110:46 | +| jca/MACOperation.java:117:36:117:49 | Parameter | Description | message | jca/MACOperation.java:117:36:117:49 | jca/MACOperation.java:117:36:117:49 | +| jca/MACOperation.java:117:52:117:61 | Parameter | Description | key | jca/MACOperation.java:117:52:117:61 | jca/MACOperation.java:117:52:117:61 | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | RawName | HmacSHA1 | jca/MACOperation.java:118:35:118:44 | jca/MACOperation.java:118:35:118:44 | +| jca/MACOperation.java:120:18:120:26 | Key | KeyType | Unknown | jca/MACOperation.java:120:18:120:26 | jca/MACOperation.java:120:18:120:26 | +| jca/MACOperation.java:121:16:121:46 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:121:16:121:46 | jca/MACOperation.java:121:16:121:46 | +| jca/MACOperation.java:133:34:133:49 | Parameter | Description | macOutput | jca/MACOperation.java:133:34:133:49 | jca/MACOperation.java:133:34:133:49 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:136:44:136:62 | jca/MACOperation.java:136:44:136:62 | +| jca/MACOperation.java:137:42:137:44 | Key | KeyType | Unknown | jca/MACOperation.java:137:42:137:44 | jca/MACOperation.java:137:42:137:44 | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:138:32:138:74 | jca/MACOperation.java:138:32:138:74 | +| jca/MACOperation.java:138:47:138:62 | Constant | Description | "Sensitive Data" | jca/MACOperation.java:138:47:138:62 | jca/MACOperation.java:138:47:138:62 | +| jca/MACOperation.java:150:36:150:51 | Parameter | Description | macOutput | jca/MACOperation.java:150:36:150:51 | jca/MACOperation.java:150:36:150:51 | +| jca/MACOperation.java:166:47:166:62 | Parameter | Description | macOutput | jca/MACOperation.java:166:47:166:62 | jca/MACOperation.java:166:47:166:62 | +| jca/MACOperation.java:170:77:170:81 | Constant | Description | 10000 | jca/MACOperation.java:170:77:170:81 | jca/MACOperation.java:170:77:170:81 | +| jca/MACOperation.java:170:84:170:86 | Constant | Description | 256 | jca/MACOperation.java:170:84:170:86 | jca/MACOperation.java:170:84:170:86 | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | Name | HMAC | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | DigestSize | 256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | Name | SHA2 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/MACOperation.java:171:65:171:86 | jca/MACOperation.java:171:65:171:86 | +| jca/MACOperation.java:172:30:172:57 | Key | KeyType | Symmetric | jca/MACOperation.java:172:30:172:57 | jca/MACOperation.java:172:30:172:57 | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | Iterations | Constant:10000 | jca/MACOperation.java:170:77:170:81 | jca/MACOperation.java:170:77:170:81 | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | KeySize | Constant:256 | jca/MACOperation.java:170:84:170:86 | jca/MACOperation.java:170:84:170:86 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:180:44:180:62 | jca/MACOperation.java:180:44:180:62 | +| jca/MACOperation.java:181:42:181:54 | Key | KeyType | Unknown | jca/MACOperation.java:181:42:181:54 | jca/MACOperation.java:181:42:181:54 | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:182:29:182:78 | jca/MACOperation.java:182:29:182:78 | +| jca/MACOperation.java:182:44:182:66 | Constant | Description | "Further Use Test Data" | jca/MACOperation.java:182:44:182:66 | jca/MACOperation.java:182:44:182:66 | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | Name | HMAC | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/MACOperation.java:185:35:185:46 | jca/MACOperation.java:185:35:185:46 | +| jca/MACOperation.java:186:18:186:30 | Key | KeyType | Unknown | jca/MACOperation.java:186:18:186:30 | jca/MACOperation.java:186:18:186:30 | +| jca/MACOperation.java:187:30:187:52 | MACOperation | KeyOperationSubtype | Mac | jca/MACOperation.java:187:30:187:52 | jca/MACOperation.java:187:30:187:52 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | Name | GCM | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | RawName | GCM | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | Name | UnknownPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | RawName | NoPadding | jca/MACOperation.java:216:44:216:62 | jca/MACOperation.java:216:44:216:62 | +| jca/MACOperation.java:218:42:218:44 | Key | KeyType | Unknown | jca/MACOperation.java:218:42:218:44 | jca/MACOperation.java:218:42:218:44 | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/MACOperation.java:219:32:219:51 | jca/MACOperation.java:219:32:219:51 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Name | AES | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | RawName | AES | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | Structure | Block | jca/MACOperation.java:232:56:232:60 | jca/MACOperation.java:232:56:232:60 | +| jca/MACOperation.java:233:21:233:23 | Constant | Description | 256 | jca/MACOperation.java:233:21:233:23 | jca/MACOperation.java:233:21:233:23 | +| jca/MACOperation.java:234:16:234:35 | Key | KeyType | Symmetric | jca/MACOperation.java:234:16:234:35 | jca/MACOperation.java:234:16:234:35 | +| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | Description | nextBytes | jca/MACOperation.java:246:9:246:42 | jca/MACOperation.java:246:9:246:42 | +| jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/MACOperation.java:246:38:246:41 | jca/MACOperation.java:246:38:246:41 | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:24:35:24:46 | jca/Nonce.java:24:35:24:46 | +| jca/Nonce.java:25:18:25:20 | Key | KeyType | Unknown | jca/Nonce.java:25:18:25:20 | jca/Nonce.java:25:18:25:20 | +| jca/Nonce.java:27:28:27:69 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:27:28:27:69 | jca/Nonce.java:27:28:27:69 | +| jca/Nonce.java:27:40:27:57 | Constant | Description | "Simple Test Data" | jca/Nonce.java:27:40:27:57 | jca/Nonce.java:27:40:27:57 | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:37:35:37:46 | jca/Nonce.java:37:35:37:46 | +| jca/Nonce.java:38:18:38:20 | Key | KeyType | Unknown | jca/Nonce.java:38:18:38:20 | jca/Nonce.java:38:18:38:20 | +| jca/Nonce.java:40:28:40:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:40:28:40:67 | jca/Nonce.java:40:28:40:67 | +| jca/Nonce.java:40:40:40:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:40:40:40:55 | jca/Nonce.java:40:40:40:55 | +| jca/Nonce.java:47:39:47:51 | Parameter | Description | key | jca/Nonce.java:47:39:47:51 | jca/Nonce.java:47:39:47:51 | +| jca/Nonce.java:47:54:47:69 | Parameter | Description | plaintext | jca/Nonce.java:47:54:47:69 | jca/Nonce.java:47:54:47:69 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:50:44:50:62 | jca/Nonce.java:50:44:50:62 | +| jca/Nonce.java:51:42:51:44 | Key | KeyType | Unknown | jca/Nonce.java:51:42:51:44 | jca/Nonce.java:51:42:51:44 | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:52:29:52:53 | jca/Nonce.java:52:29:52:53 | +| jca/Nonce.java:58:37:58:49 | Parameter | Description | key | jca/Nonce.java:58:37:58:49 | jca/Nonce.java:58:37:58:49 | +| jca/Nonce.java:58:52:58:67 | Parameter | Description | plaintext | jca/Nonce.java:58:52:58:67 | jca/Nonce.java:58:52:58:67 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Name | AES | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | Structure | Block | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | Name | GCM | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | RawName | GCM | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | Name | UnknownPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | RawName | NoPadding | jca/Nonce.java:61:44:61:62 | jca/Nonce.java:61:44:61:62 | +| jca/Nonce.java:62:42:62:44 | Key | KeyType | Unknown | jca/Nonce.java:62:42:62:44 | jca/Nonce.java:62:42:62:44 | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/Nonce.java:63:29:63:53 | jca/Nonce.java:63:29:63:53 | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | Name | HMAC | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/Nonce.java:70:53:70:64 | jca/Nonce.java:70:53:70:64 | +| jca/Nonce.java:78:18:78:20 | Key | KeyType | Unknown | jca/Nonce.java:78:18:78:20 | jca/Nonce.java:78:18:78:20 | +| jca/Nonce.java:80:28:80:67 | MACOperation | KeyOperationSubtype | Mac | jca/Nonce.java:80:28:80:67 | jca/Nonce.java:80:28:80:67 | +| jca/Nonce.java:80:40:80:55 | Constant | Description | "Sensitive Data" | jca/Nonce.java:80:40:80:55 | jca/Nonce.java:80:40:80:55 | +| jca/Nonce.java:92:56:92:67 | Constant | Description | "HmacSHA256" | jca/Nonce.java:92:56:92:67 | jca/Nonce.java:92:56:92:67 | +| jca/Nonce.java:93:16:93:35 | Key | KeyType | Symmetric | jca/Nonce.java:93:16:93:35 | jca/Nonce.java:93:16:93:35 | +| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | Description | nextBytes | jca/Nonce.java:98:9:98:43 | jca/Nonce.java:98:9:98:43 | +| jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/Nonce.java:98:38:98:42 | jca/Nonce.java:98:38:98:42 | +| jca/Nonce.java:112:16:112:33 | Constant | Description | "BADNONCEBADNONCE" | jca/Nonce.java:112:16:112:33 | jca/Nonce.java:112:16:112:33 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Name | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | RawName | AES | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | Structure | Block | jca/PrngTest.java:152:56:152:60 | jca/PrngTest.java:152:56:152:60 | +| jca/PrngTest.java:153:21:153:23 | Constant | Description | 256 | jca/PrngTest.java:153:21:153:23 | jca/PrngTest.java:153:21:153:23 | +| jca/PrngTest.java:154:16:154:35 | Key | KeyType | Symmetric | jca/PrngTest.java:154:16:154:35 | jca/PrngTest.java:154:16:154:35 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | KeySize | 256 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | Name | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | RawName | secp256r1 | jca/SignEncryptCombinations.java:52:49:52:59 | jca/SignEncryptCombinations.java:52:49:52:59 | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | KeyType | Asymmetric | jca/SignEncryptCombinations.java:53:16:53:38 | jca/SignEncryptCombinations.java:53:16:53:38 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:61:53:61:69 | jca/SignEncryptCombinations.java:61:53:61:69 | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:62:28:62:34 | jca/SignEncryptCombinations.java:62:28:62:34 | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignEncryptCombinations.java:64:16:64:31 | jca/SignEncryptCombinations.java:64:16:64:31 | | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:68:53:68:69 | jca/SignEncryptCombinations.java:68:53:68:69 | -| jca/SignEncryptCombinations.java:69:28:69:34 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:69:28:69:34 | jca/SignEncryptCombinations.java:69:28:69:34 | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignEncryptCombinations.java:71:16:71:31 | jca/SignEncryptCombinations.java:71:16:71:31 | -| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | DigestSize | 256 | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | -| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | Name | SHA2 | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | -| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | -| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | -| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignEncryptCombinations.java:75:53:75:69 | jca/SignEncryptCombinations.java:75:53:75:69 | -| jca/SignEncryptCombinations.java:76:30:76:35 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:76:30:76:35 | jca/SignEncryptCombinations.java:76:30:76:35 | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignEncryptCombinations.java:78:16:78:47 | jca/SignEncryptCombinations.java:78:16:78:47 | -| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SignEncryptCombinations.java:90:17:90:19 | jca/SignEncryptCombinations.java:90:17:90:19 | -| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | -| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | RawName | AES | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | -| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:89:52:89:56 | jca/SignEncryptCombinations.java:89:52:89:56 | -| jca/SignEncryptCombinations.java:90:17:90:19 | Constant | Description | 256 | jca/SignEncryptCombinations.java:90:17:90:19 | jca/SignEncryptCombinations.java:90:17:90:19 | -| jca/SignEncryptCombinations.java:91:16:91:31 | Key | KeyType | Symmetric | jca/SignEncryptCombinations.java:91:16:91:31 | jca/SignEncryptCombinations.java:91:16:91:31 | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:99:44:99:62 | jca/SignEncryptCombinations.java:99:44:99:62 | -| jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:101:9:101:28 | jca/SignEncryptCombinations.java:101:9:101:28 | -| jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:101:26:101:27 | jca/SignEncryptCombinations.java:101:26:101:27 | -| jca/SignEncryptCombinations.java:103:42:103:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:103:42:103:44 | jca/SignEncryptCombinations.java:103:42:103:44 | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:104:29:104:53 | jca/SignEncryptCombinations.java:104:29:104:53 | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:118:44:118:62 | jca/SignEncryptCombinations.java:118:44:118:62 | -| jca/SignEncryptCombinations.java:119:42:119:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:119:42:119:44 | jca/SignEncryptCombinations.java:119:42:119:44 | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:120:16:120:41 | jca/SignEncryptCombinations.java:120:16:120:41 | -| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:128:35:128:46 | jca/SignEncryptCombinations.java:128:35:128:46 | -| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:128:35:128:46 | jca/SignEncryptCombinations.java:128:35:128:46 | -| jca/SignEncryptCombinations.java:129:18:129:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:129:18:129:20 | jca/SignEncryptCombinations.java:129:18:129:20 | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:130:16:130:32 | jca/SignEncryptCombinations.java:130:16:130:32 | -| jca/SignEncryptCombinations.java:345:26:345:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:345:26:345:47 | jca/SignEncryptCombinations.java:345:26:345:47 | -| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/SignatureOperation.java:60:24:60:27 | jca/SignatureOperation.java:60:24:60:27 | -| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:59:61:59:65 | jca/SignatureOperation.java:59:61:59:65 | -| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:59:61:59:65 | jca/SignatureOperation.java:59:61:59:65 | -| jca/SignatureOperation.java:60:24:60:27 | Constant | Description | 2048 | jca/SignatureOperation.java:60:24:60:27 | jca/SignatureOperation.java:60:24:60:27 | -| jca/SignatureOperation.java:61:16:61:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:61:16:61:36 | jca/SignatureOperation.java:61:16:61:36 | -| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | -| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | -| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | -| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | -| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:71:53:71:74 | jca/SignatureOperation.java:71:53:71:74 | -| jca/SignatureOperation.java:72:28:72:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:72:28:72:37 | jca/SignatureOperation.java:72:28:72:37 | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:74:16:74:31 | jca/SignatureOperation.java:74:16:74:31 | -| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | -| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | -| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | -| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | -| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:84:53:84:74 | jca/SignatureOperation.java:84:53:84:74 | -| jca/SignatureOperation.java:85:30:85:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:85:30:85:38 | jca/SignatureOperation.java:85:30:85:38 | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:87:16:87:41 | jca/SignatureOperation.java:87:16:87:41 | -| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | -| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | -| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | -| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | RawName | secp256r1 | jca/SignatureOperation.java:102:49:102:59 | jca/SignatureOperation.java:102:49:102:59 | -| jca/SignatureOperation.java:103:16:103:38 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:103:16:103:38 | jca/SignatureOperation.java:103:16:103:38 | -| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | -| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | -| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | -| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | -| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:113:53:113:69 | jca/SignatureOperation.java:113:53:113:69 | -| jca/SignatureOperation.java:114:28:114:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:114:28:114:37 | jca/SignatureOperation.java:114:28:114:37 | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:116:16:116:31 | jca/SignatureOperation.java:116:16:116:31 | -| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | -| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | -| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | -| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | -| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:126:53:126:69 | jca/SignatureOperation.java:126:53:126:69 | -| jca/SignatureOperation.java:127:30:127:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:127:30:127:38 | jca/SignatureOperation.java:127:30:127:38 | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:129:16:129:41 | jca/SignatureOperation.java:129:16:129:41 | -| jca/SignatureOperation.java:143:61:143:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:143:61:143:69 | jca/SignatureOperation.java:143:61:143:69 | -| jca/SignatureOperation.java:144:16:144:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:144:16:144:36 | jca/SignatureOperation.java:144:16:144:36 | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:69:30:69:35 | jca/SignEncryptCombinations.java:69:30:69:35 | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignEncryptCombinations.java:71:16:71:47 | jca/SignEncryptCombinations.java:71:16:71:47 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SignEncryptCombinations.java:83:17:83:19 | jca/SignEncryptCombinations.java:83:17:83:19 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | RawName | AES | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:82:52:82:56 | jca/SignEncryptCombinations.java:82:52:82:56 | +| jca/SignEncryptCombinations.java:83:17:83:19 | Constant | Description | 256 | jca/SignEncryptCombinations.java:83:17:83:19 | jca/SignEncryptCombinations.java:83:17:83:19 | +| jca/SignEncryptCombinations.java:84:16:84:31 | Key | KeyType | Symmetric | jca/SignEncryptCombinations.java:84:16:84:31 | jca/SignEncryptCombinations.java:84:16:84:31 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:92:44:92:62 | jca/SignEncryptCombinations.java:92:44:92:62 | +| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | Description | nextBytes | jca/SignEncryptCombinations.java:94:9:94:28 | jca/SignEncryptCombinations.java:94:9:94:28 | +| jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SignEncryptCombinations.java:94:26:94:27 | jca/SignEncryptCombinations.java:94:26:94:27 | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:96:42:96:44 | jca/SignEncryptCombinations.java:96:42:96:44 | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SignEncryptCombinations.java:97:29:97:53 | jca/SignEncryptCombinations.java:97:29:97:53 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Name | AES | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | Structure | Block | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | Name | GCM | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | RawName | GCM | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | RawName | NoPadding | jca/SignEncryptCombinations.java:111:44:111:62 | jca/SignEncryptCombinations.java:111:44:111:62 | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:112:42:112:44 | jca/SignEncryptCombinations.java:112:42:112:44 | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | KeyOperationSubtype | Decrypt | jca/SignEncryptCombinations.java:113:16:113:41 | jca/SignEncryptCombinations.java:113:16:113:41 | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | Name | HMAC | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SignEncryptCombinations.java:121:35:121:46 | jca/SignEncryptCombinations.java:121:35:121:46 | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | KeyType | Unknown | jca/SignEncryptCombinations.java:122:18:122:20 | jca/SignEncryptCombinations.java:122:18:122:20 | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | KeyOperationSubtype | Mac | jca/SignEncryptCombinations.java:123:16:123:32 | jca/SignEncryptCombinations.java:123:16:123:32 | +| jca/SignEncryptCombinations.java:335:26:335:47 | Constant | Description | "Hello, combinations!" | jca/SignEncryptCombinations.java:335:26:335:47 | jca/SignEncryptCombinations.java:335:26:335:47 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | KeySize | Constant:2048 | jca/SignatureOperation.java:53:24:53:27 | jca/SignatureOperation.java:53:24:53:27 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:52:61:52:65 | jca/SignatureOperation.java:52:61:52:65 | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:52:61:52:65 | jca/SignatureOperation.java:52:61:52:65 | +| jca/SignatureOperation.java:53:24:53:27 | Constant | Description | 2048 | jca/SignatureOperation.java:53:24:53:27 | jca/SignatureOperation.java:53:24:53:27 | +| jca/SignatureOperation.java:54:16:54:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:54:16:54:36 | jca/SignatureOperation.java:54:16:54:36 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:63:53:63:74 | jca/SignatureOperation.java:63:53:63:74 | +| jca/SignatureOperation.java:64:28:64:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:64:28:64:37 | jca/SignatureOperation.java:64:28:64:37 | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:66:16:66:31 | jca/SignatureOperation.java:66:16:66:31 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:75:53:75:74 | jca/SignatureOperation.java:75:53:75:74 | +| jca/SignatureOperation.java:76:30:76:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:76:30:76:38 | jca/SignatureOperation.java:76:30:76:38 | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:78:16:78:41 | jca/SignatureOperation.java:78:16:78:41 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | KeySize | 256 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | Name | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | ParsedName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | RawName | secp256r1 | jca/SignatureOperation.java:93:49:93:59 | jca/SignatureOperation.java:93:49:93:59 | +| jca/SignatureOperation.java:94:16:94:38 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:94:16:94:38 | jca/SignatureOperation.java:94:16:94:38 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:103:53:103:69 | jca/SignatureOperation.java:103:53:103:69 | +| jca/SignatureOperation.java:104:28:104:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:104:28:104:37 | jca/SignatureOperation.java:104:28:104:37 | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:106:16:106:31 | jca/SignatureOperation.java:106:16:106:31 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:115:53:115:69 | jca/SignatureOperation.java:115:53:115:69 | +| jca/SignatureOperation.java:116:30:116:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:116:30:116:38 | jca/SignatureOperation.java:116:30:116:38 | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:118:16:118:41 | jca/SignatureOperation.java:118:16:118:41 | +| jca/SignatureOperation.java:132:61:132:69 | Constant | Description | "Ed25519" | jca/SignatureOperation.java:132:61:132:69 | jca/SignatureOperation.java:132:61:132:69 | +| jca/SignatureOperation.java:133:16:133:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:133:16:133:36 | jca/SignatureOperation.java:133:16:133:36 | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:142:53:142:61 | jca/SignatureOperation.java:142:53:142:61 | +| jca/SignatureOperation.java:143:28:143:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:143:28:143:37 | jca/SignatureOperation.java:143:28:143:37 | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:145:16:145:31 | jca/SignatureOperation.java:145:16:145:31 | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:154:53:154:61 | jca/SignatureOperation.java:154:53:154:61 | -| jca/SignatureOperation.java:155:28:155:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:155:28:155:37 | jca/SignatureOperation.java:155:28:155:37 | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:157:16:157:31 | jca/SignatureOperation.java:157:16:157:31 | -| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | -| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:167:53:167:61 | jca/SignatureOperation.java:167:53:167:61 | -| jca/SignatureOperation.java:168:30:168:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:168:30:168:38 | jca/SignatureOperation.java:168:30:168:38 | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:170:16:170:41 | jca/SignatureOperation.java:170:16:170:41 | -| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/SignatureOperation.java:187:24:187:27 | jca/SignatureOperation.java:187:24:187:27 | -| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:186:61:186:65 | jca/SignatureOperation.java:186:61:186:65 | -| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:186:61:186:65 | jca/SignatureOperation.java:186:61:186:65 | -| jca/SignatureOperation.java:187:24:187:27 | Constant | Description | 1024 | jca/SignatureOperation.java:187:24:187:27 | jca/SignatureOperation.java:187:24:187:27 | -| jca/SignatureOperation.java:188:16:188:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:188:16:188:36 | jca/SignatureOperation.java:188:16:188:36 | -| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | -| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | -| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | -| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | -| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:199:53:199:65 | jca/SignatureOperation.java:199:53:199:65 | -| jca/SignatureOperation.java:200:28:200:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:200:28:200:37 | jca/SignatureOperation.java:200:28:200:37 | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:202:16:202:31 | jca/SignatureOperation.java:202:16:202:31 | -| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | -| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | -| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | -| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | -| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:213:53:213:65 | jca/SignatureOperation.java:213:53:213:65 | -| jca/SignatureOperation.java:214:30:214:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:214:30:214:38 | jca/SignatureOperation.java:214:30:214:38 | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:216:16:216:41 | jca/SignatureOperation.java:216:16:216:41 | -| jca/SignatureOperation.java:247:26:247:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:247:26:247:44 | jca/SignatureOperation.java:247:26:247:44 | -| jca/SignatureOperation.java:252:27:252:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:252:27:252:30 | jca/SignatureOperation.java:252:27:252:30 | -| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | -| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | -| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | -| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | -| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:283:47:283:68 | jca/SignatureOperation.java:283:47:283:68 | -| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | -| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | -| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | -| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | -| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:286:47:286:63 | jca/SignatureOperation.java:286:47:286:63 | -| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:289:47:289:55 | jca/SignatureOperation.java:289:47:289:55 | -| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:289:47:289:55 | jca/SignatureOperation.java:289:47:289:55 | -| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | -| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | -| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | -| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | -| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:292:47:292:59 | jca/SignatureOperation.java:292:47:292:59 | -| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | -| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | -| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | -| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | -| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:296:47:296:68 | jca/SignatureOperation.java:296:47:296:68 | -| jca/SignatureOperation.java:299:26:299:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:299:26:299:49 | jca/SignatureOperation.java:299:26:299:49 | -| jca/SignatureOperation.java:300:28:300:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:300:28:300:42 | jca/SignatureOperation.java:300:28:300:42 | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:302:27:302:42 | jca/SignatureOperation.java:302:27:302:42 | -| jca/SignatureOperation.java:304:30:304:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:304:30:304:43 | jca/SignatureOperation.java:304:30:304:43 | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:306:28:306:53 | jca/SignatureOperation.java:306:28:306:53 | -| jca/SignatureOperation.java:328:26:328:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:328:26:328:49 | jca/SignatureOperation.java:328:26:328:49 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:60:44:60:62 | jca/SymmetricAlgorithm.java:60:44:60:62 | -| jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:62:9:62:40 | jca/SymmetricAlgorithm.java:62:9:62:40 | -| jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:62:38:62:39 | jca/SymmetricAlgorithm.java:62:38:62:39 | -| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:64:42:64:44 | jca/SymmetricAlgorithm.java:64:42:64:44 | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:65:29:65:53 | jca/SymmetricAlgorithm.java:65:29:65:53 | -| jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | Description | key | jca/SymmetricAlgorithm.java:82:39:82:51 | jca/SymmetricAlgorithm.java:82:39:82:51 | -| jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:82:54:82:69 | jca/SymmetricAlgorithm.java:82:54:82:69 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:83:44:83:62 | jca/SymmetricAlgorithm.java:83:44:83:62 | -| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:86:42:86:44 | jca/SymmetricAlgorithm.java:86:42:86:44 | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:87:29:87:53 | jca/SymmetricAlgorithm.java:87:29:87:53 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:104:44:104:65 | jca/SymmetricAlgorithm.java:104:44:104:65 | -| jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:106:9:106:40 | jca/SymmetricAlgorithm.java:106:9:106:40 | -| jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:106:38:106:39 | jca/SymmetricAlgorithm.java:106:38:106:39 | -| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:108:42:108:44 | jca/SymmetricAlgorithm.java:108:42:108:44 | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:109:29:109:53 | jca/SymmetricAlgorithm.java:109:29:109:53 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | RawName | AES/ECB/PKCS5Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | Name | ECB | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | RawName | ECB | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:126:44:126:65 | jca/SymmetricAlgorithm.java:126:44:126:65 | -| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:127:42:127:44 | jca/SymmetricAlgorithm.java:127:42:127:44 | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:128:16:128:40 | jca/SymmetricAlgorithm.java:128:16:128:40 | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Name | RC4 | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | RawName | RC4 | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:143:44:143:48 | jca/SymmetricAlgorithm.java:143:44:143:48 | -| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:144:42:144:44 | jca/SymmetricAlgorithm.java:144:42:144:44 | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:145:16:145:40 | jca/SymmetricAlgorithm.java:145:16:145:40 | -| jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | Description | key | jca/SymmetricAlgorithm.java:157:36:157:48 | jca/SymmetricAlgorithm.java:157:36:157:48 | -| jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:157:51:157:66 | jca/SymmetricAlgorithm.java:157:51:157:66 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | RawName | DES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:158:44:158:65 | jca/SymmetricAlgorithm.java:158:44:158:65 | -| jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:160:9:160:40 | jca/SymmetricAlgorithm.java:160:9:160:40 | -| jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:160:38:160:39 | jca/SymmetricAlgorithm.java:160:38:160:39 | -| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:162:42:162:44 | jca/SymmetricAlgorithm.java:162:42:162:44 | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:163:29:163:53 | jca/SymmetricAlgorithm.java:163:29:163:53 | -| jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:179:42:179:54 | jca/SymmetricAlgorithm.java:179:42:179:54 | -| jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:179:57:179:72 | jca/SymmetricAlgorithm.java:179:57:179:72 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:180:44:180:68 | jca/SymmetricAlgorithm.java:180:44:180:68 | -| jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:182:9:182:40 | jca/SymmetricAlgorithm.java:182:9:182:40 | -| jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:182:38:182:39 | jca/SymmetricAlgorithm.java:182:38:182:39 | -| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:184:42:184:44 | jca/SymmetricAlgorithm.java:184:42:184:44 | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:185:29:185:53 | jca/SymmetricAlgorithm.java:185:29:185:53 | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | KeySize | 256 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:202:44:202:53 | jca/SymmetricAlgorithm.java:202:44:202:53 | -| jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:204:9:204:43 | jca/SymmetricAlgorithm.java:204:9:204:43 | -| jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:204:38:204:42 | jca/SymmetricAlgorithm.java:204:38:204:42 | -| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:206:42:206:44 | jca/SymmetricAlgorithm.java:206:42:206:44 | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:207:29:207:53 | jca/SymmetricAlgorithm.java:207:29:207:53 | -| jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | Description | key | jca/SymmetricAlgorithm.java:224:35:224:47 | jca/SymmetricAlgorithm.java:224:35:224:47 | -| jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:224:50:224:65 | jca/SymmetricAlgorithm.java:224:50:224:65 | -| jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | Description | "KMAC128" | jca/SymmetricAlgorithm.java:225:36:225:44 | jca/SymmetricAlgorithm.java:225:36:225:44 | -| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:226:19:226:21 | jca/SymmetricAlgorithm.java:226:19:226:21 | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:227:29:227:51 | jca/SymmetricAlgorithm.java:227:29:227:51 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:230:44:230:62 | jca/SymmetricAlgorithm.java:230:44:230:62 | -| jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:232:9:232:40 | jca/SymmetricAlgorithm.java:232:9:232:40 | -| jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:232:38:232:39 | jca/SymmetricAlgorithm.java:232:38:232:39 | -| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:234:42:234:51 | jca/SymmetricAlgorithm.java:234:42:234:51 | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:235:29:235:53 | jca/SymmetricAlgorithm.java:235:29:235:53 | -| jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | Description | key | jca/SymmetricAlgorithm.java:258:64:258:76 | jca/SymmetricAlgorithm.java:258:64:258:76 | -| jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:258:79:258:94 | jca/SymmetricAlgorithm.java:258:79:258:94 | -| jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | Description | key | jca/SymmetricAlgorithm.java:299:58:299:70 | jca/SymmetricAlgorithm.java:299:58:299:70 | -| jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:299:73:299:88 | jca/SymmetricAlgorithm.java:299:73:299:88 | -| jca/SymmetricAlgorithm.java:302:75:302:79 | Constant | Description | 10000 | jca/SymmetricAlgorithm.java:302:75:302:79 | jca/SymmetricAlgorithm.java:302:75:302:79 | -| jca/SymmetricAlgorithm.java:302:82:302:84 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:302:82:302:84 | jca/SymmetricAlgorithm.java:302:82:302:84 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:303:65:303:86 | jca/SymmetricAlgorithm.java:303:65:303:86 | -| jca/SymmetricAlgorithm.java:304:26:304:53 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:304:26:304:53 | jca/SymmetricAlgorithm.java:304:26:304:53 | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | Iterations | Constant:10000 | jca/SymmetricAlgorithm.java:302:75:302:79 | jca/SymmetricAlgorithm.java:302:75:302:79 | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:302:82:302:84 | jca/SymmetricAlgorithm.java:302:82:302:84 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:310:44:310:62 | jca/SymmetricAlgorithm.java:310:44:310:62 | -| jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:312:9:312:40 | jca/SymmetricAlgorithm.java:312:9:312:40 | -| jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:312:38:312:39 | jca/SymmetricAlgorithm.java:312:38:312:39 | -| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:313:42:313:47 | jca/SymmetricAlgorithm.java:313:42:313:47 | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:314:29:314:53 | jca/SymmetricAlgorithm.java:314:29:314:53 | -| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:316:35:316:46 | jca/SymmetricAlgorithm.java:316:35:316:46 | -| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:316:35:316:46 | jca/SymmetricAlgorithm.java:316:35:316:46 | -| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:317:18:317:30 | jca/SymmetricAlgorithm.java:317:18:317:30 | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:318:30:318:52 | jca/SymmetricAlgorithm.java:318:30:318:52 | -| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:348:17:348:19 | jca/SymmetricAlgorithm.java:348:17:348:19 | -| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | -| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | -| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:347:52:347:56 | jca/SymmetricAlgorithm.java:347:52:347:56 | -| jca/SymmetricAlgorithm.java:348:17:348:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:348:17:348:19 | jca/SymmetricAlgorithm.java:348:17:348:19 | -| jca/SymmetricAlgorithm.java:349:16:349:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:349:16:349:31 | jca/SymmetricAlgorithm.java:349:16:349:31 | -| jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:361:9:361:42 | jca/SymmetricAlgorithm.java:361:9:361:42 | -| jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:361:38:361:41 | jca/SymmetricAlgorithm.java:361:38:361:41 | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:61:17:61:19 | jca/SymmetricModesTest.java:61:17:61:19 | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:57:17:57:19 | jca/SymmetricModesTest.java:57:17:57:19 | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:56:52:56:56 | jca/SymmetricModesTest.java:56:52:56:56 | -| jca/SymmetricModesTest.java:57:17:57:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:57:17:57:19 | jca/SymmetricModesTest.java:57:17:57:19 | -| jca/SymmetricModesTest.java:58:33:58:48 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:58:33:58:48 | jca/SymmetricModesTest.java:58:33:58:48 | -| jca/SymmetricModesTest.java:61:17:61:19 | Constant | Description | 128 | jca/SymmetricModesTest.java:61:17:61:19 | jca/SymmetricModesTest.java:61:17:61:19 | -| jca/SymmetricModesTest.java:62:31:62:46 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:62:31:62:46 | jca/SymmetricModesTest.java:62:31:62:46 | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | RawName | AES/KWP/NoPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | RawName | KWP | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:65:44:65:62 | jca/SymmetricModesTest.java:65:44:65:62 | -| jca/SymmetricModesTest.java:66:39:66:49 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:66:39:66:49 | jca/SymmetricModesTest.java:66:39:66:49 | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/SymmetricModesTest.java:67:29:67:50 | jca/SymmetricModesTest.java:67:29:67:50 | -| jca/SymmetricModesTest.java:88:43:88:55 | Parameter | Description | key | jca/SymmetricModesTest.java:88:43:88:55 | jca/SymmetricModesTest.java:88:43:88:55 | -| jca/SymmetricModesTest.java:88:58:88:73 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:88:58:88:73 | jca/SymmetricModesTest.java:88:58:88:73 | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:89:44:89:63 | jca/SymmetricModesTest.java:89:44:89:63 | -| jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:91:9:91:40 | jca/SymmetricModesTest.java:91:9:91:40 | -| jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:91:38:91:39 | jca/SymmetricModesTest.java:91:38:91:39 | -| jca/SymmetricModesTest.java:93:42:93:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:93:42:93:44 | jca/SymmetricModesTest.java:93:42:93:44 | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:94:29:94:53 | jca/SymmetricModesTest.java:94:29:94:53 | -| jca/SymmetricModesTest.java:116:45:116:57 | Parameter | Description | key | jca/SymmetricModesTest.java:116:45:116:57 | jca/SymmetricModesTest.java:116:45:116:57 | -| jca/SymmetricModesTest.java:116:60:116:75 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:116:60:116:75 | jca/SymmetricModesTest.java:116:60:116:75 | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:117:44:117:63 | jca/SymmetricModesTest.java:117:44:117:63 | -| jca/SymmetricModesTest.java:121:42:121:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:121:42:121:44 | jca/SymmetricModesTest.java:121:42:121:44 | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:122:29:122:53 | jca/SymmetricModesTest.java:122:29:122:53 | -| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:141:17:141:19 | jca/SymmetricModesTest.java:141:17:141:19 | -| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | -| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | -| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:140:52:140:56 | jca/SymmetricModesTest.java:140:52:140:56 | -| jca/SymmetricModesTest.java:141:17:141:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:141:17:141:19 | jca/SymmetricModesTest.java:141:17:141:19 | -| jca/SymmetricModesTest.java:142:16:142:31 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:142:16:142:31 | jca/SymmetricModesTest.java:142:16:142:31 | -| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | -| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | -| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | -| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:18:24:18:28 | jca/UniversalFlowTest.java:18:24:18:28 | -| jca/UniversalFlowTest.java:25:17:25:19 | Constant | Description | 256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | -| jca/UniversalFlowTest.java:26:21:26:40 | Key | KeyType | Symmetric | jca/UniversalFlowTest.java:26:21:26:40 | jca/UniversalFlowTest.java:26:21:26:40 | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | Name | GCM | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:27:25:27:43 | jca/UniversalFlowTest.java:27:25:27:43 | -| jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:30:5:30:36 | jca/UniversalFlowTest.java:30:5:30:36 | -| jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:30:34:30:35 | jca/UniversalFlowTest.java:30:34:30:35 | -| jca/UniversalFlowTest.java:32:38:32:40 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:32:38:32:40 | jca/UniversalFlowTest.java:32:38:32:40 | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:33:28:33:70 | jca/UniversalFlowTest.java:33:28:33:70 | -| jca/UniversalFlowTest.java:33:43:33:58 | Constant | Description | "Sensitive Data" | jca/UniversalFlowTest.java:33:43:33:58 | jca/UniversalFlowTest.java:33:43:33:58 | -| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:25:17:25:19 | jca/UniversalFlowTest.java:25:17:25:19 | -| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | -| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | -| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:45:16:45:20 | jca/UniversalFlowTest.java:45:16:45:20 | +| jca/SignatureOperation.java:155:30:155:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:155:30:155:38 | jca/SignatureOperation.java:155:30:155:38 | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:157:16:157:41 | jca/SignatureOperation.java:157:16:157:41 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | KeySize | Constant:1024 | jca/SignatureOperation.java:174:24:174:27 | jca/SignatureOperation.java:174:24:174:27 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:173:61:173:65 | jca/SignatureOperation.java:173:61:173:65 | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | RawName | RSA | jca/SignatureOperation.java:173:61:173:65 | jca/SignatureOperation.java:173:61:173:65 | +| jca/SignatureOperation.java:174:24:174:27 | Constant | Description | 1024 | jca/SignatureOperation.java:174:24:174:27 | jca/SignatureOperation.java:174:24:174:27 | +| jca/SignatureOperation.java:175:16:175:36 | Key | KeyType | Asymmetric | jca/SignatureOperation.java:175:16:175:36 | jca/SignatureOperation.java:175:16:175:36 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:185:53:185:65 | jca/SignatureOperation.java:185:53:185:65 | +| jca/SignatureOperation.java:186:28:186:37 | Key | KeyType | Unknown | jca/SignatureOperation.java:186:28:186:37 | jca/SignatureOperation.java:186:28:186:37 | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:188:16:188:31 | jca/SignatureOperation.java:188:16:188:31 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:198:53:198:65 | jca/SignatureOperation.java:198:53:198:65 | +| jca/SignatureOperation.java:199:30:199:38 | Key | KeyType | Unknown | jca/SignatureOperation.java:199:30:199:38 | jca/SignatureOperation.java:199:30:199:38 | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:201:16:201:41 | jca/SignatureOperation.java:201:16:201:41 | +| jca/SignatureOperation.java:231:26:231:44 | Constant | Description | "Important Message" | jca/SignatureOperation.java:231:26:231:44 | jca/SignatureOperation.java:231:26:231:44 | +| jca/SignatureOperation.java:236:27:236:30 | Constant | Description | 0x01 | jca/SignatureOperation.java:236:27:236:30 | jca/SignatureOperation.java:236:27:236:30 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:266:47:266:68 | jca/SignatureOperation.java:266:47:266:68 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | Name | ECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | RawName | SHA256withECDSA | jca/SignatureOperation.java:269:47:269:63 | jca/SignatureOperation.java:269:47:269:63 | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | Name | EDSA | jca/SignatureOperation.java:272:47:272:55 | jca/SignatureOperation.java:272:47:272:55 | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | RawName | Ed25519 | jca/SignatureOperation.java:272:47:272:55 | jca/SignatureOperation.java:272:47:272:55 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | DigestSize | 160 | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | Name | SHA1 | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | RawName | SHA1withRSA | jca/SignatureOperation.java:275:47:275:59 | jca/SignatureOperation.java:275:47:275:59 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | DigestSize | 256 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | Name | SHA2 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | Name | RSA | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | RawName | SHA256withRSAandMGF1 | jca/SignatureOperation.java:279:47:279:68 | jca/SignatureOperation.java:279:47:279:68 | +| jca/SignatureOperation.java:282:26:282:49 | Constant | Description | "Dynamic Signature Demo" | jca/SignatureOperation.java:282:26:282:49 | jca/SignatureOperation.java:282:26:282:49 | +| jca/SignatureOperation.java:283:28:283:42 | Key | KeyType | Unknown | jca/SignatureOperation.java:283:28:283:42 | jca/SignatureOperation.java:283:28:283:42 | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | KeyOperationSubtype | Sign | jca/SignatureOperation.java:285:27:285:42 | jca/SignatureOperation.java:285:27:285:42 | +| jca/SignatureOperation.java:287:30:287:43 | Key | KeyType | Unknown | jca/SignatureOperation.java:287:30:287:43 | jca/SignatureOperation.java:287:30:287:43 | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | KeyOperationSubtype | Verify | jca/SignatureOperation.java:289:28:289:53 | jca/SignatureOperation.java:289:28:289:53 | +| jca/SignatureOperation.java:311:26:311:49 | Constant | Description | "Hello Signature World!" | jca/SignatureOperation.java:311:26:311:49 | jca/SignatureOperation.java:311:26:311:49 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:51:44:51:62 | jca/SymmetricAlgorithm.java:51:44:51:62 | +| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:53:9:53:40 | jca/SymmetricAlgorithm.java:53:9:53:40 | +| jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:53:38:53:39 | jca/SymmetricAlgorithm.java:53:38:53:39 | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:55:42:55:44 | jca/SymmetricAlgorithm.java:55:42:55:44 | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:56:29:56:53 | jca/SymmetricAlgorithm.java:56:29:56:53 | +| jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | Description | key | jca/SymmetricAlgorithm.java:72:39:72:51 | jca/SymmetricAlgorithm.java:72:39:72:51 | +| jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:72:54:72:69 | jca/SymmetricAlgorithm.java:72:54:72:69 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:73:44:73:62 | jca/SymmetricAlgorithm.java:73:44:73:62 | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:76:42:76:44 | jca/SymmetricAlgorithm.java:76:42:76:44 | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:77:29:77:53 | jca/SymmetricAlgorithm.java:77:29:77:53 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | RawName | AES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:94:44:94:65 | jca/SymmetricAlgorithm.java:94:44:94:65 | +| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:96:9:96:40 | jca/SymmetricAlgorithm.java:96:9:96:40 | +| jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:96:38:96:39 | jca/SymmetricAlgorithm.java:96:38:96:39 | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:98:42:98:44 | jca/SymmetricAlgorithm.java:98:42:98:44 | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:99:29:99:53 | jca/SymmetricAlgorithm.java:99:29:99:53 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | RawName | AES/ECB/PKCS5Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | Name | ECB | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | RawName | ECB | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:116:44:116:65 | jca/SymmetricAlgorithm.java:116:44:116:65 | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:117:42:117:44 | jca/SymmetricAlgorithm.java:117:42:117:44 | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:118:16:118:40 | jca/SymmetricAlgorithm.java:118:16:118:40 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Name | RC4 | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | RawName | RC4 | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:131:44:131:48 | jca/SymmetricAlgorithm.java:131:44:131:48 | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:132:42:132:44 | jca/SymmetricAlgorithm.java:132:42:132:44 | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:133:16:133:40 | jca/SymmetricAlgorithm.java:133:16:133:40 | +| jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | Description | key | jca/SymmetricAlgorithm.java:145:36:145:48 | jca/SymmetricAlgorithm.java:145:36:145:48 | +| jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:145:51:145:66 | jca/SymmetricAlgorithm.java:145:51:145:66 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | KeySize | 56 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Name | DES | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | RawName | DES/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:146:44:146:65 | jca/SymmetricAlgorithm.java:146:44:146:65 | +| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:148:9:148:40 | jca/SymmetricAlgorithm.java:148:9:148:40 | +| jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:148:38:148:39 | jca/SymmetricAlgorithm.java:148:38:148:39 | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:150:42:150:44 | jca/SymmetricAlgorithm.java:150:42:150:44 | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:151:29:151:53 | jca/SymmetricAlgorithm.java:151:29:151:53 | +| jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | Description | key | jca/SymmetricAlgorithm.java:167:42:167:54 | jca/SymmetricAlgorithm.java:167:42:167:54 | +| jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:167:57:167:72 | jca/SymmetricAlgorithm.java:167:57:167:72 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | Name | Unknown | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | RawName | DESede/CBC/PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | Name | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | RawName | CBC | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | Name | PKCS7 | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | RawName | PKCS5Padding | jca/SymmetricAlgorithm.java:168:44:168:68 | jca/SymmetricAlgorithm.java:168:44:168:68 | +| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:170:9:170:40 | jca/SymmetricAlgorithm.java:170:9:170:40 | +| jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:170:38:170:39 | jca/SymmetricAlgorithm.java:170:38:170:39 | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:172:42:172:44 | jca/SymmetricAlgorithm.java:172:42:172:44 | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:173:29:173:53 | jca/SymmetricAlgorithm.java:173:29:173:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | KeySize | 256 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Name | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | RawName | ChaCha20 | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | Structure | Stream | jca/SymmetricAlgorithm.java:190:44:190:53 | jca/SymmetricAlgorithm.java:190:44:190:53 | +| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:192:9:192:43 | jca/SymmetricAlgorithm.java:192:9:192:43 | +| jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:192:38:192:42 | jca/SymmetricAlgorithm.java:192:38:192:42 | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:194:42:194:44 | jca/SymmetricAlgorithm.java:194:42:194:44 | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:195:29:195:53 | jca/SymmetricAlgorithm.java:195:29:195:53 | +| jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | Description | key | jca/SymmetricAlgorithm.java:212:35:212:47 | jca/SymmetricAlgorithm.java:212:35:212:47 | +| jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:212:50:212:65 | jca/SymmetricAlgorithm.java:212:50:212:65 | +| jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | Description | "KMAC128" | jca/SymmetricAlgorithm.java:213:36:213:44 | jca/SymmetricAlgorithm.java:213:36:213:44 | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:214:19:214:21 | jca/SymmetricAlgorithm.java:214:19:214:21 | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:215:29:215:51 | jca/SymmetricAlgorithm.java:215:29:215:51 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:218:44:218:62 | jca/SymmetricAlgorithm.java:218:44:218:62 | +| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:220:9:220:40 | jca/SymmetricAlgorithm.java:220:9:220:40 | +| jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:220:38:220:39 | jca/SymmetricAlgorithm.java:220:38:220:39 | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:222:42:222:51 | jca/SymmetricAlgorithm.java:222:42:222:51 | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:223:29:223:53 | jca/SymmetricAlgorithm.java:223:29:223:53 | +| jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | Description | key | jca/SymmetricAlgorithm.java:244:64:244:76 | jca/SymmetricAlgorithm.java:244:64:244:76 | +| jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:244:79:244:94 | jca/SymmetricAlgorithm.java:244:79:244:94 | +| jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | Description | key | jca/SymmetricAlgorithm.java:284:58:284:70 | jca/SymmetricAlgorithm.java:284:58:284:70 | +| jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | Description | plaintext | jca/SymmetricAlgorithm.java:284:73:284:88 | jca/SymmetricAlgorithm.java:284:73:284:88 | +| jca/SymmetricAlgorithm.java:287:75:287:79 | Constant | Description | 10000 | jca/SymmetricAlgorithm.java:287:75:287:79 | jca/SymmetricAlgorithm.java:287:75:287:79 | +| jca/SymmetricAlgorithm.java:287:82:287:84 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:287:82:287:84 | jca/SymmetricAlgorithm.java:287:82:287:84 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | DigestSize | 256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | Name | SHA2 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | Name | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | RawName | PBKDF2WithHmacSHA256 | jca/SymmetricAlgorithm.java:288:65:288:86 | jca/SymmetricAlgorithm.java:288:65:288:86 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:289:26:289:53 | jca/SymmetricAlgorithm.java:289:26:289:53 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | Iterations | Constant:10000 | jca/SymmetricAlgorithm.java:287:75:287:79 | jca/SymmetricAlgorithm.java:287:75:287:79 | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:287:82:287:84 | jca/SymmetricAlgorithm.java:287:82:287:84 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | Name | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | RawName | GCM | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricAlgorithm.java:295:44:295:62 | jca/SymmetricAlgorithm.java:295:44:295:62 | +| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:297:9:297:40 | jca/SymmetricAlgorithm.java:297:9:297:40 | +| jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:297:38:297:39 | jca/SymmetricAlgorithm.java:297:38:297:39 | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:298:42:298:47 | jca/SymmetricAlgorithm.java:298:42:298:47 | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricAlgorithm.java:299:29:299:53 | jca/SymmetricAlgorithm.java:299:29:299:53 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | Name | HMAC | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | RawName | HmacSHA256 | jca/SymmetricAlgorithm.java:301:35:301:46 | jca/SymmetricAlgorithm.java:301:35:301:46 | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | KeyType | Unknown | jca/SymmetricAlgorithm.java:302:18:302:30 | jca/SymmetricAlgorithm.java:302:18:302:30 | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | KeyOperationSubtype | Mac | jca/SymmetricAlgorithm.java:303:30:303:52 | jca/SymmetricAlgorithm.java:303:30:303:52 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricAlgorithm.java:331:52:331:56 | jca/SymmetricAlgorithm.java:331:52:331:56 | +| jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | Description | 256 | jca/SymmetricAlgorithm.java:332:17:332:19 | jca/SymmetricAlgorithm.java:332:17:332:19 | +| jca/SymmetricAlgorithm.java:333:16:333:31 | Key | KeyType | Symmetric | jca/SymmetricAlgorithm.java:333:16:333:31 | jca/SymmetricAlgorithm.java:333:16:333:31 | +| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricAlgorithm.java:345:9:345:42 | jca/SymmetricAlgorithm.java:345:9:345:42 | +| jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricAlgorithm.java:345:38:345:41 | jca/SymmetricAlgorithm.java:345:38:345:41 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:48:52:48:56 | jca/SymmetricModesTest.java:48:52:48:56 | +| jca/SymmetricModesTest.java:49:17:49:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:49:17:49:19 | jca/SymmetricModesTest.java:49:17:49:19 | +| jca/SymmetricModesTest.java:50:33:50:48 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:50:33:50:48 | jca/SymmetricModesTest.java:50:33:50:48 | +| jca/SymmetricModesTest.java:53:17:53:19 | Constant | Description | 128 | jca/SymmetricModesTest.java:53:17:53:19 | jca/SymmetricModesTest.java:53:17:53:19 | +| jca/SymmetricModesTest.java:54:31:54:46 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:54:31:54:46 | jca/SymmetricModesTest.java:54:31:54:46 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | RawName | AES/KWP/NoPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | RawName | KWP | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:57:44:57:62 | jca/SymmetricModesTest.java:57:44:57:62 | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:58:39:58:49 | jca/SymmetricModesTest.java:58:39:58:49 | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | KeyOperationSubtype | Wrap | jca/SymmetricModesTest.java:59:29:59:50 | jca/SymmetricModesTest.java:59:29:59:50 | +| jca/SymmetricModesTest.java:78:43:78:55 | Parameter | Description | key | jca/SymmetricModesTest.java:78:43:78:55 | jca/SymmetricModesTest.java:78:43:78:55 | +| jca/SymmetricModesTest.java:78:58:78:73 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:78:58:78:73 | jca/SymmetricModesTest.java:78:58:78:73 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:79:44:79:63 | jca/SymmetricModesTest.java:79:44:79:63 | +| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | Description | nextBytes | jca/SymmetricModesTest.java:81:9:81:40 | jca/SymmetricModesTest.java:81:9:81:40 | +| jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/SymmetricModesTest.java:81:38:81:39 | jca/SymmetricModesTest.java:81:38:81:39 | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:83:42:83:44 | jca/SymmetricModesTest.java:83:42:83:44 | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:84:29:84:53 | jca/SymmetricModesTest.java:84:29:84:53 | +| jca/SymmetricModesTest.java:104:45:104:57 | Parameter | Description | key | jca/SymmetricModesTest.java:104:45:104:57 | jca/SymmetricModesTest.java:104:45:104:57 | +| jca/SymmetricModesTest.java:104:60:104:75 | Parameter | Description | plaintext | jca/SymmetricModesTest.java:104:60:104:75 | jca/SymmetricModesTest.java:104:60:104:75 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | RawName | AES/OFB8/NoPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | RawName | OFB8 | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | Name | UnknownPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | RawName | NoPadding | jca/SymmetricModesTest.java:105:44:105:63 | jca/SymmetricModesTest.java:105:44:105:63 | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | KeyType | Unknown | jca/SymmetricModesTest.java:109:42:109:44 | jca/SymmetricModesTest.java:109:42:109:44 | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/SymmetricModesTest.java:110:29:110:53 | jca/SymmetricModesTest.java:110:29:110:53 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/SymmetricModesTest.java:128:17:128:19 | jca/SymmetricModesTest.java:128:17:128:19 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | Name | AES | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | RawName | AES | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | Structure | Block | jca/SymmetricModesTest.java:127:52:127:56 | jca/SymmetricModesTest.java:127:52:127:56 | +| jca/SymmetricModesTest.java:128:17:128:19 | Constant | Description | 256 | jca/SymmetricModesTest.java:128:17:128:19 | jca/SymmetricModesTest.java:128:17:128:19 | +| jca/SymmetricModesTest.java:129:16:129:31 | Key | KeyType | Symmetric | jca/SymmetricModesTest.java:129:16:129:31 | jca/SymmetricModesTest.java:129:16:129:31 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:19:28:19:32 | jca/UniversalFlowTest.java:19:28:19:32 | +| jca/UniversalFlowTest.java:26:21:26:23 | Constant | Description | 256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:27:25:27:44 | Key | KeyType | Symmetric | jca/UniversalFlowTest.java:27:25:27:44 | jca/UniversalFlowTest.java:27:25:27:44 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | RawName | AES/GCM/NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | Name | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | RawName | GCM | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | Name | UnknownPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | RawName | NoPadding | jca/UniversalFlowTest.java:28:29:28:47 | jca/UniversalFlowTest.java:28:29:28:47 | +| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | Description | nextBytes | jca/UniversalFlowTest.java:31:9:31:40 | jca/UniversalFlowTest.java:31:9:31:40 | +| jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | Description | java.security.SecureRandom | jca/UniversalFlowTest.java:31:38:31:39 | jca/UniversalFlowTest.java:31:38:31:39 | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | KeyType | Unknown | jca/UniversalFlowTest.java:33:42:33:44 | jca/UniversalFlowTest.java:33:42:33:44 | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | KeyOperationSubtype | Encrypt | jca/UniversalFlowTest.java:34:32:34:74 | jca/UniversalFlowTest.java:34:32:34:74 | +| jca/UniversalFlowTest.java:34:47:34:62 | Constant | Description | "Sensitive Data" | jca/UniversalFlowTest.java:34:47:34:62 | jca/UniversalFlowTest.java:34:47:34:62 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | KeySize | Constant:256 | jca/UniversalFlowTest.java:26:21:26:23 | jca/UniversalFlowTest.java:26:21:26:23 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | Name | AES | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | RawName | AES | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | Structure | Block | jca/UniversalFlowTest.java:46:20:46:24 | jca/UniversalFlowTest.java:46:20:46:24 | diff --git a/java/ql/test/experimental/library-tests/quantum/nodes.expected b/java/ql/test/experimental/library-tests/quantum/nodes.expected index 57586bc1d351..39816c682343 100644 --- a/java/ql/test/experimental/library-tests/quantum/nodes.expected +++ b/java/ql/test/experimental/library-tests/quantum/nodes.expected @@ -1,436 +1,436 @@ -| jca/AesWrapAndPBEWith.java:67:52:67:56 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:68:17:68:19 | Constant | -| jca/AesWrapAndPBEWith.java:69:33:69:48 | Key | -| jca/AesWrapAndPBEWith.java:69:33:69:48 | KeyGeneration | -| jca/AesWrapAndPBEWith.java:71:17:71:19 | Constant | -| jca/AesWrapAndPBEWith.java:72:31:72:46 | Key | -| jca/AesWrapAndPBEWith.java:72:31:72:46 | KeyGeneration | -| jca/AesWrapAndPBEWith.java:74:44:74:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:75:39:75:49 | Key | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:76:29:76:50 | WrapOperation | -| jca/AesWrapAndPBEWith.java:76:41:76:49 | Message | -| jca/AesWrapAndPBEWith.java:93:52:93:56 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:94:17:94:19 | Constant | -| jca/AesWrapAndPBEWith.java:95:31:95:46 | Key | -| jca/AesWrapAndPBEWith.java:95:31:95:46 | KeyGeneration | -| jca/AesWrapAndPBEWith.java:97:44:97:52 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:98:39:98:49 | Key | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:99:29:99:50 | WrapOperation | -| jca/AesWrapAndPBEWith.java:99:41:99:49 | Message | -| jca/AesWrapAndPBEWith.java:117:34:117:37 | Constant | -| jca/AesWrapAndPBEWith.java:118:42:118:63 | Message | -| jca/AesWrapAndPBEWith.java:118:66:118:69 | Salt | -| jca/AesWrapAndPBEWith.java:118:72:118:75 | Constant | -| jca/AesWrapAndPBEWith.java:118:78:118:79 | Constant | -| jca/AesWrapAndPBEWith.java:119:65:119:82 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | Key | -| jca/AesWrapAndPBEWith.java:120:27:120:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:133:9:133:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:133:38:133:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:134:42:134:63 | Message | -| jca/AesWrapAndPBEWith.java:134:66:134:69 | Salt | -| jca/AesWrapAndPBEWith.java:134:72:134:76 | Constant | -| jca/AesWrapAndPBEWith.java:134:79:134:81 | Constant | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HMACAlgorithm | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | HashAlgorithm | -| jca/AesWrapAndPBEWith.java:135:65:135:86 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | Key | -| jca/AesWrapAndPBEWith.java:136:27:136:54 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:151:9:151:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:151:38:151:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:152:42:152:63 | Message | -| jca/AesWrapAndPBEWith.java:152:66:152:69 | Salt | -| jca/AesWrapAndPBEWith.java:152:72:152:76 | Constant | -| jca/AesWrapAndPBEWith.java:152:79:152:81 | Constant | -| jca/AesWrapAndPBEWith.java:153:65:153:98 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | Key | -| jca/AesWrapAndPBEWith.java:154:28:154:55 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | ModeOfOperation | -| jca/AesWrapAndPBEWith.java:157:44:157:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:159:9:159:40 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:159:38:159:39 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:161:42:161:47 | Key | -| jca/AesWrapAndPBEWith.java:161:50:161:55 | Nonce | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | EncryptOperation | -| jca/AesWrapAndPBEWith.java:162:29:162:64 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:162:44:162:63 | Message | -| jca/AesWrapAndPBEWith.java:179:9:179:42 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:179:38:179:41 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:180:42:180:63 | Message | -| jca/AesWrapAndPBEWith.java:180:66:180:69 | Salt | -| jca/AesWrapAndPBEWith.java:180:72:180:76 | Constant | -| jca/AesWrapAndPBEWith.java:180:79:180:81 | Constant | -| jca/AesWrapAndPBEWith.java:181:65:181:96 | KeyDerivationAlgorithm | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | Key | -| jca/AesWrapAndPBEWith.java:182:28:182:55 | KeyDerivation | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | KeyOperationAlgorithm | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | ModeOfOperation | -| jca/AesWrapAndPBEWith.java:185:44:185:65 | PaddingAlgorithm | -| jca/AesWrapAndPBEWith.java:187:9:187:40 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:187:38:187:39 | RandomNumberGeneration | -| jca/AesWrapAndPBEWith.java:189:42:189:47 | Key | -| jca/AesWrapAndPBEWith.java:189:50:189:55 | Nonce | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | EncryptOperation | -| jca/AesWrapAndPBEWith.java:190:29:190:64 | KeyOperationOutput | -| jca/AesWrapAndPBEWith.java:190:44:190:63 | Message | -| jca/AesWrapAndPBEWith.java:214:55:214:69 | Parameter | -| jca/AesWrapAndPBEWith.java:214:72:214:87 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:47:95:57 | EllipticCurve | +| jca/AesWrapAndPBEWith.java:58:52:58:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:59:17:59:19 | Constant | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | Key | +| jca/AesWrapAndPBEWith.java:60:33:60:48 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:62:17:62:19 | Constant | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | Key | +| jca/AesWrapAndPBEWith.java:63:31:63:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:65:44:65:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:66:39:66:49 | Key | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:67:29:67:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:67:41:67:49 | Message | +| jca/AesWrapAndPBEWith.java:83:52:83:56 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:84:17:84:19 | Constant | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | Key | +| jca/AesWrapAndPBEWith.java:85:31:85:46 | KeyGeneration | +| jca/AesWrapAndPBEWith.java:87:44:87:52 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:88:39:88:49 | Key | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:89:29:89:50 | WrapOperation | +| jca/AesWrapAndPBEWith.java:89:41:89:49 | Message | +| jca/AesWrapAndPBEWith.java:106:34:106:37 | Constant | +| jca/AesWrapAndPBEWith.java:107:42:107:63 | Message | +| jca/AesWrapAndPBEWith.java:107:66:107:69 | Salt | +| jca/AesWrapAndPBEWith.java:107:72:107:75 | Constant | +| jca/AesWrapAndPBEWith.java:107:78:107:79 | Constant | +| jca/AesWrapAndPBEWith.java:108:65:108:82 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | Key | +| jca/AesWrapAndPBEWith.java:109:27:109:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:122:9:122:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:122:38:122:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:123:42:123:63 | Message | +| jca/AesWrapAndPBEWith.java:123:66:123:69 | Salt | +| jca/AesWrapAndPBEWith.java:123:72:123:76 | Constant | +| jca/AesWrapAndPBEWith.java:123:79:123:81 | Constant | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HMACAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | HashAlgorithm | +| jca/AesWrapAndPBEWith.java:124:65:124:86 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | Key | +| jca/AesWrapAndPBEWith.java:125:27:125:54 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:140:9:140:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:140:38:140:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:141:42:141:63 | Message | +| jca/AesWrapAndPBEWith.java:141:66:141:69 | Salt | +| jca/AesWrapAndPBEWith.java:141:72:141:76 | Constant | +| jca/AesWrapAndPBEWith.java:141:79:141:81 | Constant | +| jca/AesWrapAndPBEWith.java:142:65:142:98 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | Key | +| jca/AesWrapAndPBEWith.java:143:28:143:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:146:44:146:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:148:9:148:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:148:38:148:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:150:42:150:47 | Key | +| jca/AesWrapAndPBEWith.java:150:50:150:55 | Nonce | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:151:29:151:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:151:44:151:63 | Message | +| jca/AesWrapAndPBEWith.java:167:9:167:42 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:167:38:167:41 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:168:42:168:63 | Message | +| jca/AesWrapAndPBEWith.java:168:66:168:69 | Salt | +| jca/AesWrapAndPBEWith.java:168:72:168:76 | Constant | +| jca/AesWrapAndPBEWith.java:168:79:168:81 | Constant | +| jca/AesWrapAndPBEWith.java:169:65:169:96 | KeyDerivationAlgorithm | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | Key | +| jca/AesWrapAndPBEWith.java:170:28:170:55 | KeyDerivation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | KeyOperationAlgorithm | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | ModeOfOperation | +| jca/AesWrapAndPBEWith.java:173:44:173:65 | PaddingAlgorithm | +| jca/AesWrapAndPBEWith.java:175:9:175:40 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:175:38:175:39 | RandomNumberGeneration | +| jca/AesWrapAndPBEWith.java:177:42:177:47 | Key | +| jca/AesWrapAndPBEWith.java:177:50:177:55 | Nonce | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | EncryptOperation | +| jca/AesWrapAndPBEWith.java:178:29:178:64 | KeyOperationOutput | +| jca/AesWrapAndPBEWith.java:178:44:178:63 | Message | +| jca/AesWrapAndPBEWith.java:200:55:200:69 | Parameter | +| jca/AesWrapAndPBEWith.java:200:72:200:87 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:86:47:86:57 | EllipticCurve | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:87:16:87:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:94:61:94:68 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:95:24:95:26 | Constant | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | Key | | jca/AsymmetricEncryptionMacHybridCryptosystem.java:96:16:96:36 | KeyGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:103:61:103:68 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:104:24:104:26 | Constant | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:105:16:105:36 | KeyGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:118:17:118:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:119:20:119:28 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | KeyAgreementOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:120:16:120:34 | SharedSecret | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:132:58:132:66 | HashAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | Digest | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:23:133:42 | HashOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:133:37:133:41 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:61:155:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:24:156:27 | Constant | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:157:16:157:36 | KeyGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:164:61:164:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:165:24:165:27 | Constant | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:16:166:36 | KeyGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | HashAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:176:47:176:85 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:177:42:177:58 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:34:178:55 | WrapOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:178:49:178:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:9:181:40 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:181:38:181:39 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:182:47:182:65 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:45:183:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:183:53:183:81 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | EncryptOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:29:184:56 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:184:47:184:55 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:200:47:200:68 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:201:42:201:58 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:34:202:55 | WrapOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:202:49:202:54 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:205:47:205:65 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:45:206:50 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:206:53:206:86 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | EncryptOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:29:207:56 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:207:47:207:55 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:226:91:226:96 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:9:231:40 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:231:38:231:39 | RandomNumberGeneration | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:232:44:232:62 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:42:233:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:233:50:233:78 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | EncryptOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:29:234:53 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:234:44:234:52 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:250:95:250:100 | KeyAgreementAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | ModeOfOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:255:44:255:62 | PaddingAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:42:256:47 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:256:50:256:83 | Nonce | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | EncryptOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:29:257:53 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:257:44:257:52 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:283:58:283:73 | Parameter | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:35:309:46 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:311:18:311:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:16:312:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:312:28:312:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:35:320:44 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:18:322:26 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | KeyOperationOutput | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:16:323:46 | MACOperation | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:323:28:323:45 | Message | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:335:52:335:56 | KeyOperationAlgorithm | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:336:17:336:19 | Constant | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | Key | -| jca/AsymmetricEncryptionMacHybridCryptosystem.java:337:16:337:31 | KeyGeneration | -| jca/ChainedEncryptionTest.java:24:44:24:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:24:44:24:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:24:44:24:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:26:9:26:40 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:26:38:26:39 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:28:42:28:44 | Key | -| jca/ChainedEncryptionTest.java:28:47:28:50 | Nonce | -| jca/ChainedEncryptionTest.java:29:29:29:53 | EncryptOperation | -| jca/ChainedEncryptionTest.java:29:29:29:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:29:44:29:52 | Message | -| jca/ChainedEncryptionTest.java:37:44:37:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:37:44:37:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:37:44:37:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:39:42:39:44 | Key | -| jca/ChainedEncryptionTest.java:39:47:39:50 | Nonce | -| jca/ChainedEncryptionTest.java:40:16:40:41 | DecryptOperation | -| jca/ChainedEncryptionTest.java:40:16:40:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:40:31:40:40 | Message | -| jca/ChainedEncryptionTest.java:45:44:45:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:47:9:47:43 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:47:38:47:42 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:48:42:48:44 | Key | -| jca/ChainedEncryptionTest.java:48:47:48:72 | Nonce | -| jca/ChainedEncryptionTest.java:49:29:49:53 | EncryptOperation | -| jca/ChainedEncryptionTest.java:49:29:49:53 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:49:44:49:52 | Message | -| jca/ChainedEncryptionTest.java:57:44:57:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:58:42:58:44 | Key | -| jca/ChainedEncryptionTest.java:58:47:58:72 | Nonce | -| jca/ChainedEncryptionTest.java:59:16:59:41 | DecryptOperation | -| jca/ChainedEncryptionTest.java:59:16:59:41 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:59:31:59:40 | Message | -| jca/ChainedEncryptionTest.java:80:46:80:61 | Parameter | -| jca/ChainedEncryptionTest.java:84:56:84:60 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:85:21:85:23 | Constant | -| jca/ChainedEncryptionTest.java:86:30:86:49 | Key | -| jca/ChainedEncryptionTest.java:86:30:86:49 | KeyGeneration | -| jca/ChainedEncryptionTest.java:88:59:88:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:89:24:89:26 | Constant | -| jca/ChainedEncryptionTest.java:90:30:90:52 | Key | -| jca/ChainedEncryptionTest.java:90:30:90:52 | KeyGeneration | -| jca/ChainedEncryptionTest.java:94:9:94:43 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:94:38:94:42 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:95:47:95:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:95:47:95:65 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:95:47:95:65 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:97:45:97:52 | Key | -| jca/ChainedEncryptionTest.java:97:55:97:61 | Nonce | -| jca/ChainedEncryptionTest.java:98:34:98:62 | EncryptOperation | -| jca/ChainedEncryptionTest.java:98:34:98:62 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:98:52:98:61 | Message | -| jca/ChainedEncryptionTest.java:102:9:102:49 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:102:38:102:48 | RandomNumberGeneration | -| jca/ChainedEncryptionTest.java:103:50:103:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:104:48:104:55 | Key | -| jca/ChainedEncryptionTest.java:104:58:104:89 | Nonce | -| jca/ChainedEncryptionTest.java:105:34:105:70 | EncryptOperation | -| jca/ChainedEncryptionTest.java:105:34:105:70 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:105:55:105:69 | Message | -| jca/ChainedEncryptionTest.java:108:47:108:65 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:109:45:109:52 | Key | -| jca/ChainedEncryptionTest.java:109:55:109:86 | Nonce | -| jca/ChainedEncryptionTest.java:110:43:110:76 | DecryptOperation | -| jca/ChainedEncryptionTest.java:110:43:110:76 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:110:61:110:75 | Message | -| jca/ChainedEncryptionTest.java:113:44:113:62 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:113:44:113:62 | ModeOfOperation | -| jca/ChainedEncryptionTest.java:113:44:113:62 | PaddingAlgorithm | -| jca/ChainedEncryptionTest.java:114:42:114:49 | Key | -| jca/ChainedEncryptionTest.java:114:52:114:83 | Nonce | -| jca/ChainedEncryptionTest.java:115:37:115:76 | DecryptOperation | -| jca/ChainedEncryptionTest.java:115:37:115:76 | KeyOperationOutput | -| jca/ChainedEncryptionTest.java:115:52:115:75 | Message | -| jca/ChainedEncryptionTest.java:122:56:122:60 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:123:21:123:23 | Constant | -| jca/ChainedEncryptionTest.java:124:28:124:47 | Key | -| jca/ChainedEncryptionTest.java:124:28:124:47 | KeyGeneration | -| jca/ChainedEncryptionTest.java:127:59:127:68 | KeyOperationAlgorithm | -| jca/ChainedEncryptionTest.java:128:24:128:26 | Constant | -| jca/ChainedEncryptionTest.java:129:31:129:53 | Key | -| jca/ChainedEncryptionTest.java:129:31:129:53 | KeyGeneration | -| jca/ChainedEncryptionTest.java:131:31:131:57 | Constant | -| jca/Digest.java:55:58:55:66 | HashAlgorithm | -| jca/Digest.java:56:23:56:66 | Digest | -| jca/Digest.java:56:23:56:66 | HashOperation | -| jca/Digest.java:56:37:56:54 | Constant | -| jca/Digest.java:56:37:56:65 | Message | -| jca/Digest.java:65:61:65:65 | HashAlgorithm | -| jca/Digest.java:66:23:66:70 | Digest | -| jca/Digest.java:66:23:66:70 | HashOperation | -| jca/Digest.java:66:40:66:58 | Constant | -| jca/Digest.java:66:40:66:69 | Message | -| jca/Digest.java:74:49:74:63 | Parameter | -| jca/Digest.java:75:64:75:72 | HashAlgorithm | -| jca/Digest.java:76:23:76:62 | Digest | -| jca/Digest.java:76:23:76:62 | HashOperation | -| jca/Digest.java:76:43:76:61 | Message | -| jca/Digest.java:84:37:84:51 | Parameter | -| jca/Digest.java:86:58:86:66 | HashAlgorithm | -| jca/Digest.java:87:23:87:26 | Message | -| jca/Digest.java:88:23:88:56 | Digest | -| jca/Digest.java:88:23:88:56 | HashOperation | -| jca/Digest.java:88:37:88:55 | Message | -| jca/Digest.java:96:37:96:51 | Parameter | -| jca/Digest.java:98:42:98:63 | Message | -| jca/Digest.java:98:66:98:69 | Salt | -| jca/Digest.java:98:72:98:76 | Constant | -| jca/Digest.java:98:79:98:81 | Constant | -| jca/Digest.java:99:65:99:86 | HMACAlgorithm | -| jca/Digest.java:99:65:99:86 | HashAlgorithm | -| jca/Digest.java:99:65:99:86 | KeyDerivationAlgorithm | -| jca/Digest.java:100:23:100:50 | Key | -| jca/Digest.java:100:23:100:50 | KeyDerivation | -| jca/Digest.java:108:40:108:51 | Parameter | -| jca/Digest.java:109:62:109:68 | HashAlgorithm | -| jca/Digest.java:110:23:110:57 | Digest | -| jca/Digest.java:110:23:110:57 | HashOperation | -| jca/Digest.java:110:41:110:56 | Message | -| jca/Digest.java:118:35:118:46 | Parameter | -| jca/Digest.java:118:49:118:58 | Parameter | -| jca/Digest.java:119:36:119:47 | KeyOperationAlgorithm | -| jca/Digest.java:121:19:121:27 | Key | -| jca/Digest.java:122:23:122:52 | KeyOperationOutput | -| jca/Digest.java:122:23:122:52 | MACOperation | -| jca/Digest.java:122:36:122:51 | Message | -| jca/Digest.java:141:44:141:62 | KeyOperationAlgorithm | -| jca/Digest.java:141:44:141:62 | ModeOfOperation | -| jca/Digest.java:141:44:141:62 | PaddingAlgorithm | -| jca/Digest.java:142:42:142:44 | Key | -| jca/Digest.java:143:32:143:74 | EncryptOperation | -| jca/Digest.java:143:32:143:74 | KeyOperationOutput | -| jca/Digest.java:143:47:143:62 | Constant | -| jca/Digest.java:143:47:143:73 | Message | -| jca/Digest.java:156:39:156:51 | Parameter | -| jca/Digest.java:172:50:172:62 | Parameter | -| jca/Digest.java:177:42:177:71 | Message | -| jca/Digest.java:177:74:177:77 | Salt | -| jca/Digest.java:177:80:177:84 | Constant | -| jca/Digest.java:177:87:177:89 | Constant | -| jca/Digest.java:178:65:178:86 | HMACAlgorithm | -| jca/Digest.java:178:65:178:86 | HashAlgorithm | -| jca/Digest.java:178:65:178:86 | KeyDerivationAlgorithm | -| jca/Digest.java:179:30:179:57 | Key | -| jca/Digest.java:179:30:179:57 | KeyDerivation | -| jca/Digest.java:187:44:187:62 | KeyOperationAlgorithm | -| jca/Digest.java:187:44:187:62 | ModeOfOperation | -| jca/Digest.java:187:44:187:62 | PaddingAlgorithm | -| jca/Digest.java:188:42:188:54 | Key | -| jca/Digest.java:189:29:189:78 | EncryptOperation | -| jca/Digest.java:189:29:189:78 | KeyOperationOutput | -| jca/Digest.java:189:44:189:66 | Constant | -| jca/Digest.java:189:44:189:77 | Message | -| jca/Digest.java:192:35:192:46 | KeyOperationAlgorithm | -| jca/Digest.java:193:18:193:23 | Key | -| jca/Digest.java:194:30:194:52 | KeyOperationOutput | -| jca/Digest.java:194:30:194:52 | MACOperation | -| jca/Digest.java:194:42:194:51 | Message | -| jca/Digest.java:211:44:211:62 | KeyOperationAlgorithm | -| jca/Digest.java:211:44:211:62 | ModeOfOperation | -| jca/Digest.java:211:44:211:62 | PaddingAlgorithm | -| jca/Digest.java:213:42:213:44 | Key | -| jca/Digest.java:214:32:214:51 | EncryptOperation | -| jca/Digest.java:214:32:214:51 | KeyOperationOutput | -| jca/Digest.java:214:47:214:50 | Message | -| jca/Digest.java:240:56:240:60 | KeyOperationAlgorithm | -| jca/Digest.java:241:21:241:23 | Constant | -| jca/Digest.java:242:16:242:35 | Key | -| jca/Digest.java:242:16:242:35 | KeyGeneration | -| jca/Digest.java:254:9:254:42 | RandomNumberGeneration | -| jca/Digest.java:254:38:254:41 | RandomNumberGeneration | -| jca/EllipticCurve1.java:47:66:47:76 | EllipticCurve | -| jca/EllipticCurve1.java:48:16:48:36 | Key | -| jca/EllipticCurve1.java:48:16:48:36 | KeyGeneration | -| jca/EllipticCurve1.java:57:66:57:76 | EllipticCurve | -| jca/EllipticCurve1.java:58:16:58:36 | Key | -| jca/EllipticCurve1.java:58:16:58:36 | KeyGeneration | -| jca/EllipticCurve1.java:67:66:67:82 | EllipticCurve | -| jca/EllipticCurve1.java:68:16:68:36 | Key | -| jca/EllipticCurve1.java:68:16:68:36 | KeyGeneration | -| jca/EllipticCurve1.java:75:61:75:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:77:16:77:36 | Key | -| jca/EllipticCurve1.java:77:16:77:36 | KeyGeneration | -| jca/EllipticCurve1.java:84:61:84:66 | KeyAgreementAlgorithm | -| jca/EllipticCurve1.java:85:16:85:36 | Key | -| jca/EllipticCurve1.java:85:16:85:36 | KeyGeneration | -| jca/EllipticCurve1.java:95:66:95:76 | EllipticCurve | -| jca/EllipticCurve1.java:96:16:96:36 | Key | -| jca/EllipticCurve1.java:96:16:96:36 | KeyGeneration | -| jca/EllipticCurve1.java:106:66:106:76 | Constant | -| jca/EllipticCurve1.java:107:16:107:36 | Key | -| jca/EllipticCurve1.java:107:16:107:36 | KeyGeneration | -| jca/EllipticCurve1.java:115:61:115:69 | Constant | -| jca/EllipticCurve1.java:116:16:116:36 | Key | -| jca/EllipticCurve1.java:116:16:116:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:109:17:109:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:110:20:110:28 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | KeyAgreementOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:111:16:111:34 | SharedSecret | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:123:58:123:66 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | Digest | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:23:124:42 | HashOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:124:37:124:41 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:145:61:145:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:146:24:146:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:147:16:147:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:154:61:154:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:155:24:155:27 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:156:16:156:36 | KeyGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | HashAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:166:47:166:85 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:167:42:167:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:34:168:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:168:49:168:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:9:171:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:171:38:171:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:172:47:172:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:45:173:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:173:53:173:81 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:29:174:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:174:47:174:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:190:47:190:68 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:191:42:191:58 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:34:192:55 | WrapOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:192:49:192:54 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:195:47:195:65 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:45:196:50 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:196:53:196:86 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:29:197:56 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:197:47:197:55 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:215:91:215:96 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:9:220:40 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:220:38:220:39 | RandomNumberGeneration | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:221:44:221:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:42:222:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:222:50:222:78 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:29:223:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:223:44:223:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:239:95:239:100 | KeyAgreementAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | ModeOfOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:244:44:244:62 | PaddingAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:42:245:47 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:245:50:245:83 | Nonce | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | EncryptOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:246:44:246:52 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:271:58:271:73 | Parameter | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:295:35:295:46 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:297:18:297:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:16:298:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:298:28:298:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:306:35:306:44 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:308:18:308:26 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | KeyOperationOutput | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:16:309:46 | MACOperation | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:309:28:309:45 | Message | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:320:52:320:56 | KeyOperationAlgorithm | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:321:17:321:19 | Constant | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | Key | +| jca/AsymmetricEncryptionMacHybridCryptosystem.java:322:16:322:31 | KeyGeneration | +| jca/ChainedEncryptionTest.java:19:44:19:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:19:44:19:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:19:44:19:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:21:9:21:40 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:21:38:21:39 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:23:42:23:44 | Key | +| jca/ChainedEncryptionTest.java:23:47:23:50 | Nonce | +| jca/ChainedEncryptionTest.java:24:29:24:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:24:29:24:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:24:44:24:52 | Message | +| jca/ChainedEncryptionTest.java:32:44:32:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:32:44:32:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:32:44:32:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:34:42:34:44 | Key | +| jca/ChainedEncryptionTest.java:34:47:34:50 | Nonce | +| jca/ChainedEncryptionTest.java:35:16:35:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:35:16:35:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:35:31:35:40 | Message | +| jca/ChainedEncryptionTest.java:40:44:40:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:42:9:42:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:42:38:42:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:43:42:43:44 | Key | +| jca/ChainedEncryptionTest.java:43:47:43:72 | Nonce | +| jca/ChainedEncryptionTest.java:44:29:44:53 | EncryptOperation | +| jca/ChainedEncryptionTest.java:44:29:44:53 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:44:44:44:52 | Message | +| jca/ChainedEncryptionTest.java:52:44:52:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:53:42:53:44 | Key | +| jca/ChainedEncryptionTest.java:53:47:53:72 | Nonce | +| jca/ChainedEncryptionTest.java:54:16:54:41 | DecryptOperation | +| jca/ChainedEncryptionTest.java:54:16:54:41 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:54:31:54:40 | Message | +| jca/ChainedEncryptionTest.java:75:46:75:61 | Parameter | +| jca/ChainedEncryptionTest.java:79:56:79:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:80:21:80:23 | Constant | +| jca/ChainedEncryptionTest.java:81:30:81:49 | Key | +| jca/ChainedEncryptionTest.java:81:30:81:49 | KeyGeneration | +| jca/ChainedEncryptionTest.java:83:59:83:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:84:24:84:26 | Constant | +| jca/ChainedEncryptionTest.java:85:30:85:52 | Key | +| jca/ChainedEncryptionTest.java:85:30:85:52 | KeyGeneration | +| jca/ChainedEncryptionTest.java:89:9:89:43 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:89:38:89:42 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:90:47:90:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:90:47:90:65 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:90:47:90:65 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:92:45:92:52 | Key | +| jca/ChainedEncryptionTest.java:92:55:92:61 | Nonce | +| jca/ChainedEncryptionTest.java:93:34:93:62 | EncryptOperation | +| jca/ChainedEncryptionTest.java:93:34:93:62 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:93:52:93:61 | Message | +| jca/ChainedEncryptionTest.java:97:9:97:49 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:97:38:97:48 | RandomNumberGeneration | +| jca/ChainedEncryptionTest.java:98:50:98:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:99:48:99:55 | Key | +| jca/ChainedEncryptionTest.java:99:58:99:89 | Nonce | +| jca/ChainedEncryptionTest.java:100:34:100:70 | EncryptOperation | +| jca/ChainedEncryptionTest.java:100:34:100:70 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:100:55:100:69 | Message | +| jca/ChainedEncryptionTest.java:103:47:103:65 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:104:45:104:52 | Key | +| jca/ChainedEncryptionTest.java:104:55:104:86 | Nonce | +| jca/ChainedEncryptionTest.java:105:43:105:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:105:43:105:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:105:61:105:75 | Message | +| jca/ChainedEncryptionTest.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:108:44:108:62 | ModeOfOperation | +| jca/ChainedEncryptionTest.java:108:44:108:62 | PaddingAlgorithm | +| jca/ChainedEncryptionTest.java:109:42:109:49 | Key | +| jca/ChainedEncryptionTest.java:109:52:109:83 | Nonce | +| jca/ChainedEncryptionTest.java:110:37:110:76 | DecryptOperation | +| jca/ChainedEncryptionTest.java:110:37:110:76 | KeyOperationOutput | +| jca/ChainedEncryptionTest.java:110:52:110:75 | Message | +| jca/ChainedEncryptionTest.java:117:56:117:60 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:118:21:118:23 | Constant | +| jca/ChainedEncryptionTest.java:119:28:119:47 | Key | +| jca/ChainedEncryptionTest.java:119:28:119:47 | KeyGeneration | +| jca/ChainedEncryptionTest.java:122:59:122:68 | KeyOperationAlgorithm | +| jca/ChainedEncryptionTest.java:123:24:123:26 | Constant | +| jca/ChainedEncryptionTest.java:124:31:124:53 | Key | +| jca/ChainedEncryptionTest.java:124:31:124:53 | KeyGeneration | +| jca/ChainedEncryptionTest.java:126:31:126:57 | Constant | +| jca/Digest.java:54:58:54:66 | HashAlgorithm | +| jca/Digest.java:55:23:55:66 | Digest | +| jca/Digest.java:55:23:55:66 | HashOperation | +| jca/Digest.java:55:37:55:54 | Constant | +| jca/Digest.java:55:37:55:65 | Message | +| jca/Digest.java:64:61:64:65 | HashAlgorithm | +| jca/Digest.java:65:23:65:70 | Digest | +| jca/Digest.java:65:23:65:70 | HashOperation | +| jca/Digest.java:65:40:65:58 | Constant | +| jca/Digest.java:65:40:65:69 | Message | +| jca/Digest.java:73:49:73:63 | Parameter | +| jca/Digest.java:74:64:74:72 | HashAlgorithm | +| jca/Digest.java:75:23:75:62 | Digest | +| jca/Digest.java:75:23:75:62 | HashOperation | +| jca/Digest.java:75:43:75:61 | Message | +| jca/Digest.java:83:37:83:51 | Parameter | +| jca/Digest.java:85:58:85:66 | HashAlgorithm | +| jca/Digest.java:86:23:86:26 | Message | +| jca/Digest.java:87:23:87:56 | Digest | +| jca/Digest.java:87:23:87:56 | HashOperation | +| jca/Digest.java:87:37:87:55 | Message | +| jca/Digest.java:95:37:95:51 | Parameter | +| jca/Digest.java:97:42:97:63 | Message | +| jca/Digest.java:97:66:97:69 | Salt | +| jca/Digest.java:97:72:97:76 | Constant | +| jca/Digest.java:97:79:97:81 | Constant | +| jca/Digest.java:98:65:98:86 | HMACAlgorithm | +| jca/Digest.java:98:65:98:86 | HashAlgorithm | +| jca/Digest.java:98:65:98:86 | KeyDerivationAlgorithm | +| jca/Digest.java:99:23:99:50 | Key | +| jca/Digest.java:99:23:99:50 | KeyDerivation | +| jca/Digest.java:107:40:107:51 | Parameter | +| jca/Digest.java:108:62:108:68 | HashAlgorithm | +| jca/Digest.java:109:23:109:57 | Digest | +| jca/Digest.java:109:23:109:57 | HashOperation | +| jca/Digest.java:109:41:109:56 | Message | +| jca/Digest.java:117:35:117:46 | Parameter | +| jca/Digest.java:117:49:117:58 | Parameter | +| jca/Digest.java:118:36:118:47 | KeyOperationAlgorithm | +| jca/Digest.java:120:19:120:27 | Key | +| jca/Digest.java:121:23:121:52 | KeyOperationOutput | +| jca/Digest.java:121:23:121:52 | MACOperation | +| jca/Digest.java:121:36:121:51 | Message | +| jca/Digest.java:140:44:140:62 | KeyOperationAlgorithm | +| jca/Digest.java:140:44:140:62 | ModeOfOperation | +| jca/Digest.java:140:44:140:62 | PaddingAlgorithm | +| jca/Digest.java:141:42:141:44 | Key | +| jca/Digest.java:142:32:142:74 | EncryptOperation | +| jca/Digest.java:142:32:142:74 | KeyOperationOutput | +| jca/Digest.java:142:47:142:62 | Constant | +| jca/Digest.java:142:47:142:73 | Message | +| jca/Digest.java:155:39:155:51 | Parameter | +| jca/Digest.java:171:50:171:62 | Parameter | +| jca/Digest.java:176:42:176:71 | Message | +| jca/Digest.java:176:74:176:77 | Salt | +| jca/Digest.java:176:80:176:84 | Constant | +| jca/Digest.java:176:87:176:89 | Constant | +| jca/Digest.java:177:65:177:86 | HMACAlgorithm | +| jca/Digest.java:177:65:177:86 | HashAlgorithm | +| jca/Digest.java:177:65:177:86 | KeyDerivationAlgorithm | +| jca/Digest.java:178:30:178:57 | Key | +| jca/Digest.java:178:30:178:57 | KeyDerivation | +| jca/Digest.java:186:44:186:62 | KeyOperationAlgorithm | +| jca/Digest.java:186:44:186:62 | ModeOfOperation | +| jca/Digest.java:186:44:186:62 | PaddingAlgorithm | +| jca/Digest.java:187:42:187:54 | Key | +| jca/Digest.java:188:29:188:78 | EncryptOperation | +| jca/Digest.java:188:29:188:78 | KeyOperationOutput | +| jca/Digest.java:188:44:188:66 | Constant | +| jca/Digest.java:188:44:188:77 | Message | +| jca/Digest.java:191:35:191:46 | KeyOperationAlgorithm | +| jca/Digest.java:192:18:192:23 | Key | +| jca/Digest.java:193:30:193:52 | KeyOperationOutput | +| jca/Digest.java:193:30:193:52 | MACOperation | +| jca/Digest.java:193:42:193:51 | Message | +| jca/Digest.java:210:44:210:62 | KeyOperationAlgorithm | +| jca/Digest.java:210:44:210:62 | ModeOfOperation | +| jca/Digest.java:210:44:210:62 | PaddingAlgorithm | +| jca/Digest.java:212:42:212:44 | Key | +| jca/Digest.java:213:32:213:51 | EncryptOperation | +| jca/Digest.java:213:32:213:51 | KeyOperationOutput | +| jca/Digest.java:213:47:213:50 | Message | +| jca/Digest.java:239:56:239:60 | KeyOperationAlgorithm | +| jca/Digest.java:240:21:240:23 | Constant | +| jca/Digest.java:241:16:241:35 | Key | +| jca/Digest.java:241:16:241:35 | KeyGeneration | +| jca/Digest.java:253:9:253:42 | RandomNumberGeneration | +| jca/Digest.java:253:38:253:41 | RandomNumberGeneration | +| jca/EllipticCurve1.java:46:66:46:76 | EllipticCurve | +| jca/EllipticCurve1.java:47:16:47:36 | Key | +| jca/EllipticCurve1.java:47:16:47:36 | KeyGeneration | +| jca/EllipticCurve1.java:56:66:56:76 | EllipticCurve | +| jca/EllipticCurve1.java:57:16:57:36 | Key | +| jca/EllipticCurve1.java:57:16:57:36 | KeyGeneration | +| jca/EllipticCurve1.java:66:66:66:82 | EllipticCurve | +| jca/EllipticCurve1.java:67:16:67:36 | Key | +| jca/EllipticCurve1.java:67:16:67:36 | KeyGeneration | +| jca/EllipticCurve1.java:74:61:74:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:76:16:76:36 | Key | +| jca/EllipticCurve1.java:76:16:76:36 | KeyGeneration | +| jca/EllipticCurve1.java:83:61:83:66 | KeyAgreementAlgorithm | +| jca/EllipticCurve1.java:84:16:84:36 | Key | +| jca/EllipticCurve1.java:84:16:84:36 | KeyGeneration | +| jca/EllipticCurve1.java:94:66:94:76 | EllipticCurve | +| jca/EllipticCurve1.java:95:16:95:36 | Key | +| jca/EllipticCurve1.java:95:16:95:36 | KeyGeneration | +| jca/EllipticCurve1.java:105:66:105:76 | Constant | +| jca/EllipticCurve1.java:106:16:106:36 | Key | +| jca/EllipticCurve1.java:106:16:106:36 | KeyGeneration | +| jca/EllipticCurve1.java:114:61:114:69 | Constant | +| jca/EllipticCurve1.java:115:16:115:36 | Key | +| jca/EllipticCurve1.java:115:16:115:36 | KeyGeneration | +| jca/EllipticCurve2.java:46:47:46:57 | EllipticCurve | +| jca/EllipticCurve2.java:47:16:47:36 | Key | +| jca/EllipticCurve2.java:47:16:47:36 | KeyGeneration | | jca/EllipticCurve2.java:55:47:55:57 | EllipticCurve | | jca/EllipticCurve2.java:56:16:56:36 | Key | | jca/EllipticCurve2.java:56:16:56:36 | KeyGeneration | -| jca/EllipticCurve2.java:64:47:64:57 | EllipticCurve | +| jca/EllipticCurve2.java:64:47:64:63 | EllipticCurve | | jca/EllipticCurve2.java:65:16:65:36 | Key | | jca/EllipticCurve2.java:65:16:65:36 | KeyGeneration | -| jca/EllipticCurve2.java:73:47:73:63 | EllipticCurve | -| jca/EllipticCurve2.java:74:16:74:36 | Key | -| jca/EllipticCurve2.java:74:16:74:36 | KeyGeneration | -| jca/EllipticCurve2.java:81:61:81:68 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:82:16:82:36 | Key | -| jca/EllipticCurve2.java:82:16:82:36 | KeyGeneration | -| jca/EllipticCurve2.java:89:61:89:69 | Constant | -| jca/EllipticCurve2.java:90:16:90:36 | Key | -| jca/EllipticCurve2.java:90:16:90:36 | KeyGeneration | -| jca/EllipticCurve2.java:115:52:115:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:116:17:116:36 | Key | -| jca/EllipticCurve2.java:117:20:117:36 | Key | -| jca/EllipticCurve2.java:118:16:118:34 | KeyAgreementOperation | -| jca/EllipticCurve2.java:118:16:118:34 | SharedSecret | -| jca/EllipticCurve2.java:129:52:129:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:130:17:130:37 | Key | -| jca/EllipticCurve2.java:131:20:131:39 | Key | -| jca/EllipticCurve2.java:132:16:132:34 | KeyAgreementOperation | -| jca/EllipticCurve2.java:132:16:132:34 | SharedSecret | -| jca/EllipticCurve2.java:148:53:148:69 | HashAlgorithm | -| jca/EllipticCurve2.java:148:53:148:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:149:28:149:42 | Key | -| jca/EllipticCurve2.java:150:26:150:32 | Message | -| jca/EllipticCurve2.java:151:16:151:31 | SignOperation | -| jca/EllipticCurve2.java:151:16:151:31 | SignatureOutput | -| jca/EllipticCurve2.java:163:53:163:69 | HashAlgorithm | -| jca/EllipticCurve2.java:163:53:163:69 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:164:30:164:43 | Key | -| jca/EllipticCurve2.java:165:26:165:32 | Message | -| jca/EllipticCurve2.java:166:16:166:47 | VerifyOperation | -| jca/EllipticCurve2.java:166:33:166:46 | SignatureInput | -| jca/EllipticCurve2.java:178:53:178:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:179:28:179:42 | Key | -| jca/EllipticCurve2.java:180:26:180:32 | Message | -| jca/EllipticCurve2.java:181:16:181:31 | SignOperation | -| jca/EllipticCurve2.java:181:16:181:31 | SignatureOutput | -| jca/EllipticCurve2.java:193:53:193:61 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:194:30:194:43 | Key | -| jca/EllipticCurve2.java:195:26:195:32 | Message | -| jca/EllipticCurve2.java:196:16:196:47 | VerifyOperation | -| jca/EllipticCurve2.java:196:33:196:46 | SignatureInput | -| jca/EllipticCurve2.java:221:52:221:57 | KeyAgreementAlgorithm | -| jca/EllipticCurve2.java:222:17:222:37 | Key | -| jca/EllipticCurve2.java:223:20:223:41 | Key | -| jca/EllipticCurve2.java:224:31:224:49 | KeyAgreementOperation | -| jca/EllipticCurve2.java:224:31:224:49 | SharedSecret | -| jca/EllipticCurve2.java:228:58:228:66 | HashAlgorithm | -| jca/EllipticCurve2.java:229:29:229:55 | Digest | -| jca/EllipticCurve2.java:229:29:229:55 | HashOperation | -| jca/EllipticCurve2.java:229:43:229:54 | Message | -| jca/EllipticCurve2.java:234:44:234:62 | KeyOperationAlgorithm | -| jca/EllipticCurve2.java:234:44:234:62 | ModeOfOperation | -| jca/EllipticCurve2.java:234:44:234:62 | PaddingAlgorithm | -| jca/EllipticCurve2.java:236:9:236:40 | RandomNumberGeneration | -| jca/EllipticCurve2.java:236:38:236:39 | RandomNumberGeneration | -| jca/EllipticCurve2.java:238:42:238:47 | Key | -| jca/EllipticCurve2.java:238:50:238:53 | Nonce | -| jca/EllipticCurve2.java:239:29:239:53 | EncryptOperation | -| jca/EllipticCurve2.java:239:29:239:53 | KeyOperationOutput | -| jca/EllipticCurve2.java:239:44:239:52 | Message | -| jca/EllipticCurve2.java:261:30:261:53 | Constant | -| jca/EllipticCurve2.java:274:62:274:83 | Constant | +| jca/EllipticCurve2.java:72:61:72:68 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:73:16:73:36 | Key | +| jca/EllipticCurve2.java:73:16:73:36 | KeyGeneration | +| jca/EllipticCurve2.java:80:61:80:69 | Constant | +| jca/EllipticCurve2.java:81:16:81:36 | Key | +| jca/EllipticCurve2.java:81:16:81:36 | KeyGeneration | +| jca/EllipticCurve2.java:105:52:105:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:106:17:106:36 | Key | +| jca/EllipticCurve2.java:107:20:107:36 | Key | +| jca/EllipticCurve2.java:108:16:108:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:108:16:108:34 | SharedSecret | +| jca/EllipticCurve2.java:119:52:119:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:120:17:120:37 | Key | +| jca/EllipticCurve2.java:121:20:121:39 | Key | +| jca/EllipticCurve2.java:122:16:122:34 | KeyAgreementOperation | +| jca/EllipticCurve2.java:122:16:122:34 | SharedSecret | +| jca/EllipticCurve2.java:136:53:136:69 | HashAlgorithm | +| jca/EllipticCurve2.java:136:53:136:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:137:28:137:42 | Key | +| jca/EllipticCurve2.java:138:26:138:32 | Message | +| jca/EllipticCurve2.java:139:16:139:31 | SignOperation | +| jca/EllipticCurve2.java:139:16:139:31 | SignatureOutput | +| jca/EllipticCurve2.java:151:53:151:69 | HashAlgorithm | +| jca/EllipticCurve2.java:151:53:151:69 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:152:30:152:43 | Key | +| jca/EllipticCurve2.java:153:26:153:32 | Message | +| jca/EllipticCurve2.java:154:16:154:47 | VerifyOperation | +| jca/EllipticCurve2.java:154:33:154:46 | SignatureInput | +| jca/EllipticCurve2.java:166:53:166:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:167:28:167:42 | Key | +| jca/EllipticCurve2.java:168:26:168:32 | Message | +| jca/EllipticCurve2.java:169:16:169:31 | SignOperation | +| jca/EllipticCurve2.java:169:16:169:31 | SignatureOutput | +| jca/EllipticCurve2.java:181:53:181:61 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:182:30:182:43 | Key | +| jca/EllipticCurve2.java:183:26:183:32 | Message | +| jca/EllipticCurve2.java:184:16:184:47 | VerifyOperation | +| jca/EllipticCurve2.java:184:33:184:46 | SignatureInput | +| jca/EllipticCurve2.java:206:52:206:57 | KeyAgreementAlgorithm | +| jca/EllipticCurve2.java:207:17:207:37 | Key | +| jca/EllipticCurve2.java:208:20:208:41 | Key | +| jca/EllipticCurve2.java:209:31:209:49 | KeyAgreementOperation | +| jca/EllipticCurve2.java:209:31:209:49 | SharedSecret | +| jca/EllipticCurve2.java:213:58:213:66 | HashAlgorithm | +| jca/EllipticCurve2.java:214:29:214:55 | Digest | +| jca/EllipticCurve2.java:214:29:214:55 | HashOperation | +| jca/EllipticCurve2.java:214:43:214:54 | Message | +| jca/EllipticCurve2.java:219:44:219:62 | KeyOperationAlgorithm | +| jca/EllipticCurve2.java:219:44:219:62 | ModeOfOperation | +| jca/EllipticCurve2.java:219:44:219:62 | PaddingAlgorithm | +| jca/EllipticCurve2.java:221:9:221:40 | RandomNumberGeneration | +| jca/EllipticCurve2.java:221:38:221:39 | RandomNumberGeneration | +| jca/EllipticCurve2.java:223:42:223:47 | Key | +| jca/EllipticCurve2.java:223:50:223:53 | Nonce | +| jca/EllipticCurve2.java:224:29:224:53 | EncryptOperation | +| jca/EllipticCurve2.java:224:29:224:53 | KeyOperationOutput | +| jca/EllipticCurve2.java:224:44:224:52 | Message | +| jca/EllipticCurve2.java:245:30:245:53 | Constant | +| jca/EllipticCurve2.java:258:62:258:83 | Constant | | jca/Encryption1.java:60:56:60:60 | KeyOperationAlgorithm | | jca/Encryption1.java:61:21:61:23 | Constant | | jca/Encryption1.java:62:25:62:44 | Key | @@ -515,132 +515,132 @@ | jca/Encryption1.java:176:32:176:65 | EncryptOperation | | jca/Encryption1.java:176:32:176:65 | KeyOperationOutput | | jca/Encryption1.java:176:50:176:64 | Message | -| jca/Encryption2.java:63:60:63:70 | EllipticCurve | -| jca/Encryption2.java:64:16:64:49 | Key | -| jca/Encryption2.java:64:16:64:49 | KeyGeneration | -| jca/Encryption2.java:80:62:80:67 | KeyAgreementAlgorithm | -| jca/Encryption2.java:81:27:81:36 | Key | -| jca/Encryption2.java:82:30:82:38 | Key | -| jca/Encryption2.java:83:16:83:44 | KeyAgreementOperation | -| jca/Encryption2.java:83:16:83:44 | SharedSecret | -| jca/Encryption2.java:103:38:103:65 | Parameter | -| jca/Encryption2.java:103:68:103:78 | Parameter | -| jca/Encryption2.java:112:58:112:66 | HashAlgorithm | -| jca/Encryption2.java:113:30:113:56 | Digest | -| jca/Encryption2.java:113:30:113:56 | HashOperation | -| jca/Encryption2.java:113:44:113:55 | Message | -| jca/Encryption2.java:118:47:118:65 | KeyOperationAlgorithm | -| jca/Encryption2.java:118:47:118:65 | ModeOfOperation | -| jca/Encryption2.java:118:47:118:65 | PaddingAlgorithm | -| jca/Encryption2.java:120:9:120:40 | RandomNumberGeneration | -| jca/Encryption2.java:120:38:120:39 | RandomNumberGeneration | -| jca/Encryption2.java:122:45:122:50 | Key | -| jca/Encryption2.java:122:53:122:59 | Nonce | -| jca/Encryption2.java:123:32:123:65 | EncryptOperation | -| jca/Encryption2.java:123:32:123:65 | KeyOperationOutput | -| jca/Encryption2.java:123:50:123:64 | Message | -| jca/Encryption2.java:149:45:149:65 | Parameter | -| jca/Encryption2.java:149:68:149:88 | Parameter | -| jca/Encryption2.java:162:47:162:65 | KeyOperationAlgorithm | -| jca/Encryption2.java:162:47:162:65 | ModeOfOperation | -| jca/Encryption2.java:162:47:162:65 | PaddingAlgorithm | -| jca/Encryption2.java:164:9:164:40 | RandomNumberGeneration | -| jca/Encryption2.java:164:38:164:39 | RandomNumberGeneration | -| jca/Encryption2.java:166:45:166:50 | Key | -| jca/Encryption2.java:166:53:166:59 | Nonce | -| jca/Encryption2.java:167:32:167:98 | EncryptOperation | -| jca/Encryption2.java:167:32:167:98 | KeyOperationOutput | -| jca/Encryption2.java:167:50:167:86 | Constant | -| jca/Encryption2.java:167:50:167:97 | Message | -| jca/Encryption2.java:192:36:192:47 | KeyOperationAlgorithm | -| jca/Encryption2.java:194:19:194:27 | Key | -| jca/Encryption2.java:195:31:195:52 | KeyOperationOutput | -| jca/Encryption2.java:195:31:195:52 | MACOperation | -| jca/Encryption2.java:195:44:195:51 | Message | -| jca/Hash.java:87:58:87:66 | HashAlgorithm | -| jca/Hash.java:88:23:88:66 | Digest | -| jca/Hash.java:88:23:88:66 | HashOperation | -| jca/Hash.java:88:37:88:54 | Constant | -| jca/Hash.java:88:37:88:65 | Message | -| jca/Hash.java:101:61:101:65 | HashAlgorithm | -| jca/Hash.java:102:23:102:70 | Digest | -| jca/Hash.java:102:23:102:70 | HashOperation | -| jca/Hash.java:102:40:102:58 | Constant | -| jca/Hash.java:102:40:102:69 | Message | -| jca/Hash.java:150:29:150:40 | Parameter | -| jca/Hash.java:150:43:150:63 | Parameter | -| jca/Hash.java:151:53:151:67 | HashAlgorithm | -| jca/Hash.java:151:53:151:67 | KeyOperationAlgorithm | -| jca/Hash.java:152:28:152:37 | Key | -| jca/Hash.java:153:26:153:41 | Message | -| jca/Hash.java:154:29:154:44 | SignOperation | -| jca/Hash.java:154:29:154:44 | SignatureOutput | -| jca/Hash.java:172:40:172:51 | Parameter | -| jca/Hash.java:172:54:172:70 | Parameter | -| jca/Hash.java:172:73:172:91 | Parameter | -| jca/Hash.java:173:53:173:67 | HashAlgorithm | -| jca/Hash.java:173:53:173:67 | KeyOperationAlgorithm | -| jca/Hash.java:174:30:174:38 | Key | -| jca/Hash.java:175:26:175:41 | Message | -| jca/Hash.java:176:16:176:43 | VerifyOperation | -| jca/Hash.java:176:33:176:42 | SignatureInput | -| jca/Hash.java:191:43:191:53 | Parameter | -| jca/Hash.java:192:58:192:66 | HashAlgorithm | -| jca/Hash.java:193:23:193:52 | Digest | -| jca/Hash.java:193:23:193:52 | HashOperation | -| jca/Hash.java:193:37:193:51 | Message | -| jca/Hash.java:210:43:210:54 | Parameter | -| jca/Hash.java:211:33:211:39 | HashAlgorithm | -| jca/Hash.java:211:42:211:50 | HashAlgorithm | -| jca/Hash.java:211:53:211:61 | HashAlgorithm | -| jca/Hash.java:211:64:211:72 | HashAlgorithm | -| jca/Hash.java:211:75:211:83 | HashAlgorithm | -| jca/Hash.java:211:86:211:95 | HashAlgorithm | -| jca/Hash.java:211:98:211:107 | HashAlgorithm | -| jca/Hash.java:212:17:212:29 | HashAlgorithm | -| jca/Hash.java:212:32:212:44 | HashAlgorithm | -| jca/Hash.java:212:47:212:51 | HashAlgorithm | -| jca/Hash.java:215:27:215:57 | Digest | -| jca/Hash.java:215:27:215:57 | HashOperation | -| jca/Hash.java:215:41:215:56 | Message | -| jca/Hash.java:233:43:233:54 | Parameter | -| jca/Hash.java:233:57:233:66 | Parameter | -| jca/Hash.java:234:33:234:42 | KeyOperationAlgorithm | -| jca/Hash.java:234:45:234:56 | KeyOperationAlgorithm | -| jca/Hash.java:234:59:234:70 | KeyOperationAlgorithm | -| jca/Hash.java:234:73:234:84 | KeyOperationAlgorithm | -| jca/Hash.java:234:87:234:100 | KeyOperationAlgorithm | -| jca/Hash.java:234:103:234:116 | KeyOperationAlgorithm | -| jca/Hash.java:238:22:238:30 | Key | -| jca/Hash.java:239:27:239:55 | KeyOperationOutput | -| jca/Hash.java:239:27:239:55 | MACOperation | -| jca/Hash.java:239:39:239:54 | Message | -| jca/Hash.java:256:40:256:54 | Parameter | -| jca/Hash.java:259:42:259:63 | Message | -| jca/Hash.java:259:66:259:69 | Salt | -| jca/Hash.java:259:72:259:76 | Constant | -| jca/Hash.java:259:79:259:81 | Constant | -| jca/Hash.java:260:65:260:86 | HMACAlgorithm | -| jca/Hash.java:260:65:260:86 | HashAlgorithm | -| jca/Hash.java:260:65:260:86 | KeyDerivationAlgorithm | -| jca/Hash.java:261:23:261:50 | Key | -| jca/Hash.java:261:23:261:50 | KeyDerivation | -| jca/Hash.java:277:23:277:70 | Digest | -| jca/Hash.java:277:23:277:70 | HashOperation | -| jca/Hash.java:277:37:277:58 | Constant | -| jca/Hash.java:277:37:277:69 | Message | -| jca/Hash.java:292:33:292:41 | HashAlgorithm | -| jca/Hash.java:292:44:292:52 | HashAlgorithm | -| jca/Hash.java:292:55:292:64 | HashAlgorithm | -| jca/Hash.java:292:67:292:76 | HashAlgorithm | -| jca/Hash.java:295:27:295:38 | Constant | -| jca/Hash.java:296:27:296:30 | Message | -| jca/Hash.java:297:40:297:54 | Digest | -| jca/Hash.java:297:40:297:54 | HashOperation | -| jca/Hash.java:321:16:321:66 | LocalData | -| jca/Hash.java:321:57:321:65 | HashAlgorithm | -| jca/Hash.java:338:9:338:42 | RandomNumberGeneration | -| jca/Hash.java:338:38:338:41 | RandomNumberGeneration | +| jca/Encryption2.java:55:60:55:70 | EllipticCurve | +| jca/Encryption2.java:56:16:56:49 | Key | +| jca/Encryption2.java:56:16:56:49 | KeyGeneration | +| jca/Encryption2.java:71:62:71:67 | KeyAgreementAlgorithm | +| jca/Encryption2.java:72:27:72:36 | Key | +| jca/Encryption2.java:73:30:73:38 | Key | +| jca/Encryption2.java:74:16:74:44 | KeyAgreementOperation | +| jca/Encryption2.java:74:16:74:44 | SharedSecret | +| jca/Encryption2.java:90:38:90:65 | Parameter | +| jca/Encryption2.java:90:68:90:78 | Parameter | +| jca/Encryption2.java:99:58:99:66 | HashAlgorithm | +| jca/Encryption2.java:100:30:100:56 | Digest | +| jca/Encryption2.java:100:30:100:56 | HashOperation | +| jca/Encryption2.java:100:44:100:55 | Message | +| jca/Encryption2.java:105:47:105:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:105:47:105:65 | ModeOfOperation | +| jca/Encryption2.java:105:47:105:65 | PaddingAlgorithm | +| jca/Encryption2.java:107:9:107:40 | RandomNumberGeneration | +| jca/Encryption2.java:107:38:107:39 | RandomNumberGeneration | +| jca/Encryption2.java:109:45:109:50 | Key | +| jca/Encryption2.java:109:53:109:59 | Nonce | +| jca/Encryption2.java:110:32:110:65 | EncryptOperation | +| jca/Encryption2.java:110:32:110:65 | KeyOperationOutput | +| jca/Encryption2.java:110:50:110:64 | Message | +| jca/Encryption2.java:132:45:132:65 | Parameter | +| jca/Encryption2.java:132:68:132:88 | Parameter | +| jca/Encryption2.java:145:47:145:65 | KeyOperationAlgorithm | +| jca/Encryption2.java:145:47:145:65 | ModeOfOperation | +| jca/Encryption2.java:145:47:145:65 | PaddingAlgorithm | +| jca/Encryption2.java:147:9:147:40 | RandomNumberGeneration | +| jca/Encryption2.java:147:38:147:39 | RandomNumberGeneration | +| jca/Encryption2.java:149:45:149:50 | Key | +| jca/Encryption2.java:149:53:149:59 | Nonce | +| jca/Encryption2.java:150:32:150:98 | EncryptOperation | +| jca/Encryption2.java:150:32:150:98 | KeyOperationOutput | +| jca/Encryption2.java:150:50:150:86 | Constant | +| jca/Encryption2.java:150:50:150:97 | Message | +| jca/Encryption2.java:173:36:173:47 | KeyOperationAlgorithm | +| jca/Encryption2.java:175:19:175:27 | Key | +| jca/Encryption2.java:176:31:176:52 | KeyOperationOutput | +| jca/Encryption2.java:176:31:176:52 | MACOperation | +| jca/Encryption2.java:176:44:176:51 | Message | +| jca/Hash.java:75:58:75:66 | HashAlgorithm | +| jca/Hash.java:76:23:76:66 | Digest | +| jca/Hash.java:76:23:76:66 | HashOperation | +| jca/Hash.java:76:37:76:54 | Constant | +| jca/Hash.java:76:37:76:65 | Message | +| jca/Hash.java:88:61:88:65 | HashAlgorithm | +| jca/Hash.java:89:23:89:70 | Digest | +| jca/Hash.java:89:23:89:70 | HashOperation | +| jca/Hash.java:89:40:89:58 | Constant | +| jca/Hash.java:89:40:89:69 | Message | +| jca/Hash.java:133:29:133:40 | Parameter | +| jca/Hash.java:133:43:133:63 | Parameter | +| jca/Hash.java:134:53:134:67 | HashAlgorithm | +| jca/Hash.java:134:53:134:67 | KeyOperationAlgorithm | +| jca/Hash.java:135:28:135:37 | Key | +| jca/Hash.java:136:26:136:41 | Message | +| jca/Hash.java:137:29:137:44 | SignOperation | +| jca/Hash.java:137:29:137:44 | SignatureOutput | +| jca/Hash.java:154:40:154:51 | Parameter | +| jca/Hash.java:154:54:154:70 | Parameter | +| jca/Hash.java:154:73:154:91 | Parameter | +| jca/Hash.java:155:53:155:67 | HashAlgorithm | +| jca/Hash.java:155:53:155:67 | KeyOperationAlgorithm | +| jca/Hash.java:156:30:156:38 | Key | +| jca/Hash.java:157:26:157:41 | Message | +| jca/Hash.java:158:16:158:43 | VerifyOperation | +| jca/Hash.java:158:33:158:42 | SignatureInput | +| jca/Hash.java:172:43:172:53 | Parameter | +| jca/Hash.java:173:58:173:66 | HashAlgorithm | +| jca/Hash.java:174:23:174:52 | Digest | +| jca/Hash.java:174:23:174:52 | HashOperation | +| jca/Hash.java:174:37:174:51 | Message | +| jca/Hash.java:190:43:190:54 | Parameter | +| jca/Hash.java:191:32:191:38 | HashAlgorithm | +| jca/Hash.java:191:41:191:49 | HashAlgorithm | +| jca/Hash.java:191:52:191:60 | HashAlgorithm | +| jca/Hash.java:191:63:191:71 | HashAlgorithm | +| jca/Hash.java:191:74:191:82 | HashAlgorithm | +| jca/Hash.java:191:85:191:94 | HashAlgorithm | +| jca/Hash.java:191:97:191:106 | HashAlgorithm | +| jca/Hash.java:192:13:192:25 | HashAlgorithm | +| jca/Hash.java:192:28:192:40 | HashAlgorithm | +| jca/Hash.java:192:43:192:47 | HashAlgorithm | +| jca/Hash.java:195:27:195:57 | Digest | +| jca/Hash.java:195:27:195:57 | HashOperation | +| jca/Hash.java:195:41:195:56 | Message | +| jca/Hash.java:211:43:211:54 | Parameter | +| jca/Hash.java:211:57:211:66 | Parameter | +| jca/Hash.java:212:32:212:41 | KeyOperationAlgorithm | +| jca/Hash.java:212:44:212:55 | KeyOperationAlgorithm | +| jca/Hash.java:212:58:212:69 | KeyOperationAlgorithm | +| jca/Hash.java:212:72:212:83 | KeyOperationAlgorithm | +| jca/Hash.java:212:86:212:99 | KeyOperationAlgorithm | +| jca/Hash.java:212:102:212:115 | KeyOperationAlgorithm | +| jca/Hash.java:216:22:216:30 | Key | +| jca/Hash.java:217:27:217:55 | KeyOperationOutput | +| jca/Hash.java:217:27:217:55 | MACOperation | +| jca/Hash.java:217:39:217:54 | Message | +| jca/Hash.java:232:40:232:54 | Parameter | +| jca/Hash.java:235:42:235:63 | Message | +| jca/Hash.java:235:66:235:69 | Salt | +| jca/Hash.java:235:72:235:76 | Constant | +| jca/Hash.java:235:79:235:81 | Constant | +| jca/Hash.java:236:65:236:86 | HMACAlgorithm | +| jca/Hash.java:236:65:236:86 | HashAlgorithm | +| jca/Hash.java:236:65:236:86 | KeyDerivationAlgorithm | +| jca/Hash.java:237:23:237:50 | Key | +| jca/Hash.java:237:23:237:50 | KeyDerivation | +| jca/Hash.java:252:23:252:70 | Digest | +| jca/Hash.java:252:23:252:70 | HashOperation | +| jca/Hash.java:252:37:252:58 | Constant | +| jca/Hash.java:252:37:252:69 | Message | +| jca/Hash.java:266:32:266:40 | HashAlgorithm | +| jca/Hash.java:266:43:266:51 | HashAlgorithm | +| jca/Hash.java:266:54:266:63 | HashAlgorithm | +| jca/Hash.java:266:66:266:75 | HashAlgorithm | +| jca/Hash.java:269:27:269:38 | Constant | +| jca/Hash.java:270:27:270:30 | Message | +| jca/Hash.java:271:40:271:54 | Digest | +| jca/Hash.java:271:40:271:54 | HashOperation | +| jca/Hash.java:294:16:294:66 | LocalData | +| jca/Hash.java:294:57:294:65 | HashAlgorithm | +| jca/Hash.java:310:9:310:42 | RandomNumberGeneration | +| jca/Hash.java:310:38:310:41 | RandomNumberGeneration | | jca/IVArtifact.java:30:44:30:65 | KeyOperationAlgorithm | | jca/IVArtifact.java:30:44:30:65 | ModeOfOperation | | jca/IVArtifact.java:30:44:30:65 | PaddingAlgorithm | @@ -667,849 +667,849 @@ | jca/IVArtifact.java:81:9:81:40 | RandomNumberGeneration | | jca/IVArtifact.java:81:38:81:39 | RandomNumberGeneration | | jca/IVArtifact.java:87:32:87:33 | RandomNumberGeneration | -| jca/IVArtifact.java:106:44:106:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:106:44:106:62 | ModeOfOperation | -| jca/IVArtifact.java:106:44:106:62 | PaddingAlgorithm | -| jca/IVArtifact.java:109:42:109:44 | Key | -| jca/IVArtifact.java:109:47:109:50 | Nonce | -| jca/IVArtifact.java:110:16:110:40 | EncryptOperation | -| jca/IVArtifact.java:110:16:110:40 | KeyOperationOutput | -| jca/IVArtifact.java:110:31:110:39 | Message | -| jca/IVArtifact.java:118:31:118:34 | Constant | -| jca/IVArtifact.java:132:13:132:50 | RandomNumberGeneration | -| jca/IVArtifact.java:132:42:132:49 | RandomNumberGeneration | -| jca/IVArtifact.java:134:44:134:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:134:44:134:62 | ModeOfOperation | -| jca/IVArtifact.java:134:44:134:62 | PaddingAlgorithm | -| jca/IVArtifact.java:136:42:136:44 | Key | -| jca/IVArtifact.java:136:47:136:50 | Nonce | -| jca/IVArtifact.java:137:16:137:40 | EncryptOperation | -| jca/IVArtifact.java:137:16:137:40 | KeyOperationOutput | -| jca/IVArtifact.java:137:31:137:39 | Message | -| jca/IVArtifact.java:157:58:157:66 | HashAlgorithm | -| jca/IVArtifact.java:158:31:158:78 | Digest | -| jca/IVArtifact.java:158:31:158:78 | HashOperation | -| jca/IVArtifact.java:158:45:158:59 | Constant | -| jca/IVArtifact.java:158:45:158:77 | Message | -| jca/IVArtifact.java:160:44:160:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:160:44:160:62 | ModeOfOperation | -| jca/IVArtifact.java:160:44:160:62 | PaddingAlgorithm | -| jca/IVArtifact.java:162:42:162:44 | Key | -| jca/IVArtifact.java:162:47:162:50 | Nonce | -| jca/IVArtifact.java:163:16:163:40 | EncryptOperation | -| jca/IVArtifact.java:163:16:163:40 | KeyOperationOutput | -| jca/IVArtifact.java:163:31:163:39 | Message | -| jca/IVArtifact.java:183:9:183:40 | RandomNumberGeneration | -| jca/IVArtifact.java:183:38:183:39 | RandomNumberGeneration | -| jca/IVArtifact.java:186:48:186:66 | KeyOperationAlgorithm | -| jca/IVArtifact.java:186:48:186:66 | ModeOfOperation | -| jca/IVArtifact.java:186:48:186:66 | PaddingAlgorithm | -| jca/IVArtifact.java:188:46:188:48 | Key | -| jca/IVArtifact.java:188:51:188:54 | Nonce | -| jca/IVArtifact.java:189:30:189:58 | EncryptOperation | -| jca/IVArtifact.java:189:30:189:58 | KeyOperationOutput | -| jca/IVArtifact.java:189:45:189:57 | Message | -| jca/IVArtifact.java:204:44:204:62 | KeyOperationAlgorithm | -| jca/IVArtifact.java:204:44:204:62 | ModeOfOperation | -| jca/IVArtifact.java:204:44:204:62 | PaddingAlgorithm | -| jca/IVArtifact.java:207:42:207:44 | Key | -| jca/IVArtifact.java:207:47:207:50 | Nonce | -| jca/IVArtifact.java:208:16:208:40 | EncryptOperation | -| jca/IVArtifact.java:208:16:208:40 | KeyOperationOutput | -| jca/IVArtifact.java:208:31:208:39 | Message | -| jca/IVArtifact.java:221:53:221:65 | Parameter | -| jca/IVArtifact.java:221:68:221:83 | Parameter | -| jca/IVArtifact.java:242:60:242:72 | Parameter | -| jca/IVArtifact.java:242:75:242:90 | Parameter | -| jca/IVArtifact.java:261:56:261:60 | KeyOperationAlgorithm | -| jca/IVArtifact.java:262:21:262:23 | Constant | -| jca/IVArtifact.java:263:29:263:44 | Key | -| jca/IVArtifact.java:263:29:263:44 | KeyGeneration | -| jca/IVArtifact.java:264:32:264:47 | Constant | -| jca/IVArtifact.java:283:35:283:47 | Constant | -| jca/IVArtifact.java:283:61:283:73 | Constant | -| jca/IVArtifact.java:283:87:283:101 | Constant | -| jca/KeyAgreementHybridCryptosystem.java:60:47:60:57 | EllipticCurve | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:61:16:61:36 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:68:61:68:68 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:69:24:69:26 | Constant | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | Key | -| jca/KeyAgreementHybridCryptosystem.java:70:16:70:36 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:78:17:78:26 | Key | -| jca/KeyAgreementHybridCryptosystem.java:79:20:79:28 | Key | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | KeyAgreementOperation | -| jca/KeyAgreementHybridCryptosystem.java:80:16:80:34 | SharedSecret | -| jca/KeyAgreementHybridCryptosystem.java:88:58:88:66 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:89:23:89:42 | HashOperation | -| jca/KeyAgreementHybridCryptosystem.java:89:37:89:41 | Message | -| jca/KeyAgreementHybridCryptosystem.java:115:90:115:95 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:119:44:119:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:121:9:121:40 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:121:38:121:39 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:123:42:123:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:123:50:123:53 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | EncryptOperation | -| jca/KeyAgreementHybridCryptosystem.java:124:29:124:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:124:44:124:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:137:95:137:100 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:142:44:142:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:144:42:144:47 | Key | -| jca/KeyAgreementHybridCryptosystem.java:144:50:144:53 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | EncryptOperation | -| jca/KeyAgreementHybridCryptosystem.java:145:29:145:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:145:44:145:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:162:91:162:98 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | Digest | -| jca/KeyAgreementHybridCryptosystem.java:163:33:163:89 | HashOperation | -| jca/KeyAgreementHybridCryptosystem.java:163:59:163:67 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:163:77:163:88 | Message | -| jca/KeyAgreementHybridCryptosystem.java:166:44:166:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:168:9:168:43 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:168:38:168:42 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:169:42:169:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:169:53:169:78 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | EncryptOperation | -| jca/KeyAgreementHybridCryptosystem.java:170:29:170:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:170:44:170:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:183:95:183:102 | KeyAgreementAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:189:42:189:50 | Key | -| jca/KeyAgreementHybridCryptosystem.java:189:53:189:83 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | EncryptOperation | -| jca/KeyAgreementHybridCryptosystem.java:190:29:190:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:190:44:190:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:204:58:204:73 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:230:58:230:70 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:230:73:230:88 | Parameter | -| jca/KeyAgreementHybridCryptosystem.java:233:42:233:66 | Message | -| jca/KeyAgreementHybridCryptosystem.java:233:69:233:72 | Salt | -| jca/KeyAgreementHybridCryptosystem.java:233:75:233:79 | Constant | -| jca/KeyAgreementHybridCryptosystem.java:233:82:233:84 | Constant | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HMACAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | HashAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:234:65:234:86 | KeyDerivationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | Key | -| jca/KeyAgreementHybridCryptosystem.java:235:26:235:53 | KeyDerivation | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | ModeOfOperation | -| jca/KeyAgreementHybridCryptosystem.java:241:44:241:62 | PaddingAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:243:9:243:40 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:243:38:243:39 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:245:42:245:54 | Key | -| jca/KeyAgreementHybridCryptosystem.java:245:57:245:63 | Nonce | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | EncryptOperation | -| jca/KeyAgreementHybridCryptosystem.java:246:29:246:53 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:246:44:246:52 | Message | -| jca/KeyAgreementHybridCryptosystem.java:248:35:248:46 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:249:18:249:30 | Key | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | KeyOperationOutput | -| jca/KeyAgreementHybridCryptosystem.java:250:30:250:52 | MACOperation | -| jca/KeyAgreementHybridCryptosystem.java:250:42:250:51 | Message | -| jca/KeyAgreementHybridCryptosystem.java:279:52:279:56 | KeyOperationAlgorithm | -| jca/KeyAgreementHybridCryptosystem.java:280:17:280:19 | Constant | -| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | Key | -| jca/KeyAgreementHybridCryptosystem.java:281:16:281:31 | KeyGeneration | -| jca/KeyAgreementHybridCryptosystem.java:289:9:289:42 | RandomNumberGeneration | -| jca/KeyAgreementHybridCryptosystem.java:289:38:289:41 | RandomNumberGeneration | -| jca/KeyArtifact.java:19:56:19:60 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:20:21:20:23 | Constant | -| jca/KeyArtifact.java:21:31:21:50 | Key | -| jca/KeyArtifact.java:21:31:21:50 | KeyGeneration | -| jca/KeyArtifact.java:24:43:24:47 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:25:21:25:23 | Constant | -| jca/KeyArtifact.java:26:30:26:49 | Key | -| jca/KeyArtifact.java:26:30:26:49 | KeyGeneration | -| jca/KeyArtifact.java:31:68:31:72 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:32:31:32:34 | Constant | -| jca/KeyArtifact.java:33:30:33:57 | Key | -| jca/KeyArtifact.java:33:30:33:57 | KeyGeneration | -| jca/KeyArtifact.java:36:51:36:55 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:37:31:37:34 | Constant | -| jca/KeyArtifact.java:38:29:38:56 | Key | -| jca/KeyArtifact.java:38:29:38:56 | KeyGeneration | -| jca/KeyArtifact.java:42:31:42:33 | Constant | -| jca/KeyArtifact.java:43:26:43:53 | Key | -| jca/KeyArtifact.java:43:26:43:53 | KeyGeneration | -| jca/KeyArtifact.java:63:28:63:73 | LocalData | -| jca/KeyArtifact.java:63:68:63:72 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:66:21:66:23 | Constant | -| jca/KeyArtifact.java:67:32:67:51 | Key | -| jca/KeyArtifact.java:67:32:67:51 | KeyGeneration | -| jca/KeyArtifact.java:73:31:73:34 | Constant | -| jca/KeyArtifact.java:74:16:74:43 | Key | -| jca/KeyArtifact.java:74:16:74:43 | KeyGeneration | -| jca/KeyArtifact.java:79:33:79:37 | KeyOperationAlgorithm | -| jca/KeyArtifact.java:79:46:79:54 | Constant | -| jca/KeyDerivation1.java:92:39:92:53 | Parameter | +| jca/IVArtifact.java:105:44:105:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:105:44:105:62 | ModeOfOperation | +| jca/IVArtifact.java:105:44:105:62 | PaddingAlgorithm | +| jca/IVArtifact.java:108:42:108:44 | Key | +| jca/IVArtifact.java:108:47:108:50 | Nonce | +| jca/IVArtifact.java:109:16:109:40 | EncryptOperation | +| jca/IVArtifact.java:109:16:109:40 | KeyOperationOutput | +| jca/IVArtifact.java:109:31:109:39 | Message | +| jca/IVArtifact.java:116:31:116:34 | Constant | +| jca/IVArtifact.java:130:13:130:50 | RandomNumberGeneration | +| jca/IVArtifact.java:130:42:130:49 | RandomNumberGeneration | +| jca/IVArtifact.java:132:44:132:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:132:44:132:62 | ModeOfOperation | +| jca/IVArtifact.java:132:44:132:62 | PaddingAlgorithm | +| jca/IVArtifact.java:134:42:134:44 | Key | +| jca/IVArtifact.java:134:47:134:50 | Nonce | +| jca/IVArtifact.java:135:16:135:40 | EncryptOperation | +| jca/IVArtifact.java:135:16:135:40 | KeyOperationOutput | +| jca/IVArtifact.java:135:31:135:39 | Message | +| jca/IVArtifact.java:153:58:153:66 | HashAlgorithm | +| jca/IVArtifact.java:154:31:154:78 | Digest | +| jca/IVArtifact.java:154:31:154:78 | HashOperation | +| jca/IVArtifact.java:154:45:154:59 | Constant | +| jca/IVArtifact.java:154:45:154:77 | Message | +| jca/IVArtifact.java:156:44:156:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:156:44:156:62 | ModeOfOperation | +| jca/IVArtifact.java:156:44:156:62 | PaddingAlgorithm | +| jca/IVArtifact.java:158:42:158:44 | Key | +| jca/IVArtifact.java:158:47:158:50 | Nonce | +| jca/IVArtifact.java:159:16:159:40 | EncryptOperation | +| jca/IVArtifact.java:159:16:159:40 | KeyOperationOutput | +| jca/IVArtifact.java:159:31:159:39 | Message | +| jca/IVArtifact.java:177:9:177:40 | RandomNumberGeneration | +| jca/IVArtifact.java:177:38:177:39 | RandomNumberGeneration | +| jca/IVArtifact.java:180:48:180:66 | KeyOperationAlgorithm | +| jca/IVArtifact.java:180:48:180:66 | ModeOfOperation | +| jca/IVArtifact.java:180:48:180:66 | PaddingAlgorithm | +| jca/IVArtifact.java:182:46:182:48 | Key | +| jca/IVArtifact.java:182:51:182:54 | Nonce | +| jca/IVArtifact.java:183:30:183:58 | EncryptOperation | +| jca/IVArtifact.java:183:30:183:58 | KeyOperationOutput | +| jca/IVArtifact.java:183:45:183:57 | Message | +| jca/IVArtifact.java:198:44:198:62 | KeyOperationAlgorithm | +| jca/IVArtifact.java:198:44:198:62 | ModeOfOperation | +| jca/IVArtifact.java:198:44:198:62 | PaddingAlgorithm | +| jca/IVArtifact.java:201:42:201:44 | Key | +| jca/IVArtifact.java:201:47:201:50 | Nonce | +| jca/IVArtifact.java:202:16:202:40 | EncryptOperation | +| jca/IVArtifact.java:202:16:202:40 | KeyOperationOutput | +| jca/IVArtifact.java:202:31:202:39 | Message | +| jca/IVArtifact.java:215:53:215:65 | Parameter | +| jca/IVArtifact.java:215:68:215:83 | Parameter | +| jca/IVArtifact.java:235:60:235:72 | Parameter | +| jca/IVArtifact.java:235:75:235:90 | Parameter | +| jca/IVArtifact.java:253:56:253:60 | KeyOperationAlgorithm | +| jca/IVArtifact.java:254:21:254:23 | Constant | +| jca/IVArtifact.java:255:29:255:44 | Key | +| jca/IVArtifact.java:255:29:255:44 | KeyGeneration | +| jca/IVArtifact.java:256:32:256:47 | Constant | +| jca/IVArtifact.java:275:34:275:46 | Constant | +| jca/IVArtifact.java:275:60:275:72 | Constant | +| jca/IVArtifact.java:275:86:275:100 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:50:47:50:57 | EllipticCurve | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:51:16:51:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:58:61:58:68 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:59:24:59:26 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | Key | +| jca/KeyAgreementHybridCryptosystem.java:60:16:60:36 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:68:17:68:26 | Key | +| jca/KeyAgreementHybridCryptosystem.java:69:20:69:28 | Key | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | KeyAgreementOperation | +| jca/KeyAgreementHybridCryptosystem.java:70:16:70:34 | SharedSecret | +| jca/KeyAgreementHybridCryptosystem.java:78:58:78:66 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:79:23:79:42 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:79:37:79:41 | Message | +| jca/KeyAgreementHybridCryptosystem.java:104:90:104:95 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:108:44:108:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:110:9:110:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:110:38:110:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:112:42:112:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:112:50:112:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:113:29:113:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:113:44:113:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:125:95:125:100 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:130:44:130:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:132:42:132:47 | Key | +| jca/KeyAgreementHybridCryptosystem.java:132:50:132:53 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:133:29:133:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:133:44:133:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:149:91:149:98 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | Digest | +| jca/KeyAgreementHybridCryptosystem.java:150:33:150:89 | HashOperation | +| jca/KeyAgreementHybridCryptosystem.java:150:59:150:67 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:150:77:150:88 | Message | +| jca/KeyAgreementHybridCryptosystem.java:153:44:153:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:155:9:155:43 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:155:38:155:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:156:42:156:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:156:53:156:78 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:157:29:157:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:157:44:157:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:169:95:169:102 | KeyAgreementAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:174:44:174:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:175:42:175:50 | Key | +| jca/KeyAgreementHybridCryptosystem.java:175:53:175:83 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:176:29:176:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:176:44:176:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:188:58:188:73 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:212:58:212:70 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:212:73:212:88 | Parameter | +| jca/KeyAgreementHybridCryptosystem.java:215:42:215:66 | Message | +| jca/KeyAgreementHybridCryptosystem.java:215:69:215:72 | Salt | +| jca/KeyAgreementHybridCryptosystem.java:215:75:215:79 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:215:82:215:84 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HMACAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | HashAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:216:65:216:86 | KeyDerivationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | Key | +| jca/KeyAgreementHybridCryptosystem.java:217:26:217:53 | KeyDerivation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | ModeOfOperation | +| jca/KeyAgreementHybridCryptosystem.java:223:44:223:62 | PaddingAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:225:9:225:40 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:225:38:225:39 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:227:42:227:54 | Key | +| jca/KeyAgreementHybridCryptosystem.java:227:57:227:63 | Nonce | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | EncryptOperation | +| jca/KeyAgreementHybridCryptosystem.java:228:29:228:53 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:228:44:228:52 | Message | +| jca/KeyAgreementHybridCryptosystem.java:230:35:230:46 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:231:18:231:30 | Key | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | KeyOperationOutput | +| jca/KeyAgreementHybridCryptosystem.java:232:30:232:52 | MACOperation | +| jca/KeyAgreementHybridCryptosystem.java:232:42:232:51 | Message | +| jca/KeyAgreementHybridCryptosystem.java:259:52:259:56 | KeyOperationAlgorithm | +| jca/KeyAgreementHybridCryptosystem.java:260:17:260:19 | Constant | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | Key | +| jca/KeyAgreementHybridCryptosystem.java:261:16:261:31 | KeyGeneration | +| jca/KeyAgreementHybridCryptosystem.java:269:9:269:42 | RandomNumberGeneration | +| jca/KeyAgreementHybridCryptosystem.java:269:38:269:41 | RandomNumberGeneration | +| jca/KeyArtifact.java:18:56:18:60 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:19:21:19:23 | Constant | +| jca/KeyArtifact.java:20:31:20:50 | Key | +| jca/KeyArtifact.java:20:31:20:50 | KeyGeneration | +| jca/KeyArtifact.java:23:43:23:47 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:24:21:24:23 | Constant | +| jca/KeyArtifact.java:25:30:25:49 | Key | +| jca/KeyArtifact.java:25:30:25:49 | KeyGeneration | +| jca/KeyArtifact.java:30:68:30:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:31:31:31:34 | Constant | +| jca/KeyArtifact.java:32:30:32:57 | Key | +| jca/KeyArtifact.java:32:30:32:57 | KeyGeneration | +| jca/KeyArtifact.java:35:51:35:55 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:36:31:36:34 | Constant | +| jca/KeyArtifact.java:37:29:37:56 | Key | +| jca/KeyArtifact.java:37:29:37:56 | KeyGeneration | +| jca/KeyArtifact.java:41:31:41:33 | Constant | +| jca/KeyArtifact.java:42:26:42:53 | Key | +| jca/KeyArtifact.java:42:26:42:53 | KeyGeneration | +| jca/KeyArtifact.java:62:28:62:73 | LocalData | +| jca/KeyArtifact.java:62:68:62:72 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:65:21:65:23 | Constant | +| jca/KeyArtifact.java:66:32:66:51 | Key | +| jca/KeyArtifact.java:66:32:66:51 | KeyGeneration | +| jca/KeyArtifact.java:72:31:72:34 | Constant | +| jca/KeyArtifact.java:73:16:73:43 | Key | +| jca/KeyArtifact.java:73:16:73:43 | KeyGeneration | +| jca/KeyArtifact.java:78:32:78:36 | KeyOperationAlgorithm | +| jca/KeyArtifact.java:78:45:78:53 | Constant | +| jca/KeyDerivation1.java:78:39:78:53 | Parameter | +| jca/KeyDerivation1.java:80:42:80:63 | Message | +| jca/KeyDerivation1.java:80:66:80:69 | Salt | +| jca/KeyDerivation1.java:80:72:80:76 | Constant | +| jca/KeyDerivation1.java:80:79:80:81 | Constant | +| jca/KeyDerivation1.java:81:65:81:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | HashAlgorithm | +| jca/KeyDerivation1.java:81:65:81:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:82:22:82:49 | Key | +| jca/KeyDerivation1.java:82:22:82:49 | KeyDerivation | +| jca/KeyDerivation1.java:92:36:92:50 | Parameter | | jca/KeyDerivation1.java:94:42:94:63 | Message | | jca/KeyDerivation1.java:94:66:94:69 | Salt | -| jca/KeyDerivation1.java:94:72:94:76 | Constant | -| jca/KeyDerivation1.java:94:79:94:81 | Constant | +| jca/KeyDerivation1.java:94:72:94:73 | Constant | +| jca/KeyDerivation1.java:94:76:94:78 | Constant | | jca/KeyDerivation1.java:95:65:95:86 | HMACAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | HashAlgorithm | | jca/KeyDerivation1.java:95:65:95:86 | KeyDerivationAlgorithm | | jca/KeyDerivation1.java:96:22:96:49 | Key | | jca/KeyDerivation1.java:96:22:96:49 | KeyDerivation | -| jca/KeyDerivation1.java:109:36:109:50 | Parameter | -| jca/KeyDerivation1.java:111:42:111:63 | Message | -| jca/KeyDerivation1.java:111:66:111:69 | Salt | -| jca/KeyDerivation1.java:111:72:111:73 | Constant | -| jca/KeyDerivation1.java:111:76:111:78 | Constant | -| jca/KeyDerivation1.java:112:65:112:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:112:65:112:86 | HashAlgorithm | -| jca/KeyDerivation1.java:112:65:112:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:113:22:113:49 | Key | -| jca/KeyDerivation1.java:113:22:113:49 | KeyDerivation | -| jca/KeyDerivation1.java:124:37:124:51 | Parameter | -| jca/KeyDerivation1.java:126:42:126:63 | Message | -| jca/KeyDerivation1.java:126:66:126:69 | Salt | -| jca/KeyDerivation1.java:126:72:126:80 | Constant | -| jca/KeyDerivation1.java:126:83:126:85 | Constant | -| jca/KeyDerivation1.java:127:65:127:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:127:65:127:86 | HashAlgorithm | -| jca/KeyDerivation1.java:127:65:127:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:128:22:128:49 | Key | -| jca/KeyDerivation1.java:128:22:128:49 | KeyDerivation | -| jca/KeyDerivation1.java:140:32:140:46 | Parameter | -| jca/KeyDerivation1.java:142:42:142:63 | Message | -| jca/KeyDerivation1.java:142:66:142:69 | Salt | -| jca/KeyDerivation1.java:142:72:142:76 | Constant | -| jca/KeyDerivation1.java:142:79:142:81 | Constant | -| jca/KeyDerivation1.java:143:65:143:84 | HMACAlgorithm | -| jca/KeyDerivation1.java:143:65:143:84 | HashAlgorithm | -| jca/KeyDerivation1.java:143:65:143:84 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:144:22:144:49 | Key | -| jca/KeyDerivation1.java:144:22:144:49 | KeyDerivation | -| jca/KeyDerivation1.java:155:34:155:48 | Parameter | +| jca/KeyDerivation1.java:106:37:106:51 | Parameter | +| jca/KeyDerivation1.java:108:42:108:63 | Message | +| jca/KeyDerivation1.java:108:66:108:69 | Salt | +| jca/KeyDerivation1.java:108:72:108:80 | Constant | +| jca/KeyDerivation1.java:108:83:108:85 | Constant | +| jca/KeyDerivation1.java:109:65:109:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | HashAlgorithm | +| jca/KeyDerivation1.java:109:65:109:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:110:22:110:49 | Key | +| jca/KeyDerivation1.java:110:22:110:49 | KeyDerivation | +| jca/KeyDerivation1.java:120:32:120:46 | Parameter | +| jca/KeyDerivation1.java:122:42:122:63 | Message | +| jca/KeyDerivation1.java:122:66:122:69 | Salt | +| jca/KeyDerivation1.java:122:72:122:76 | Constant | +| jca/KeyDerivation1.java:122:79:122:81 | Constant | +| jca/KeyDerivation1.java:123:65:123:84 | HMACAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | HashAlgorithm | +| jca/KeyDerivation1.java:123:65:123:84 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:124:22:124:49 | Key | +| jca/KeyDerivation1.java:124:22:124:49 | KeyDerivation | +| jca/KeyDerivation1.java:134:34:134:48 | Parameter | +| jca/KeyDerivation1.java:136:42:136:63 | Message | +| jca/KeyDerivation1.java:136:66:136:69 | Salt | +| jca/KeyDerivation1.java:136:72:136:77 | Constant | +| jca/KeyDerivation1.java:136:80:136:82 | Constant | +| jca/KeyDerivation1.java:137:65:137:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | HashAlgorithm | +| jca/KeyDerivation1.java:137:65:137:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:138:22:138:49 | Key | +| jca/KeyDerivation1.java:138:22:138:49 | KeyDerivation | +| jca/KeyDerivation1.java:154:28:154:42 | Parameter | | jca/KeyDerivation1.java:157:42:157:63 | Message | | jca/KeyDerivation1.java:157:66:157:69 | Salt | -| jca/KeyDerivation1.java:157:72:157:77 | Constant | -| jca/KeyDerivation1.java:157:80:157:82 | Constant | -| jca/KeyDerivation1.java:158:65:158:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:158:65:158:86 | HashAlgorithm | -| jca/KeyDerivation1.java:158:65:158:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:157:72:157:75 | Constant | +| jca/KeyDerivation1.java:157:78:157:80 | Constant | +| jca/KeyDerivation1.java:158:65:158:72 | Constant | | jca/KeyDerivation1.java:159:22:159:49 | Key | | jca/KeyDerivation1.java:159:22:159:49 | KeyDerivation | -| jca/KeyDerivation1.java:175:28:175:42 | Parameter | -| jca/KeyDerivation1.java:178:42:178:63 | Message | -| jca/KeyDerivation1.java:178:66:178:69 | Salt | -| jca/KeyDerivation1.java:178:72:178:75 | Constant | -| jca/KeyDerivation1.java:178:78:178:80 | Constant | -| jca/KeyDerivation1.java:179:65:179:72 | Constant | -| jca/KeyDerivation1.java:180:22:180:49 | Key | -| jca/KeyDerivation1.java:180:22:180:49 | KeyDerivation | -| jca/KeyDerivation1.java:191:30:191:44 | Parameter | -| jca/KeyDerivation1.java:194:42:194:63 | Message | -| jca/KeyDerivation1.java:194:66:194:69 | Salt | -| jca/KeyDerivation1.java:194:72:194:76 | Constant | -| jca/KeyDerivation1.java:194:79:194:81 | Constant | -| jca/KeyDerivation1.java:195:65:195:72 | Constant | -| jca/KeyDerivation1.java:196:22:196:49 | Key | -| jca/KeyDerivation1.java:196:22:196:49 | KeyDerivation | -| jca/KeyDerivation1.java:264:45:264:56 | Parameter | -| jca/KeyDerivation1.java:265:58:265:66 | HashAlgorithm | -| jca/KeyDerivation1.java:266:29:266:59 | Digest | -| jca/KeyDerivation1.java:266:29:266:59 | HashOperation | -| jca/KeyDerivation1.java:266:43:266:58 | Message | -| jca/KeyDerivation1.java:271:70:271:88 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:271:70:271:88 | ModeOfOperation | -| jca/KeyDerivation1.java:271:70:271:88 | PaddingAlgorithm | -| jca/KeyDerivation1.java:272:55:272:57 | Key | -| jca/KeyDerivation1.java:273:29:273:74 | EncryptOperation | -| jca/KeyDerivation1.java:273:29:273:74 | KeyOperationOutput | -| jca/KeyDerivation1.java:273:44:273:62 | Constant | -| jca/KeyDerivation1.java:273:44:273:73 | Message | -| jca/KeyDerivation1.java:291:32:291:41 | Parameter | -| jca/KeyDerivation1.java:306:43:306:57 | Parameter | -| jca/KeyDerivation1.java:306:60:306:78 | Parameter | -| jca/KeyDerivation1.java:325:37:325:51 | Parameter | -| jca/KeyDerivation1.java:332:25:332:76 | LocalData | -| jca/KeyDerivation1.java:332:54:332:75 | HMACAlgorithm | -| jca/KeyDerivation1.java:332:54:332:75 | HashAlgorithm | -| jca/KeyDerivation1.java:332:54:332:75 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:333:43:333:86 | LocalData | -| jca/KeyDerivation1.java:334:40:334:78 | LocalData | -| jca/KeyDerivation1.java:337:42:337:63 | Message | -| jca/KeyDerivation1.java:337:66:337:69 | Salt | -| jca/KeyDerivation1.java:339:26:339:53 | Key | -| jca/KeyDerivation1.java:339:26:339:53 | KeyDerivation | -| jca/KeyDerivation1.java:356:42:356:63 | Message | -| jca/KeyDerivation1.java:356:66:356:69 | Salt | -| jca/KeyDerivation1.java:356:72:356:76 | Constant | -| jca/KeyDerivation1.java:356:79:356:81 | Constant | -| jca/KeyDerivation1.java:357:65:357:86 | HMACAlgorithm | -| jca/KeyDerivation1.java:357:65:357:86 | HashAlgorithm | -| jca/KeyDerivation1.java:357:65:357:86 | KeyDerivationAlgorithm | -| jca/KeyDerivation1.java:358:16:358:43 | Key | -| jca/KeyDerivation1.java:358:16:358:43 | KeyDerivation | -| jca/KeyDerivation1.java:370:36:370:47 | KeyOperationAlgorithm | -| jca/KeyDerivation1.java:372:19:372:27 | Key | -| jca/KeyDerivation1.java:373:22:373:38 | KeyOperationOutput | -| jca/KeyDerivation1.java:373:22:373:38 | MACOperation | -| jca/KeyDerivation1.java:373:35:373:37 | Message | -| jca/KeyDerivation1.java:377:19:377:54 | Key | -| jca/KeyDerivation1.java:378:22:378:62 | KeyOperationOutput | -| jca/KeyDerivation1.java:378:22:378:62 | MACOperation | -| jca/KeyDerivation1.java:378:35:378:50 | Constant | -| jca/KeyDerivation1.java:378:35:378:61 | Message | -| jca/KeyDerivation1.java:391:9:391:42 | RandomNumberGeneration | -| jca/KeyDerivation1.java:391:38:391:41 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:64:56:64:60 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:65:21:65:23 | Constant | -| jca/KeyEncapsulation.java:66:28:66:47 | Key | -| jca/KeyEncapsulation.java:66:28:66:47 | KeyGeneration | -| jca/KeyEncapsulation.java:71:47:71:85 | HashAlgorithm | -| jca/KeyEncapsulation.java:71:47:71:85 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:71:47:71:85 | ModeOfOperation | -| jca/KeyEncapsulation.java:71:47:71:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:72:45:72:50 | Key | -| jca/KeyEncapsulation.java:73:29:73:66 | EncryptOperation | -| jca/KeyEncapsulation.java:73:29:73:66 | KeyOperationOutput | -| jca/KeyEncapsulation.java:73:47:73:65 | Message | -| jca/KeyEncapsulation.java:77:47:77:65 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:77:47:77:65 | ModeOfOperation | -| jca/KeyEncapsulation.java:77:47:77:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:79:9:79:40 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:79:38:79:39 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:81:45:81:50 | Key | -| jca/KeyEncapsulation.java:81:53:81:59 | Nonce | -| jca/KeyEncapsulation.java:82:29:82:80 | EncryptOperation | -| jca/KeyEncapsulation.java:82:29:82:80 | KeyOperationOutput | -| jca/KeyEncapsulation.java:82:47:82:68 | Constant | -| jca/KeyEncapsulation.java:82:47:82:79 | Message | -| jca/KeyEncapsulation.java:96:37:96:54 | Parameter | -| jca/KeyEncapsulation.java:96:57:96:73 | Parameter | -| jca/KeyEncapsulation.java:97:47:97:85 | HashAlgorithm | -| jca/KeyEncapsulation.java:97:47:97:85 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:97:47:97:85 | ModeOfOperation | -| jca/KeyEncapsulation.java:97:47:97:85 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:98:45:98:51 | Key | -| jca/KeyEncapsulation.java:99:30:99:58 | DecryptOperation | -| jca/KeyEncapsulation.java:99:30:99:58 | KeyOperationOutput | -| jca/KeyEncapsulation.java:99:48:99:57 | Message | -| jca/KeyEncapsulation.java:122:47:122:57 | EllipticCurve | -| jca/KeyEncapsulation.java:123:31:123:51 | Key | -| jca/KeyEncapsulation.java:123:31:123:51 | KeyGeneration | -| jca/KeyEncapsulation.java:126:52:126:57 | KeyAgreementAlgorithm | -| jca/KeyEncapsulation.java:127:17:127:40 | Key | -| jca/KeyEncapsulation.java:128:20:128:24 | Key | -| jca/KeyEncapsulation.java:129:31:129:49 | KeyAgreementOperation | -| jca/KeyEncapsulation.java:129:31:129:49 | SharedSecret | -| jca/KeyEncapsulation.java:138:47:138:65 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:138:47:138:65 | ModeOfOperation | -| jca/KeyEncapsulation.java:138:47:138:65 | PaddingAlgorithm | -| jca/KeyEncapsulation.java:140:9:140:40 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:140:38:140:39 | RandomNumberGeneration | -| jca/KeyEncapsulation.java:141:45:141:50 | Key | -| jca/KeyEncapsulation.java:141:53:141:81 | Nonce | -| jca/KeyEncapsulation.java:142:29:142:73 | EncryptOperation | -| jca/KeyEncapsulation.java:142:29:142:73 | KeyOperationOutput | -| jca/KeyEncapsulation.java:142:47:142:61 | Constant | -| jca/KeyEncapsulation.java:142:47:142:72 | Message | -| jca/KeyEncapsulation.java:191:47:191:57 | EllipticCurve | -| jca/KeyEncapsulation.java:192:31:192:51 | Key | -| jca/KeyEncapsulation.java:192:31:192:51 | KeyGeneration | -| jca/KeyEncapsulation.java:193:52:193:57 | KeyAgreementAlgorithm | -| jca/KeyEncapsulation.java:194:17:194:40 | Key | -| jca/KeyEncapsulation.java:195:20:195:34 | Key | -| jca/KeyEncapsulation.java:196:31:196:49 | KeyAgreementOperation | -| jca/KeyEncapsulation.java:196:31:196:49 | SharedSecret | -| jca/KeyEncapsulation.java:212:64:212:68 | KeyOperationAlgorithm | -| jca/KeyEncapsulation.java:213:27:213:30 | Constant | -| jca/KeyEncapsulation.java:214:25:214:48 | Key | -| jca/KeyEncapsulation.java:214:25:214:48 | KeyGeneration | -| jca/KeyEncapsulation.java:219:49:219:59 | EllipticCurve | -| jca/KeyEncapsulation.java:220:24:220:46 | Key | -| jca/KeyEncapsulation.java:220:24:220:46 | KeyGeneration | -| jca/KeyEncapsulation.java:232:31:232:53 | Key | -| jca/KeyEncapsulation.java:232:31:232:53 | KeyGeneration | -| jca/KeyExchange.java:58:63:58:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:59:26:59:29 | Constant | -| jca/KeyExchange.java:60:16:60:38 | Key | -| jca/KeyExchange.java:60:16:60:38 | KeyGeneration | -| jca/KeyExchange.java:74:63:74:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:76:26:76:28 | Constant | -| jca/KeyExchange.java:77:16:77:38 | Key | -| jca/KeyExchange.java:77:16:77:38 | KeyGeneration | -| jca/KeyExchange.java:90:63:90:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:91:26:91:29 | Constant | -| jca/KeyExchange.java:92:16:92:38 | Key | -| jca/KeyExchange.java:92:16:92:38 | KeyGeneration | -| jca/KeyExchange.java:107:52:107:55 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:108:17:108:26 | Key | -| jca/KeyExchange.java:109:20:109:28 | Key | -| jca/KeyExchange.java:110:16:110:34 | KeyAgreementOperation | -| jca/KeyExchange.java:110:16:110:34 | SharedSecret | -| jca/KeyExchange.java:129:49:129:59 | EllipticCurve | -| jca/KeyExchange.java:130:16:130:38 | Key | -| jca/KeyExchange.java:130:16:130:38 | KeyGeneration | -| jca/KeyExchange.java:145:52:145:57 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:146:17:146:26 | Key | -| jca/KeyExchange.java:147:20:147:28 | Key | -| jca/KeyExchange.java:148:16:148:34 | KeyAgreementOperation | -| jca/KeyExchange.java:148:16:148:34 | SharedSecret | -| jca/KeyExchange.java:165:61:165:68 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:167:24:167:26 | Constant | -| jca/KeyExchange.java:168:16:168:36 | Key | -| jca/KeyExchange.java:168:16:168:36 | KeyGeneration | -| jca/KeyExchange.java:183:52:183:59 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:184:17:184:26 | Key | -| jca/KeyExchange.java:185:20:185:28 | Key | -| jca/KeyExchange.java:186:16:186:34 | KeyAgreementOperation | -| jca/KeyExchange.java:186:16:186:34 | SharedSecret | -| jca/KeyExchange.java:203:61:203:66 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:205:24:205:26 | Constant | -| jca/KeyExchange.java:206:16:206:36 | Key | -| jca/KeyExchange.java:206:16:206:36 | KeyGeneration | -| jca/KeyExchange.java:221:52:221:57 | KeyAgreementAlgorithm | -| jca/KeyExchange.java:222:17:222:26 | Key | -| jca/KeyExchange.java:223:20:223:28 | Key | -| jca/KeyExchange.java:224:16:224:34 | KeyAgreementOperation | -| jca/KeyExchange.java:224:16:224:34 | SharedSecret | -| jca/MACOperation.java:65:36:65:49 | Parameter | -| jca/MACOperation.java:65:52:65:61 | Parameter | -| jca/MACOperation.java:66:35:66:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:68:18:68:26 | Key | -| jca/MACOperation.java:69:16:69:46 | KeyOperationOutput | -| jca/MACOperation.java:69:16:69:46 | MACOperation | -| jca/MACOperation.java:69:28:69:45 | Message | -| jca/MACOperation.java:76:34:76:47 | Parameter | -| jca/MACOperation.java:76:50:76:59 | Parameter | -| jca/MACOperation.java:77:35:77:48 | KeyOperationAlgorithm | -| jca/MACOperation.java:79:18:79:26 | Key | -| jca/MACOperation.java:80:16:80:46 | KeyOperationOutput | -| jca/MACOperation.java:80:16:80:46 | MACOperation | -| jca/MACOperation.java:80:28:80:45 | Message | -| jca/MACOperation.java:88:34:88:47 | Parameter | -| jca/MACOperation.java:88:50:88:59 | Parameter | -| jca/MACOperation.java:89:35:89:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:91:18:91:26 | Key | -| jca/MACOperation.java:92:16:92:46 | KeyOperationOutput | -| jca/MACOperation.java:92:16:92:46 | MACOperation | -| jca/MACOperation.java:92:28:92:45 | Message | -| jca/MACOperation.java:99:30:99:43 | Parameter | -| jca/MACOperation.java:99:46:99:55 | Parameter | -| jca/MACOperation.java:101:35:101:40 | KeyOperationAlgorithm | -| jca/MACOperation.java:105:18:105:26 | Key | -| jca/MACOperation.java:106:16:106:46 | KeyOperationOutput | -| jca/MACOperation.java:106:16:106:46 | MACOperation | -| jca/MACOperation.java:106:28:106:45 | Message | -| jca/MACOperation.java:113:30:113:43 | Parameter | -| jca/MACOperation.java:113:46:113:55 | Parameter | -| jca/MACOperation.java:114:35:114:43 | Constant | -| jca/MACOperation.java:116:18:116:26 | Key | -| jca/MACOperation.java:117:16:117:46 | KeyOperationOutput | -| jca/MACOperation.java:117:16:117:46 | MACOperation | -| jca/MACOperation.java:117:28:117:45 | Message | -| jca/MACOperation.java:124:36:124:49 | Parameter | -| jca/MACOperation.java:124:52:124:61 | Parameter | -| jca/MACOperation.java:125:35:125:44 | KeyOperationAlgorithm | -| jca/MACOperation.java:127:18:127:26 | Key | -| jca/MACOperation.java:128:16:128:46 | KeyOperationOutput | -| jca/MACOperation.java:128:16:128:46 | MACOperation | -| jca/MACOperation.java:128:28:128:45 | Message | -| jca/MACOperation.java:142:34:142:49 | Parameter | -| jca/MACOperation.java:145:44:145:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:145:44:145:62 | ModeOfOperation | -| jca/MACOperation.java:145:44:145:62 | PaddingAlgorithm | -| jca/MACOperation.java:146:42:146:44 | Key | -| jca/MACOperation.java:147:32:147:74 | EncryptOperation | -| jca/MACOperation.java:147:32:147:74 | KeyOperationOutput | -| jca/MACOperation.java:147:47:147:62 | Constant | -| jca/MACOperation.java:147:47:147:73 | Message | -| jca/MACOperation.java:159:36:159:51 | Parameter | -| jca/MACOperation.java:174:47:174:62 | Parameter | -| jca/MACOperation.java:178:42:178:68 | Message | -| jca/MACOperation.java:178:71:178:74 | Salt | -| jca/MACOperation.java:178:77:178:81 | Constant | -| jca/MACOperation.java:178:84:178:86 | Constant | -| jca/MACOperation.java:179:65:179:86 | HMACAlgorithm | -| jca/MACOperation.java:179:65:179:86 | HashAlgorithm | -| jca/MACOperation.java:179:65:179:86 | KeyDerivationAlgorithm | -| jca/MACOperation.java:180:30:180:57 | Key | -| jca/MACOperation.java:180:30:180:57 | KeyDerivation | -| jca/MACOperation.java:188:44:188:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:188:44:188:62 | ModeOfOperation | -| jca/MACOperation.java:188:44:188:62 | PaddingAlgorithm | -| jca/MACOperation.java:189:42:189:54 | Key | -| jca/MACOperation.java:190:29:190:78 | EncryptOperation | -| jca/MACOperation.java:190:29:190:78 | KeyOperationOutput | -| jca/MACOperation.java:190:44:190:66 | Constant | -| jca/MACOperation.java:190:44:190:77 | Message | -| jca/MACOperation.java:193:35:193:46 | KeyOperationAlgorithm | -| jca/MACOperation.java:194:18:194:30 | Key | -| jca/MACOperation.java:195:30:195:52 | KeyOperationOutput | -| jca/MACOperation.java:195:30:195:52 | MACOperation | -| jca/MACOperation.java:195:42:195:51 | Message | -| jca/MACOperation.java:225:44:225:62 | KeyOperationAlgorithm | -| jca/MACOperation.java:225:44:225:62 | ModeOfOperation | -| jca/MACOperation.java:225:44:225:62 | PaddingAlgorithm | -| jca/MACOperation.java:227:42:227:44 | Key | -| jca/MACOperation.java:228:32:228:51 | EncryptOperation | -| jca/MACOperation.java:228:32:228:51 | KeyOperationOutput | -| jca/MACOperation.java:228:47:228:50 | Message | -| jca/MACOperation.java:242:56:242:60 | KeyOperationAlgorithm | -| jca/MACOperation.java:243:21:243:23 | Constant | -| jca/MACOperation.java:244:16:244:35 | Key | -| jca/MACOperation.java:244:16:244:35 | KeyGeneration | -| jca/MACOperation.java:256:9:256:42 | RandomNumberGeneration | -| jca/MACOperation.java:256:38:256:41 | RandomNumberGeneration | -| jca/Nonce.java:25:35:25:46 | KeyOperationAlgorithm | -| jca/Nonce.java:26:18:26:20 | Key | -| jca/Nonce.java:28:28:28:69 | KeyOperationOutput | -| jca/Nonce.java:28:28:28:69 | MACOperation | -| jca/Nonce.java:28:40:28:57 | Constant | -| jca/Nonce.java:28:40:28:68 | Message | -| jca/Nonce.java:38:35:38:46 | KeyOperationAlgorithm | -| jca/Nonce.java:39:18:39:20 | Key | -| jca/Nonce.java:41:28:41:67 | KeyOperationOutput | -| jca/Nonce.java:41:28:41:67 | MACOperation | -| jca/Nonce.java:41:40:41:55 | Constant | -| jca/Nonce.java:41:40:41:66 | Message | -| jca/Nonce.java:48:39:48:51 | Parameter | -| jca/Nonce.java:48:54:48:69 | Parameter | -| jca/Nonce.java:51:44:51:62 | KeyOperationAlgorithm | -| jca/Nonce.java:51:44:51:62 | ModeOfOperation | -| jca/Nonce.java:51:44:51:62 | PaddingAlgorithm | -| jca/Nonce.java:52:42:52:44 | Key | -| jca/Nonce.java:52:47:52:53 | Nonce | -| jca/Nonce.java:53:29:53:53 | EncryptOperation | -| jca/Nonce.java:53:29:53:53 | KeyOperationOutput | -| jca/Nonce.java:53:44:53:52 | Message | -| jca/Nonce.java:59:37:59:49 | Parameter | -| jca/Nonce.java:59:52:59:67 | Parameter | -| jca/Nonce.java:62:44:62:62 | KeyOperationAlgorithm | -| jca/Nonce.java:62:44:62:62 | ModeOfOperation | -| jca/Nonce.java:62:44:62:62 | PaddingAlgorithm | -| jca/Nonce.java:63:42:63:44 | Key | -| jca/Nonce.java:63:47:63:53 | Nonce | -| jca/Nonce.java:64:29:64:53 | EncryptOperation | -| jca/Nonce.java:64:29:64:53 | KeyOperationOutput | -| jca/Nonce.java:64:44:64:52 | Message | -| jca/Nonce.java:71:53:71:64 | KeyOperationAlgorithm | -| jca/Nonce.java:79:18:79:20 | Key | -| jca/Nonce.java:81:28:81:67 | KeyOperationOutput | -| jca/Nonce.java:81:28:81:67 | MACOperation | -| jca/Nonce.java:81:40:81:55 | Constant | -| jca/Nonce.java:81:40:81:66 | Message | -| jca/Nonce.java:93:56:93:67 | Constant | -| jca/Nonce.java:94:16:94:35 | Key | -| jca/Nonce.java:94:16:94:35 | KeyGeneration | -| jca/Nonce.java:99:9:99:43 | RandomNumberGeneration | -| jca/Nonce.java:99:38:99:42 | RandomNumberGeneration | -| jca/Nonce.java:113:16:113:33 | Constant | -| jca/PrngTest.java:162:56:162:60 | KeyOperationAlgorithm | -| jca/PrngTest.java:163:21:163:23 | Constant | -| jca/PrngTest.java:164:16:164:35 | Key | -| jca/PrngTest.java:164:16:164:35 | KeyGeneration | -| jca/SignEncryptCombinations.java:59:49:59:59 | EllipticCurve | -| jca/SignEncryptCombinations.java:60:16:60:38 | Key | -| jca/SignEncryptCombinations.java:60:16:60:38 | KeyGeneration | +| jca/KeyDerivation1.java:169:30:169:44 | Parameter | +| jca/KeyDerivation1.java:172:42:172:63 | Message | +| jca/KeyDerivation1.java:172:66:172:69 | Salt | +| jca/KeyDerivation1.java:172:72:172:76 | Constant | +| jca/KeyDerivation1.java:172:79:172:81 | Constant | +| jca/KeyDerivation1.java:173:65:173:72 | Constant | +| jca/KeyDerivation1.java:174:22:174:49 | Key | +| jca/KeyDerivation1.java:174:22:174:49 | KeyDerivation | +| jca/KeyDerivation1.java:242:45:242:56 | Parameter | +| jca/KeyDerivation1.java:243:58:243:66 | HashAlgorithm | +| jca/KeyDerivation1.java:244:29:244:59 | Digest | +| jca/KeyDerivation1.java:244:29:244:59 | HashOperation | +| jca/KeyDerivation1.java:244:43:244:58 | Message | +| jca/KeyDerivation1.java:249:70:249:88 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:249:70:249:88 | ModeOfOperation | +| jca/KeyDerivation1.java:249:70:249:88 | PaddingAlgorithm | +| jca/KeyDerivation1.java:250:55:250:57 | Key | +| jca/KeyDerivation1.java:251:29:251:74 | EncryptOperation | +| jca/KeyDerivation1.java:251:29:251:74 | KeyOperationOutput | +| jca/KeyDerivation1.java:251:44:251:62 | Constant | +| jca/KeyDerivation1.java:251:44:251:73 | Message | +| jca/KeyDerivation1.java:269:32:269:41 | Parameter | +| jca/KeyDerivation1.java:283:43:283:57 | Parameter | +| jca/KeyDerivation1.java:283:60:283:78 | Parameter | +| jca/KeyDerivation1.java:302:37:302:51 | Parameter | +| jca/KeyDerivation1.java:309:25:309:76 | LocalData | +| jca/KeyDerivation1.java:309:54:309:75 | HMACAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | HashAlgorithm | +| jca/KeyDerivation1.java:309:54:309:75 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:310:43:310:86 | LocalData | +| jca/KeyDerivation1.java:311:40:311:78 | LocalData | +| jca/KeyDerivation1.java:314:42:314:63 | Message | +| jca/KeyDerivation1.java:314:66:314:69 | Salt | +| jca/KeyDerivation1.java:316:26:316:53 | Key | +| jca/KeyDerivation1.java:316:26:316:53 | KeyDerivation | +| jca/KeyDerivation1.java:333:42:333:63 | Message | +| jca/KeyDerivation1.java:333:66:333:69 | Salt | +| jca/KeyDerivation1.java:333:72:333:76 | Constant | +| jca/KeyDerivation1.java:333:79:333:81 | Constant | +| jca/KeyDerivation1.java:334:65:334:86 | HMACAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | HashAlgorithm | +| jca/KeyDerivation1.java:334:65:334:86 | KeyDerivationAlgorithm | +| jca/KeyDerivation1.java:335:16:335:43 | Key | +| jca/KeyDerivation1.java:335:16:335:43 | KeyDerivation | +| jca/KeyDerivation1.java:345:36:345:47 | KeyOperationAlgorithm | +| jca/KeyDerivation1.java:347:19:347:27 | Key | +| jca/KeyDerivation1.java:348:22:348:38 | KeyOperationOutput | +| jca/KeyDerivation1.java:348:22:348:38 | MACOperation | +| jca/KeyDerivation1.java:348:35:348:37 | Message | +| jca/KeyDerivation1.java:352:19:352:54 | Key | +| jca/KeyDerivation1.java:353:22:353:62 | KeyOperationOutput | +| jca/KeyDerivation1.java:353:22:353:62 | MACOperation | +| jca/KeyDerivation1.java:353:35:353:50 | Constant | +| jca/KeyDerivation1.java:353:35:353:61 | Message | +| jca/KeyDerivation1.java:365:9:365:42 | RandomNumberGeneration | +| jca/KeyDerivation1.java:365:38:365:41 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:60:56:60:60 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:61:21:61:23 | Constant | +| jca/KeyEncapsulation.java:62:28:62:47 | Key | +| jca/KeyEncapsulation.java:62:28:62:47 | KeyGeneration | +| jca/KeyEncapsulation.java:67:47:67:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:67:47:67:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:67:47:67:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:68:45:68:50 | Key | +| jca/KeyEncapsulation.java:69:29:69:66 | EncryptOperation | +| jca/KeyEncapsulation.java:69:29:69:66 | KeyOperationOutput | +| jca/KeyEncapsulation.java:69:47:69:65 | Message | +| jca/KeyEncapsulation.java:73:47:73:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:73:47:73:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:73:47:73:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:75:9:75:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:75:38:75:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:77:45:77:50 | Key | +| jca/KeyEncapsulation.java:77:53:77:59 | Nonce | +| jca/KeyEncapsulation.java:78:29:78:80 | EncryptOperation | +| jca/KeyEncapsulation.java:78:29:78:80 | KeyOperationOutput | +| jca/KeyEncapsulation.java:78:47:78:68 | Constant | +| jca/KeyEncapsulation.java:78:47:78:79 | Message | +| jca/KeyEncapsulation.java:91:37:91:54 | Parameter | +| jca/KeyEncapsulation.java:91:57:91:73 | Parameter | +| jca/KeyEncapsulation.java:92:47:92:85 | HashAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:92:47:92:85 | ModeOfOperation | +| jca/KeyEncapsulation.java:92:47:92:85 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:93:45:93:51 | Key | +| jca/KeyEncapsulation.java:94:30:94:58 | DecryptOperation | +| jca/KeyEncapsulation.java:94:30:94:58 | KeyOperationOutput | +| jca/KeyEncapsulation.java:94:48:94:57 | Message | +| jca/KeyEncapsulation.java:117:47:117:57 | EllipticCurve | +| jca/KeyEncapsulation.java:118:31:118:51 | Key | +| jca/KeyEncapsulation.java:118:31:118:51 | KeyGeneration | +| jca/KeyEncapsulation.java:121:52:121:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:122:17:122:40 | Key | +| jca/KeyEncapsulation.java:123:20:123:24 | Key | +| jca/KeyEncapsulation.java:124:31:124:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:124:31:124:49 | SharedSecret | +| jca/KeyEncapsulation.java:133:47:133:65 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:133:47:133:65 | ModeOfOperation | +| jca/KeyEncapsulation.java:133:47:133:65 | PaddingAlgorithm | +| jca/KeyEncapsulation.java:135:9:135:40 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:135:38:135:39 | RandomNumberGeneration | +| jca/KeyEncapsulation.java:136:45:136:50 | Key | +| jca/KeyEncapsulation.java:136:53:136:81 | Nonce | +| jca/KeyEncapsulation.java:137:29:137:73 | EncryptOperation | +| jca/KeyEncapsulation.java:137:29:137:73 | KeyOperationOutput | +| jca/KeyEncapsulation.java:137:47:137:61 | Constant | +| jca/KeyEncapsulation.java:137:47:137:72 | Message | +| jca/KeyEncapsulation.java:186:47:186:57 | EllipticCurve | +| jca/KeyEncapsulation.java:187:31:187:51 | Key | +| jca/KeyEncapsulation.java:187:31:187:51 | KeyGeneration | +| jca/KeyEncapsulation.java:188:52:188:57 | KeyAgreementAlgorithm | +| jca/KeyEncapsulation.java:189:17:189:40 | Key | +| jca/KeyEncapsulation.java:190:20:190:34 | Key | +| jca/KeyEncapsulation.java:191:31:191:49 | KeyAgreementOperation | +| jca/KeyEncapsulation.java:191:31:191:49 | SharedSecret | +| jca/KeyEncapsulation.java:207:64:207:68 | KeyOperationAlgorithm | +| jca/KeyEncapsulation.java:208:27:208:30 | Constant | +| jca/KeyEncapsulation.java:209:25:209:48 | Key | +| jca/KeyEncapsulation.java:209:25:209:48 | KeyGeneration | +| jca/KeyEncapsulation.java:214:49:214:59 | EllipticCurve | +| jca/KeyEncapsulation.java:215:24:215:46 | Key | +| jca/KeyEncapsulation.java:215:24:215:46 | KeyGeneration | +| jca/KeyEncapsulation.java:226:31:226:53 | Key | +| jca/KeyEncapsulation.java:226:31:226:53 | KeyGeneration | +| jca/KeyExchange.java:52:63:52:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:53:26:53:29 | Constant | +| jca/KeyExchange.java:54:16:54:38 | Key | +| jca/KeyExchange.java:54:16:54:38 | KeyGeneration | +| jca/KeyExchange.java:67:63:67:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:69:26:69:28 | Constant | +| jca/KeyExchange.java:70:16:70:38 | Key | +| jca/KeyExchange.java:70:16:70:38 | KeyGeneration | +| jca/KeyExchange.java:83:63:83:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:84:26:84:29 | Constant | +| jca/KeyExchange.java:85:16:85:38 | Key | +| jca/KeyExchange.java:85:16:85:38 | KeyGeneration | +| jca/KeyExchange.java:99:52:99:55 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:100:17:100:26 | Key | +| jca/KeyExchange.java:101:20:101:28 | Key | +| jca/KeyExchange.java:102:16:102:34 | KeyAgreementOperation | +| jca/KeyExchange.java:102:16:102:34 | SharedSecret | +| jca/KeyExchange.java:121:49:121:59 | EllipticCurve | +| jca/KeyExchange.java:122:16:122:38 | Key | +| jca/KeyExchange.java:122:16:122:38 | KeyGeneration | +| jca/KeyExchange.java:136:52:136:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:137:17:137:26 | Key | +| jca/KeyExchange.java:138:20:138:28 | Key | +| jca/KeyExchange.java:139:16:139:34 | KeyAgreementOperation | +| jca/KeyExchange.java:139:16:139:34 | SharedSecret | +| jca/KeyExchange.java:156:61:156:68 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:158:24:158:26 | Constant | +| jca/KeyExchange.java:159:16:159:36 | Key | +| jca/KeyExchange.java:159:16:159:36 | KeyGeneration | +| jca/KeyExchange.java:173:52:173:59 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:174:17:174:26 | Key | +| jca/KeyExchange.java:175:20:175:28 | Key | +| jca/KeyExchange.java:176:16:176:34 | KeyAgreementOperation | +| jca/KeyExchange.java:176:16:176:34 | SharedSecret | +| jca/KeyExchange.java:193:61:193:66 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:195:24:195:26 | Constant | +| jca/KeyExchange.java:196:16:196:36 | Key | +| jca/KeyExchange.java:196:16:196:36 | KeyGeneration | +| jca/KeyExchange.java:210:52:210:57 | KeyAgreementAlgorithm | +| jca/KeyExchange.java:211:17:211:26 | Key | +| jca/KeyExchange.java:212:20:212:28 | Key | +| jca/KeyExchange.java:213:16:213:34 | KeyAgreementOperation | +| jca/KeyExchange.java:213:16:213:34 | SharedSecret | +| jca/MACOperation.java:59:36:59:49 | Parameter | +| jca/MACOperation.java:59:52:59:61 | Parameter | +| jca/MACOperation.java:60:35:60:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:62:18:62:26 | Key | +| jca/MACOperation.java:63:16:63:46 | KeyOperationOutput | +| jca/MACOperation.java:63:16:63:46 | MACOperation | +| jca/MACOperation.java:63:28:63:45 | Message | +| jca/MACOperation.java:70:34:70:47 | Parameter | +| jca/MACOperation.java:70:50:70:59 | Parameter | +| jca/MACOperation.java:71:35:71:48 | KeyOperationAlgorithm | +| jca/MACOperation.java:73:18:73:26 | Key | +| jca/MACOperation.java:74:16:74:46 | KeyOperationOutput | +| jca/MACOperation.java:74:16:74:46 | MACOperation | +| jca/MACOperation.java:74:28:74:45 | Message | +| jca/MACOperation.java:81:34:81:47 | Parameter | +| jca/MACOperation.java:81:50:81:59 | Parameter | +| jca/MACOperation.java:82:35:82:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:84:18:84:26 | Key | +| jca/MACOperation.java:85:16:85:46 | KeyOperationOutput | +| jca/MACOperation.java:85:16:85:46 | MACOperation | +| jca/MACOperation.java:85:28:85:45 | Message | +| jca/MACOperation.java:92:30:92:43 | Parameter | +| jca/MACOperation.java:92:46:92:55 | Parameter | +| jca/MACOperation.java:94:35:94:40 | KeyOperationAlgorithm | +| jca/MACOperation.java:98:18:98:26 | Key | +| jca/MACOperation.java:99:16:99:46 | KeyOperationOutput | +| jca/MACOperation.java:99:16:99:46 | MACOperation | +| jca/MACOperation.java:99:28:99:45 | Message | +| jca/MACOperation.java:106:30:106:43 | Parameter | +| jca/MACOperation.java:106:46:106:55 | Parameter | +| jca/MACOperation.java:107:35:107:43 | Constant | +| jca/MACOperation.java:109:18:109:26 | Key | +| jca/MACOperation.java:110:16:110:46 | KeyOperationOutput | +| jca/MACOperation.java:110:16:110:46 | MACOperation | +| jca/MACOperation.java:110:28:110:45 | Message | +| jca/MACOperation.java:117:36:117:49 | Parameter | +| jca/MACOperation.java:117:52:117:61 | Parameter | +| jca/MACOperation.java:118:35:118:44 | KeyOperationAlgorithm | +| jca/MACOperation.java:120:18:120:26 | Key | +| jca/MACOperation.java:121:16:121:46 | KeyOperationOutput | +| jca/MACOperation.java:121:16:121:46 | MACOperation | +| jca/MACOperation.java:121:28:121:45 | Message | +| jca/MACOperation.java:133:34:133:49 | Parameter | +| jca/MACOperation.java:136:44:136:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:136:44:136:62 | ModeOfOperation | +| jca/MACOperation.java:136:44:136:62 | PaddingAlgorithm | +| jca/MACOperation.java:137:42:137:44 | Key | +| jca/MACOperation.java:138:32:138:74 | EncryptOperation | +| jca/MACOperation.java:138:32:138:74 | KeyOperationOutput | +| jca/MACOperation.java:138:47:138:62 | Constant | +| jca/MACOperation.java:138:47:138:73 | Message | +| jca/MACOperation.java:150:36:150:51 | Parameter | +| jca/MACOperation.java:166:47:166:62 | Parameter | +| jca/MACOperation.java:170:42:170:68 | Message | +| jca/MACOperation.java:170:71:170:74 | Salt | +| jca/MACOperation.java:170:77:170:81 | Constant | +| jca/MACOperation.java:170:84:170:86 | Constant | +| jca/MACOperation.java:171:65:171:86 | HMACAlgorithm | +| jca/MACOperation.java:171:65:171:86 | HashAlgorithm | +| jca/MACOperation.java:171:65:171:86 | KeyDerivationAlgorithm | +| jca/MACOperation.java:172:30:172:57 | Key | +| jca/MACOperation.java:172:30:172:57 | KeyDerivation | +| jca/MACOperation.java:180:44:180:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:180:44:180:62 | ModeOfOperation | +| jca/MACOperation.java:180:44:180:62 | PaddingAlgorithm | +| jca/MACOperation.java:181:42:181:54 | Key | +| jca/MACOperation.java:182:29:182:78 | EncryptOperation | +| jca/MACOperation.java:182:29:182:78 | KeyOperationOutput | +| jca/MACOperation.java:182:44:182:66 | Constant | +| jca/MACOperation.java:182:44:182:77 | Message | +| jca/MACOperation.java:185:35:185:46 | KeyOperationAlgorithm | +| jca/MACOperation.java:186:18:186:30 | Key | +| jca/MACOperation.java:187:30:187:52 | KeyOperationOutput | +| jca/MACOperation.java:187:30:187:52 | MACOperation | +| jca/MACOperation.java:187:42:187:51 | Message | +| jca/MACOperation.java:216:44:216:62 | KeyOperationAlgorithm | +| jca/MACOperation.java:216:44:216:62 | ModeOfOperation | +| jca/MACOperation.java:216:44:216:62 | PaddingAlgorithm | +| jca/MACOperation.java:218:42:218:44 | Key | +| jca/MACOperation.java:219:32:219:51 | EncryptOperation | +| jca/MACOperation.java:219:32:219:51 | KeyOperationOutput | +| jca/MACOperation.java:219:47:219:50 | Message | +| jca/MACOperation.java:232:56:232:60 | KeyOperationAlgorithm | +| jca/MACOperation.java:233:21:233:23 | Constant | +| jca/MACOperation.java:234:16:234:35 | Key | +| jca/MACOperation.java:234:16:234:35 | KeyGeneration | +| jca/MACOperation.java:246:9:246:42 | RandomNumberGeneration | +| jca/MACOperation.java:246:38:246:41 | RandomNumberGeneration | +| jca/Nonce.java:24:35:24:46 | KeyOperationAlgorithm | +| jca/Nonce.java:25:18:25:20 | Key | +| jca/Nonce.java:27:28:27:69 | KeyOperationOutput | +| jca/Nonce.java:27:28:27:69 | MACOperation | +| jca/Nonce.java:27:40:27:57 | Constant | +| jca/Nonce.java:27:40:27:68 | Message | +| jca/Nonce.java:37:35:37:46 | KeyOperationAlgorithm | +| jca/Nonce.java:38:18:38:20 | Key | +| jca/Nonce.java:40:28:40:67 | KeyOperationOutput | +| jca/Nonce.java:40:28:40:67 | MACOperation | +| jca/Nonce.java:40:40:40:55 | Constant | +| jca/Nonce.java:40:40:40:66 | Message | +| jca/Nonce.java:47:39:47:51 | Parameter | +| jca/Nonce.java:47:54:47:69 | Parameter | +| jca/Nonce.java:50:44:50:62 | KeyOperationAlgorithm | +| jca/Nonce.java:50:44:50:62 | ModeOfOperation | +| jca/Nonce.java:50:44:50:62 | PaddingAlgorithm | +| jca/Nonce.java:51:42:51:44 | Key | +| jca/Nonce.java:51:47:51:53 | Nonce | +| jca/Nonce.java:52:29:52:53 | EncryptOperation | +| jca/Nonce.java:52:29:52:53 | KeyOperationOutput | +| jca/Nonce.java:52:44:52:52 | Message | +| jca/Nonce.java:58:37:58:49 | Parameter | +| jca/Nonce.java:58:52:58:67 | Parameter | +| jca/Nonce.java:61:44:61:62 | KeyOperationAlgorithm | +| jca/Nonce.java:61:44:61:62 | ModeOfOperation | +| jca/Nonce.java:61:44:61:62 | PaddingAlgorithm | +| jca/Nonce.java:62:42:62:44 | Key | +| jca/Nonce.java:62:47:62:53 | Nonce | +| jca/Nonce.java:63:29:63:53 | EncryptOperation | +| jca/Nonce.java:63:29:63:53 | KeyOperationOutput | +| jca/Nonce.java:63:44:63:52 | Message | +| jca/Nonce.java:70:53:70:64 | KeyOperationAlgorithm | +| jca/Nonce.java:78:18:78:20 | Key | +| jca/Nonce.java:80:28:80:67 | KeyOperationOutput | +| jca/Nonce.java:80:28:80:67 | MACOperation | +| jca/Nonce.java:80:40:80:55 | Constant | +| jca/Nonce.java:80:40:80:66 | Message | +| jca/Nonce.java:92:56:92:67 | Constant | +| jca/Nonce.java:93:16:93:35 | Key | +| jca/Nonce.java:93:16:93:35 | KeyGeneration | +| jca/Nonce.java:98:9:98:43 | RandomNumberGeneration | +| jca/Nonce.java:98:38:98:42 | RandomNumberGeneration | +| jca/Nonce.java:112:16:112:33 | Constant | +| jca/PrngTest.java:152:56:152:60 | KeyOperationAlgorithm | +| jca/PrngTest.java:153:21:153:23 | Constant | +| jca/PrngTest.java:154:16:154:35 | Key | +| jca/PrngTest.java:154:16:154:35 | KeyGeneration | +| jca/SignEncryptCombinations.java:52:49:52:59 | EllipticCurve | +| jca/SignEncryptCombinations.java:53:16:53:38 | Key | +| jca/SignEncryptCombinations.java:53:16:53:38 | KeyGeneration | +| jca/SignEncryptCombinations.java:61:53:61:69 | HashAlgorithm | +| jca/SignEncryptCombinations.java:61:53:61:69 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:62:28:62:34 | Key | +| jca/SignEncryptCombinations.java:63:26:63:29 | Message | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignOperation | +| jca/SignEncryptCombinations.java:64:16:64:31 | SignatureOutput | | jca/SignEncryptCombinations.java:68:53:68:69 | HashAlgorithm | | jca/SignEncryptCombinations.java:68:53:68:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:69:28:69:34 | Key | +| jca/SignEncryptCombinations.java:69:30:69:35 | Key | | jca/SignEncryptCombinations.java:70:26:70:29 | Message | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignOperation | -| jca/SignEncryptCombinations.java:71:16:71:31 | SignatureOutput | -| jca/SignEncryptCombinations.java:75:53:75:69 | HashAlgorithm | -| jca/SignEncryptCombinations.java:75:53:75:69 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:76:30:76:35 | Key | -| jca/SignEncryptCombinations.java:77:26:77:29 | Message | -| jca/SignEncryptCombinations.java:78:16:78:47 | VerifyOperation | -| jca/SignEncryptCombinations.java:78:33:78:46 | SignatureInput | -| jca/SignEncryptCombinations.java:89:52:89:56 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:90:17:90:19 | Constant | -| jca/SignEncryptCombinations.java:91:16:91:31 | Key | -| jca/SignEncryptCombinations.java:91:16:91:31 | KeyGeneration | -| jca/SignEncryptCombinations.java:99:44:99:62 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:99:44:99:62 | ModeOfOperation | -| jca/SignEncryptCombinations.java:99:44:99:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:101:9:101:28 | RandomNumberGeneration | -| jca/SignEncryptCombinations.java:101:26:101:27 | RandomNumberGeneration | -| jca/SignEncryptCombinations.java:103:42:103:44 | Key | -| jca/SignEncryptCombinations.java:103:47:103:50 | Nonce | -| jca/SignEncryptCombinations.java:104:29:104:53 | EncryptOperation | -| jca/SignEncryptCombinations.java:104:29:104:53 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:104:44:104:52 | Message | -| jca/SignEncryptCombinations.java:118:44:118:62 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:118:44:118:62 | ModeOfOperation | -| jca/SignEncryptCombinations.java:118:44:118:62 | PaddingAlgorithm | -| jca/SignEncryptCombinations.java:119:42:119:44 | Key | -| jca/SignEncryptCombinations.java:119:47:119:75 | Nonce | -| jca/SignEncryptCombinations.java:120:16:120:41 | DecryptOperation | -| jca/SignEncryptCombinations.java:120:16:120:41 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:120:31:120:40 | Message | -| jca/SignEncryptCombinations.java:128:35:128:46 | KeyOperationAlgorithm | -| jca/SignEncryptCombinations.java:129:18:129:20 | Key | -| jca/SignEncryptCombinations.java:130:16:130:32 | KeyOperationOutput | -| jca/SignEncryptCombinations.java:130:16:130:32 | MACOperation | -| jca/SignEncryptCombinations.java:130:28:130:31 | Message | -| jca/SignEncryptCombinations.java:345:26:345:47 | Constant | -| jca/SignatureOperation.java:59:61:59:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:60:24:60:27 | Constant | -| jca/SignatureOperation.java:61:16:61:36 | Key | -| jca/SignatureOperation.java:61:16:61:36 | KeyGeneration | -| jca/SignatureOperation.java:71:53:71:74 | HashAlgorithm | -| jca/SignatureOperation.java:71:53:71:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:72:28:72:37 | Key | -| jca/SignatureOperation.java:73:26:73:29 | Message | -| jca/SignatureOperation.java:74:16:74:31 | SignOperation | -| jca/SignatureOperation.java:74:16:74:31 | SignatureOutput | -| jca/SignatureOperation.java:84:53:84:74 | HashAlgorithm | -| jca/SignatureOperation.java:84:53:84:74 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:85:30:85:38 | Key | -| jca/SignatureOperation.java:86:26:86:29 | Message | -| jca/SignatureOperation.java:87:16:87:41 | VerifyOperation | -| jca/SignatureOperation.java:87:33:87:40 | SignatureInput | -| jca/SignatureOperation.java:102:49:102:59 | EllipticCurve | -| jca/SignatureOperation.java:103:16:103:38 | Key | -| jca/SignatureOperation.java:103:16:103:38 | KeyGeneration | -| jca/SignatureOperation.java:113:53:113:69 | HashAlgorithm | -| jca/SignatureOperation.java:113:53:113:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:114:28:114:37 | Key | -| jca/SignatureOperation.java:115:26:115:29 | Message | -| jca/SignatureOperation.java:116:16:116:31 | SignOperation | -| jca/SignatureOperation.java:116:16:116:31 | SignatureOutput | -| jca/SignatureOperation.java:126:53:126:69 | HashAlgorithm | -| jca/SignatureOperation.java:126:53:126:69 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:127:30:127:38 | Key | -| jca/SignatureOperation.java:128:26:128:29 | Message | -| jca/SignatureOperation.java:129:16:129:41 | VerifyOperation | -| jca/SignatureOperation.java:129:33:129:40 | SignatureInput | -| jca/SignatureOperation.java:143:61:143:69 | Constant | -| jca/SignatureOperation.java:144:16:144:36 | Key | -| jca/SignatureOperation.java:144:16:144:36 | KeyGeneration | +| jca/SignEncryptCombinations.java:71:16:71:47 | VerifyOperation | +| jca/SignEncryptCombinations.java:71:33:71:46 | SignatureInput | +| jca/SignEncryptCombinations.java:82:52:82:56 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:83:17:83:19 | Constant | +| jca/SignEncryptCombinations.java:84:16:84:31 | Key | +| jca/SignEncryptCombinations.java:84:16:84:31 | KeyGeneration | +| jca/SignEncryptCombinations.java:92:44:92:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:92:44:92:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:92:44:92:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:94:9:94:28 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:94:26:94:27 | RandomNumberGeneration | +| jca/SignEncryptCombinations.java:96:42:96:44 | Key | +| jca/SignEncryptCombinations.java:96:47:96:50 | Nonce | +| jca/SignEncryptCombinations.java:97:29:97:53 | EncryptOperation | +| jca/SignEncryptCombinations.java:97:29:97:53 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:97:44:97:52 | Message | +| jca/SignEncryptCombinations.java:111:44:111:62 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:111:44:111:62 | ModeOfOperation | +| jca/SignEncryptCombinations.java:111:44:111:62 | PaddingAlgorithm | +| jca/SignEncryptCombinations.java:112:42:112:44 | Key | +| jca/SignEncryptCombinations.java:112:47:112:75 | Nonce | +| jca/SignEncryptCombinations.java:113:16:113:41 | DecryptOperation | +| jca/SignEncryptCombinations.java:113:16:113:41 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:113:31:113:40 | Message | +| jca/SignEncryptCombinations.java:121:35:121:46 | KeyOperationAlgorithm | +| jca/SignEncryptCombinations.java:122:18:122:20 | Key | +| jca/SignEncryptCombinations.java:123:16:123:32 | KeyOperationOutput | +| jca/SignEncryptCombinations.java:123:16:123:32 | MACOperation | +| jca/SignEncryptCombinations.java:123:28:123:31 | Message | +| jca/SignEncryptCombinations.java:335:26:335:47 | Constant | +| jca/SignatureOperation.java:52:61:52:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:53:24:53:27 | Constant | +| jca/SignatureOperation.java:54:16:54:36 | Key | +| jca/SignatureOperation.java:54:16:54:36 | KeyGeneration | +| jca/SignatureOperation.java:63:53:63:74 | HashAlgorithm | +| jca/SignatureOperation.java:63:53:63:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:64:28:64:37 | Key | +| jca/SignatureOperation.java:65:26:65:29 | Message | +| jca/SignatureOperation.java:66:16:66:31 | SignOperation | +| jca/SignatureOperation.java:66:16:66:31 | SignatureOutput | +| jca/SignatureOperation.java:75:53:75:74 | HashAlgorithm | +| jca/SignatureOperation.java:75:53:75:74 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:76:30:76:38 | Key | +| jca/SignatureOperation.java:77:26:77:29 | Message | +| jca/SignatureOperation.java:78:16:78:41 | VerifyOperation | +| jca/SignatureOperation.java:78:33:78:40 | SignatureInput | +| jca/SignatureOperation.java:93:49:93:59 | EllipticCurve | +| jca/SignatureOperation.java:94:16:94:38 | Key | +| jca/SignatureOperation.java:94:16:94:38 | KeyGeneration | +| jca/SignatureOperation.java:103:53:103:69 | HashAlgorithm | +| jca/SignatureOperation.java:103:53:103:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:104:28:104:37 | Key | +| jca/SignatureOperation.java:105:26:105:29 | Message | +| jca/SignatureOperation.java:106:16:106:31 | SignOperation | +| jca/SignatureOperation.java:106:16:106:31 | SignatureOutput | +| jca/SignatureOperation.java:115:53:115:69 | HashAlgorithm | +| jca/SignatureOperation.java:115:53:115:69 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:116:30:116:38 | Key | +| jca/SignatureOperation.java:117:26:117:29 | Message | +| jca/SignatureOperation.java:118:16:118:41 | VerifyOperation | +| jca/SignatureOperation.java:118:33:118:40 | SignatureInput | +| jca/SignatureOperation.java:132:61:132:69 | Constant | +| jca/SignatureOperation.java:133:16:133:36 | Key | +| jca/SignatureOperation.java:133:16:133:36 | KeyGeneration | +| jca/SignatureOperation.java:142:53:142:61 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:143:28:143:37 | Key | +| jca/SignatureOperation.java:144:26:144:29 | Message | +| jca/SignatureOperation.java:145:16:145:31 | SignOperation | +| jca/SignatureOperation.java:145:16:145:31 | SignatureOutput | | jca/SignatureOperation.java:154:53:154:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:155:28:155:37 | Key | +| jca/SignatureOperation.java:155:30:155:38 | Key | | jca/SignatureOperation.java:156:26:156:29 | Message | -| jca/SignatureOperation.java:157:16:157:31 | SignOperation | -| jca/SignatureOperation.java:157:16:157:31 | SignatureOutput | -| jca/SignatureOperation.java:167:53:167:61 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:168:30:168:38 | Key | -| jca/SignatureOperation.java:169:26:169:29 | Message | -| jca/SignatureOperation.java:170:16:170:41 | VerifyOperation | -| jca/SignatureOperation.java:170:33:170:40 | SignatureInput | -| jca/SignatureOperation.java:186:61:186:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:187:24:187:27 | Constant | -| jca/SignatureOperation.java:188:16:188:36 | Key | -| jca/SignatureOperation.java:188:16:188:36 | KeyGeneration | -| jca/SignatureOperation.java:199:53:199:65 | HashAlgorithm | -| jca/SignatureOperation.java:199:53:199:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:200:28:200:37 | Key | -| jca/SignatureOperation.java:201:26:201:29 | Message | -| jca/SignatureOperation.java:202:16:202:31 | SignOperation | -| jca/SignatureOperation.java:202:16:202:31 | SignatureOutput | -| jca/SignatureOperation.java:213:53:213:65 | HashAlgorithm | -| jca/SignatureOperation.java:213:53:213:65 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:214:30:214:38 | Key | -| jca/SignatureOperation.java:215:26:215:29 | Message | -| jca/SignatureOperation.java:216:16:216:41 | VerifyOperation | -| jca/SignatureOperation.java:216:33:216:40 | SignatureInput | -| jca/SignatureOperation.java:247:26:247:44 | Constant | -| jca/SignatureOperation.java:252:27:252:30 | Constant | -| jca/SignatureOperation.java:283:47:283:68 | HashAlgorithm | -| jca/SignatureOperation.java:283:47:283:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:286:47:286:63 | HashAlgorithm | -| jca/SignatureOperation.java:286:47:286:63 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:289:47:289:55 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:292:47:292:59 | HashAlgorithm | -| jca/SignatureOperation.java:292:47:292:59 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:296:47:296:68 | HashAlgorithm | -| jca/SignatureOperation.java:296:47:296:68 | KeyOperationAlgorithm | -| jca/SignatureOperation.java:299:26:299:49 | Constant | -| jca/SignatureOperation.java:300:28:300:42 | Key | -| jca/SignatureOperation.java:301:26:301:32 | Message | -| jca/SignatureOperation.java:302:27:302:42 | SignOperation | -| jca/SignatureOperation.java:302:27:302:42 | SignatureOutput | -| jca/SignatureOperation.java:304:30:304:43 | Key | -| jca/SignatureOperation.java:305:26:305:32 | Message | -| jca/SignatureOperation.java:306:28:306:53 | VerifyOperation | -| jca/SignatureOperation.java:306:45:306:52 | SignatureInput | -| jca/SignatureOperation.java:328:26:328:49 | Constant | -| jca/SymmetricAlgorithm.java:60:44:60:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:60:44:60:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:60:44:60:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:62:9:62:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:62:38:62:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:64:42:64:44 | Key | -| jca/SymmetricAlgorithm.java:64:47:64:50 | Nonce | -| jca/SymmetricAlgorithm.java:65:29:65:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:65:29:65:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:65:44:65:52 | Message | -| jca/SymmetricAlgorithm.java:82:39:82:51 | Parameter | -| jca/SymmetricAlgorithm.java:82:54:82:69 | Parameter | -| jca/SymmetricAlgorithm.java:83:44:83:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:83:44:83:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:83:44:83:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:86:42:86:44 | Key | -| jca/SymmetricAlgorithm.java:86:47:86:50 | Nonce | -| jca/SymmetricAlgorithm.java:87:29:87:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:87:29:87:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:87:44:87:52 | Message | -| jca/SymmetricAlgorithm.java:104:44:104:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:104:44:104:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:104:44:104:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:106:9:106:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:106:38:106:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:108:42:108:44 | Key | -| jca/SymmetricAlgorithm.java:108:47:108:52 | Nonce | -| jca/SymmetricAlgorithm.java:109:29:109:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:109:29:109:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:109:44:109:52 | Message | -| jca/SymmetricAlgorithm.java:126:44:126:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:126:44:126:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:126:44:126:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:127:42:127:44 | Key | -| jca/SymmetricAlgorithm.java:128:16:128:40 | EncryptOperation | -| jca/SymmetricAlgorithm.java:128:16:128:40 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:128:31:128:39 | Message | -| jca/SymmetricAlgorithm.java:143:44:143:48 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:144:42:144:44 | Key | -| jca/SymmetricAlgorithm.java:145:16:145:40 | EncryptOperation | -| jca/SymmetricAlgorithm.java:145:16:145:40 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:145:31:145:39 | Message | -| jca/SymmetricAlgorithm.java:157:36:157:48 | Parameter | -| jca/SymmetricAlgorithm.java:157:51:157:66 | Parameter | -| jca/SymmetricAlgorithm.java:158:44:158:65 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:158:44:158:65 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:158:44:158:65 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:160:9:160:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:160:38:160:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:162:42:162:44 | Key | -| jca/SymmetricAlgorithm.java:162:47:162:52 | Nonce | -| jca/SymmetricAlgorithm.java:163:29:163:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:163:29:163:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:163:44:163:52 | Message | -| jca/SymmetricAlgorithm.java:179:42:179:54 | Parameter | -| jca/SymmetricAlgorithm.java:179:57:179:72 | Parameter | -| jca/SymmetricAlgorithm.java:180:44:180:68 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:180:44:180:68 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:180:44:180:68 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:182:9:182:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:182:38:182:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:184:42:184:44 | Key | -| jca/SymmetricAlgorithm.java:184:47:184:52 | Nonce | -| jca/SymmetricAlgorithm.java:185:29:185:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:185:29:185:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:185:44:185:52 | Message | -| jca/SymmetricAlgorithm.java:202:44:202:53 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:204:9:204:43 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:204:38:204:42 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:206:42:206:44 | Key | -| jca/SymmetricAlgorithm.java:206:47:206:72 | Nonce | -| jca/SymmetricAlgorithm.java:207:29:207:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:207:29:207:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:207:44:207:52 | Message | -| jca/SymmetricAlgorithm.java:224:35:224:47 | Parameter | -| jca/SymmetricAlgorithm.java:224:50:224:65 | Parameter | -| jca/SymmetricAlgorithm.java:225:36:225:44 | Constant | -| jca/SymmetricAlgorithm.java:226:19:226:21 | Key | -| jca/SymmetricAlgorithm.java:227:29:227:51 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:227:29:227:51 | MACOperation | -| jca/SymmetricAlgorithm.java:227:42:227:50 | Message | -| jca/SymmetricAlgorithm.java:230:44:230:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:230:44:230:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:230:44:230:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:232:9:232:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:232:38:232:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:234:42:234:51 | Key | -| jca/SymmetricAlgorithm.java:234:54:234:57 | Nonce | -| jca/SymmetricAlgorithm.java:235:29:235:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:235:29:235:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:235:44:235:52 | Message | -| jca/SymmetricAlgorithm.java:258:64:258:76 | Parameter | -| jca/SymmetricAlgorithm.java:258:79:258:94 | Parameter | -| jca/SymmetricAlgorithm.java:299:58:299:70 | Parameter | -| jca/SymmetricAlgorithm.java:299:73:299:88 | Parameter | -| jca/SymmetricAlgorithm.java:302:42:302:66 | Message | -| jca/SymmetricAlgorithm.java:302:69:302:72 | Salt | -| jca/SymmetricAlgorithm.java:302:75:302:79 | Constant | -| jca/SymmetricAlgorithm.java:302:82:302:84 | Constant | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HMACAlgorithm | -| jca/SymmetricAlgorithm.java:303:65:303:86 | HashAlgorithm | -| jca/SymmetricAlgorithm.java:303:65:303:86 | KeyDerivationAlgorithm | -| jca/SymmetricAlgorithm.java:304:26:304:53 | Key | -| jca/SymmetricAlgorithm.java:304:26:304:53 | KeyDerivation | -| jca/SymmetricAlgorithm.java:310:44:310:62 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:310:44:310:62 | ModeOfOperation | -| jca/SymmetricAlgorithm.java:310:44:310:62 | PaddingAlgorithm | -| jca/SymmetricAlgorithm.java:312:9:312:40 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:312:38:312:39 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:313:42:313:47 | Key | -| jca/SymmetricAlgorithm.java:313:50:313:78 | Nonce | -| jca/SymmetricAlgorithm.java:314:29:314:53 | EncryptOperation | -| jca/SymmetricAlgorithm.java:314:29:314:53 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:314:44:314:52 | Message | -| jca/SymmetricAlgorithm.java:316:35:316:46 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:317:18:317:30 | Key | -| jca/SymmetricAlgorithm.java:318:30:318:52 | KeyOperationOutput | -| jca/SymmetricAlgorithm.java:318:30:318:52 | MACOperation | -| jca/SymmetricAlgorithm.java:318:42:318:51 | Message | -| jca/SymmetricAlgorithm.java:347:52:347:56 | KeyOperationAlgorithm | -| jca/SymmetricAlgorithm.java:348:17:348:19 | Constant | -| jca/SymmetricAlgorithm.java:349:16:349:31 | Key | -| jca/SymmetricAlgorithm.java:349:16:349:31 | KeyGeneration | -| jca/SymmetricAlgorithm.java:361:9:361:42 | RandomNumberGeneration | -| jca/SymmetricAlgorithm.java:361:38:361:41 | RandomNumberGeneration | -| jca/SymmetricModesTest.java:56:52:56:56 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:57:17:57:19 | Constant | -| jca/SymmetricModesTest.java:58:33:58:48 | Key | -| jca/SymmetricModesTest.java:58:33:58:48 | KeyGeneration | -| jca/SymmetricModesTest.java:61:17:61:19 | Constant | -| jca/SymmetricModesTest.java:62:31:62:46 | Key | -| jca/SymmetricModesTest.java:62:31:62:46 | KeyGeneration | -| jca/SymmetricModesTest.java:65:44:65:62 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:65:44:65:62 | ModeOfOperation | -| jca/SymmetricModesTest.java:65:44:65:62 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:66:39:66:49 | Key | -| jca/SymmetricModesTest.java:67:29:67:50 | KeyOperationOutput | -| jca/SymmetricModesTest.java:67:29:67:50 | WrapOperation | -| jca/SymmetricModesTest.java:67:41:67:49 | Message | -| jca/SymmetricModesTest.java:88:43:88:55 | Parameter | -| jca/SymmetricModesTest.java:88:58:88:73 | Parameter | -| jca/SymmetricModesTest.java:89:44:89:63 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:89:44:89:63 | ModeOfOperation | -| jca/SymmetricModesTest.java:89:44:89:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:91:9:91:40 | RandomNumberGeneration | -| jca/SymmetricModesTest.java:91:38:91:39 | RandomNumberGeneration | -| jca/SymmetricModesTest.java:93:42:93:44 | Key | -| jca/SymmetricModesTest.java:93:47:93:52 | Nonce | -| jca/SymmetricModesTest.java:94:29:94:53 | EncryptOperation | -| jca/SymmetricModesTest.java:94:29:94:53 | KeyOperationOutput | -| jca/SymmetricModesTest.java:94:44:94:52 | Message | -| jca/SymmetricModesTest.java:116:45:116:57 | Parameter | -| jca/SymmetricModesTest.java:116:60:116:75 | Parameter | -| jca/SymmetricModesTest.java:117:44:117:63 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:117:44:117:63 | ModeOfOperation | -| jca/SymmetricModesTest.java:117:44:117:63 | PaddingAlgorithm | -| jca/SymmetricModesTest.java:121:42:121:44 | Key | -| jca/SymmetricModesTest.java:121:47:121:52 | Nonce | -| jca/SymmetricModesTest.java:122:29:122:53 | EncryptOperation | -| jca/SymmetricModesTest.java:122:29:122:53 | KeyOperationOutput | -| jca/SymmetricModesTest.java:122:44:122:52 | Message | -| jca/SymmetricModesTest.java:140:52:140:56 | KeyOperationAlgorithm | -| jca/SymmetricModesTest.java:141:17:141:19 | Constant | -| jca/SymmetricModesTest.java:142:16:142:31 | Key | -| jca/SymmetricModesTest.java:142:16:142:31 | KeyGeneration | -| jca/UniversalFlowTest.java:18:24:18:28 | KeyOperationAlgorithm | -| jca/UniversalFlowTest.java:25:17:25:19 | Constant | -| jca/UniversalFlowTest.java:26:21:26:40 | Key | -| jca/UniversalFlowTest.java:26:21:26:40 | KeyGeneration | -| jca/UniversalFlowTest.java:27:25:27:43 | KeyOperationAlgorithm | -| jca/UniversalFlowTest.java:27:25:27:43 | ModeOfOperation | -| jca/UniversalFlowTest.java:27:25:27:43 | PaddingAlgorithm | -| jca/UniversalFlowTest.java:30:5:30:36 | RandomNumberGeneration | -| jca/UniversalFlowTest.java:30:34:30:35 | RandomNumberGeneration | -| jca/UniversalFlowTest.java:32:38:32:40 | Key | -| jca/UniversalFlowTest.java:32:43:32:49 | Nonce | -| jca/UniversalFlowTest.java:33:28:33:70 | EncryptOperation | -| jca/UniversalFlowTest.java:33:28:33:70 | KeyOperationOutput | -| jca/UniversalFlowTest.java:33:43:33:58 | Constant | -| jca/UniversalFlowTest.java:33:43:33:69 | Message | -| jca/UniversalFlowTest.java:45:16:45:20 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:157:16:157:41 | VerifyOperation | +| jca/SignatureOperation.java:157:33:157:40 | SignatureInput | +| jca/SignatureOperation.java:173:61:173:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:174:24:174:27 | Constant | +| jca/SignatureOperation.java:175:16:175:36 | Key | +| jca/SignatureOperation.java:175:16:175:36 | KeyGeneration | +| jca/SignatureOperation.java:185:53:185:65 | HashAlgorithm | +| jca/SignatureOperation.java:185:53:185:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:186:28:186:37 | Key | +| jca/SignatureOperation.java:187:26:187:29 | Message | +| jca/SignatureOperation.java:188:16:188:31 | SignOperation | +| jca/SignatureOperation.java:188:16:188:31 | SignatureOutput | +| jca/SignatureOperation.java:198:53:198:65 | HashAlgorithm | +| jca/SignatureOperation.java:198:53:198:65 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:199:30:199:38 | Key | +| jca/SignatureOperation.java:200:26:200:29 | Message | +| jca/SignatureOperation.java:201:16:201:41 | VerifyOperation | +| jca/SignatureOperation.java:201:33:201:40 | SignatureInput | +| jca/SignatureOperation.java:231:26:231:44 | Constant | +| jca/SignatureOperation.java:236:27:236:30 | Constant | +| jca/SignatureOperation.java:266:47:266:68 | HashAlgorithm | +| jca/SignatureOperation.java:266:47:266:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | HashAlgorithm | +| jca/SignatureOperation.java:269:47:269:63 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:272:47:272:55 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | HashAlgorithm | +| jca/SignatureOperation.java:275:47:275:59 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | HashAlgorithm | +| jca/SignatureOperation.java:279:47:279:68 | KeyOperationAlgorithm | +| jca/SignatureOperation.java:282:26:282:49 | Constant | +| jca/SignatureOperation.java:283:28:283:42 | Key | +| jca/SignatureOperation.java:284:26:284:32 | Message | +| jca/SignatureOperation.java:285:27:285:42 | SignOperation | +| jca/SignatureOperation.java:285:27:285:42 | SignatureOutput | +| jca/SignatureOperation.java:287:30:287:43 | Key | +| jca/SignatureOperation.java:288:26:288:32 | Message | +| jca/SignatureOperation.java:289:28:289:53 | VerifyOperation | +| jca/SignatureOperation.java:289:45:289:52 | SignatureInput | +| jca/SignatureOperation.java:311:26:311:49 | Constant | +| jca/SymmetricAlgorithm.java:51:44:51:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:51:44:51:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:51:44:51:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:53:9:53:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:53:38:53:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:55:42:55:44 | Key | +| jca/SymmetricAlgorithm.java:55:47:55:50 | Nonce | +| jca/SymmetricAlgorithm.java:56:29:56:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:56:29:56:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:56:44:56:52 | Message | +| jca/SymmetricAlgorithm.java:72:39:72:51 | Parameter | +| jca/SymmetricAlgorithm.java:72:54:72:69 | Parameter | +| jca/SymmetricAlgorithm.java:73:44:73:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:73:44:73:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:73:44:73:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:76:42:76:44 | Key | +| jca/SymmetricAlgorithm.java:76:47:76:50 | Nonce | +| jca/SymmetricAlgorithm.java:77:29:77:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:77:29:77:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:77:44:77:52 | Message | +| jca/SymmetricAlgorithm.java:94:44:94:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:94:44:94:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:94:44:94:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:96:9:96:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:96:38:96:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:98:42:98:44 | Key | +| jca/SymmetricAlgorithm.java:98:47:98:52 | Nonce | +| jca/SymmetricAlgorithm.java:99:29:99:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:99:29:99:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:99:44:99:52 | Message | +| jca/SymmetricAlgorithm.java:116:44:116:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:116:44:116:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:116:44:116:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:117:42:117:44 | Key | +| jca/SymmetricAlgorithm.java:118:16:118:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:118:16:118:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:118:31:118:39 | Message | +| jca/SymmetricAlgorithm.java:131:44:131:48 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:132:42:132:44 | Key | +| jca/SymmetricAlgorithm.java:133:16:133:40 | EncryptOperation | +| jca/SymmetricAlgorithm.java:133:16:133:40 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:133:31:133:39 | Message | +| jca/SymmetricAlgorithm.java:145:36:145:48 | Parameter | +| jca/SymmetricAlgorithm.java:145:51:145:66 | Parameter | +| jca/SymmetricAlgorithm.java:146:44:146:65 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:146:44:146:65 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:146:44:146:65 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:148:9:148:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:148:38:148:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:150:42:150:44 | Key | +| jca/SymmetricAlgorithm.java:150:47:150:52 | Nonce | +| jca/SymmetricAlgorithm.java:151:29:151:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:151:29:151:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:151:44:151:52 | Message | +| jca/SymmetricAlgorithm.java:167:42:167:54 | Parameter | +| jca/SymmetricAlgorithm.java:167:57:167:72 | Parameter | +| jca/SymmetricAlgorithm.java:168:44:168:68 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:168:44:168:68 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:168:44:168:68 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:170:9:170:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:170:38:170:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:172:42:172:44 | Key | +| jca/SymmetricAlgorithm.java:172:47:172:52 | Nonce | +| jca/SymmetricAlgorithm.java:173:29:173:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:173:29:173:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:173:44:173:52 | Message | +| jca/SymmetricAlgorithm.java:190:44:190:53 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:192:9:192:43 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:192:38:192:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:194:42:194:44 | Key | +| jca/SymmetricAlgorithm.java:194:47:194:72 | Nonce | +| jca/SymmetricAlgorithm.java:195:29:195:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:195:29:195:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:195:44:195:52 | Message | +| jca/SymmetricAlgorithm.java:212:35:212:47 | Parameter | +| jca/SymmetricAlgorithm.java:212:50:212:65 | Parameter | +| jca/SymmetricAlgorithm.java:213:36:213:44 | Constant | +| jca/SymmetricAlgorithm.java:214:19:214:21 | Key | +| jca/SymmetricAlgorithm.java:215:29:215:51 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:215:29:215:51 | MACOperation | +| jca/SymmetricAlgorithm.java:215:42:215:50 | Message | +| jca/SymmetricAlgorithm.java:218:44:218:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:218:44:218:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:218:44:218:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:220:9:220:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:220:38:220:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:222:42:222:51 | Key | +| jca/SymmetricAlgorithm.java:222:54:222:57 | Nonce | +| jca/SymmetricAlgorithm.java:223:29:223:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:223:29:223:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:223:44:223:52 | Message | +| jca/SymmetricAlgorithm.java:244:64:244:76 | Parameter | +| jca/SymmetricAlgorithm.java:244:79:244:94 | Parameter | +| jca/SymmetricAlgorithm.java:284:58:284:70 | Parameter | +| jca/SymmetricAlgorithm.java:284:73:284:88 | Parameter | +| jca/SymmetricAlgorithm.java:287:42:287:66 | Message | +| jca/SymmetricAlgorithm.java:287:69:287:72 | Salt | +| jca/SymmetricAlgorithm.java:287:75:287:79 | Constant | +| jca/SymmetricAlgorithm.java:287:82:287:84 | Constant | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HMACAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | HashAlgorithm | +| jca/SymmetricAlgorithm.java:288:65:288:86 | KeyDerivationAlgorithm | +| jca/SymmetricAlgorithm.java:289:26:289:53 | Key | +| jca/SymmetricAlgorithm.java:289:26:289:53 | KeyDerivation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:295:44:295:62 | ModeOfOperation | +| jca/SymmetricAlgorithm.java:295:44:295:62 | PaddingAlgorithm | +| jca/SymmetricAlgorithm.java:297:9:297:40 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:297:38:297:39 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:298:42:298:47 | Key | +| jca/SymmetricAlgorithm.java:298:50:298:78 | Nonce | +| jca/SymmetricAlgorithm.java:299:29:299:53 | EncryptOperation | +| jca/SymmetricAlgorithm.java:299:29:299:53 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:299:44:299:52 | Message | +| jca/SymmetricAlgorithm.java:301:35:301:46 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:302:18:302:30 | Key | +| jca/SymmetricAlgorithm.java:303:30:303:52 | KeyOperationOutput | +| jca/SymmetricAlgorithm.java:303:30:303:52 | MACOperation | +| jca/SymmetricAlgorithm.java:303:42:303:51 | Message | +| jca/SymmetricAlgorithm.java:331:52:331:56 | KeyOperationAlgorithm | +| jca/SymmetricAlgorithm.java:332:17:332:19 | Constant | +| jca/SymmetricAlgorithm.java:333:16:333:31 | Key | +| jca/SymmetricAlgorithm.java:333:16:333:31 | KeyGeneration | +| jca/SymmetricAlgorithm.java:345:9:345:42 | RandomNumberGeneration | +| jca/SymmetricAlgorithm.java:345:38:345:41 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:48:52:48:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:49:17:49:19 | Constant | +| jca/SymmetricModesTest.java:50:33:50:48 | Key | +| jca/SymmetricModesTest.java:50:33:50:48 | KeyGeneration | +| jca/SymmetricModesTest.java:53:17:53:19 | Constant | +| jca/SymmetricModesTest.java:54:31:54:46 | Key | +| jca/SymmetricModesTest.java:54:31:54:46 | KeyGeneration | +| jca/SymmetricModesTest.java:57:44:57:62 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:57:44:57:62 | ModeOfOperation | +| jca/SymmetricModesTest.java:57:44:57:62 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:58:39:58:49 | Key | +| jca/SymmetricModesTest.java:59:29:59:50 | KeyOperationOutput | +| jca/SymmetricModesTest.java:59:29:59:50 | WrapOperation | +| jca/SymmetricModesTest.java:59:41:59:49 | Message | +| jca/SymmetricModesTest.java:78:43:78:55 | Parameter | +| jca/SymmetricModesTest.java:78:58:78:73 | Parameter | +| jca/SymmetricModesTest.java:79:44:79:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:79:44:79:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:79:44:79:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:81:9:81:40 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:81:38:81:39 | RandomNumberGeneration | +| jca/SymmetricModesTest.java:83:42:83:44 | Key | +| jca/SymmetricModesTest.java:83:47:83:52 | Nonce | +| jca/SymmetricModesTest.java:84:29:84:53 | EncryptOperation | +| jca/SymmetricModesTest.java:84:29:84:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:84:44:84:52 | Message | +| jca/SymmetricModesTest.java:104:45:104:57 | Parameter | +| jca/SymmetricModesTest.java:104:60:104:75 | Parameter | +| jca/SymmetricModesTest.java:105:44:105:63 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:105:44:105:63 | ModeOfOperation | +| jca/SymmetricModesTest.java:105:44:105:63 | PaddingAlgorithm | +| jca/SymmetricModesTest.java:109:42:109:44 | Key | +| jca/SymmetricModesTest.java:109:47:109:52 | Nonce | +| jca/SymmetricModesTest.java:110:29:110:53 | EncryptOperation | +| jca/SymmetricModesTest.java:110:29:110:53 | KeyOperationOutput | +| jca/SymmetricModesTest.java:110:44:110:52 | Message | +| jca/SymmetricModesTest.java:127:52:127:56 | KeyOperationAlgorithm | +| jca/SymmetricModesTest.java:128:17:128:19 | Constant | +| jca/SymmetricModesTest.java:129:16:129:31 | Key | +| jca/SymmetricModesTest.java:129:16:129:31 | KeyGeneration | +| jca/UniversalFlowTest.java:19:28:19:32 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:26:21:26:23 | Constant | +| jca/UniversalFlowTest.java:27:25:27:44 | Key | +| jca/UniversalFlowTest.java:27:25:27:44 | KeyGeneration | +| jca/UniversalFlowTest.java:28:29:28:47 | KeyOperationAlgorithm | +| jca/UniversalFlowTest.java:28:29:28:47 | ModeOfOperation | +| jca/UniversalFlowTest.java:28:29:28:47 | PaddingAlgorithm | +| jca/UniversalFlowTest.java:31:9:31:40 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:31:38:31:39 | RandomNumberGeneration | +| jca/UniversalFlowTest.java:33:42:33:44 | Key | +| jca/UniversalFlowTest.java:33:47:33:53 | Nonce | +| jca/UniversalFlowTest.java:34:32:34:74 | EncryptOperation | +| jca/UniversalFlowTest.java:34:32:34:74 | KeyOperationOutput | +| jca/UniversalFlowTest.java:34:47:34:62 | Constant | +| jca/UniversalFlowTest.java:34:47:34:73 | Message | +| jca/UniversalFlowTest.java:46:20:46:24 | KeyOperationAlgorithm | From 017a956d5ee5016bad8ad7065fc92583ffb20706 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 6 Oct 2025 11:34:45 -0400 Subject: [PATCH 255/307] Crypto: more non-ascii removal. --- .../quantum/jca/KeyDerivation1.java | 16 ++++++++-------- .../library-tests/quantum/jca/MACOperation.java | 10 +++++----- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java index c5fc44a6b467..a97f02f18c1d 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/KeyDerivation1.java @@ -26,22 +26,22 @@ * 1. PBKDF2 Examples: - Parent Classification: Password-Based Key Derivation * Function (PBKDF). - SAST: * pbkdf2DerivationBasic: Uses PBKDF2WithHmacSHA256 * with 10,000 iterations - acceptable if parameters meet current standards. * - * pbkdf2LowIteration: Uses only 10 iterations – flagged as insecure due to + * pbkdf2LowIteration: Uses only 10 iterations, flagged as insecure due to * insufficient iteration count. * pbkdf2HighIteration: Uses 1,000,000 - * iterations – secure (though performance may be impacted). * pbkdf2HmacSHA1: - * Uses PBKDF2WithHmacSHA1 – flagged as weaker compared to SHA-256, though + * iterations - secure (though performance may be impacted). * pbkdf2HmacSHA1: + * Uses PBKDF2WithHmacSHA1 - flagged as weaker compared to SHA-256, though * sometimes seen in legacy systems. * pbkdf2HmacSHA512: Uses - * PBKDF2WithHmacSHA512 – classified as secure. + * PBKDF2WithHmacSHA512 - classified as secure. * * 2. Scrypt Examples: - Parent Classification: Memory-Hard Key Derivation - * Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) – + * Function. - SAST: * scryptWeak: Uses weak parameters (n=1024, r=1, p=1) - * flagged as insecure. * scryptStrong: Uses stronger parameters (n=16384, r=8, - * p=1) – considered secure. + * p=1) - considered secure. * * 3. Argon2 Examples: - Parent Classification: Memory-Hard Key Derivation * Function (Argon2id). - SAST: * argon2Derivation: Uses moderate memory and - * iterations – considered secure. * argon2HighMemory: Uses high memory (128MB) - * and more iterations – secure, though resource intensive. + * iterations - considered secure. * argon2HighMemory: Uses high memory (128MB) + * and more iterations - secure, though resource intensive. * * 4. Insecure Raw Hash Derivation: - Parent Classification: Raw Hash Usage for * Key Derivation. - SAST: Using a single SHA-256 hash as a key and then using diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java index e1e9d3205be2..e2753527133f 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -19,15 +19,15 @@ * * Flows include: * - * 1. Secure HMAC-SHA2 (HMAC-SHA256) – a widely accepted MAC. 2. Secure - * HMAC-SHA3 (HMAC-SHA3-256) – an alternative using the SHA-3 family. 3. Secure - * Poly1305 MAC – using BouncyCastle’s implementation. 4. Secure GMAC – using - * AES-GCM’s authentication tag in a dedicated MAC mode. 5. Secure KMAC – using + * 1. Secure HMAC-SHA2 (HMAC-SHA256) - a widely accepted MAC. 2. Secure + * HMAC-SHA3 (HMAC-SHA3-256) - an alternative using the SHA-3 family. 3. Secure + * Poly1305 MAC - using BouncyCastle’s implementation. 4. Secure GMAC - using + * AES-GCM’s authentication tag in a dedicated MAC mode. 5. Secure KMAC - using * KMAC128 (from the SHA-3 family). * * Insecure examples include: * - * 6. Insecure HMAC-SHA1 – which is deprecated. + * 6. Insecure HMAC-SHA1 - which is deprecated. * * Further flows: * From cb812b47ed34019cc34301b859311b29b47357fa Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Mon, 6 Oct 2025 11:53:39 -0400 Subject: [PATCH 256/307] Crypto: more non-ascii removal. --- .../experimental/library-tests/quantum/jca/MACOperation.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java index e2753527133f..ae55b52bcfc3 100644 --- a/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java +++ b/java/ql/test/experimental/library-tests/quantum/jca/MACOperation.java @@ -21,8 +21,8 @@ * * 1. Secure HMAC-SHA2 (HMAC-SHA256) - a widely accepted MAC. 2. Secure * HMAC-SHA3 (HMAC-SHA3-256) - an alternative using the SHA-3 family. 3. Secure - * Poly1305 MAC - using BouncyCastle’s implementation. 4. Secure GMAC - using - * AES-GCM’s authentication tag in a dedicated MAC mode. 5. Secure KMAC - using + * Poly1305 MAC - using BouncyCastle's implementation. 4. Secure GMAC - using + * AES-GCM's authentication tag in a dedicated MAC mode. 5. Secure KMAC - using * KMAC128 (from the SHA-3 family). * * Insecure examples include: From 5c6d187ef2342c4f2997d59612d68523c168c302 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Tue, 7 Oct 2025 09:19:58 +0200 Subject: [PATCH 257/307] Java: Fix buildless test HTTP server binding on macOS26 --- .../java/buildless-dependency-different-repository/test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py index 6e0e201d9a25..8a5efabf941a 100644 --- a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py +++ b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py @@ -4,8 +4,8 @@ def test(codeql, java): # Each of these serves the "repo" and "repo2" directories on http://localhost:924[89] - repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428"], cwd="repo") - repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429"], cwd="repo2") + repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428", "-b", "localhost"], cwd="repo") + repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429", "-b", "localhost"], cwd="repo2") try: codeql.database.create( extractor_option="buildless=true", From f9d62a0efc6fe41bd1cc1aba9d5cfb69dfe7c622 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 7 Oct 2025 09:43:39 +0200 Subject: [PATCH 258/307] C#: Narrow the use of unbound declaration locations to nested types. --- csharp/ql/lib/semmle/code/csharp/Type.qll | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/csharp/ql/lib/semmle/code/csharp/Type.qll b/csharp/ql/lib/semmle/code/csharp/Type.qll index c8b9799bbf64..1efb1aa93bff 100644 --- a/csharp/ql/lib/semmle/code/csharp/Type.qll +++ b/csharp/ql/lib/semmle/code/csharp/Type.qll @@ -30,7 +30,7 @@ class Type extends Member, TypeContainer, @type { /** Holds if this type is implicitly convertible to `that` type. */ predicate isImplicitlyConvertibleTo(Type that) { implicitConversion(this, that) } - override Location getALocation() { type_location(this.getUnboundDeclaration(), result) } + override Location getALocation() { type_location(this, result) } override Type getChild(int n) { none() } @@ -394,6 +394,8 @@ class NestedType extends ValueOrRefType { NestedType() { nested_types(this, _, _) } override ValueOrRefType getDeclaringType() { nested_types(this, result, _) } + + override Location getALocation() { type_location(this.getUnboundDeclaration(), result) } } /** From 11665bea0abe8ec1bc08b0fbbea0396f5f68e212 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 7 Oct 2025 10:10:02 +0200 Subject: [PATCH 259/307] Java: Allow taint-read-steps for array sources. --- .../semmle/code/java/dataflow/internal/TaintTrackingUtil.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll index b5e7fd53c9fd..5f1d6b66af56 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll @@ -655,6 +655,8 @@ private SrcRefType entrypointType() { ) or result = entrypointType().getAField().getType().(RefType).getSourceDeclaration() + or + result = entrypointType().(Array).getElementType().(RefType).getSourceDeclaration() } private predicate entrypointFieldStep(DataFlow::Node src, DataFlow::Node sink) { From ace2ff5775f2b0ce3533f8148e3a8b997bd42691 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 7 Oct 2025 11:32:20 +0200 Subject: [PATCH 260/307] Rust: test with the 1.90 toolchain --- rust/ql/test/rust-toolchain.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/rust-toolchain.toml b/rust/ql/test/rust-toolchain.toml index 254f87e09e6d..9343bef27c61 100644 --- a/rust/ql/test/rust-toolchain.toml +++ b/rust/ql/test/rust-toolchain.toml @@ -2,6 +2,6 @@ # IMPORTANT: this can also have an impact on QL test results [toolchain] -channel = "1.86" +channel = "1.90" profile = "minimal" components = [ "rust-src" ] From bf76cab7e062606ffcf04719f2ad551932982fa7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 Oct 2025 11:48:25 +0100 Subject: [PATCH 261/307] Correct comment about empty `.expected` file --- shared/util/codeql/util/test/InlineExpectationsTest.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index fbbad8f25b78..ccae8c1fc856 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -1,7 +1,8 @@ /** * Provides a library for writing QL tests whose success or failure is based on expected results * embedded in the test source code as comments, rather than the contents of an `.expected` file - * (in that the `.expected` file should always be empty). + * (in that the `.expected` file should always be empty, except when used via the post-processing + * query). * * To add this framework to a new language, add a new file * (usually called `InlineExpectationsTest.qll`) with: From 101d2ddd4f7c3a89e39cdfe1c772e86769c39fdb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 Oct 2025 12:12:49 +0100 Subject: [PATCH 262/307] Use new team for shared library reviewers --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 9b3e04029e07..84cff64ff156 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -9,7 +9,7 @@ /python/ @github/codeql-python /ruby/ @github/codeql-ruby /rust/ @github/codeql-rust -/shared/ @aschackmull @hvitved @owen-mc +/shared/ @github/codeql-shared-libraries-reviewers /swift/ @github/codeql-swift /misc/codegen/ @github/codeql-swift /java/kotlin-extractor/ @github/codeql-kotlin From f83b80a584eb0fd119c74624166fbc6d59383a9a Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 Oct 2025 12:32:38 +0100 Subject: [PATCH 263/307] Add `codeql-alert-coverage-eng` as catch-all --- CODEOWNERS | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index 84cff64ff156..dabe5a869d5b 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,3 +1,7 @@ +# Catch-all for anything which isn't matched by a line lower down +* @github/codeql-alert-coverage-eng + +# CodeQL language libraries /actions/ @github/codeql-dynamic /cpp/ @github/codeql-c-analysis /csharp/ @github/codeql-csharp From db9bb8389850a0492b3c02a34f20072310a9599d Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 7 Oct 2025 12:33:32 +0100 Subject: [PATCH 264/307] Move rule for `/ql/` for consistency --- CODEOWNERS | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index dabe5a869d5b..472edff683bd 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -11,6 +11,7 @@ /java/ @github/codeql-java /javascript/ @github/codeql-javascript /python/ @github/codeql-python +/ql/ @github/codeql-ql-for-ql-reviewers /ruby/ @github/codeql-ruby /rust/ @github/codeql-rust /shared/ @github/codeql-shared-libraries-reviewers @@ -30,9 +31,6 @@ /docs/codeql/ql-language-reference/ @github/codeql-frontend-reviewers /docs/query-*-style-guide.md @github/codeql-analysis-reviewers -# QL for QL reviewers -/ql/ @github/codeql-ql-for-ql-reviewers - # Bazel (excluding BUILD.bazel files) MODULE.bazel @github/codeql-ci-reviewers .bazelversion @github/codeql-ci-reviewers From f0bfd7053e1d4a67c6c31514e6f62a8dbbfde7b4 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 7 Oct 2025 13:40:44 +0200 Subject: [PATCH 265/307] Java: Add test case. --- .../dataflow/entrypoint-types/EntryPointTypesTest.java | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java index 983cb72ffb26..52d26974373d 100644 --- a/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java +++ b/java/ql/test/library-tests/dataflow/entrypoint-types/EntryPointTypesTest.java @@ -41,6 +41,10 @@ class UnrelatedObject { public String safeField; } + static class ArrayElemObject { + public String field; + } + private static void sink(String sink) {} public static void test(TestObject source) { @@ -70,4 +74,8 @@ public static void testSubtype(ParameterizedTestObject source) { UnrelatedObject unrelated = (UnrelatedObject) subtypeSource.getField8(); sink(unrelated.safeField); // Safe } + + public static void testArray(ArrayElemObject[] source) { + sink(source[0].field); // $hasTaintFlow + } } From 7dadbc43fba32819a61684acae02dcb74b7e63e4 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 7 Oct 2025 13:51:49 +0200 Subject: [PATCH 266/307] Java: Add change note. --- java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md diff --git a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md new file mode 100644 index 000000000000..45b898b6b2a6 --- /dev/null +++ b/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. From 584d8c537760ceb0befd5e603918ab0ae758db4c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 7 Oct 2025 14:24:21 +0200 Subject: [PATCH 267/307] C#: Add change-note. --- csharp/ql/lib/change-notes/2025-10-07-entity-locations.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-10-07-entity-locations.md diff --git a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md new file mode 100644 index 000000000000..44f36fe44c6a --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. From 122b7ebba81a02ac541b26c66aecf09047bd63c7 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 7 Oct 2025 14:49:08 +0200 Subject: [PATCH 268/307] Rust: accept test changes --- .../crate_graph/crates.expected | 82 ++--- .../macro-expansion/PrintAst.expected | 316 ++++++++---------- .../macro-expansion/test.expected | 40 +-- .../macro-in-library/test.expected | 4 +- .../dataflow/modeled/inline-flow.expected | 45 +-- .../PathResolutionConsistency.expected | 4 +- .../dataflow/sources/InlineFlow.expected | 303 ++++++++--------- .../dataflow/sources/TaintSources.expected | 4 +- .../strings/inline-taint-flow.expected | 8 +- .../path-resolution/path-resolution.expected | 4 +- .../security/CWE-020/RegexInjection.expected | 4 +- .../security/CWE-089/SqlInjection.expected | 8 +- .../CWE-311/CleartextTransmission.expected | 20 +- .../CWE-312/CleartextLogging.expected | 32 +- .../security/CWE-319/UseOfHttp.expected | 8 +- .../CWE-696/BadCTorInitialization.expected | 112 +++---- .../PathResolutionConsistency.expected | 2 +- .../PathResolutionConsistency.expected | 2 +- .../security/CWE-918/RequestForgery.expected | 12 +- 19 files changed, 441 insertions(+), 569 deletions(-) diff --git a/rust/ql/test/extractor-tests/crate_graph/crates.expected b/rust/ql/test/extractor-tests/crate_graph/crates.expected index 21c662bb425d..f4bd0ae031ba 100644 --- a/rust/ql/test/extractor-tests/crate_graph/crates.expected +++ b/rust/ql/test/extractor-tests/crate_graph/crates.expected @@ -1,10 +1,6 @@ #-----| Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| rand -> Crate(rand@0.9.0) -#-----| rand_xorshift -> Crate(rand_xorshift@0.4.0) - -#-----| Crate(allocator_api2@0.2.21) +#-----| compiler_builtins -> Crate(compiler_builtins@0.1.160) #-----| Crate(block_buffer@0.10.4) #-----| proc_macro -> Crate(proc_macro@0.0.0) @@ -14,10 +10,6 @@ #-----| test -> Crate(test@0.0.0) #-----| generic_array -> Crate(generic_array@0.14.7) -#-----| Crate(cfg_if@1.0.0) -#-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) - #-----| Crate(cfg_if@1.0.1) #-----| proc_macro -> Crate(proc_macro@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) @@ -25,7 +17,10 @@ #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) -#-----| Crate(compiler_builtins@0.1.146) +#-----| Crate(cfg_if@1.0.1) +#-----| core -> Crate(core@0.0.0) + +#-----| Crate(compiler_builtins@0.1.160) #-----| core -> Crate(core@0.0.0) #-----| Crate(core@0.0.0) @@ -56,18 +51,16 @@ #-----| test -> Crate(test@0.0.0) #-----| typenum -> Crate(typenum@1.18.0) -#-----| Crate(getopts@0.2.21) +#-----| Crate(getopts@0.2.23) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| unicode_width -> Crate(unicode_width@0.1.14) +#-----| unicode_width -> Crate(unicode_width@0.2.1) -#-----| Crate(hashbrown@0.15.2) -#-----| allocator_api2 -> Crate(allocator_api2@0.2.21) +#-----| Crate(hashbrown@0.15.4) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| Crate(libc@0.2.169) +#-----| Crate(libc@0.2.174) #-----| rustc_std_workspace_core -> Crate(core@0.0.0) main.rs: @@ -98,48 +91,44 @@ main.rs: #-----| test -> Crate(test@0.0.0) #-----| Crate(panic_abort@0.0.0) -#-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) #-----| Crate(panic_unwind@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| unwind -> Crate(unwind@0.0.0) #-----| Crate(proc_macro@0.0.0) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) +#-----| rustc_literal_escaper -> Crate(rustc_literal_escaper@0.0.5) -#-----| Crate(rand@0.9.0) -#-----| zerocopy -> Crate(zerocopy@0.8.17) -#-----| rand_core -> Crate(rand_core@0.9.0) +#-----| Crate(rand@0.9.2) +#-----| rand_core -> Crate(rand_core@0.9.3) -#-----| Crate(rand_core@0.9.0) -#-----| zerocopy -> Crate(zerocopy@0.8.17) +#-----| Crate(rand_core@0.9.3) #-----| Crate(rand_xorshift@0.4.0) -#-----| rand_core -> Crate(rand_core@0.9.0) +#-----| rand_core -> Crate(rand_core@0.9.3) + +#-----| Crate(rustc_demangle@0.1.25) +#-----| core -> Crate(core@0.0.0) -#-----| Crate(rustc_demangle@0.1.24) +#-----| Crate(rustc_literal_escaper@0.0.5) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) +#-----| std -> Crate(std@0.0.0) #-----| Crate(std@0.0.0) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| hashbrown -> Crate(hashbrown@0.15.2) -#-----| libc -> Crate(libc@0.2.169) -#-----| rand -> Crate(rand@0.9.0) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| hashbrown -> Crate(hashbrown@0.15.4) +#-----| libc -> Crate(libc@0.2.174) +#-----| rand -> Crate(rand@0.9.2) #-----| rand_xorshift -> Crate(rand_xorshift@0.4.0) -#-----| rustc_demangle -> Crate(rustc_demangle@0.1.24) +#-----| rustc_demangle -> Crate(rustc_demangle@0.1.25) #-----| panic_abort -> Crate(panic_abort@0.0.0) #-----| unwind -> Crate(unwind@0.0.0) #-----| panic_unwind -> Crate(panic_unwind@0.0.0) @@ -148,15 +137,14 @@ main.rs: #-----| Crate(std_detect@0.1.5) #-----| alloc -> Crate(alloc@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| Crate(test@0.0.0) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| getopts -> Crate(getopts@0.2.21) -#-----| libc -> Crate(libc@0.2.169) +#-----| getopts -> Crate(getopts@0.2.23) +#-----| libc -> Crate(libc@0.2.174) lib.rs: # 0| Crate(test@0.0.1) @@ -175,16 +163,14 @@ lib.rs: #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) -#-----| Crate(unicode_width@0.1.14) +#-----| Crate(unicode_width@0.2.1) #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) #-----| Crate(unwind@0.0.0) #-----| core -> Crate(core@0.0.0) -#-----| compiler_builtins -> Crate(compiler_builtins@0.1.146) -#-----| cfg_if -> Crate(cfg_if@1.0.0) -#-----| libc -> Crate(libc@0.2.169) +#-----| cfg_if -> Crate(cfg_if@1.0.1) +#-----| libc -> Crate(libc@0.2.174) #-----| Crate(version_check@0.9.5) #-----| proc_macro -> Crate(proc_macro@0.0.0) @@ -192,5 +178,3 @@ lib.rs: #-----| core -> Crate(core@0.0.0) #-----| std -> Crate(std@0.0.0) #-----| test -> Crate(test@0.0.0) - -#-----| Crate(zerocopy@0.8.17) diff --git a/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected b/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected index fbd7a97918ab..f7a56a93abf4 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/PrintAst.expected @@ -635,47 +635,40 @@ macro_expansion.rs: # 56| getArgList(): [ArgList] ArgList # 56| getArg(0): [BlockExpr] { ... } # 56| getStmtList(): [StmtList] StmtList -# 56| getStatement(0): [LetStmt] let ... = ... -# 56| getInitializer(): [CallExpr] ...::format(...) -# 56| getArgList(): [ArgList] ArgList -# 56| getArg(0): [MacroExpr] MacroExpr -# 56| getMacroCall(): [MacroCall] ...::format_args!... -# 55| getPath(): [Path] ...::format_args -# 55| getQualifier(): [Path] ...::__export -# 55| getQualifier(): [Path] $crate -# 55| getSegment(): [PathSegment] $crate -# 55| getIdentifier(): [NameRef] $crate -# 55| getSegment(): [PathSegment] __export -# 55| getIdentifier(): [NameRef] __export -# 55| getSegment(): [PathSegment] format_args -# 55| getIdentifier(): [NameRef] format_args -# 56| getTokenTree(): [TokenTree] TokenTree -# 56| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 57| getArg(0): [FormatArgsArg] FormatArgsArg -# 57| getExpr(): [StringLiteralExpr] "hi" -# 56| getTemplate(): [ParenExpr] (...) -# 56| getExpr(): [MacroExpr] MacroExpr -# 56| getMacroCall(): [MacroCall] concat!... -# 56| getPath(): [Path] concat -# 56| getSegment(): [PathSegment] concat -# 56| getIdentifier(): [NameRef] concat -# 56| getTokenTree(): [TokenTree] TokenTree -# 55| getFunction(): [PathExpr] ...::format -# 55| getPath(): [Path] ...::format -# 55| getQualifier(): [Path] ...::fmt -# 55| getQualifier(): [Path] $crate -# 55| getSegment(): [PathSegment] $crate -# 55| getIdentifier(): [NameRef] $crate -# 55| getSegment(): [PathSegment] fmt -# 55| getIdentifier(): [NameRef] fmt -# 55| getSegment(): [PathSegment] format -# 55| getIdentifier(): [NameRef] format -# 55| getPat(): [IdentPat] res -# 55| getName(): [Name] res -# 55| getTailExpr(): [PathExpr,VariableAccess] res -# 55| getPath(): [Path] res -# 55| getSegment(): [PathSegment] res -# 55| getIdentifier(): [NameRef] res +# 56| getTailExpr(): [CallExpr] ...::format(...) +# 56| getArgList(): [ArgList] ArgList +# 56| getArg(0): [MacroExpr] MacroExpr +# 56| getMacroCall(): [MacroCall] ...::format_args!... +# 55| getPath(): [Path] ...::format_args +# 55| getQualifier(): [Path] ...::__export +# 55| getQualifier(): [Path] $crate +# 55| getSegment(): [PathSegment] $crate +# 55| getIdentifier(): [NameRef] $crate +# 55| getSegment(): [PathSegment] __export +# 55| getIdentifier(): [NameRef] __export +# 55| getSegment(): [PathSegment] format_args +# 55| getIdentifier(): [NameRef] format_args +# 56| getTokenTree(): [TokenTree] TokenTree +# 56| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 57| getArg(0): [FormatArgsArg] FormatArgsArg +# 57| getExpr(): [StringLiteralExpr] "hi" +# 56| getTemplate(): [ParenExpr] (...) +# 56| getExpr(): [MacroExpr] MacroExpr +# 56| getMacroCall(): [MacroCall] concat!... +# 56| getPath(): [Path] concat +# 56| getSegment(): [PathSegment] concat +# 56| getIdentifier(): [NameRef] concat +# 56| getTokenTree(): [TokenTree] TokenTree +# 55| getFunction(): [PathExpr] ...::format +# 55| getPath(): [Path] ...::format +# 55| getQualifier(): [Path] ...::fmt +# 55| getQualifier(): [Path] $crate +# 55| getSegment(): [PathSegment] $crate +# 55| getIdentifier(): [NameRef] $crate +# 55| getSegment(): [PathSegment] fmt +# 55| getIdentifier(): [NameRef] fmt +# 55| getSegment(): [PathSegment] format +# 55| getIdentifier(): [NameRef] format # 55| getFunction(): [PathExpr] ...::must_use # 55| getPath(): [Path] ...::must_use # 55| getQualifier(): [Path] ...::__export @@ -1388,55 +1381,48 @@ proc_macro.rs: # 11| getArgList(): [ArgList] ArgList # 11| getArg(0): [BlockExpr] { ... } # 11| getStmtList(): [StmtList] StmtList -# 11| getStatement(0): [LetStmt] let ... = ... -# 11| getInitializer(): [CallExpr] ...::format(...) -# 11| getArgList(): [ArgList] ArgList -# 11| getArg(0): [MacroExpr] MacroExpr -# 11| getMacroCall(): [MacroCall] ...::format_args!... -# 11| getPath(): [Path] ...::format_args -# 11| getQualifier(): [Path] ...::__export -# 11| getQualifier(): [Path] $crate -# 11| getSegment(): [PathSegment] $crate -# 11| getIdentifier(): [NameRef] $crate -# 11| getSegment(): [PathSegment] __export -# 11| getIdentifier(): [NameRef] __export -# 11| getSegment(): [PathSegment] format_args -# 11| getIdentifier(): [NameRef] format_args -# 11| getTokenTree(): [TokenTree] TokenTree -# 11| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 11| getArg(0): [FormatArgsArg] FormatArgsArg -# 11| getExpr(): [FieldExpr] ... .ident -# 11| getContainer(): [FieldExpr] ast.sig -# 11| getContainer(): [PathExpr,VariableAccess] ast -# 11| getPath(): [Path] ast -# 11| getSegment(): [PathSegment] ast -# 11| getIdentifier(): [NameRef] ast -# 11| getIdentifier(): [NameRef] sig -# 11| getIdentifier(): [NameRef] ident -# 11| getArg(1): [FormatArgsArg] FormatArgsArg -# 11| getExpr(): [PathExpr,VariableAccess] i -# 11| getPath(): [Path] i -# 11| getSegment(): [PathSegment] i -# 11| getIdentifier(): [NameRef] i -# 11| getTemplate(): [StringLiteralExpr] "{}_{}" -# 11| getFormat(0): [Format] {} -# 11| getFormat(1): [Format] {} -# 11| getFunction(): [PathExpr] ...::format -# 11| getPath(): [Path] ...::format -# 11| getQualifier(): [Path] ...::fmt -# 11| getQualifier(): [Path] $crate -# 11| getSegment(): [PathSegment] $crate -# 11| getIdentifier(): [NameRef] $crate -# 11| getSegment(): [PathSegment] fmt -# 11| getIdentifier(): [NameRef] fmt -# 11| getSegment(): [PathSegment] format -# 11| getIdentifier(): [NameRef] format -# 11| getPat(): [IdentPat] res -# 11| getName(): [Name] res -# 11| getTailExpr(): [PathExpr,VariableAccess] res -# 11| getPath(): [Path] res -# 11| getSegment(): [PathSegment] res -# 11| getIdentifier(): [NameRef] res +# 11| getTailExpr(): [CallExpr] ...::format(...) +# 11| getArgList(): [ArgList] ArgList +# 11| getArg(0): [MacroExpr] MacroExpr +# 11| getMacroCall(): [MacroCall] ...::format_args!... +# 11| getPath(): [Path] ...::format_args +# 11| getQualifier(): [Path] ...::__export +# 11| getQualifier(): [Path] $crate +# 11| getSegment(): [PathSegment] $crate +# 11| getIdentifier(): [NameRef] $crate +# 11| getSegment(): [PathSegment] __export +# 11| getIdentifier(): [NameRef] __export +# 11| getSegment(): [PathSegment] format_args +# 11| getIdentifier(): [NameRef] format_args +# 11| getTokenTree(): [TokenTree] TokenTree +# 11| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 11| getArg(0): [FormatArgsArg] FormatArgsArg +# 11| getExpr(): [FieldExpr] ... .ident +# 11| getContainer(): [FieldExpr] ast.sig +# 11| getContainer(): [PathExpr,VariableAccess] ast +# 11| getPath(): [Path] ast +# 11| getSegment(): [PathSegment] ast +# 11| getIdentifier(): [NameRef] ast +# 11| getIdentifier(): [NameRef] sig +# 11| getIdentifier(): [NameRef] ident +# 11| getArg(1): [FormatArgsArg] FormatArgsArg +# 11| getExpr(): [PathExpr,VariableAccess] i +# 11| getPath(): [Path] i +# 11| getSegment(): [PathSegment] i +# 11| getIdentifier(): [NameRef] i +# 11| getTemplate(): [StringLiteralExpr] "{}_{}" +# 11| getFormat(0): [Format] {} +# 11| getFormat(1): [Format] {} +# 11| getFunction(): [PathExpr] ...::format +# 11| getPath(): [Path] ...::format +# 11| getQualifier(): [Path] ...::fmt +# 11| getQualifier(): [Path] $crate +# 11| getSegment(): [PathSegment] $crate +# 11| getIdentifier(): [NameRef] $crate +# 11| getSegment(): [PathSegment] fmt +# 11| getIdentifier(): [NameRef] fmt +# 11| getSegment(): [PathSegment] format +# 11| getIdentifier(): [NameRef] format # 11| getFunction(): [PathExpr] ...::must_use # 11| getPath(): [Path] ...::must_use # 11| getQualifier(): [Path] ...::__export @@ -2245,49 +2231,42 @@ proc_macro.rs: # 24| getArgList(): [ArgList] ArgList # 24| getArg(0): [BlockExpr] { ... } # 24| getStmtList(): [StmtList] StmtList -# 24| getStatement(0): [LetStmt] let ... = ... -# 24| getInitializer(): [CallExpr] ...::format(...) -# 24| getArgList(): [ArgList] ArgList -# 24| getArg(0): [MacroExpr] MacroExpr -# 24| getMacroCall(): [MacroCall] ...::format_args!... -# 24| getPath(): [Path] ...::format_args -# 24| getQualifier(): [Path] ...::__export -# 24| getQualifier(): [Path] $crate -# 24| getSegment(): [PathSegment] $crate -# 24| getIdentifier(): [NameRef] $crate -# 24| getSegment(): [PathSegment] __export -# 24| getIdentifier(): [NameRef] __export -# 24| getSegment(): [PathSegment] format_args -# 24| getIdentifier(): [NameRef] format_args -# 24| getTokenTree(): [TokenTree] TokenTree -# 24| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 24| getArg(0): [FormatArgsArg] FormatArgsArg -# 24| getExpr(): [FieldExpr] ... .ident -# 24| getContainer(): [FieldExpr] ast.sig -# 24| getContainer(): [PathExpr,VariableAccess] ast -# 24| getPath(): [Path] ast -# 24| getSegment(): [PathSegment] ast -# 24| getIdentifier(): [NameRef] ast -# 24| getIdentifier(): [NameRef] sig -# 24| getIdentifier(): [NameRef] ident -# 24| getTemplate(): [StringLiteralExpr] "{}_new" -# 24| getFormat(0): [Format] {} -# 24| getFunction(): [PathExpr] ...::format -# 24| getPath(): [Path] ...::format -# 24| getQualifier(): [Path] ...::fmt -# 24| getQualifier(): [Path] $crate -# 24| getSegment(): [PathSegment] $crate -# 24| getIdentifier(): [NameRef] $crate -# 24| getSegment(): [PathSegment] fmt -# 24| getIdentifier(): [NameRef] fmt -# 24| getSegment(): [PathSegment] format -# 24| getIdentifier(): [NameRef] format -# 24| getPat(): [IdentPat] res -# 24| getName(): [Name] res -# 24| getTailExpr(): [PathExpr,VariableAccess] res -# 24| getPath(): [Path] res -# 24| getSegment(): [PathSegment] res -# 24| getIdentifier(): [NameRef] res +# 24| getTailExpr(): [CallExpr] ...::format(...) +# 24| getArgList(): [ArgList] ArgList +# 24| getArg(0): [MacroExpr] MacroExpr +# 24| getMacroCall(): [MacroCall] ...::format_args!... +# 24| getPath(): [Path] ...::format_args +# 24| getQualifier(): [Path] ...::__export +# 24| getQualifier(): [Path] $crate +# 24| getSegment(): [PathSegment] $crate +# 24| getIdentifier(): [NameRef] $crate +# 24| getSegment(): [PathSegment] __export +# 24| getIdentifier(): [NameRef] __export +# 24| getSegment(): [PathSegment] format_args +# 24| getIdentifier(): [NameRef] format_args +# 24| getTokenTree(): [TokenTree] TokenTree +# 24| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 24| getArg(0): [FormatArgsArg] FormatArgsArg +# 24| getExpr(): [FieldExpr] ... .ident +# 24| getContainer(): [FieldExpr] ast.sig +# 24| getContainer(): [PathExpr,VariableAccess] ast +# 24| getPath(): [Path] ast +# 24| getSegment(): [PathSegment] ast +# 24| getIdentifier(): [NameRef] ast +# 24| getIdentifier(): [NameRef] sig +# 24| getIdentifier(): [NameRef] ident +# 24| getTemplate(): [StringLiteralExpr] "{}_new" +# 24| getFormat(0): [Format] {} +# 24| getFunction(): [PathExpr] ...::format +# 24| getPath(): [Path] ...::format +# 24| getQualifier(): [Path] ...::fmt +# 24| getQualifier(): [Path] $crate +# 24| getSegment(): [PathSegment] $crate +# 24| getIdentifier(): [NameRef] $crate +# 24| getSegment(): [PathSegment] fmt +# 24| getIdentifier(): [NameRef] fmt +# 24| getSegment(): [PathSegment] format +# 24| getIdentifier(): [NameRef] format # 24| getFunction(): [PathExpr] ...::must_use # 24| getPath(): [Path] ...::must_use # 24| getQualifier(): [Path] ...::__export @@ -2707,45 +2686,38 @@ proc_macro.rs: # 40| getArgList(): [ArgList] ArgList # 40| getArg(0): [BlockExpr] { ... } # 40| getStmtList(): [StmtList] StmtList -# 40| getStatement(0): [LetStmt] let ... = ... -# 40| getInitializer(): [CallExpr] ...::format(...) -# 40| getArgList(): [ArgList] ArgList -# 40| getArg(0): [MacroExpr] MacroExpr -# 40| getMacroCall(): [MacroCall] ...::format_args!... -# 40| getPath(): [Path] ...::format_args -# 40| getQualifier(): [Path] ...::__export -# 40| getQualifier(): [Path] $crate -# 40| getSegment(): [PathSegment] $crate -# 40| getIdentifier(): [NameRef] $crate -# 40| getSegment(): [PathSegment] __export -# 40| getIdentifier(): [NameRef] __export -# 40| getSegment(): [PathSegment] format_args -# 40| getIdentifier(): [NameRef] format_args -# 40| getTokenTree(): [TokenTree] TokenTree -# 40| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr -# 40| getArg(0): [FormatArgsArg] FormatArgsArg -# 40| getExpr(): [PathExpr,VariableAccess] name -# 40| getPath(): [Path] name -# 40| getSegment(): [PathSegment] name -# 40| getIdentifier(): [NameRef] name -# 40| getTemplate(): [StringLiteralExpr] "CONST_{}" -# 40| getFormat(0): [Format] {} -# 40| getFunction(): [PathExpr] ...::format -# 40| getPath(): [Path] ...::format -# 40| getQualifier(): [Path] ...::fmt -# 40| getQualifier(): [Path] $crate -# 40| getSegment(): [PathSegment] $crate -# 40| getIdentifier(): [NameRef] $crate -# 40| getSegment(): [PathSegment] fmt -# 40| getIdentifier(): [NameRef] fmt -# 40| getSegment(): [PathSegment] format -# 40| getIdentifier(): [NameRef] format -# 40| getPat(): [IdentPat] res -# 40| getName(): [Name] res -# 40| getTailExpr(): [PathExpr,VariableAccess] res -# 40| getPath(): [Path] res -# 40| getSegment(): [PathSegment] res -# 40| getIdentifier(): [NameRef] res +# 40| getTailExpr(): [CallExpr] ...::format(...) +# 40| getArgList(): [ArgList] ArgList +# 40| getArg(0): [MacroExpr] MacroExpr +# 40| getMacroCall(): [MacroCall] ...::format_args!... +# 40| getPath(): [Path] ...::format_args +# 40| getQualifier(): [Path] ...::__export +# 40| getQualifier(): [Path] $crate +# 40| getSegment(): [PathSegment] $crate +# 40| getIdentifier(): [NameRef] $crate +# 40| getSegment(): [PathSegment] __export +# 40| getIdentifier(): [NameRef] __export +# 40| getSegment(): [PathSegment] format_args +# 40| getIdentifier(): [NameRef] format_args +# 40| getTokenTree(): [TokenTree] TokenTree +# 40| getMacroCallExpansion(): [FormatArgsExpr] FormatArgsExpr +# 40| getArg(0): [FormatArgsArg] FormatArgsArg +# 40| getExpr(): [PathExpr,VariableAccess] name +# 40| getPath(): [Path] name +# 40| getSegment(): [PathSegment] name +# 40| getIdentifier(): [NameRef] name +# 40| getTemplate(): [StringLiteralExpr] "CONST_{}" +# 40| getFormat(0): [Format] {} +# 40| getFunction(): [PathExpr] ...::format +# 40| getPath(): [Path] ...::format +# 40| getQualifier(): [Path] ...::fmt +# 40| getQualifier(): [Path] $crate +# 40| getSegment(): [PathSegment] $crate +# 40| getIdentifier(): [NameRef] $crate +# 40| getSegment(): [PathSegment] fmt +# 40| getIdentifier(): [NameRef] fmt +# 40| getSegment(): [PathSegment] format +# 40| getIdentifier(): [NameRef] format # 40| getFunction(): [PathExpr] ...::must_use # 40| getPath(): [Path] ...::must_use # 40| getQualifier(): [Path] ...::__export diff --git a/rust/ql/test/extractor-tests/macro-expansion/test.expected b/rust/ql/test/extractor-tests/macro-expansion/test.expected index deb522796c9e..930a0f443bd8 100644 --- a/rust/ql/test/extractor-tests/macro-expansion/test.expected +++ b/rust/ql/test/extractor-tests/macro-expansion/test.expected @@ -1,19 +1,19 @@ attribute_macros -| macro_expansion.rs:3:1:12:1 | fn foo | 0 | macro_expansion.rs:4:1:11:14 | fn foo | -| macro_expansion.rs:3:1:12:1 | fn foo | 1 | macro_expansion.rs:4:1:11:14 | fn foo_new | -| macro_expansion.rs:7:5:8:16 | fn inner | 0 | macro_expansion.rs:8:5:8:16 | fn inner_0 | -| macro_expansion.rs:7:5:8:16 | fn inner | 0 | macro_expansion.rs:8:5:8:16 | fn inner_0 | -| macro_expansion.rs:7:5:8:16 | fn inner | 1 | macro_expansion.rs:8:5:8:16 | fn inner_1 | -| macro_expansion.rs:7:5:8:16 | fn inner | 1 | macro_expansion.rs:8:5:8:16 | fn inner_1 | -| macro_expansion.rs:14:1:16:15 | fn bar | 0 | macro_expansion.rs:15:1:16:14 | fn bar_0 | -| macro_expansion.rs:14:1:16:15 | fn bar | 1 | macro_expansion.rs:15:1:16:14 | fn bar_1 | -| macro_expansion.rs:15:1:16:14 | fn bar_0 | 0 | macro_expansion.rs:16:1:16:14 | fn bar_0 | -| macro_expansion.rs:15:1:16:14 | fn bar_0 | 1 | macro_expansion.rs:16:1:16:14 | fn bar_0_new | -| macro_expansion.rs:15:1:16:14 | fn bar_1 | 0 | macro_expansion.rs:16:1:16:14 | fn bar_1 | -| macro_expansion.rs:15:1:16:14 | fn bar_1 | 1 | macro_expansion.rs:16:1:16:14 | fn bar_1_new | -| macro_expansion.rs:31:5:34:5 | fn bzz | 0 | macro_expansion.rs:32:5:33:17 | fn bzz_0 | -| macro_expansion.rs:31:5:34:5 | fn bzz | 1 | macro_expansion.rs:32:5:33:17 | fn bzz_1 | -| macro_expansion.rs:31:5:34:5 | fn bzz | 2 | macro_expansion.rs:32:5:33:17 | fn bzz_2 | +| macro_expansion.rs:3:1:12:1 | fn foo | 0 | macro_expansion.rs:4:1:12:1 | fn foo | +| macro_expansion.rs:3:1:12:1 | fn foo | 1 | macro_expansion.rs:4:1:12:1 | fn foo_new | +| macro_expansion.rs:7:5:8:17 | fn inner | 0 | macro_expansion.rs:8:5:8:17 | fn inner_0 | +| macro_expansion.rs:7:5:8:17 | fn inner | 0 | macro_expansion.rs:8:5:8:17 | fn inner_0 | +| macro_expansion.rs:7:5:8:17 | fn inner | 1 | macro_expansion.rs:8:5:8:17 | fn inner_1 | +| macro_expansion.rs:7:5:8:17 | fn inner | 1 | macro_expansion.rs:8:5:8:17 | fn inner_1 | +| macro_expansion.rs:14:1:16:15 | fn bar | 0 | macro_expansion.rs:15:1:16:15 | fn bar_0 | +| macro_expansion.rs:14:1:16:15 | fn bar | 1 | macro_expansion.rs:15:1:16:15 | fn bar_1 | +| macro_expansion.rs:15:1:16:15 | fn bar_0 | 0 | macro_expansion.rs:16:1:16:15 | fn bar_0 | +| macro_expansion.rs:15:1:16:15 | fn bar_0 | 1 | macro_expansion.rs:16:1:16:15 | fn bar_0_new | +| macro_expansion.rs:15:1:16:15 | fn bar_1 | 0 | macro_expansion.rs:16:1:16:15 | fn bar_1 | +| macro_expansion.rs:15:1:16:15 | fn bar_1 | 1 | macro_expansion.rs:16:1:16:15 | fn bar_1_new | +| macro_expansion.rs:31:5:34:5 | fn bzz | 0 | macro_expansion.rs:32:5:34:5 | fn bzz_0 | +| macro_expansion.rs:31:5:34:5 | fn bzz | 1 | macro_expansion.rs:32:5:34:5 | fn bzz_1 | +| macro_expansion.rs:31:5:34:5 | fn bzz | 2 | macro_expansion.rs:32:5:34:5 | fn bzz_2 | derive_macros | macro_expansion.rs:83:1:86:1 | struct MyDerive | 0 | 0 | macro_expansion.rs:84:8:85:9 | impl ...::Debug for MyDerive::<...> { ... } | | macro_expansion.rs:88:1:92:1 | enum MyDeriveEnum | 0 | 0 | macro_expansion.rs:89:6:91:12 | impl ...::PartialEq for MyDeriveEnum::<...> { ... } | @@ -21,17 +21,17 @@ derive_macros | macro_expansion.rs:98:1:102:1 | union MyDeriveUnion | 0 | 0 | macro_expansion.rs:99:7:99:19 | Const | | macro_expansion.rs:98:1:102:1 | union MyDeriveUnion | 0 | 1 | macro_expansion.rs:99:7:99:19 | impl MyTrait for MyDeriveUnion { ... } | macro_calls -| macro_expansion.rs:5:9:5:34 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | -| macro_expansion.rs:5:9:5:34 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | +| macro_expansion.rs:5:9:5:35 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | +| macro_expansion.rs:5:9:5:35 | concat!... | macro_expansion.rs:5:17:5:34 | "Hello world!" | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | ...::format_args_nl!... | macro_expansion.rs:31:5:31:16 | FormatArgsExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:31:5:31:16 | println!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | -| macro_expansion.rs:33:9:33:15 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | +| macro_expansion.rs:33:9:33:16 | hello!... | macro_expansion.rs:31:5:31:16 | MacroBlockExpr | | macro_expansion.rs:44:5:44:13 | def_x!... | macro_expansion.rs:44:5:44:10 | MacroItems | | macro_expansion.rs:53:9:53:25 | concat!... | macro_expansion.rs:53:17:53:24 | "xy" | | macro_expansion.rs:55:9:58:5 | my_macro!... | macro_expansion.rs:56:9:57:13 | MacroExpr | diff --git a/rust/ql/test/extractor-tests/macro-in-library/test.expected b/rust/ql/test/extractor-tests/macro-in-library/test.expected index 685ce3244e35..0b4b9cb5eaa9 100644 --- a/rust/ql/test/extractor-tests/macro-in-library/test.expected +++ b/rust/ql/test/extractor-tests/macro-in-library/test.expected @@ -1,4 +1,4 @@ macro_items -| macro_in_library.rs:2:1:2:14 | MacroItems | 0 | macro_in_library.rs:2:1:2:14 | fn foo | -| macro_in_library.rs:2:1:2:14 | MacroItems | 1 | macro_in_library.rs:2:1:2:14 | fn foo_new | +| macro_in_library.rs:2:1:2:15 | MacroItems | 0 | macro_in_library.rs:2:1:2:15 | fn foo | +| macro_in_library.rs:2:1:2:15 | MacroItems | 1 | macro_in_library.rs:2:1:2:15 | fn foo_new | warnings diff --git a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected index bd2bfe9880e9..3a9e28258d5e 100644 --- a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected @@ -6,16 +6,14 @@ models | 5 | Summary: ::clone; Argument[self].Reference; ReturnValue; value | | 6 | Summary: ::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 7 | Summary: ::zip; Argument[0].Field[core::option::Option::Some(0)]; ReturnValue.Field[core::option::Option::Some(0)].Field[1]; value | -| 8 | Summary: ::into_inner; Argument[0].Field[core::pin::Pin::__pointer]; ReturnValue; value | -| 9 | Summary: ::into_inner; Argument[0]; ReturnValue; value | -| 10 | Summary: ::into_inner_unchecked; Argument[0]; ReturnValue; value | -| 11 | Summary: ::new; Argument[0].Reference; ReturnValue; value | -| 12 | Summary: ::new; Argument[0]; ReturnValue.Field[core::pin::Pin::__pointer]; value | -| 13 | Summary: ::new; Argument[0]; ReturnValue; value | -| 14 | Summary: ::new_unchecked; Argument[0].Reference; ReturnValue; value | -| 15 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 16 | Summary: core::ptr::read; Argument[0].Reference; ReturnValue; value | -| 17 | Summary: core::ptr::write; Argument[1]; Argument[0].Reference; value | +| 8 | Summary: ::into_inner; Argument[0]; ReturnValue; value | +| 9 | Summary: ::into_inner_unchecked; Argument[0]; ReturnValue; value | +| 10 | Summary: ::new; Argument[0].Reference; ReturnValue; value | +| 11 | Summary: ::new; Argument[0]; ReturnValue; value | +| 12 | Summary: ::new_unchecked; Argument[0].Reference; ReturnValue; value | +| 13 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 14 | Summary: core::ptr::read; Argument[0].Reference; ReturnValue; value | +| 15 | Summary: core::ptr::write; Argument[1]; Argument[0].Reference; value | edges | main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap() | provenance | MaD:6 | | main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:13 | a [Some] | provenance | | @@ -24,11 +22,11 @@ edges | main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap() | provenance | MaD:6 | | main.rs:14:13:14:13 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | MaD:1 | | main.rs:14:13:14:21 | a.clone() [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | -| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:15 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:13 | | main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:13 | a [Ok] | provenance | | | main.rs:19:31:19:44 | Ok(...) [Ok] | main.rs:19:9:19:9 | a [Ok] | provenance | | | main.rs:19:34:19:43 | source(...) | main.rs:19:31:19:44 | Ok(...) [Ok] | provenance | | -| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:15 | +| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:13 | | main.rs:21:13:21:13 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | MaD:1 | | main.rs:21:13:21:21 | a.clone() [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | | main.rs:26:9:26:9 | a | main.rs:27:10:27:10 | a | provenance | | @@ -66,8 +64,8 @@ edges | main.rs:69:18:69:23 | TuplePat [tuple.1] | main.rs:69:22:69:22 | m | provenance | | | main.rs:69:22:69:22 | m | main.rs:71:22:71:22 | m | provenance | | | main.rs:92:29:92:29 | [post] y [&ref] | main.rs:93:33:93:33 | y [&ref] | provenance | | -| main.rs:92:32:92:41 | source(...) | main.rs:92:29:92:29 | [post] y [&ref] | provenance | MaD:17 | -| main.rs:93:33:93:33 | y [&ref] | main.rs:93:18:93:34 | ...::read(...) | provenance | MaD:16 | +| main.rs:92:32:92:41 | source(...) | main.rs:92:29:92:29 | [post] y [&ref] | provenance | MaD:15 | +| main.rs:93:33:93:33 | y [&ref] | main.rs:93:18:93:34 | ...::read(...) | provenance | MaD:14 | | main.rs:108:13:108:17 | mut i | main.rs:109:34:109:34 | i | provenance | | | main.rs:108:13:108:17 | mut i | main.rs:110:33:110:33 | i | provenance | | | main.rs:108:13:108:17 | mut i | main.rs:111:47:111:47 | i | provenance | | @@ -75,11 +73,8 @@ edges | main.rs:108:21:108:30 | source(...) | main.rs:108:13:108:17 | mut i | provenance | | | main.rs:109:13:109:20 | mut pin1 [&ref] | main.rs:114:15:114:18 | pin1 [&ref] | provenance | | | main.rs:109:13:109:20 | mut pin1 [&ref] | main.rs:115:31:115:34 | pin1 [&ref] | provenance | | -| main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | main.rs:115:31:115:34 | pin1 [Pin, &ref] | provenance | | | main.rs:109:24:109:35 | ...::new(...) [&ref] | main.rs:109:13:109:20 | mut pin1 [&ref] | provenance | | -| main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | provenance | | -| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [&ref] | provenance | MaD:13 | -| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | provenance | MaD:12 | +| main.rs:109:33:109:34 | &i [&ref] | main.rs:109:24:109:35 | ...::new(...) [&ref] | provenance | MaD:11 | | main.rs:109:34:109:34 | i | main.rs:109:33:109:34 | &i [&ref] | provenance | | | main.rs:110:13:110:20 | mut pin2 [&ref] | main.rs:116:15:116:18 | pin2 [&ref] | provenance | | | main.rs:110:24:110:34 | ...::pin(...) [&ref] | main.rs:110:13:110:20 | mut pin2 [&ref] | provenance | | @@ -90,8 +85,7 @@ edges | main.rs:111:47:111:47 | i | main.rs:111:38:111:48 | ...::new(...) [&ref] | provenance | MaD:3 | | main.rs:114:15:114:18 | pin1 [&ref] | main.rs:114:14:114:18 | * ... | provenance | | | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | main.rs:115:14:115:35 | * ... | provenance | | -| main.rs:115:31:115:34 | pin1 [&ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:9 | -| main.rs:115:31:115:34 | pin1 [Pin, &ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:8 | +| main.rs:115:31:115:34 | pin1 [&ref] | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | provenance | MaD:8 | | main.rs:116:15:116:18 | pin2 [&ref] | main.rs:116:14:116:18 | * ... | provenance | | | main.rs:117:15:117:18 | pin3 [&ref] | main.rs:117:14:117:18 | * ... | provenance | | | main.rs:122:13:122:18 | mut ms [MyStruct] | main.rs:123:34:123:35 | ms [MyStruct] | provenance | | @@ -100,20 +94,20 @@ edges | main.rs:122:38:122:47 | source(...) | main.rs:122:22:122:49 | MyStruct {...} [MyStruct] | provenance | | | main.rs:123:13:123:20 | mut pin1 [MyStruct] | main.rs:129:30:129:33 | pin1 [MyStruct] | provenance | | | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | main.rs:123:13:123:20 | mut pin1 [MyStruct] | provenance | | -| main.rs:123:33:123:35 | &ms [&ref, MyStruct] | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | provenance | MaD:11 | +| main.rs:123:33:123:35 | &ms [&ref, MyStruct] | main.rs:123:24:123:36 | ...::new(...) [MyStruct] | provenance | MaD:10 | | main.rs:123:34:123:35 | ms [MyStruct] | main.rs:123:33:123:35 | &ms [&ref, MyStruct] | provenance | | | main.rs:127:14:127:15 | ms [MyStruct] | main.rs:127:14:127:19 | ms.val | provenance | | | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | main.rs:129:14:129:38 | ... .val | provenance | | -| main.rs:129:30:129:33 | pin1 [MyStruct] | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | provenance | MaD:9 | +| main.rs:129:30:129:33 | pin1 [MyStruct] | main.rs:129:14:129:34 | ...::into_inner(...) [MyStruct] | provenance | MaD:8 | | main.rs:136:13:136:18 | mut ms [MyStruct] | main.rs:137:44:137:45 | ms [MyStruct] | provenance | | | main.rs:136:22:136:49 | MyStruct {...} [MyStruct] | main.rs:136:13:136:18 | mut ms [MyStruct] | provenance | | | main.rs:136:38:136:47 | source(...) | main.rs:136:22:136:49 | MyStruct {...} [MyStruct] | provenance | | | main.rs:137:13:137:20 | mut pin5 [MyStruct] | main.rs:139:40:139:43 | pin5 [MyStruct] | provenance | | | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | main.rs:137:13:137:20 | mut pin5 [MyStruct] | provenance | | -| main.rs:137:43:137:45 | &ms [&ref, MyStruct] | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | provenance | MaD:14 | +| main.rs:137:43:137:45 | &ms [&ref, MyStruct] | main.rs:137:24:137:46 | ...::new_unchecked(...) [MyStruct] | provenance | MaD:12 | | main.rs:137:44:137:45 | ms [MyStruct] | main.rs:137:43:137:45 | &ms [&ref, MyStruct] | provenance | | | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | main.rs:139:14:139:48 | ... .val | provenance | | -| main.rs:139:40:139:43 | pin5 [MyStruct] | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | provenance | MaD:10 | +| main.rs:139:40:139:43 | pin5 [MyStruct] | main.rs:139:14:139:44 | ...::into_inner_unchecked(...) [MyStruct] | provenance | MaD:9 | nodes | main.rs:12:9:12:9 | a [Some] | semmle.label | a [Some] | | main.rs:12:13:12:28 | Some(...) [Some] | semmle.label | Some(...) [Some] | @@ -174,9 +168,7 @@ nodes | main.rs:108:13:108:17 | mut i | semmle.label | mut i | | main.rs:108:21:108:30 | source(...) | semmle.label | source(...) | | main.rs:109:13:109:20 | mut pin1 [&ref] | semmle.label | mut pin1 [&ref] | -| main.rs:109:13:109:20 | mut pin1 [Pin, &ref] | semmle.label | mut pin1 [Pin, &ref] | | main.rs:109:24:109:35 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| main.rs:109:24:109:35 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | main.rs:109:33:109:34 | &i [&ref] | semmle.label | &i [&ref] | | main.rs:109:34:109:34 | i | semmle.label | i | | main.rs:110:13:110:20 | mut pin2 [&ref] | semmle.label | mut pin2 [&ref] | @@ -192,7 +184,6 @@ nodes | main.rs:115:14:115:35 | * ... | semmle.label | * ... | | main.rs:115:15:115:35 | ...::into_inner(...) [&ref] | semmle.label | ...::into_inner(...) [&ref] | | main.rs:115:31:115:34 | pin1 [&ref] | semmle.label | pin1 [&ref] | -| main.rs:115:31:115:34 | pin1 [Pin, &ref] | semmle.label | pin1 [Pin, &ref] | | main.rs:116:14:116:18 | * ... | semmle.label | * ... | | main.rs:116:15:116:18 | pin2 [&ref] | semmle.label | pin2 [&ref] | | main.rs:117:14:117:18 | * ... | semmle.label | * ... | diff --git a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected index bf8bbca14007..76ed919e8696 100644 --- a/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/dataflow/sources/CONSISTENCY/PathResolutionConsistency.expected @@ -18,9 +18,9 @@ multipleCallTargets | test_futures_io.rs:152:32:152:46 | reader2.lines() | | test_futures_io.rs:153:14:153:32 | lines_stream.next() | | test_futures_io.rs:154:32:154:50 | lines_stream.next() | -| web_frameworks.rs:13:14:13:22 | a.as_str() | | web_frameworks.rs:13:14:13:23 | a.as_str() | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | +| web_frameworks.rs:13:14:13:23 | a.as_str() | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | | web_frameworks.rs:101:14:101:23 | a.as_str() | | web_frameworks.rs:102:14:102:25 | a.as_bytes() | diff --git a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected index e0855a5d8548..8edaf9527f89 100644 --- a/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected +++ b/rust/ql/test/library-tests/dataflow/sources/InlineFlow.expected @@ -82,55 +82,54 @@ models | 81 | Summary: ::expect; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 82 | Summary: ::unwrap; Argument[self].Field[core::option::Option::Some(0)]; ReturnValue; value | | 83 | Summary: ::new; Argument[0].Reference; ReturnValue; value | -| 84 | Summary: ::new; Argument[0]; ReturnValue.Field[core::pin::Pin::__pointer]; value | -| 85 | Summary: ::new; Argument[0]; ReturnValue; value | -| 86 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 87 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | -| 88 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | -| 89 | Summary: ::as_str; Argument[self]; ReturnValue; value | -| 90 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 91 | Summary: ::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 92 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 93 | Summary: ::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 94 | Summary: ::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 95 | Summary: ::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | -| 96 | Summary: ::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 97 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 98 | Summary: ::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 99 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 100 | Summary: ::read; Argument[self]; Argument[0]; taint | -| 101 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | -| 102 | Summary: ::read_to_end; Argument[self]; Argument[0]; taint | -| 103 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 104 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | -| 105 | Summary: ::next; Argument[self]; ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]; taint | -| 106 | Summary: ::fill_buf; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | -| 107 | Summary: ::buffer; Argument[self]; ReturnValue; taint | -| 108 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 109 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 110 | Summary: ::read; Argument[self]; Argument[0]; taint | -| 111 | Summary: ::read_exact; Argument[self]; Argument[0].Reference; taint | -| 112 | Summary: ::read_exact; Argument[self]; Argument[0]; taint | -| 113 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | -| 114 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 115 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | -| 116 | Summary: ::lock; Argument[self]; ReturnValue; taint | -| 117 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | -| 118 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | -| 119 | Summary: ::as_path; Argument[self]; ReturnValue; value | -| 120 | Summary: ::buffer; Argument[self]; ReturnValue; taint | -| 121 | Summary: ::new; Argument[0]; ReturnValue; taint | -| 122 | Summary: ::next_line; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 123 | Summary: ::next_segment; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | -| 124 | Summary: ::peek; Argument[self]; Argument[0].Reference; taint | -| 125 | Summary: ::try_read; Argument[self]; Argument[0].Reference; taint | -| 126 | Summary: ::try_read_buf; Argument[self]; Argument[0].Reference; taint | +| 84 | Summary: ::new; Argument[0]; ReturnValue; value | +| 85 | Summary: ::expect; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 86 | Summary: ::unwrap; Argument[self].Field[core::result::Result::Ok(0)]; ReturnValue; value | +| 87 | Summary: ::as_bytes; Argument[self]; ReturnValue; value | +| 88 | Summary: ::as_str; Argument[self]; ReturnValue; value | +| 89 | Summary: ::parse; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 90 | Summary: ::connect; Argument[1]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 91 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 92 | Summary: ::bytes; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 93 | Summary: ::chunk; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 94 | Summary: ::text; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)]; taint | +| 95 | Summary: ::bytes; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 96 | Summary: ::text; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 97 | Summary: ::text_with_charset; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 98 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 99 | Summary: ::read; Argument[self]; Argument[0]; taint | +| 100 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | +| 101 | Summary: ::read_to_end; Argument[self]; Argument[0]; taint | +| 102 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 103 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | +| 104 | Summary: ::next; Argument[self]; ReturnValue.Field[core::option::Option::Some(0)].Field[core::result::Result::Ok(0)]; taint | +| 105 | Summary: ::fill_buf; Argument[self]; ReturnValue.Field[core::result::Result::Ok(0)]; taint | +| 106 | Summary: ::buffer; Argument[self]; ReturnValue; taint | +| 107 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 108 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 109 | Summary: ::read; Argument[self]; Argument[0]; taint | +| 110 | Summary: ::read_exact; Argument[self]; Argument[0].Reference; taint | +| 111 | Summary: ::read_exact; Argument[self]; Argument[0]; taint | +| 112 | Summary: ::read_to_end; Argument[self]; Argument[0].Reference; taint | +| 113 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 114 | Summary: ::read_to_string; Argument[self]; Argument[0]; taint | +| 115 | Summary: ::lock; Argument[self]; ReturnValue; taint | +| 116 | Summary: ::read_to_string; Argument[self]; Argument[0].Reference; taint | +| 117 | Summary: ::read; Argument[self]; Argument[0].Reference; taint | +| 118 | Summary: ::as_path; Argument[self]; ReturnValue; value | +| 119 | Summary: ::buffer; Argument[self]; ReturnValue; taint | +| 120 | Summary: ::new; Argument[0]; ReturnValue; taint | +| 121 | Summary: ::next_line; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 122 | Summary: ::next_segment; Argument[self]; ReturnValue.Future.Field[core::result::Result::Ok(0)].Field[core::option::Option::Some(0)]; taint | +| 123 | Summary: ::peek; Argument[self]; Argument[0].Reference; taint | +| 124 | Summary: ::try_read; Argument[self]; Argument[0].Reference; taint | +| 125 | Summary: ::try_read_buf; Argument[self]; Argument[0].Reference; taint | edges | test.rs:8:10:8:22 | ...::var | test.rs:8:10:8:30 | ...::var(...) | provenance | Src:MaD:26 | | test.rs:9:10:9:25 | ...::var_os | test.rs:9:10:9:33 | ...::var_os(...) | provenance | Src:MaD:27 | | test.rs:11:9:11:12 | var1 | test.rs:14:10:14:13 | var1 | provenance | | | test.rs:11:16:11:28 | ...::var | test.rs:11:16:11:36 | ...::var(...) [Ok] | provenance | Src:MaD:26 | -| test.rs:11:16:11:36 | ...::var(...) [Ok] | test.rs:11:16:11:59 | ... .expect(...) | provenance | MaD:86 | +| test.rs:11:16:11:36 | ...::var(...) [Ok] | test.rs:11:16:11:59 | ... .expect(...) | provenance | MaD:85 | | test.rs:11:16:11:59 | ... .expect(...) | test.rs:11:9:11:12 | var1 | provenance | | | test.rs:12:9:12:12 | var2 | test.rs:15:10:15:13 | var2 | provenance | | | test.rs:12:16:12:31 | ...::var_os | test.rs:12:16:12:39 | ...::var_os(...) [Some] | provenance | Src:MaD:27 | @@ -163,8 +162,8 @@ edges | test.rs:34:16:34:29 | ...::args | test.rs:34:16:34:31 | ...::args(...) [element] | provenance | Src:MaD:21 | | test.rs:34:16:34:31 | ...::args(...) [element] | test.rs:34:16:34:38 | ... .nth(...) [Some] | provenance | MaD:42 | | test.rs:34:16:34:38 | ... .nth(...) [Some] | test.rs:34:16:34:47 | ... .unwrap() | provenance | MaD:82 | -| test.rs:34:16:34:47 | ... .unwrap() | test.rs:34:16:34:64 | ... .parse() [Ok] | provenance | MaD:90 | -| test.rs:34:16:34:64 | ... .parse() [Ok] | test.rs:34:16:34:73 | ... .unwrap() | provenance | MaD:87 | +| test.rs:34:16:34:47 | ... .unwrap() | test.rs:34:16:34:64 | ... .parse() [Ok] | provenance | MaD:89 | +| test.rs:34:16:34:64 | ... .parse() [Ok] | test.rs:34:16:34:73 | ... .unwrap() | provenance | MaD:86 | | test.rs:34:16:34:73 | ... .unwrap() | test.rs:34:9:34:12 | arg4 | provenance | | | test.rs:42:9:42:11 | arg | test.rs:43:14:43:16 | arg | provenance | | | test.rs:42:16:42:29 | ...::args | test.rs:42:16:42:31 | ...::args(...) [element] | provenance | Src:MaD:21 | @@ -174,11 +173,11 @@ edges | test.rs:46:16:46:34 | ...::args_os(...) [element] | test.rs:46:9:46:11 | arg | provenance | | | test.rs:52:9:52:11 | dir | test.rs:56:10:56:12 | dir | provenance | | | test.rs:52:15:52:35 | ...::current_dir | test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | provenance | Src:MaD:23 | -| test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | test.rs:52:15:52:54 | ... .expect(...) | provenance | MaD:86 | +| test.rs:52:15:52:37 | ...::current_dir(...) [Ok] | test.rs:52:15:52:54 | ... .expect(...) | provenance | MaD:85 | | test.rs:52:15:52:54 | ... .expect(...) | test.rs:52:9:52:11 | dir | provenance | | | test.rs:53:9:53:11 | exe | test.rs:57:10:57:12 | exe | provenance | | | test.rs:53:15:53:35 | ...::current_exe | test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | provenance | Src:MaD:24 | -| test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | test.rs:53:15:53:54 | ... .expect(...) | provenance | MaD:86 | +| test.rs:53:15:53:37 | ...::current_exe(...) [Ok] | test.rs:53:15:53:54 | ... .expect(...) | provenance | MaD:85 | | test.rs:53:15:53:54 | ... .expect(...) | test.rs:53:9:53:11 | exe | provenance | | | test.rs:54:9:54:12 | home | test.rs:58:10:58:13 | home | provenance | | | test.rs:54:16:54:33 | ...::home_dir | test.rs:54:16:54:35 | ...::home_dir(...) [Some] | provenance | Src:MaD:25 | @@ -187,32 +186,32 @@ edges | test.rs:62:9:62:22 | remote_string1 | test.rs:63:10:63:23 | remote_string1 | provenance | | | test.rs:62:26:62:47 | ...::get | test.rs:62:26:62:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | | test.rs:62:26:62:62 | ...::get(...) [Ok] | test.rs:62:26:62:63 | TryExpr | provenance | | -| test.rs:62:26:62:63 | TryExpr | test.rs:62:26:62:70 | ... .text() [Ok] | provenance | MaD:97 | +| test.rs:62:26:62:63 | TryExpr | test.rs:62:26:62:70 | ... .text() [Ok] | provenance | MaD:96 | | test.rs:62:26:62:70 | ... .text() [Ok] | test.rs:62:26:62:71 | TryExpr | provenance | | | test.rs:62:26:62:71 | TryExpr | test.rs:62:9:62:22 | remote_string1 | provenance | | | test.rs:65:9:65:22 | remote_string2 | test.rs:66:10:66:23 | remote_string2 | provenance | | | test.rs:65:26:65:47 | ...::get | test.rs:65:26:65:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:65:26:65:62 | ...::get(...) [Ok] | test.rs:65:26:65:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:65:26:65:71 | ... .unwrap() | test.rs:65:26:65:78 | ... .text() [Ok] | provenance | MaD:97 | -| test.rs:65:26:65:78 | ... .text() [Ok] | test.rs:65:26:65:87 | ... .unwrap() | provenance | MaD:87 | +| test.rs:65:26:65:62 | ...::get(...) [Ok] | test.rs:65:26:65:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:65:26:65:71 | ... .unwrap() | test.rs:65:26:65:78 | ... .text() [Ok] | provenance | MaD:96 | +| test.rs:65:26:65:78 | ... .text() [Ok] | test.rs:65:26:65:87 | ... .unwrap() | provenance | MaD:86 | | test.rs:65:26:65:87 | ... .unwrap() | test.rs:65:9:65:22 | remote_string2 | provenance | | | test.rs:68:9:68:22 | remote_string3 | test.rs:69:10:69:23 | remote_string3 | provenance | | | test.rs:68:26:68:47 | ...::get | test.rs:68:26:68:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:68:26:68:62 | ...::get(...) [Ok] | test.rs:68:26:68:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:68:26:68:71 | ... .unwrap() | test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:98 | -| test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | test.rs:68:26:68:107 | ... .unwrap() | provenance | MaD:87 | +| test.rs:68:26:68:62 | ...::get(...) [Ok] | test.rs:68:26:68:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:68:26:68:71 | ... .unwrap() | test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | provenance | MaD:97 | +| test.rs:68:26:68:98 | ... .text_with_charset(...) [Ok] | test.rs:68:26:68:107 | ... .unwrap() | provenance | MaD:86 | | test.rs:68:26:68:107 | ... .unwrap() | test.rs:68:9:68:22 | remote_string3 | provenance | | | test.rs:71:9:71:22 | remote_string4 | test.rs:72:10:72:23 | remote_string4 | provenance | | | test.rs:71:26:71:47 | ...::get | test.rs:71:26:71:62 | ...::get(...) [Ok] | provenance | Src:MaD:19 | -| test.rs:71:26:71:62 | ...::get(...) [Ok] | test.rs:71:26:71:71 | ... .unwrap() | provenance | MaD:87 | -| test.rs:71:26:71:71 | ... .unwrap() | test.rs:71:26:71:79 | ... .bytes() [Ok] | provenance | MaD:96 | -| test.rs:71:26:71:79 | ... .bytes() [Ok] | test.rs:71:26:71:88 | ... .unwrap() | provenance | MaD:87 | +| test.rs:71:26:71:62 | ...::get(...) [Ok] | test.rs:71:26:71:71 | ... .unwrap() | provenance | MaD:86 | +| test.rs:71:26:71:71 | ... .unwrap() | test.rs:71:26:71:79 | ... .bytes() [Ok] | provenance | MaD:95 | +| test.rs:71:26:71:79 | ... .bytes() [Ok] | test.rs:71:26:71:88 | ... .unwrap() | provenance | MaD:86 | | test.rs:71:26:71:88 | ... .unwrap() | test.rs:71:9:71:22 | remote_string4 | provenance | | | test.rs:74:9:74:22 | remote_string5 | test.rs:75:10:75:23 | remote_string5 | provenance | | | test.rs:74:26:74:37 | ...::get | test.rs:74:26:74:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:74:26:74:52 | ...::get(...) [future, Ok] | test.rs:74:26:74:58 | await ... [Ok] | provenance | | | test.rs:74:26:74:58 | await ... [Ok] | test.rs:74:26:74:59 | TryExpr | provenance | | -| test.rs:74:26:74:59 | TryExpr | test.rs:74:26:74:66 | ... .text() [future, Ok] | provenance | MaD:95 | +| test.rs:74:26:74:59 | TryExpr | test.rs:74:26:74:66 | ... .text() [future, Ok] | provenance | MaD:94 | | test.rs:74:26:74:66 | ... .text() [future, Ok] | test.rs:74:26:74:72 | await ... [Ok] | provenance | | | test.rs:74:26:74:72 | await ... [Ok] | test.rs:74:26:74:73 | TryExpr | provenance | | | test.rs:74:26:74:73 | TryExpr | test.rs:74:9:74:22 | remote_string5 | provenance | | @@ -220,12 +219,12 @@ edges | test.rs:77:26:77:37 | ...::get | test.rs:77:26:77:52 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:77:26:77:52 | ...::get(...) [future, Ok] | test.rs:77:26:77:58 | await ... [Ok] | provenance | | | test.rs:77:26:77:58 | await ... [Ok] | test.rs:77:26:77:59 | TryExpr | provenance | | -| test.rs:77:26:77:59 | TryExpr | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | provenance | MaD:93 | +| test.rs:77:26:77:59 | TryExpr | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | provenance | MaD:92 | | test.rs:77:26:77:67 | ... .bytes() [future, Ok] | test.rs:77:26:77:73 | await ... [Ok] | provenance | | | test.rs:77:26:77:73 | await ... [Ok] | test.rs:77:26:77:74 | TryExpr | provenance | | | test.rs:77:26:77:74 | TryExpr | test.rs:77:9:77:22 | remote_string6 | provenance | | -| test.rs:80:9:80:20 | mut request1 | test.rs:81:10:81:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:94 | -| test.rs:80:9:80:20 | mut request1 | test.rs:82:29:82:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:94 | +| test.rs:80:9:80:20 | mut request1 | test.rs:81:10:81:25 | request1.chunk() [future, Ok, Some] | provenance | MaD:93 | +| test.rs:80:9:80:20 | mut request1 | test.rs:82:29:82:44 | request1.chunk() [future, Ok, Some] | provenance | MaD:93 | | test.rs:80:24:80:35 | ...::get | test.rs:80:24:80:50 | ...::get(...) [future, Ok] | provenance | Src:MaD:20 | | test.rs:80:24:80:50 | ...::get(...) [future, Ok] | test.rs:80:24:80:56 | await ... [Ok] | provenance | | | test.rs:80:24:80:56 | await ... [Ok] | test.rs:80:24:80:57 | TryExpr | provenance | | @@ -252,38 +251,38 @@ edges | test.rs:121:31:121:42 | send_request | test.rs:121:24:121:51 | sender.send_request(...) [future, Ok] | provenance | Src:MaD:7 | | test.rs:122:11:122:18 | response | test.rs:122:10:122:18 | &response | provenance | | | test.rs:211:22:211:35 | ...::stdin | test.rs:211:22:211:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer | provenance | MaD:110 | +| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer | provenance | MaD:109 | | test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:109 | +| test.rs:211:22:211:37 | ...::stdin(...) | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | provenance | MaD:108 | | test.rs:211:44:211:54 | [post] &mut buffer | test.rs:212:15:212:20 | buffer | provenance | | | test.rs:211:44:211:54 | [post] &mut buffer [&ref] | test.rs:211:49:211:54 | [post] buffer | provenance | | | test.rs:211:49:211:54 | [post] buffer | test.rs:212:15:212:20 | buffer | provenance | | | test.rs:212:15:212:20 | buffer | test.rs:212:14:212:20 | &buffer | provenance | | | test.rs:217:22:217:35 | ...::stdin | test.rs:217:22:217:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | | test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:62 | -| test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:113 | +| test.rs:217:22:217:37 | ...::stdin(...) | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | provenance | MaD:112 | | test.rs:217:51:217:61 | [post] &mut buffer [&ref] | test.rs:217:56:217:61 | [post] buffer | provenance | | | test.rs:217:56:217:61 | [post] buffer | test.rs:218:15:218:20 | buffer | provenance | | | test.rs:218:15:218:20 | buffer | test.rs:218:14:218:20 | &buffer | provenance | | | test.rs:223:22:223:35 | ...::stdin | test.rs:223:22:223:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer | provenance | MaD:115 | +| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer | provenance | MaD:114 | | test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:114 | +| test.rs:223:22:223:37 | ...::stdin(...) | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | provenance | MaD:113 | | test.rs:223:54:223:64 | [post] &mut buffer | test.rs:224:15:224:20 | buffer | provenance | | | test.rs:223:54:223:64 | [post] &mut buffer [&ref] | test.rs:223:59:223:64 | [post] buffer | provenance | | | test.rs:223:59:223:64 | [post] buffer | test.rs:224:15:224:20 | buffer | provenance | | | test.rs:224:15:224:20 | buffer | test.rs:224:14:224:20 | &buffer | provenance | | | test.rs:229:22:229:35 | ...::stdin | test.rs:229:22:229:37 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:229:22:229:37 | ...::stdin(...) | test.rs:229:22:229:44 | ... .lock() | provenance | MaD:116 | +| test.rs:229:22:229:37 | ...::stdin(...) | test.rs:229:22:229:44 | ... .lock() | provenance | MaD:115 | | test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:117 | +| test.rs:229:22:229:44 | ... .lock() | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | provenance | MaD:116 | | test.rs:229:61:229:71 | [post] &mut buffer [&ref] | test.rs:229:66:229:71 | [post] buffer | provenance | | | test.rs:229:66:229:71 | [post] buffer | test.rs:230:15:230:20 | buffer | provenance | | | test.rs:230:15:230:20 | buffer | test.rs:230:14:230:20 | &buffer | provenance | | | test.rs:235:9:235:22 | ...::stdin | test.rs:235:9:235:24 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer | provenance | MaD:112 | +| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer | provenance | MaD:111 | | test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:61 | -| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:111 | +| test.rs:235:9:235:24 | ...::stdin(...) | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | provenance | MaD:110 | | test.rs:235:37:235:47 | [post] &mut buffer | test.rs:236:15:236:20 | buffer | provenance | | | test.rs:235:37:235:47 | [post] &mut buffer [&ref] | test.rs:235:42:235:47 | [post] buffer | provenance | | | test.rs:235:42:235:47 | [post] buffer | test.rs:236:15:236:20 | buffer | provenance | | @@ -291,51 +290,51 @@ edges | test.rs:239:17:239:30 | ...::stdin | test.rs:239:17:239:32 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | | test.rs:239:17:239:32 | ...::stdin(...) | test.rs:239:17:239:40 | ... .bytes() | provenance | MaD:57 | | test.rs:239:17:239:40 | ... .bytes() | test.rs:240:14:240:17 | byte | provenance | | -| test.rs:246:13:246:22 | mut reader | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | provenance | MaD:106 | +| test.rs:246:13:246:22 | mut reader | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | provenance | MaD:105 | | test.rs:246:26:246:66 | ...::new(...) | test.rs:246:13:246:22 | mut reader | provenance | | | test.rs:246:50:246:63 | ...::stdin | test.rs:246:50:246:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:246:50:246:65 | ...::stdin(...) | test.rs:246:26:246:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:246:50:246:65 | ...::stdin(...) | test.rs:246:26:246:66 | ...::new(...) | provenance | MaD:107 | | test.rs:247:13:247:16 | data | test.rs:248:15:248:18 | data | provenance | | | test.rs:247:20:247:36 | reader.fill_buf() [Ok] | test.rs:247:20:247:37 | TryExpr | provenance | | | test.rs:247:20:247:37 | TryExpr | test.rs:247:13:247:16 | data | provenance | | | test.rs:248:15:248:18 | data | test.rs:248:14:248:18 | &data | provenance | | -| test.rs:252:13:252:18 | reader | test.rs:253:20:253:34 | reader.buffer() | provenance | MaD:107 | +| test.rs:252:13:252:18 | reader | test.rs:253:20:253:34 | reader.buffer() | provenance | MaD:106 | | test.rs:252:22:252:62 | ...::new(...) | test.rs:252:13:252:18 | reader | provenance | | | test.rs:252:46:252:59 | ...::stdin | test.rs:252:46:252:61 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:252:46:252:61 | ...::stdin(...) | test.rs:252:22:252:62 | ...::new(...) | provenance | MaD:108 | +| test.rs:252:46:252:61 | ...::stdin(...) | test.rs:252:22:252:62 | ...::new(...) | provenance | MaD:107 | | test.rs:253:13:253:16 | data | test.rs:254:15:254:18 | data | provenance | | | test.rs:253:20:253:34 | reader.buffer() | test.rs:253:13:253:16 | data | provenance | | | test.rs:254:15:254:18 | data | test.rs:254:14:254:18 | &data | provenance | | | test.rs:259:13:259:22 | mut reader | test.rs:260:26:260:36 | [post] &mut buffer [&ref] | provenance | MaD:54 | | test.rs:259:26:259:66 | ...::new(...) | test.rs:259:13:259:22 | mut reader | provenance | | | test.rs:259:50:259:63 | ...::stdin | test.rs:259:50:259:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:259:50:259:65 | ...::stdin(...) | test.rs:259:26:259:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:259:50:259:65 | ...::stdin(...) | test.rs:259:26:259:66 | ...::new(...) | provenance | MaD:107 | | test.rs:260:26:260:36 | [post] &mut buffer [&ref] | test.rs:260:31:260:36 | [post] buffer | provenance | | | test.rs:260:31:260:36 | [post] buffer | test.rs:261:15:261:20 | buffer | provenance | | | test.rs:261:15:261:20 | buffer | test.rs:261:14:261:20 | &buffer | provenance | | | test.rs:266:13:266:22 | mut reader | test.rs:267:33:267:43 | [post] &mut buffer [&ref] | provenance | MaD:55 | | test.rs:266:26:266:66 | ...::new(...) | test.rs:266:13:266:22 | mut reader | provenance | | | test.rs:266:50:266:63 | ...::stdin | test.rs:266:50:266:65 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:266:50:266:65 | ...::stdin(...) | test.rs:266:26:266:66 | ...::new(...) | provenance | MaD:108 | +| test.rs:266:50:266:65 | ...::stdin(...) | test.rs:266:26:266:66 | ...::new(...) | provenance | MaD:107 | | test.rs:267:33:267:43 | [post] &mut buffer [&ref] | test.rs:267:38:267:43 | [post] buffer | provenance | | | test.rs:267:38:267:43 | [post] buffer | test.rs:268:15:268:20 | buffer | provenance | | | test.rs:267:38:267:43 | [post] buffer | test.rs:269:14:269:22 | buffer[0] | provenance | | | test.rs:268:15:268:20 | buffer | test.rs:268:14:268:20 | &buffer | provenance | | -| test.rs:273:13:273:28 | mut reader_split | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | provenance | MaD:105 | -| test.rs:273:13:273:28 | mut reader_split | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | provenance | MaD:105 | +| test.rs:273:13:273:28 | mut reader_split | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | provenance | MaD:104 | +| test.rs:273:13:273:28 | mut reader_split | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | provenance | MaD:104 | | test.rs:273:32:273:72 | ...::new(...) | test.rs:273:32:273:84 | ... .split(...) | provenance | MaD:56 | | test.rs:273:32:273:84 | ... .split(...) | test.rs:273:13:273:28 | mut reader_split | provenance | | | test.rs:273:56:273:69 | ...::stdin | test.rs:273:56:273:71 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:273:56:273:71 | ...::stdin(...) | test.rs:273:32:273:72 | ...::new(...) | provenance | MaD:108 | +| test.rs:273:56:273:71 | ...::stdin(...) | test.rs:273:32:273:72 | ...::new(...) | provenance | MaD:107 | | test.rs:274:14:274:32 | reader_split.next() [Some, Ok] | test.rs:274:14:274:41 | ... .unwrap() [Ok] | provenance | MaD:82 | -| test.rs:274:14:274:41 | ... .unwrap() [Ok] | test.rs:274:14:274:50 | ... .unwrap() | provenance | MaD:87 | +| test.rs:274:14:274:41 | ... .unwrap() [Ok] | test.rs:274:14:274:50 | ... .unwrap() | provenance | MaD:86 | | test.rs:275:19:275:29 | Some(...) [Some, Ok] | test.rs:275:24:275:28 | chunk [Ok] | provenance | | -| test.rs:275:24:275:28 | chunk [Ok] | test.rs:276:18:276:31 | chunk.unwrap() | provenance | MaD:87 | +| test.rs:275:24:275:28 | chunk [Ok] | test.rs:276:18:276:31 | chunk.unwrap() | provenance | MaD:86 | | test.rs:275:33:275:51 | reader_split.next() [Some, Ok] | test.rs:275:19:275:29 | Some(...) [Some, Ok] | provenance | | | test.rs:281:13:281:18 | reader | test.rs:282:21:282:34 | reader.lines() | provenance | MaD:53 | | test.rs:281:22:281:62 | ...::new(...) | test.rs:281:13:281:18 | reader | provenance | | | test.rs:281:46:281:59 | ...::stdin | test.rs:281:46:281:61 | ...::stdin(...) | provenance | Src:MaD:33 MaD:33 | -| test.rs:281:46:281:61 | ...::stdin(...) | test.rs:281:22:281:62 | ...::new(...) | provenance | MaD:108 | +| test.rs:281:46:281:61 | ...::stdin(...) | test.rs:281:22:281:62 | ...::new(...) | provenance | MaD:107 | | test.rs:282:21:282:34 | reader.lines() | test.rs:283:18:283:21 | line | provenance | | | test.rs:309:13:309:21 | mut stdin | test.rs:311:33:311:43 | [post] &mut buffer [&ref] | provenance | MaD:70 | | test.rs:309:25:309:40 | ...::stdin | test.rs:309:25:309:42 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | @@ -392,40 +391,40 @@ edges | test.rs:358:13:358:22 | mut reader | test.rs:359:20:359:36 | reader.fill_buf() [future, Ok] | provenance | MaD:65 | | test.rs:358:26:358:70 | ...::new(...) | test.rs:358:13:358:22 | mut reader | provenance | | | test.rs:358:52:358:67 | ...::stdin | test.rs:358:52:358:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:358:52:358:69 | ...::stdin(...) | test.rs:358:26:358:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:358:52:358:69 | ...::stdin(...) | test.rs:358:26:358:70 | ...::new(...) | provenance | MaD:120 | | test.rs:359:13:359:16 | data | test.rs:360:15:360:18 | data | provenance | | | test.rs:359:20:359:36 | reader.fill_buf() [future, Ok] | test.rs:359:20:359:42 | await ... [Ok] | provenance | | | test.rs:359:20:359:42 | await ... [Ok] | test.rs:359:20:359:43 | TryExpr | provenance | | | test.rs:359:20:359:43 | TryExpr | test.rs:359:13:359:16 | data | provenance | | | test.rs:360:15:360:18 | data | test.rs:360:14:360:18 | &data | provenance | | -| test.rs:364:13:364:18 | reader | test.rs:365:20:365:34 | reader.buffer() | provenance | MaD:120 | +| test.rs:364:13:364:18 | reader | test.rs:365:20:365:34 | reader.buffer() | provenance | MaD:119 | | test.rs:364:22:364:66 | ...::new(...) | test.rs:364:13:364:18 | reader | provenance | | | test.rs:364:48:364:63 | ...::stdin | test.rs:364:48:364:65 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:364:48:364:65 | ...::stdin(...) | test.rs:364:22:364:66 | ...::new(...) | provenance | MaD:121 | +| test.rs:364:48:364:65 | ...::stdin(...) | test.rs:364:22:364:66 | ...::new(...) | provenance | MaD:120 | | test.rs:365:13:365:16 | data | test.rs:366:15:366:18 | data | provenance | | | test.rs:365:20:365:34 | reader.buffer() | test.rs:365:13:365:16 | data | provenance | | | test.rs:366:15:366:18 | data | test.rs:366:14:366:18 | &data | provenance | | | test.rs:371:13:371:22 | mut reader | test.rs:372:26:372:36 | [post] &mut buffer [&ref] | provenance | MaD:67 | | test.rs:371:26:371:70 | ...::new(...) | test.rs:371:13:371:22 | mut reader | provenance | | | test.rs:371:52:371:67 | ...::stdin | test.rs:371:52:371:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:371:52:371:69 | ...::stdin(...) | test.rs:371:26:371:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:371:52:371:69 | ...::stdin(...) | test.rs:371:26:371:70 | ...::new(...) | provenance | MaD:120 | | test.rs:372:26:372:36 | [post] &mut buffer [&ref] | test.rs:372:31:372:36 | [post] buffer | provenance | | | test.rs:372:31:372:36 | [post] buffer | test.rs:373:15:373:20 | buffer | provenance | | | test.rs:373:15:373:20 | buffer | test.rs:373:14:373:20 | &buffer | provenance | | | test.rs:378:13:378:22 | mut reader | test.rs:379:33:379:43 | [post] &mut buffer [&ref] | provenance | MaD:68 | | test.rs:378:26:378:70 | ...::new(...) | test.rs:378:13:378:22 | mut reader | provenance | | | test.rs:378:52:378:67 | ...::stdin | test.rs:378:52:378:69 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:378:52:378:69 | ...::stdin(...) | test.rs:378:26:378:70 | ...::new(...) | provenance | MaD:121 | +| test.rs:378:52:378:69 | ...::stdin(...) | test.rs:378:26:378:70 | ...::new(...) | provenance | MaD:120 | | test.rs:379:33:379:43 | [post] &mut buffer [&ref] | test.rs:379:38:379:43 | [post] buffer | provenance | | | test.rs:379:38:379:43 | [post] buffer | test.rs:380:15:380:20 | buffer | provenance | | | test.rs:379:38:379:43 | [post] buffer | test.rs:381:14:381:22 | buffer[0] | provenance | | | test.rs:380:15:380:20 | buffer | test.rs:380:14:380:20 | &buffer | provenance | | -| test.rs:385:13:385:28 | mut reader_split | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:123 | -| test.rs:385:13:385:28 | mut reader_split | test.rs:387:33:387:59 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:123 | +| test.rs:385:13:385:28 | mut reader_split | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:122 | +| test.rs:385:13:385:28 | mut reader_split | test.rs:387:33:387:59 | reader_split.next_segment() [future, Ok, Some] | provenance | MaD:122 | | test.rs:385:32:385:76 | ...::new(...) | test.rs:385:32:385:88 | ... .split(...) | provenance | MaD:69 | | test.rs:385:32:385:88 | ... .split(...) | test.rs:385:13:385:28 | mut reader_split | provenance | | | test.rs:385:58:385:73 | ...::stdin | test.rs:385:58:385:75 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:385:58:385:75 | ...::stdin(...) | test.rs:385:32:385:76 | ...::new(...) | provenance | MaD:121 | +| test.rs:385:58:385:75 | ...::stdin(...) | test.rs:385:32:385:76 | ...::new(...) | provenance | MaD:120 | | test.rs:386:14:386:40 | reader_split.next_segment() [future, Ok, Some] | test.rs:386:14:386:46 | await ... [Ok, Some] | provenance | | | test.rs:386:14:386:46 | await ... [Ok, Some] | test.rs:386:14:386:47 | TryExpr [Some] | provenance | | | test.rs:386:14:386:47 | TryExpr [Some] | test.rs:386:14:386:56 | ... .unwrap() | provenance | MaD:82 | @@ -437,9 +436,9 @@ edges | test.rs:393:13:393:18 | reader | test.rs:394:25:394:38 | reader.lines() | provenance | MaD:66 | | test.rs:393:22:393:66 | ...::new(...) | test.rs:393:13:393:18 | reader | provenance | | | test.rs:393:48:393:63 | ...::stdin | test.rs:393:48:393:65 | ...::stdin(...) | provenance | Src:MaD:37 MaD:37 | -| test.rs:393:48:393:65 | ...::stdin(...) | test.rs:393:22:393:66 | ...::new(...) | provenance | MaD:121 | -| test.rs:394:13:394:21 | mut lines | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | provenance | MaD:122 | -| test.rs:394:13:394:21 | mut lines | test.rs:396:32:396:48 | lines.next_line() [future, Ok, Some] | provenance | MaD:122 | +| test.rs:393:48:393:65 | ...::stdin(...) | test.rs:393:22:393:66 | ...::new(...) | provenance | MaD:120 | +| test.rs:394:13:394:21 | mut lines | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | provenance | MaD:121 | +| test.rs:394:13:394:21 | mut lines | test.rs:396:32:396:48 | lines.next_line() [future, Ok, Some] | provenance | MaD:121 | | test.rs:394:25:394:38 | reader.lines() | test.rs:394:13:394:21 | mut lines | provenance | | | test.rs:395:14:395:30 | lines.next_line() [future, Ok, Some] | test.rs:395:14:395:36 | await ... [Ok, Some] | provenance | | | test.rs:395:14:395:36 | await ... [Ok, Some] | test.rs:395:14:395:37 | TryExpr [Some] | provenance | | @@ -476,7 +475,7 @@ edges | test.rs:425:22:425:25 | path | test.rs:425:20:425:27 | e.path() | provenance | Src:MaD:9 MaD:9 | | test.rs:426:14:426:17 | path | test.rs:426:14:426:25 | path.clone() | provenance | MaD:40 | | test.rs:427:14:427:17 | path | test.rs:427:14:427:25 | path.clone() | provenance | MaD:40 | -| test.rs:427:14:427:25 | path.clone() | test.rs:427:14:427:35 | ... .as_path() | provenance | MaD:119 | +| test.rs:427:14:427:25 | path.clone() | test.rs:427:14:427:35 | ... .as_path() | provenance | MaD:118 | | test.rs:439:13:439:21 | file_name | test.rs:440:14:440:22 | file_name | provenance | | | test.rs:439:13:439:21 | file_name | test.rs:440:14:440:30 | file_name.clone() | provenance | MaD:40 | | test.rs:439:13:439:21 | file_name | test.rs:445:14:445:22 | file_name | provenance | | @@ -515,15 +514,15 @@ edges | test.rs:493:22:493:56 | ...::read_link(...) [future, Ok] | test.rs:493:22:493:62 | await ... [Ok] | provenance | | | test.rs:493:22:493:62 | await ... [Ok] | test.rs:493:22:493:63 | TryExpr | provenance | | | test.rs:493:22:493:63 | TryExpr | test.rs:493:13:493:18 | target | provenance | | -| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer | provenance | MaD:99 | | test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer | provenance | MaD:102 | +| test.rs:503:9:503:16 | mut file | test.rs:507:32:507:42 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer | provenance | MaD:101 | | test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:62 | -| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:101 | -| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer | provenance | MaD:104 | +| test.rs:503:9:503:16 | mut file | test.rs:513:39:513:49 | [post] &mut buffer [&ref] | provenance | MaD:100 | +| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer | provenance | MaD:103 | | test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:63 | -| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:103 | +| test.rs:503:9:503:16 | mut file | test.rs:519:42:519:52 | [post] &mut buffer [&ref] | provenance | MaD:102 | | test.rs:503:9:503:16 | mut file | test.rs:525:25:525:35 | [post] &mut buffer [&ref] | provenance | MaD:61 | | test.rs:503:9:503:16 | mut file | test.rs:529:17:529:28 | file.bytes() | provenance | MaD:57 | | test.rs:503:20:503:38 | ...::open | test.rs:503:20:503:50 | ...::open(...) [Ok] | provenance | Src:MaD:10 | @@ -545,30 +544,30 @@ edges | test.rs:525:30:525:35 | [post] buffer | test.rs:526:15:526:20 | buffer | provenance | | | test.rs:526:15:526:20 | buffer | test.rs:526:14:526:20 | &buffer | provenance | | | test.rs:529:17:529:28 | file.bytes() | test.rs:530:14:530:17 | byte | provenance | | -| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:536:22:536:63 | ... .open(...) [Ok] | test.rs:536:22:536:72 | ... .unwrap() | provenance | MaD:87 | +| test.rs:536:13:536:18 | mut f1 | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:536:22:536:63 | ... .open(...) [Ok] | test.rs:536:22:536:72 | ... .unwrap() | provenance | MaD:86 | | test.rs:536:22:536:72 | ... .unwrap() | test.rs:536:13:536:18 | mut f1 | provenance | | | test.rs:536:50:536:53 | open | test.rs:536:22:536:63 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:538:30:538:40 | [post] &mut buffer | test.rs:539:15:539:20 | buffer | provenance | | | test.rs:538:30:538:40 | [post] &mut buffer [&ref] | test.rs:538:35:538:40 | [post] buffer | provenance | | | test.rs:538:35:538:40 | [post] buffer | test.rs:539:15:539:20 | buffer | provenance | | | test.rs:539:15:539:20 | buffer | test.rs:539:14:539:20 | &buffer | provenance | | -| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:543:22:543:80 | ... .open(...) [Ok] | test.rs:543:22:543:89 | ... .unwrap() | provenance | MaD:87 | +| test.rs:543:13:543:18 | mut f2 | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:543:22:543:80 | ... .open(...) [Ok] | test.rs:543:22:543:89 | ... .unwrap() | provenance | MaD:86 | | test.rs:543:22:543:89 | ... .unwrap() | test.rs:543:13:543:18 | mut f2 | provenance | | | test.rs:543:67:543:70 | open | test.rs:543:22:543:80 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:545:30:545:40 | [post] &mut buffer | test.rs:546:15:546:20 | buffer | provenance | | | test.rs:545:30:545:40 | [post] &mut buffer [&ref] | test.rs:545:35:545:40 | [post] buffer | provenance | | | test.rs:545:35:545:40 | [post] buffer | test.rs:546:15:546:20 | buffer | provenance | | | test.rs:546:15:546:20 | buffer | test.rs:546:14:546:20 | &buffer | provenance | | -| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer | provenance | MaD:100 | +| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer | provenance | MaD:99 | | test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:99 | -| test.rs:550:22:550:114 | ... .open(...) [Ok] | test.rs:550:22:550:123 | ... .unwrap() | provenance | MaD:87 | +| test.rs:550:13:550:18 | mut f3 | test.rs:552:30:552:40 | [post] &mut buffer [&ref] | provenance | MaD:98 | +| test.rs:550:22:550:114 | ... .open(...) [Ok] | test.rs:550:22:550:123 | ... .unwrap() | provenance | MaD:86 | | test.rs:550:22:550:123 | ... .unwrap() | test.rs:550:13:550:18 | mut f3 | provenance | | | test.rs:550:101:550:104 | open | test.rs:550:22:550:114 | ... .open(...) [Ok] | provenance | Src:MaD:11 | | test.rs:552:30:552:40 | [post] &mut buffer | test.rs:553:15:553:20 | buffer | provenance | | @@ -679,7 +678,7 @@ edges | test.rs:673:35:673:40 | [post] buffer | test.rs:674:15:674:20 | buffer | provenance | | | test.rs:674:15:674:20 | buffer | test.rs:674:14:674:20 | &buffer | provenance | | | test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:60 | -| test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:118 | +| test.rs:688:13:688:22 | mut stream | test.rs:695:29:695:39 | [post] &mut buffer [&ref] | provenance | MaD:117 | | test.rs:688:26:688:53 | ...::connect | test.rs:688:26:688:62 | ...::connect(...) [Ok] | provenance | Src:MaD:12 | | test.rs:688:26:688:62 | ...::connect(...) [Ok] | test.rs:688:26:688:63 | TryExpr | provenance | | | test.rs:688:26:688:63 | TryExpr | test.rs:688:13:688:22 | mut stream | provenance | | @@ -694,14 +693,14 @@ edges | test.rs:715:21:715:30 | mut reader | test.rs:718:44:718:52 | [post] &mut line [&ref] | provenance | MaD:54 | | test.rs:715:34:715:64 | ...::new(...) | test.rs:715:34:715:74 | ... .take(...) | provenance | MaD:64 | | test.rs:715:34:715:74 | ... .take(...) | test.rs:715:21:715:30 | mut reader | provenance | | -| test.rs:715:58:715:63 | stream | test.rs:715:34:715:64 | ...::new(...) | provenance | MaD:108 | +| test.rs:715:58:715:63 | stream | test.rs:715:34:715:64 | ...::new(...) | provenance | MaD:107 | | test.rs:718:44:718:52 | [post] &mut line [&ref] | test.rs:718:49:718:52 | [post] line | provenance | | | test.rs:718:49:718:52 | [post] line | test.rs:725:35:725:38 | line | provenance | | | test.rs:725:35:725:38 | line | test.rs:725:34:725:38 | &line | provenance | | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:767:35:767:46 | [post] &mut buffer1 [&ref] | provenance | MaD:124 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:767:35:767:46 | [post] &mut buffer1 [&ref] | provenance | MaD:123 | | test.rs:759:9:759:24 | mut tokio_stream | test.rs:771:36:771:47 | [post] &mut buffer2 [&ref] | provenance | MaD:70 | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:787:41:787:51 | [post] &mut buffer [&ref] | provenance | MaD:125 | -| test.rs:759:9:759:24 | mut tokio_stream | test.rs:810:45:810:55 | [post] &mut buffer [&ref] | provenance | MaD:126 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:787:41:787:51 | [post] &mut buffer [&ref] | provenance | MaD:124 | +| test.rs:759:9:759:24 | mut tokio_stream | test.rs:810:45:810:55 | [post] &mut buffer [&ref] | provenance | MaD:125 | | test.rs:759:28:759:57 | ...::connect | test.rs:759:28:759:66 | ...::connect(...) [future, Ok] | provenance | Src:MaD:18 | | test.rs:759:28:759:66 | ...::connect(...) [future, Ok] | test.rs:759:28:759:72 | await ... [Ok] | provenance | | | test.rs:759:28:759:72 | await ... [Ok] | test.rs:759:28:759:73 | TryExpr | provenance | | @@ -739,21 +738,17 @@ edges | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | test_futures_io.rs:26:22:26:62 | await ... [Ok] | provenance | | | test_futures_io.rs:26:22:26:62 | await ... [Ok] | test_futures_io.rs:26:22:26:63 | TryExpr | provenance | | | test_futures_io.rs:26:22:26:63 | TryExpr | test_futures_io.rs:26:9:26:18 | mut reader | provenance | | -| test_futures_io.rs:26:53:26:55 | tcp | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | provenance | MaD:91 | +| test_futures_io.rs:26:53:26:55 | tcp | test_futures_io.rs:26:22:26:56 | connector.connect(...) [future, Ok] | provenance | MaD:90 | | test_futures_io.rs:27:11:27:16 | reader | test_futures_io.rs:27:10:27:16 | &reader | provenance | | | test_futures_io.rs:32:13:32:22 | mut pinned | test_futures_io.rs:33:15:33:20 | pinned | provenance | | | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | test_futures_io.rs:33:15:33:20 | pinned [&ref] | provenance | | -| test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:32:26:32:46 | ...::new(...) | test_futures_io.rs:32:13:32:22 | mut pinned | provenance | | | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:32:40:32:45 | reader | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | provenance | | | test_futures_io.rs:33:15:33:20 | pinned | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | | test_futures_io.rs:33:15:33:20 | pinned [&ref] | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | -| test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | test_futures_io.rs:33:14:33:20 | &pinned | provenance | | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | provenance | MaD:38 | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | provenance | MaD:49 | | test_futures_io.rs:45:64:45:69 | reader | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | provenance | | @@ -788,23 +783,19 @@ edges | test_futures_io.rs:54:9:54:19 | mut reader2 | test_futures_io.rs:146:47:146:57 | [post] &mut buffer [&ref] | provenance | MaD:51 | | test_futures_io.rs:54:9:54:19 | mut reader2 | test_futures_io.rs:146:47:146:57 | [post] &mut buffer [&ref] | provenance | MaD:52 | | test_futures_io.rs:54:23:54:57 | ...::new(...) | test_futures_io.rs:54:9:54:19 | mut reader2 | provenance | | -| test_futures_io.rs:54:51:54:56 | reader | test_futures_io.rs:54:23:54:57 | ...::new(...) | provenance | MaD:92 | +| test_futures_io.rs:54:51:54:56 | reader | test_futures_io.rs:54:23:54:57 | ...::new(...) | provenance | MaD:91 | | test_futures_io.rs:55:11:55:17 | reader2 | test_futures_io.rs:55:10:55:17 | &reader2 | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned | test_futures_io.rs:60:15:60:20 | pinned | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | test_futures_io.rs:60:15:60:20 | pinned [&ref] | provenance | | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | -| test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:59:26:59:47 | ...::new(...) | test_futures_io.rs:59:13:59:22 | mut pinned | provenance | | | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:59:40:59:46 | reader2 | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:60:15:60:20 | pinned | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | | test_futures_io.rs:60:15:60:20 | pinned [&ref] | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | -| test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | test_futures_io.rs:60:14:60:20 | &pinned | provenance | | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | test_futures_io.rs:63:16:63:35 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | test_futures_io.rs:64:19:64:24 | buffer [Ready, Ok] | provenance | | | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | provenance | | @@ -817,7 +808,7 @@ edges | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:69:23:69:67 | ... .poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:69:13:69:19 | buffer2 [Ready, Ok] | provenance | | | test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | provenance | MaD:85 | +| test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | test_futures_io.rs:69:23:69:44 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:69:37:69:43 | reader2 | test_futures_io.rs:69:32:69:43 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:70:16:70:22 | buffer2 [Ready, Ok] | test_futures_io.rs:71:13:71:32 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:70:16:70:22 | buffer2 [Ready, Ok] | test_futures_io.rs:72:23:72:29 | buffer2 [Ready, Ok] | provenance | | @@ -831,17 +822,13 @@ edges | test_futures_io.rs:83:22:83:46 | TryExpr | test_futures_io.rs:83:13:83:18 | buffer | provenance | | | test_futures_io.rs:90:13:90:22 | mut pinned | test_futures_io.rs:91:15:91:20 | pinned | provenance | | | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | test_futures_io.rs:91:15:91:20 | pinned [&ref] | provenance | | -| test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:90:26:90:47 | ...::new(...) | test_futures_io.rs:90:13:90:22 | mut pinned | provenance | | | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:90:40:90:46 | reader2 | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:91:15:91:20 | pinned | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | | test_futures_io.rs:91:15:91:20 | pinned [&ref] | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | -| test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | test_futures_io.rs:91:14:91:20 | &pinned | provenance | | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | provenance | MaD:38 | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | provenance | MaD:49 | | test_futures_io.rs:103:64:103:70 | reader2 | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | provenance | | @@ -857,17 +844,13 @@ edges | test_futures_io.rs:113:13:113:22 | mut pinned | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | test_futures_io.rs:114:15:114:20 | pinned [&ref] | provenance | | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | provenance | MaD:43 | -| test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | provenance | | | test_futures_io.rs:113:26:113:47 | ...::new(...) | test_futures_io.rs:113:13:113:22 | mut pinned | provenance | | | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | provenance | | -| test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | provenance | | | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) | provenance | MaD:83 | -| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | provenance | MaD:85 | -| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | provenance | MaD:84 | +| test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | provenance | MaD:84 | | test_futures_io.rs:113:40:113:46 | reader2 | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | provenance | | | test_futures_io.rs:114:15:114:20 | pinned | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | | test_futures_io.rs:114:15:114:20 | pinned [&ref] | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | -| test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | test_futures_io.rs:114:14:114:20 | &pinned | provenance | | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | test_futures_io.rs:117:15:117:20 | buffer [Ready, Ok] | provenance | | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | test_futures_io.rs:118:16:118:35 | ...::Ready(...) [Ready, Ok] | provenance | | | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | provenance | | @@ -893,26 +876,26 @@ edges | test_futures_io.rs:147:15:147:20 | buffer | test_futures_io.rs:147:14:147:20 | &buffer | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:14 | a | provenance | | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:89 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:89 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:14 | a | provenance | | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:88 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | +| web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | provenance | | | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | provenance | | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | provenance | MaD:89 | | web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | -| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:89 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:80 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | +| web_frameworks.rs:13:14:13:14 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | provenance | MaD:88 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | | web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:79 | -| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:88 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | +| web_frameworks.rs:14:14:14:14 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | provenance | MaD:87 | | web_frameworks.rs:68:15:68:15 | a | web_frameworks.rs:70:14:70:14 | a | provenance | | | web_frameworks.rs:68:15:68:15 | a | web_frameworks.rs:70:14:70:14 | a | provenance | | | web_frameworks.rs:242:33:242:35 | map | web_frameworks.rs:242:38:242:46 | ...: String | provenance | Src:MaD:2 | @@ -1576,16 +1559,13 @@ nodes | test_futures_io.rs:27:11:27:16 | reader | semmle.label | reader | | test_futures_io.rs:32:13:32:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:32:13:32:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:32:13:32:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:32:26:32:46 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:32:26:32:46 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:32:26:32:46 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:32:35:32:45 | &mut reader [&ref] | semmle.label | &mut reader [&ref] | | test_futures_io.rs:32:40:32:45 | reader | semmle.label | reader | | test_futures_io.rs:33:14:33:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:33:15:33:20 | pinned | semmle.label | pinned | | test_futures_io.rs:33:15:33:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:33:15:33:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:45:59:45:69 | &mut reader [&ref] | semmle.label | &mut reader [&ref] | | test_futures_io.rs:45:64:45:69 | reader | semmle.label | reader | | test_futures_io.rs:45:72:45:83 | [post] &mut buffer1 [&ref] | semmle.label | [post] &mut buffer1 [&ref] | @@ -1604,16 +1584,13 @@ nodes | test_futures_io.rs:55:11:55:17 | reader2 | semmle.label | reader2 | | test_futures_io.rs:59:13:59:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:59:13:59:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:59:13:59:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:59:26:59:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:59:26:59:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:59:26:59:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:59:35:59:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:59:40:59:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:60:14:60:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:60:15:60:20 | pinned | semmle.label | pinned | | test_futures_io.rs:60:15:60:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:60:15:60:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:62:13:62:18 | buffer [Ready, Ok] | semmle.label | buffer [Ready, Ok] | | test_futures_io.rs:62:22:62:50 | pinned.poll_fill_buf(...) [Ready, Ok] | semmle.label | pinned.poll_fill_buf(...) [Ready, Ok] | | test_futures_io.rs:63:16:63:35 | ...::Ready(...) [Ready, Ok] | semmle.label | ...::Ready(...) [Ready, Ok] | @@ -1642,16 +1619,13 @@ nodes | test_futures_io.rs:84:14:84:19 | buffer | semmle.label | buffer | | test_futures_io.rs:90:13:90:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:90:13:90:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:90:13:90:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:90:26:90:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:90:26:90:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:90:26:90:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:90:35:90:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:90:40:90:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:91:14:91:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:91:15:91:20 | pinned | semmle.label | pinned | | test_futures_io.rs:91:15:91:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:91:15:91:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:103:59:103:70 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:103:64:103:70 | reader2 | semmle.label | reader2 | | test_futures_io.rs:103:73:103:84 | [post] &mut buffer1 [&ref] | semmle.label | [post] &mut buffer1 [&ref] | @@ -1665,16 +1639,13 @@ nodes | test_futures_io.rs:108:15:108:36 | buffer2[...] | semmle.label | buffer2[...] | | test_futures_io.rs:113:13:113:22 | mut pinned | semmle.label | mut pinned | | test_futures_io.rs:113:13:113:22 | mut pinned [&ref] | semmle.label | mut pinned [&ref] | -| test_futures_io.rs:113:13:113:22 | mut pinned [Pin, &ref] | semmle.label | mut pinned [Pin, &ref] | | test_futures_io.rs:113:26:113:47 | ...::new(...) | semmle.label | ...::new(...) | | test_futures_io.rs:113:26:113:47 | ...::new(...) [&ref] | semmle.label | ...::new(...) [&ref] | -| test_futures_io.rs:113:26:113:47 | ...::new(...) [Pin, &ref] | semmle.label | ...::new(...) [Pin, &ref] | | test_futures_io.rs:113:35:113:46 | &mut reader2 [&ref] | semmle.label | &mut reader2 [&ref] | | test_futures_io.rs:113:40:113:46 | reader2 | semmle.label | reader2 | | test_futures_io.rs:114:14:114:20 | &pinned | semmle.label | &pinned | | test_futures_io.rs:114:15:114:20 | pinned | semmle.label | pinned | | test_futures_io.rs:114:15:114:20 | pinned [&ref] | semmle.label | pinned [&ref] | -| test_futures_io.rs:114:15:114:20 | pinned [Pin, &ref] | semmle.label | pinned [Pin, &ref] | | test_futures_io.rs:116:13:116:18 | buffer [Ready, Ok] | semmle.label | buffer [Ready, Ok] | | test_futures_io.rs:116:22:116:50 | pinned.poll_fill_buf(...) [Ready, Ok] | semmle.label | pinned.poll_fill_buf(...) [Ready, Ok] | | test_futures_io.rs:117:14:117:20 | &buffer | semmle.label | &buffer | @@ -1707,11 +1678,11 @@ nodes | web_frameworks.rs:11:31:11:31 | a | semmle.label | a | | web_frameworks.rs:13:14:13:14 | a | semmle.label | a | | web_frameworks.rs:13:14:13:14 | a | semmle.label | a | -| web_frameworks.rs:13:14:13:22 | a.as_str() | semmle.label | a.as_str() | +| web_frameworks.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() | | web_frameworks.rs:13:14:13:23 | a.as_str() | semmle.label | a.as_str() | | web_frameworks.rs:14:14:14:14 | a | semmle.label | a | | web_frameworks.rs:14:14:14:14 | a | semmle.label | a | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | semmle.label | a.as_bytes() | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | semmle.label | a.as_bytes() | | web_frameworks.rs:15:14:15:14 | a | semmle.label | a | | web_frameworks.rs:15:14:15:14 | a | semmle.label | a | @@ -1874,9 +1845,9 @@ testFailures | test_futures_io.rs:133:14:133:18 | &line | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:133:14:133:18 | &line | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | | test_futures_io.rs:140:14:140:18 | &line | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:140:14:140:18 | &line | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | | test_futures_io.rs:147:14:147:20 | &buffer | test_futures_io.rs:19:15:19:32 | ...::connect | test_futures_io.rs:147:14:147:20 | &buffer | $@ | test_futures_io.rs:19:15:19:32 | ...::connect | ...::connect | -| web_frameworks.rs:13:14:13:22 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:22 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:13:14:13:23 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | -| web_frameworks.rs:14:14:14:24 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:24 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | +| web_frameworks.rs:13:14:13:23 | a.as_str() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:13:14:13:23 | a.as_str() | $@ | web_frameworks.rs:11:31:11:31 | a | a | +| web_frameworks.rs:14:14:14:25 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:14:14:14:25 | a.as_bytes() | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:14:14:14:25 | a.as_bytes() | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:15:14:15:14 | a | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | $@ | web_frameworks.rs:11:31:11:31 | a | a | | web_frameworks.rs:15:14:15:14 | a | web_frameworks.rs:11:31:11:31 | a | web_frameworks.rs:15:14:15:14 | a | $@ | web_frameworks.rs:11:31:11:31 | a | a | diff --git a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected index 96b6426baf41..ebf687cc7a6f 100644 --- a/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected +++ b/rust/ql/test/library-tests/dataflow/sources/TaintSources.expected @@ -92,9 +92,9 @@ | test_futures_io.rs:19:15:19:32 | ...::connect | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:11:31:11:31 | a | Flow source 'RemoteSource' of type remote (DEFAULT). | -| web_frameworks.rs:22:14:22:18 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | -| web_frameworks.rs:48:14:48:28 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:22:14:22:19 | TuplePat | Flow source 'RemoteSource' of type remote (DEFAULT). | +| web_frameworks.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:48:14:48:30 | MyStruct {...} | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). | | web_frameworks.rs:58:14:58:15 | ms | Flow source 'RemoteSource' of type remote (DEFAULT). | diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index ef137d85103e..c6ebb0403a9a 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -52,13 +52,11 @@ edges | main.rs:82:9:82:10 | s1 | main.rs:86:18:86:25 | MacroExpr | provenance | | | main.rs:82:9:82:10 | s1 | main.rs:87:18:87:32 | MacroExpr | provenance | | | main.rs:82:14:82:23 | source(...) | main.rs:82:9:82:10 | s1 | provenance | | -| main.rs:86:10:86:16 | res | main.rs:86:18:86:25 | { ... } | provenance | | -| main.rs:86:18:86:25 | ...::format(...) | main.rs:86:10:86:16 | res | provenance | | +| main.rs:86:18:86:25 | ...::format(...) | main.rs:86:18:86:25 | { ... } | provenance | | | main.rs:86:18:86:25 | ...::must_use(...) | main.rs:86:10:86:26 | MacroExpr | provenance | | | main.rs:86:18:86:25 | MacroExpr | main.rs:86:18:86:25 | ...::format(...) | provenance | MaD:7 | | main.rs:86:18:86:25 | { ... } | main.rs:86:18:86:25 | ...::must_use(...) | provenance | MaD:8 | -| main.rs:87:10:87:16 | res | main.rs:87:18:87:32 | { ... } | provenance | | -| main.rs:87:18:87:32 | ...::format(...) | main.rs:87:10:87:16 | res | provenance | | +| main.rs:87:18:87:32 | ...::format(...) | main.rs:87:18:87:32 | { ... } | provenance | | | main.rs:87:18:87:32 | ...::must_use(...) | main.rs:87:10:87:33 | MacroExpr | provenance | | | main.rs:87:18:87:32 | MacroExpr | main.rs:87:18:87:32 | ...::format(...) | provenance | MaD:7 | | main.rs:87:18:87:32 | { ... } | main.rs:87:18:87:32 | ...::must_use(...) | provenance | MaD:8 | @@ -108,13 +106,11 @@ nodes | main.rs:78:10:78:19 | formatted3 | semmle.label | formatted3 | | main.rs:82:9:82:10 | s1 | semmle.label | s1 | | main.rs:82:14:82:23 | source(...) | semmle.label | source(...) | -| main.rs:86:10:86:16 | res | semmle.label | res | | main.rs:86:10:86:26 | MacroExpr | semmle.label | MacroExpr | | main.rs:86:18:86:25 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:86:18:86:25 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:86:18:86:25 | MacroExpr | semmle.label | MacroExpr | | main.rs:86:18:86:25 | { ... } | semmle.label | { ... } | -| main.rs:87:10:87:16 | res | semmle.label | res | | main.rs:87:10:87:33 | MacroExpr | semmle.label | MacroExpr | | main.rs:87:18:87:32 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:87:18:87:32 | ...::must_use(...) | semmle.label | ...::must_use(...) | diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 04c16a4858ed..bb9a456a42c2 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -459,9 +459,9 @@ resolvePath | main.rs:821:5:821:10 | ...::f | main.rs:682:5:695:5 | fn f | | main.rs:822:5:822:8 | zelf | main.rs:0:0:0:0 | Crate(main@0.0.1) | | main.rs:822:5:822:11 | ...::h | main.rs:56:1:75:1 | fn h | -| main.rs:823:5:823:13 | z_changed | main.rs:701:1:701:8 | fn z_changed | +| main.rs:823:5:823:13 | z_changed | main.rs:701:1:701:9 | fn z_changed | | main.rs:824:5:824:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | -| main.rs:824:5:824:22 | ...::z_on_type | main.rs:707:5:707:16 | fn z_on_type | +| main.rs:824:5:824:22 | ...::z_on_type | main.rs:707:5:707:17 | fn z_on_type | | main.rs:825:5:825:11 | AStruct | main.rs:703:1:703:17 | struct AStruct | | main.rs:826:5:826:29 | impl_with_attribute_macro | main.rs:771:1:790:1 | mod impl_with_attribute_macro | | main.rs:826:5:826:35 | ...::test | main.rs:786:5:789:5 | fn test | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 26b5ede89092..2814af2b5ede 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -6,8 +6,7 @@ edges | main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:2 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | -| main.rs:5:17:5:23 | res | main.rs:5:25:5:44 | { ... } | provenance | | -| main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:23 | res | provenance | | +| main.rs:5:25:5:44 | ...::format(...) | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | | main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:3 | | main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:4 | @@ -23,7 +22,6 @@ nodes | main.rs:4:20:4:40 | ...::var(...) [Ok] | semmle.label | ...::var(...) [Ok] | | main.rs:4:20:4:66 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | main.rs:5:9:5:13 | regex | semmle.label | regex | -| main.rs:5:17:5:23 | res | semmle.label | res | | main.rs:5:25:5:44 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:5:25:5:44 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:5:25:5:44 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index 46c49c8071df..45ce48f2ef3e 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -34,8 +34,7 @@ edges | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:9 | | sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:77:25:77:45 | safe_query_3.as_str() | provenance | MaD:13 | -| sqlx.rs:52:24:52:30 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | | -| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:30 | res | provenance | | +| sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:32:52:87 | { ... } | provenance | | | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | | | sqlx.rs:52:32:52:87 | MacroExpr | sqlx.rs:52:32:52:87 | ...::format(...) | provenance | MaD:16 | | sqlx.rs:52:32:52:87 | { ... } | sqlx.rs:52:32:52:87 | ...::must_use(...) | provenance | MaD:17 | @@ -62,8 +61,7 @@ edges | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:9 | | sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:82:29:82:51 | unsafe_query_4.as_str() | provenance | MaD:13 | -| sqlx.rs:59:9:59:15 | res | sqlx.rs:59:17:59:72 | { ... } | provenance | | -| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:9:59:15 | res | provenance | | +| sqlx.rs:59:17:59:72 | ...::format(...) | sqlx.rs:59:17:59:72 | { ... } | provenance | | | sqlx.rs:59:17:59:72 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | | | sqlx.rs:59:17:59:72 | MacroExpr | sqlx.rs:59:17:59:72 | ...::format(...) | provenance | MaD:16 | | sqlx.rs:59:17:59:72 | { ... } | sqlx.rs:59:17:59:72 | ...::must_use(...) | provenance | MaD:17 | @@ -203,7 +201,6 @@ nodes | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 | -| sqlx.rs:52:24:52:30 | res | semmle.label | res | | sqlx.rs:52:32:52:87 | ...::format(...) | semmle.label | ...::format(...) | | sqlx.rs:52:32:52:87 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:52:32:52:87 | MacroExpr | semmle.label | MacroExpr | @@ -220,7 +217,6 @@ nodes | sqlx.rs:55:83:55:96 | &remote_string [&ref] | semmle.label | &remote_string [&ref] | | sqlx.rs:55:84:55:96 | remote_string | semmle.label | remote_string | | sqlx.rs:56:9:56:22 | unsafe_query_4 | semmle.label | unsafe_query_4 | -| sqlx.rs:59:9:59:15 | res | semmle.label | res | | sqlx.rs:59:17:59:72 | ...::format(...) | semmle.label | ...::format(...) | | sqlx.rs:59:17:59:72 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:59:17:59:72 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected index 5b0ebe3fa625..5807220eef0c 100644 --- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected +++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected @@ -6,16 +6,14 @@ | main.rs:35:12:35:18 | request | main.rs:33:50:33:57 | password | main.rs:35:12:35:18 | request | This 'request' operation transmits data which may contain unencrypted sensitive data from $@. | main.rs:33:50:33:57 | password | password | edges | main.rs:6:9:6:11 | url | main.rs:7:28:7:30 | url | provenance | | -| main.rs:6:15:6:21 | res | main.rs:6:23:6:57 | { ... } | provenance | | -| main.rs:6:23:6:57 | ...::format(...) | main.rs:6:15:6:21 | res | provenance | | +| main.rs:6:23:6:57 | ...::format(...) | main.rs:6:23:6:57 | { ... } | provenance | | | main.rs:6:23:6:57 | ...::must_use(...) | main.rs:6:9:6:11 | url | provenance | | | main.rs:6:23:6:57 | MacroExpr | main.rs:6:23:6:57 | ...::format(...) | provenance | MaD:7 | | main.rs:6:23:6:57 | { ... } | main.rs:6:23:6:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:6:50:6:57 | password | main.rs:6:23:6:57 | MacroExpr | provenance | | | main.rs:7:28:7:30 | url | main.rs:7:5:7:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | | main.rs:12:9:12:15 | address | main.rs:13:27:13:33 | address | provenance | | -| main.rs:12:19:12:25 | res | main.rs:12:27:12:59 | { ... } | provenance | | -| main.rs:12:27:12:59 | ...::format(...) | main.rs:12:19:12:25 | res | provenance | | +| main.rs:12:27:12:59 | ...::format(...) | main.rs:12:27:12:59 | { ... } | provenance | | | main.rs:12:27:12:59 | ...::must_use(...) | main.rs:12:9:12:15 | address | provenance | | | main.rs:12:27:12:59 | MacroExpr | main.rs:12:27:12:59 | ...::format(...) | provenance | MaD:7 | | main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:8 | @@ -27,24 +25,21 @@ edges | main.rs:13:27:13:33 | address | main.rs:13:26:13:33 | &address [&ref] | provenance | | | main.rs:14:28:14:30 | url | main.rs:14:5:14:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | | main.rs:19:9:19:11 | url | main.rs:21:17:21:19 | url | provenance | | -| main.rs:19:15:19:21 | res | main.rs:19:23:19:57 | { ... } | provenance | | -| main.rs:19:23:19:57 | ...::format(...) | main.rs:19:15:19:21 | res | provenance | | +| main.rs:19:23:19:57 | ...::format(...) | main.rs:19:23:19:57 | { ... } | provenance | | | main.rs:19:23:19:57 | ...::must_use(...) | main.rs:19:9:19:11 | url | provenance | | | main.rs:19:23:19:57 | MacroExpr | main.rs:19:23:19:57 | ...::format(...) | provenance | MaD:7 | | main.rs:19:23:19:57 | { ... } | main.rs:19:23:19:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:19:50:19:57 | password | main.rs:19:23:19:57 | MacroExpr | provenance | | | main.rs:21:17:21:19 | url | main.rs:21:12:21:15 | post | provenance | MaD:1 Sink:MaD:1 | | main.rs:26:9:26:11 | url | main.rs:28:33:28:35 | url | provenance | | -| main.rs:26:15:26:21 | res | main.rs:26:23:26:57 | { ... } | provenance | | -| main.rs:26:23:26:57 | ...::format(...) | main.rs:26:15:26:21 | res | provenance | | +| main.rs:26:23:26:57 | ...::format(...) | main.rs:26:23:26:57 | { ... } | provenance | | | main.rs:26:23:26:57 | ...::must_use(...) | main.rs:26:9:26:11 | url | provenance | | | main.rs:26:23:26:57 | MacroExpr | main.rs:26:23:26:57 | ...::format(...) | provenance | MaD:7 | | main.rs:26:23:26:57 | { ... } | main.rs:26:23:26:57 | ...::must_use(...) | provenance | MaD:8 | | main.rs:26:50:26:57 | password | main.rs:26:23:26:57 | MacroExpr | provenance | | | main.rs:28:33:28:35 | url | main.rs:28:12:28:18 | request | provenance | MaD:3 Sink:MaD:3 | | main.rs:33:9:33:11 | url | main.rs:35:33:35:35 | url | provenance | | -| main.rs:33:15:33:21 | res | main.rs:33:23:33:57 | { ... } | provenance | | -| main.rs:33:23:33:57 | ...::format(...) | main.rs:33:15:33:21 | res | provenance | | +| main.rs:33:23:33:57 | ...::format(...) | main.rs:33:23:33:57 | { ... } | provenance | | | main.rs:33:23:33:57 | ...::must_use(...) | main.rs:33:9:33:11 | url | provenance | | | main.rs:33:23:33:57 | MacroExpr | main.rs:33:23:33:57 | ...::format(...) | provenance | MaD:7 | | main.rs:33:23:33:57 | { ... } | main.rs:33:23:33:57 | ...::must_use(...) | provenance | MaD:8 | @@ -61,7 +56,6 @@ models | 8 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes | main.rs:6:9:6:11 | url | semmle.label | url | -| main.rs:6:15:6:21 | res | semmle.label | res | | main.rs:6:23:6:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:6:23:6:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:6:23:6:57 | MacroExpr | semmle.label | MacroExpr | @@ -70,7 +64,6 @@ nodes | main.rs:7:5:7:26 | ...::get | semmle.label | ...::get | | main.rs:7:28:7:30 | url | semmle.label | url | | main.rs:12:9:12:15 | address | semmle.label | address | -| main.rs:12:19:12:25 | res | semmle.label | res | | main.rs:12:27:12:59 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:12:27:12:59 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:12:27:12:59 | MacroExpr | semmle.label | MacroExpr | @@ -84,7 +77,6 @@ nodes | main.rs:14:5:14:26 | ...::get | semmle.label | ...::get | | main.rs:14:28:14:30 | url | semmle.label | url | | main.rs:19:9:19:11 | url | semmle.label | url | -| main.rs:19:15:19:21 | res | semmle.label | res | | main.rs:19:23:19:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:19:23:19:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:19:23:19:57 | MacroExpr | semmle.label | MacroExpr | @@ -93,7 +85,6 @@ nodes | main.rs:21:12:21:15 | post | semmle.label | post | | main.rs:21:17:21:19 | url | semmle.label | url | | main.rs:26:9:26:11 | url | semmle.label | url | -| main.rs:26:15:26:21 | res | semmle.label | res | | main.rs:26:23:26:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:26:23:26:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:26:23:26:57 | MacroExpr | semmle.label | MacroExpr | @@ -102,7 +93,6 @@ nodes | main.rs:28:12:28:18 | request | semmle.label | request | | main.rs:28:33:28:35 | url | semmle.label | url | | main.rs:33:9:33:11 | url | semmle.label | url | -| main.rs:33:15:33:21 | res | semmle.label | res | | main.rs:33:23:33:57 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:33:23:33:57 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:33:23:33:57 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected index 3e7264cf02fc..6e67ec737c2a 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected @@ -144,8 +144,7 @@ edges | test_logging.rs:96:42:96:49 | password | test_logging.rs:96:41:96:49 | &password [&ref] | provenance | | | test_logging.rs:97:11:97:18 | MacroExpr | test_logging.rs:97:5:97:9 | ...::log | provenance | MaD:12 Sink:MaD:12 | | test_logging.rs:99:9:99:10 | m3 | test_logging.rs:100:11:100:18 | MacroExpr | provenance | | -| test_logging.rs:99:14:99:20 | res | test_logging.rs:99:22:99:45 | { ... } | provenance | | -| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:14:99:20 | res | provenance | | +| test_logging.rs:99:22:99:45 | ...::format(...) | test_logging.rs:99:22:99:45 | { ... } | provenance | | | test_logging.rs:99:22:99:45 | ...::must_use(...) | test_logging.rs:99:9:99:10 | m3 | provenance | | | test_logging.rs:99:22:99:45 | MacroExpr | test_logging.rs:99:22:99:45 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:99:22:99:45 | { ... } | test_logging.rs:99:22:99:45 | ...::must_use(...) | provenance | MaD:23 | @@ -165,20 +164,18 @@ edges | test_logging.rs:151:27:151:37 | s2.password | test_logging.rs:151:11:151:37 | MacroExpr | provenance | | | test_logging.rs:176:33:176:79 | &... | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 | | test_logging.rs:176:33:176:79 | &... [&ref] | test_logging.rs:176:22:176:31 | log_expect | provenance | MaD:1 Sink:MaD:1 | -| test_logging.rs:176:34:176:40 | res | test_logging.rs:176:42:176:78 | { ... } | provenance | | | test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... | provenance | Config | | test_logging.rs:176:34:176:79 | MacroExpr | test_logging.rs:176:33:176:79 | &... [&ref] | provenance | | -| test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:34:176:40 | res | provenance | | +| test_logging.rs:176:42:176:78 | ...::format(...) | test_logging.rs:176:42:176:78 | { ... } | provenance | | | test_logging.rs:176:42:176:78 | ...::must_use(...) | test_logging.rs:176:34:176:79 | MacroExpr | provenance | | | test_logging.rs:176:42:176:78 | MacroExpr | test_logging.rs:176:42:176:78 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:176:42:176:78 | { ... } | test_logging.rs:176:42:176:78 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:176:70:176:78 | password2 | test_logging.rs:176:42:176:78 | MacroExpr | provenance | | | test_logging.rs:180:35:180:81 | &... | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | | test_logging.rs:180:35:180:81 | &... [&ref] | test_logging.rs:180:24:180:33 | log_expect | provenance | MaD:3 Sink:MaD:3 | -| test_logging.rs:180:36:180:42 | res | test_logging.rs:180:44:180:80 | { ... } | provenance | | | test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... | provenance | Config | | test_logging.rs:180:36:180:81 | MacroExpr | test_logging.rs:180:35:180:81 | &... [&ref] | provenance | | -| test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:36:180:42 | res | provenance | | +| test_logging.rs:180:44:180:80 | ...::format(...) | test_logging.rs:180:44:180:80 | { ... } | provenance | | | test_logging.rs:180:44:180:80 | ...::must_use(...) | test_logging.rs:180:36:180:81 | MacroExpr | provenance | | | test_logging.rs:180:44:180:80 | MacroExpr | test_logging.rs:180:44:180:80 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:180:44:180:80 | { ... } | test_logging.rs:180:44:180:80 | ...::must_use(...) | provenance | MaD:23 | @@ -232,7 +229,6 @@ edges | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | test_logging.rs:226:13:226:28 | ...::assert_failed [Some] | provenance | MaD:10 | | test_logging.rs:226:36:226:59 | MacroExpr | test_logging.rs:226:36:226:59 | ...::Some(...) [Some] | provenance | | | test_logging.rs:226:52:226:59 | password | test_logging.rs:226:36:226:59 | MacroExpr | provenance | | -| test_logging.rs:229:30:229:36 | res | test_logging.rs:229:38:229:61 | { ... } | provenance | | | test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | | test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:19 | | test_logging.rs:229:30:229:62 | MacroExpr | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | provenance | MaD:21 | @@ -240,7 +236,7 @@ edges | test_logging.rs:229:30:229:71 | ... .as_str() | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | test_logging.rs:229:23:229:28 | expect | provenance | MaD:2 Sink:MaD:2 | -| test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:30:229:36 | res | provenance | | +| test_logging.rs:229:38:229:61 | ...::format(...) | test_logging.rs:229:38:229:61 | { ... } | provenance | | | test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:62 | MacroExpr | provenance | | | test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:21 | | test_logging.rs:229:38:229:61 | ...::must_use(...) | test_logging.rs:229:30:229:71 | ... .as_str() | provenance | MaD:19 | @@ -248,48 +244,44 @@ edges | test_logging.rs:229:38:229:61 | MacroExpr | test_logging.rs:229:38:229:61 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:229:38:229:61 | { ... } | test_logging.rs:229:38:229:61 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:229:54:229:61 | password | test_logging.rs:229:38:229:61 | MacroExpr | provenance | | -| test_logging.rs:242:16:242:22 | res | test_logging.rs:242:24:242:49 | { ... } | provenance | | | test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:20 | | test_logging.rs:242:16:242:50 | MacroExpr | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:242:16:242:61 | ... .as_bytes() | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | test_logging.rs:242:10:242:14 | write | provenance | MaD:7 Sink:MaD:7 | -| test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:16:242:22 | res | provenance | | +| test_logging.rs:242:24:242:49 | ...::format(...) | test_logging.rs:242:24:242:49 | { ... } | provenance | | | test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:50 | MacroExpr | provenance | | | test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:20 | | test_logging.rs:242:24:242:49 | ...::must_use(...) | test_logging.rs:242:16:242:61 | ... .as_bytes() | provenance | MaD:18 | | test_logging.rs:242:24:242:49 | MacroExpr | test_logging.rs:242:24:242:49 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:242:24:242:49 | { ... } | test_logging.rs:242:24:242:49 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:242:42:242:49 | password | test_logging.rs:242:24:242:49 | MacroExpr | provenance | | -| test_logging.rs:245:20:245:26 | res | test_logging.rs:245:28:245:53 | { ... } | provenance | | | test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:20 | | test_logging.rs:245:20:245:54 | MacroExpr | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:245:20:245:65 | ... .as_bytes() | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | test_logging.rs:245:10:245:18 | write_all | provenance | MaD:8 Sink:MaD:8 | -| test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:20:245:26 | res | provenance | | +| test_logging.rs:245:28:245:53 | ...::format(...) | test_logging.rs:245:28:245:53 | { ... } | provenance | | | test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:54 | MacroExpr | provenance | | | test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:20 | | test_logging.rs:245:28:245:53 | ...::must_use(...) | test_logging.rs:245:20:245:65 | ... .as_bytes() | provenance | MaD:18 | | test_logging.rs:245:28:245:53 | MacroExpr | test_logging.rs:245:28:245:53 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:245:28:245:53 | { ... } | test_logging.rs:245:28:245:53 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:245:46:245:53 | password | test_logging.rs:245:28:245:53 | MacroExpr | provenance | | -| test_logging.rs:248:15:248:21 | res | test_logging.rs:248:23:248:48 | { ... } | provenance | | | test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | | test_logging.rs:248:15:248:49 | MacroExpr | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:248:15:248:60 | ... .as_bytes() | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | test_logging.rs:248:9:248:13 | write | provenance | MaD:7 Sink:MaD:7 | -| test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:15:248:21 | res | provenance | | +| test_logging.rs:248:23:248:48 | ...::format(...) | test_logging.rs:248:23:248:48 | { ... } | provenance | | | test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:49 | MacroExpr | provenance | | | test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:20 | | test_logging.rs:248:23:248:48 | ...::must_use(...) | test_logging.rs:248:15:248:60 | ... .as_bytes() | provenance | MaD:18 | | test_logging.rs:248:23:248:48 | MacroExpr | test_logging.rs:248:23:248:48 | ...::format(...) | provenance | MaD:22 | | test_logging.rs:248:23:248:48 | { ... } | test_logging.rs:248:23:248:48 | ...::must_use(...) | provenance | MaD:23 | | test_logging.rs:248:41:248:48 | password | test_logging.rs:248:23:248:48 | MacroExpr | provenance | | -| test_logging.rs:251:15:251:21 | res | test_logging.rs:251:23:251:48 | { ... } | provenance | | | test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:20 | | test_logging.rs:251:15:251:49 | MacroExpr | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | provenance | MaD:18 | | test_logging.rs:251:15:251:60 | ... .as_bytes() | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | test_logging.rs:251:9:251:13 | write | provenance | MaD:6 Sink:MaD:6 | -| test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:15:251:21 | res | provenance | | +| test_logging.rs:251:23:251:48 | ...::format(...) | test_logging.rs:251:23:251:48 | { ... } | provenance | | | test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:49 | MacroExpr | provenance | | | test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:20 | | test_logging.rs:251:23:251:48 | ...::must_use(...) | test_logging.rs:251:15:251:60 | ... .as_bytes() | provenance | MaD:18 | @@ -426,7 +418,6 @@ nodes | test_logging.rs:97:5:97:9 | ...::log | semmle.label | ...::log | | test_logging.rs:97:11:97:18 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:99:9:99:10 | m3 | semmle.label | m3 | -| test_logging.rs:99:14:99:20 | res | semmle.label | res | | test_logging.rs:99:22:99:45 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:99:22:99:45 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:99:22:99:45 | MacroExpr | semmle.label | MacroExpr | @@ -453,7 +444,6 @@ nodes | test_logging.rs:176:22:176:31 | log_expect | semmle.label | log_expect | | test_logging.rs:176:33:176:79 | &... | semmle.label | &... | | test_logging.rs:176:33:176:79 | &... [&ref] | semmle.label | &... [&ref] | -| test_logging.rs:176:34:176:40 | res | semmle.label | res | | test_logging.rs:176:34:176:79 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:176:42:176:78 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:176:42:176:78 | ...::must_use(...) | semmle.label | ...::must_use(...) | @@ -463,7 +453,6 @@ nodes | test_logging.rs:180:24:180:33 | log_expect | semmle.label | log_expect | | test_logging.rs:180:35:180:81 | &... | semmle.label | &... | | test_logging.rs:180:35:180:81 | &... [&ref] | semmle.label | &... [&ref] | -| test_logging.rs:180:36:180:42 | res | semmle.label | res | | test_logging.rs:180:36:180:81 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:180:44:180:80 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:180:44:180:80 | ...::must_use(...) | semmle.label | ...::must_use(...) | @@ -533,7 +522,6 @@ nodes | test_logging.rs:226:52:226:59 | password | semmle.label | password | | test_logging.rs:229:23:229:28 | expect | semmle.label | expect | | test_logging.rs:229:23:229:28 | expect | semmle.label | expect | -| test_logging.rs:229:30:229:36 | res | semmle.label | res | | test_logging.rs:229:30:229:62 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:229:30:229:71 | ... .as_str() | semmle.label | ... .as_str() | | test_logging.rs:229:30:229:71 | ... .as_str() [&ref] | semmle.label | ... .as_str() [&ref] | @@ -543,7 +531,6 @@ nodes | test_logging.rs:229:38:229:61 | { ... } | semmle.label | { ... } | | test_logging.rs:229:54:229:61 | password | semmle.label | password | | test_logging.rs:242:10:242:14 | write | semmle.label | write | -| test_logging.rs:242:16:242:22 | res | semmle.label | res | | test_logging.rs:242:16:242:50 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:242:16:242:61 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:242:16:242:61 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -553,7 +540,6 @@ nodes | test_logging.rs:242:24:242:49 | { ... } | semmle.label | { ... } | | test_logging.rs:242:42:242:49 | password | semmle.label | password | | test_logging.rs:245:10:245:18 | write_all | semmle.label | write_all | -| test_logging.rs:245:20:245:26 | res | semmle.label | res | | test_logging.rs:245:20:245:54 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:245:20:245:65 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:245:20:245:65 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -563,7 +549,6 @@ nodes | test_logging.rs:245:28:245:53 | { ... } | semmle.label | { ... } | | test_logging.rs:245:46:245:53 | password | semmle.label | password | | test_logging.rs:248:9:248:13 | write | semmle.label | write | -| test_logging.rs:248:15:248:21 | res | semmle.label | res | | test_logging.rs:248:15:248:49 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:248:15:248:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:248:15:248:60 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | @@ -573,7 +558,6 @@ nodes | test_logging.rs:248:23:248:48 | { ... } | semmle.label | { ... } | | test_logging.rs:248:41:248:48 | password | semmle.label | password | | test_logging.rs:251:9:251:13 | write | semmle.label | write | -| test_logging.rs:251:15:251:21 | res | semmle.label | res | | test_logging.rs:251:15:251:49 | MacroExpr | semmle.label | MacroExpr | | test_logging.rs:251:15:251:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:251:15:251:60 | ... .as_bytes() [&ref] | semmle.label | ... .as_bytes() [&ref] | diff --git a/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected b/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected index 952bd741d1c7..25890c769856 100644 --- a/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected +++ b/rust/ql/test/query-tests/security/CWE-319/UseOfHttp.expected @@ -13,8 +13,7 @@ edges | main.rs:23:9:23:16 | base_url | main.rs:25:28:25:53 | MacroExpr | provenance | | | main.rs:23:20:23:39 | "http://example.com" | main.rs:23:9:23:16 | base_url | provenance | | | main.rs:25:9:25:16 | full_url | main.rs:26:45:26:52 | full_url | provenance | | -| main.rs:25:20:25:26 | res | main.rs:25:28:25:53 | { ... } | provenance | | -| main.rs:25:28:25:53 | ...::format(...) | main.rs:25:20:25:26 | res | provenance | | +| main.rs:25:28:25:53 | ...::format(...) | main.rs:25:28:25:53 | { ... } | provenance | | | main.rs:25:28:25:53 | ...::must_use(...) | main.rs:25:9:25:16 | full_url | provenance | | | main.rs:25:28:25:53 | MacroExpr | main.rs:25:28:25:53 | ...::format(...) | provenance | MaD:2 | | main.rs:25:28:25:53 | { ... } | main.rs:25:28:25:53 | ...::must_use(...) | provenance | MaD:3 | @@ -23,8 +22,7 @@ edges | main.rs:34:9:34:16 | protocol | main.rs:36:32:36:53 | MacroExpr | provenance | | | main.rs:34:20:34:28 | "http://" | main.rs:34:9:34:16 | protocol | provenance | | | main.rs:36:9:36:20 | insecure_url | main.rs:37:54:37:65 | insecure_url | provenance | | -| main.rs:36:24:36:30 | res | main.rs:36:32:36:53 | { ... } | provenance | | -| main.rs:36:32:36:53 | ...::format(...) | main.rs:36:24:36:30 | res | provenance | | +| main.rs:36:32:36:53 | ...::format(...) | main.rs:36:32:36:53 | { ... } | provenance | | | main.rs:36:32:36:53 | ...::must_use(...) | main.rs:36:9:36:20 | insecure_url | provenance | | | main.rs:36:32:36:53 | MacroExpr | main.rs:36:32:36:53 | ...::format(...) | provenance | MaD:2 | | main.rs:36:32:36:53 | { ... } | main.rs:36:32:36:53 | ...::must_use(...) | provenance | MaD:3 | @@ -48,7 +46,6 @@ nodes | main.rs:23:9:23:16 | base_url | semmle.label | base_url | | main.rs:23:20:23:39 | "http://example.com" | semmle.label | "http://example.com" | | main.rs:25:9:25:16 | full_url | semmle.label | full_url | -| main.rs:25:20:25:26 | res | semmle.label | res | | main.rs:25:28:25:53 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:25:28:25:53 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:25:28:25:53 | MacroExpr | semmle.label | MacroExpr | @@ -59,7 +56,6 @@ nodes | main.rs:34:9:34:16 | protocol | semmle.label | protocol | | main.rs:34:20:34:28 | "http://" | semmle.label | "http://" | | main.rs:36:9:36:20 | insecure_url | semmle.label | insecure_url | -| main.rs:36:24:36:30 | res | semmle.label | res | | main.rs:36:32:36:53 | ...::format(...) | semmle.label | ...::format(...) | | main.rs:36:32:36:53 | ...::must_use(...) | semmle.label | ...::must_use(...) | | main.rs:36:32:36:53 | MacroExpr | semmle.label | MacroExpr | diff --git a/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected b/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected index ed95a8d448ad..cf0f287e4f7b 100644 --- a/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected +++ b/rust/ql/test/query-tests/security/CWE-696/BadCTorInitialization.expected @@ -1,21 +1,21 @@ #select -| test.rs:30:9:30:24 | ...::stdout(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | -| test.rs:30:9:30:48 | ... .write(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | -| test.rs:35:9:35:24 | ...::stdout(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | -| test.rs:35:9:35:48 | ... .write(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | -| test.rs:42:9:42:24 | ...::stdout(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:24 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | -| test.rs:42:9:42:48 | ... .write(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:48 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | -| test.rs:52:9:52:15 | stdout(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:15 | stdout(...) | Call to stdout(...) from the standard library in a function with the ctor attribute. | -| test.rs:52:9:52:39 | ... .write(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:39 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | -| test.rs:57:9:57:15 | stderr(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:15 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | -| test.rs:57:9:57:43 | ... .write_all(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:43 | ... .write_all(...) | Call to ... .write_all(...) from the standard library in a function with the ctor attribute. | +| test.rs:30:9:30:25 | ...::stdout(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | +| test.rs:30:9:30:49 | ... .write(...) | test.rs:28:1:28:13 | Attr | test.rs:30:9:30:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | +| test.rs:35:9:35:25 | ...::stdout(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | +| test.rs:35:9:35:49 | ... .write(...) | test.rs:33:1:33:13 | Attr | test.rs:35:9:35:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | +| test.rs:42:9:42:25 | ...::stdout(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:25 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the dtor attribute. | +| test.rs:42:9:42:49 | ... .write(...) | test.rs:39:1:39:13 | Attr | test.rs:42:9:42:49 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the dtor attribute. | +| test.rs:52:9:52:16 | stdout(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:16 | stdout(...) | Call to stdout(...) from the standard library in a function with the ctor attribute. | +| test.rs:52:9:52:40 | ... .write(...) | test.rs:50:1:50:7 | Attr | test.rs:52:9:52:40 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | +| test.rs:57:9:57:16 | stderr(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | +| test.rs:57:9:57:44 | ... .write_all(...) | test.rs:55:1:55:7 | Attr | test.rs:57:9:57:44 | ... .write_all(...) | Call to ... .write_all(...) from the standard library in a function with the ctor attribute. | | test.rs:62:14:62:28 | ...::_print(...) | test.rs:60:1:60:7 | Attr | test.rs:62:14:62:28 | ...::_print(...) | Call to ...::_print(...) from the standard library in a function with the ctor attribute. | -| test.rs:68:9:68:23 | ...::stdin(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:23 | ...::stdin(...) | Call to ...::stdin(...) from the standard library in a function with the ctor attribute. | -| test.rs:68:9:68:44 | ... .read_line(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:44 | ... .read_line(...) | Call to ... .read_line(...) from the standard library in a function with the ctor attribute. | -| test.rs:75:17:75:44 | ...::create(...) | test.rs:73:1:73:7 | Attr | test.rs:75:17:75:44 | ...::create(...) | Call to ...::create(...) from the standard library in a function with the ctor attribute. | -| test.rs:80:14:80:37 | ...::now(...) | test.rs:78:1:78:7 | Attr | test.rs:80:14:80:37 | ...::now(...) | Call to ...::now(...) from the standard library in a function with the ctor attribute. | -| test.rs:89:5:89:34 | ...::sleep(...) | test.rs:87:1:87:7 | Attr | test.rs:89:5:89:34 | ...::sleep(...) | Call to ...::sleep(...) from the standard library in a function with the ctor attribute. | -| test.rs:96:5:96:22 | ...::exit(...) | test.rs:94:1:94:7 | Attr | test.rs:96:5:96:22 | ...::exit(...) | Call to ...::exit(...) from the standard library in a function with the ctor attribute. | +| test.rs:68:9:68:24 | ...::stdin(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:24 | ...::stdin(...) | Call to ...::stdin(...) from the standard library in a function with the ctor attribute. | +| test.rs:68:9:68:45 | ... .read_line(...) | test.rs:65:1:65:7 | Attr | test.rs:68:9:68:45 | ... .read_line(...) | Call to ... .read_line(...) from the standard library in a function with the ctor attribute. | +| test.rs:75:17:75:45 | ...::create(...) | test.rs:73:1:73:7 | Attr | test.rs:75:17:75:45 | ...::create(...) | Call to ...::create(...) from the standard library in a function with the ctor attribute. | +| test.rs:80:14:80:38 | ...::now(...) | test.rs:78:1:78:7 | Attr | test.rs:80:14:80:38 | ...::now(...) | Call to ...::now(...) from the standard library in a function with the ctor attribute. | +| test.rs:89:5:89:35 | ...::sleep(...) | test.rs:87:1:87:7 | Attr | test.rs:89:5:89:35 | ...::sleep(...) | Call to ...::sleep(...) from the standard library in a function with the ctor attribute. | +| test.rs:96:5:96:23 | ...::exit(...) | test.rs:94:1:94:7 | Attr | test.rs:96:5:96:23 | ...::exit(...) | Call to ...::exit(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:128:1:128:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:144:1:144:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | | test.rs:125:9:125:16 | stderr(...) | test.rs:150:1:150:7 | Attr | test.rs:125:9:125:16 | stderr(...) | Call to stderr(...) from the standard library in a function with the ctor attribute. | @@ -25,45 +25,45 @@ | test.rs:168:1:168:7 | ... .write(...) | test.rs:168:1:168:7 | Attr | test.rs:168:1:168:7 | ... .write(...) | Call to ... .write(...) from the standard library in a function with the ctor attribute. | | test.rs:168:1:168:7 | ...::stdout(...) | test.rs:168:1:168:7 | Attr | test.rs:168:1:168:7 | ...::stdout(...) | Call to ...::stdout(...) from the standard library in a function with the ctor attribute. | edges -| test.rs:28:1:28:13 | Attr | test.rs:29:4:30:50 | fn bad1_1 | -| test.rs:29:4:30:50 | fn bad1_1 | test.rs:30:9:30:24 | ...::stdout(...) | -| test.rs:29:4:30:50 | fn bad1_1 | test.rs:30:9:30:48 | ... .write(...) | -| test.rs:33:1:33:13 | Attr | test.rs:34:4:35:50 | fn bad1_2 | -| test.rs:34:4:35:50 | fn bad1_2 | test.rs:35:9:35:24 | ...::stdout(...) | -| test.rs:34:4:35:50 | fn bad1_2 | test.rs:35:9:35:48 | ... .write(...) | -| test.rs:38:1:42:50 | fn bad1_3 | test.rs:42:9:42:24 | ...::stdout(...) | -| test.rs:38:1:42:50 | fn bad1_3 | test.rs:42:9:42:48 | ... .write(...) | -| test.rs:39:1:39:13 | Attr | test.rs:38:1:42:50 | fn bad1_3 | -| test.rs:50:1:50:7 | Attr | test.rs:51:4:52:41 | fn bad2_1 | -| test.rs:51:4:52:41 | fn bad2_1 | test.rs:52:9:52:15 | stdout(...) | -| test.rs:51:4:52:41 | fn bad2_1 | test.rs:52:9:52:39 | ... .write(...) | -| test.rs:55:1:55:7 | Attr | test.rs:56:4:57:45 | fn bad2_2 | -| test.rs:56:4:57:45 | fn bad2_2 | test.rs:57:9:57:15 | stderr(...) | -| test.rs:56:4:57:45 | fn bad2_2 | test.rs:57:9:57:43 | ... .write_all(...) | -| test.rs:60:1:60:7 | Attr | test.rs:61:4:62:30 | fn bad2_3 | -| test.rs:61:4:62:30 | fn bad2_3 | test.rs:62:14:62:28 | ...::_print(...) | -| test.rs:65:1:65:7 | Attr | test.rs:66:4:68:46 | fn bad2_4 | -| test.rs:66:4:68:46 | fn bad2_4 | test.rs:68:9:68:23 | ...::stdin(...) | -| test.rs:66:4:68:46 | fn bad2_4 | test.rs:68:9:68:44 | ... .read_line(...) | -| test.rs:73:1:73:7 | Attr | test.rs:74:4:75:55 | fn bad2_5 | -| test.rs:74:4:75:55 | fn bad2_5 | test.rs:75:17:75:44 | ...::create(...) | -| test.rs:78:1:78:7 | Attr | test.rs:79:4:80:39 | fn bad2_6 | -| test.rs:79:4:80:39 | fn bad2_6 | test.rs:80:14:80:37 | ...::now(...) | -| test.rs:87:1:87:7 | Attr | test.rs:88:4:89:36 | fn bad2_7 | -| test.rs:88:4:89:36 | fn bad2_7 | test.rs:89:5:89:34 | ...::sleep(...) | -| test.rs:94:1:94:7 | Attr | test.rs:95:4:96:24 | fn bad2_8 | -| test.rs:95:4:96:24 | fn bad2_8 | test.rs:96:5:96:22 | ...::exit(...) | +| test.rs:28:1:28:13 | Attr | test.rs:29:4:31:1 | fn bad1_1 | +| test.rs:29:4:31:1 | fn bad1_1 | test.rs:30:9:30:25 | ...::stdout(...) | +| test.rs:29:4:31:1 | fn bad1_1 | test.rs:30:9:30:49 | ... .write(...) | +| test.rs:33:1:33:13 | Attr | test.rs:34:4:36:1 | fn bad1_2 | +| test.rs:34:4:36:1 | fn bad1_2 | test.rs:35:9:35:25 | ...::stdout(...) | +| test.rs:34:4:36:1 | fn bad1_2 | test.rs:35:9:35:49 | ... .write(...) | +| test.rs:38:1:43:1 | fn bad1_3 | test.rs:42:9:42:25 | ...::stdout(...) | +| test.rs:38:1:43:1 | fn bad1_3 | test.rs:42:9:42:49 | ... .write(...) | +| test.rs:39:1:39:13 | Attr | test.rs:38:1:43:1 | fn bad1_3 | +| test.rs:50:1:50:7 | Attr | test.rs:51:4:53:1 | fn bad2_1 | +| test.rs:51:4:53:1 | fn bad2_1 | test.rs:52:9:52:16 | stdout(...) | +| test.rs:51:4:53:1 | fn bad2_1 | test.rs:52:9:52:40 | ... .write(...) | +| test.rs:55:1:55:7 | Attr | test.rs:56:4:58:1 | fn bad2_2 | +| test.rs:56:4:58:1 | fn bad2_2 | test.rs:57:9:57:16 | stderr(...) | +| test.rs:56:4:58:1 | fn bad2_2 | test.rs:57:9:57:44 | ... .write_all(...) | +| test.rs:60:1:60:7 | Attr | test.rs:61:4:63:1 | fn bad2_3 | +| test.rs:61:4:63:1 | fn bad2_3 | test.rs:62:14:62:28 | ...::_print(...) | +| test.rs:65:1:65:7 | Attr | test.rs:66:4:69:1 | fn bad2_4 | +| test.rs:66:4:69:1 | fn bad2_4 | test.rs:68:9:68:24 | ...::stdin(...) | +| test.rs:66:4:69:1 | fn bad2_4 | test.rs:68:9:68:45 | ... .read_line(...) | +| test.rs:73:1:73:7 | Attr | test.rs:74:4:76:1 | fn bad2_5 | +| test.rs:74:4:76:1 | fn bad2_5 | test.rs:75:17:75:45 | ...::create(...) | +| test.rs:78:1:78:7 | Attr | test.rs:79:4:81:1 | fn bad2_6 | +| test.rs:79:4:81:1 | fn bad2_6 | test.rs:80:14:80:38 | ...::now(...) | +| test.rs:87:1:87:7 | Attr | test.rs:88:4:90:1 | fn bad2_7 | +| test.rs:88:4:90:1 | fn bad2_7 | test.rs:89:5:89:35 | ...::sleep(...) | +| test.rs:94:1:94:7 | Attr | test.rs:95:4:97:1 | fn bad2_8 | +| test.rs:95:4:97:1 | fn bad2_8 | test.rs:96:5:96:23 | ...::exit(...) | | test.rs:124:1:126:1 | fn call_target3_1 | test.rs:125:9:125:16 | stderr(...) | | test.rs:124:1:126:1 | fn call_target3_1 | test.rs:125:9:125:44 | ... .write_all(...) | -| test.rs:128:1:128:7 | Attr | test.rs:129:4:130:21 | fn bad3_1 | -| test.rs:129:4:130:21 | fn bad3_1 | test.rs:130:5:130:19 | call_target3_1(...) | -| test.rs:130:5:130:19 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | -| test.rs:144:1:144:7 | Attr | test.rs:145:4:147:21 | fn bad3_3 | -| test.rs:145:4:147:21 | fn bad3_3 | test.rs:146:5:146:19 | call_target3_1(...) | -| test.rs:146:5:146:19 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | -| test.rs:150:1:150:7 | Attr | test.rs:151:4:152:13 | fn bad3_4 | -| test.rs:151:4:152:13 | fn bad3_4 | test.rs:152:5:152:11 | bad3_3(...) | -| test.rs:152:5:152:11 | bad3_3(...) | test.rs:145:4:147:21 | fn bad3_3 | -| test.rs:168:1:168:7 | Attr | test.rs:169:4:170:16 | fn bad4_1 | -| test.rs:169:4:170:16 | fn bad4_1 | test.rs:168:1:168:7 | ... .write(...) | -| test.rs:169:4:170:16 | fn bad4_1 | test.rs:168:1:168:7 | ...::stdout(...) | +| test.rs:128:1:128:7 | Attr | test.rs:129:4:131:1 | fn bad3_1 | +| test.rs:129:4:131:1 | fn bad3_1 | test.rs:130:5:130:20 | call_target3_1(...) | +| test.rs:130:5:130:20 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | +| test.rs:144:1:144:7 | Attr | test.rs:145:4:148:1 | fn bad3_3 | +| test.rs:145:4:148:1 | fn bad3_3 | test.rs:146:5:146:20 | call_target3_1(...) | +| test.rs:146:5:146:20 | call_target3_1(...) | test.rs:124:1:126:1 | fn call_target3_1 | +| test.rs:150:1:150:7 | Attr | test.rs:151:4:153:1 | fn bad3_4 | +| test.rs:151:4:153:1 | fn bad3_4 | test.rs:152:5:152:12 | bad3_3(...) | +| test.rs:152:5:152:12 | bad3_3(...) | test.rs:145:4:148:1 | fn bad3_3 | +| test.rs:168:1:168:7 | Attr | test.rs:169:4:171:1 | fn bad4_1 | +| test.rs:169:4:171:1 | fn bad4_1 | test.rs:168:1:168:7 | ... .write(...) | +| test.rs:169:4:171:1 | fn bad4_1 | test.rs:168:1:168:7 | ...::stdout(...) | diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected index 16bbea0aba3b..b1c7e787dee5 100644 --- a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleCallTargets -| test.rs:117:9:117:20 | ptr.is_null() | +| test.rs:117:9:117:21 | ptr.is_null() | | test.rs:117:9:117:21 | ptr.is_null() | diff --git a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected index 79371978cc02..5caae105914c 100644 --- a/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-918/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleCallTargets -| request_forgery_tests.rs:30:36:30:51 | user_url.as_str() | +| request_forgery_tests.rs:30:36:30:52 | user_url.as_str() | | request_forgery_tests.rs:30:36:30:52 | user_url.as_str() | diff --git a/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected b/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected index a33742a7c4b3..aa5003a0e9d3 100644 --- a/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected +++ b/rust/ql/test/query-tests/security/CWE-918/RequestForgery.expected @@ -11,9 +11,6 @@ | request_forgery_tests.rs:68:28:68:39 | ...::get | request_forgery_tests.rs:65:33:65:40 | and_then | request_forgery_tests.rs:68:28:68:39 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:65:33:65:40 | and_then | user-provided value | | request_forgery_tests.rs:68:28:68:39 | ...::get | request_forgery_tests.rs:65:33:65:40 | and_then | request_forgery_tests.rs:68:28:68:39 | ...::get | The URL of this request depends on a $@. | request_forgery_tests.rs:65:33:65:40 | and_then | user-provided value | edges -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:16:27:16:49 | { ... } | provenance | | -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:20:27:20:57 | { ... } | provenance | | -| request_forgery_tests.rs:4:5:4:14 | res | request_forgery_tests.rs:24:27:24:70 | { ... } | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:38:8:45 | user_url | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:8:38:8:45 | user_url | provenance | | | request_forgery_tests.rs:5:29:5:36 | user_url | request_forgery_tests.rs:16:27:16:49 | MacroExpr | provenance | | @@ -28,21 +25,21 @@ edges | request_forgery_tests.rs:8:38:8:45 | user_url | request_forgery_tests.rs:8:37:8:45 | &user_url [&ref] | provenance | | | request_forgery_tests.rs:8:38:8:45 | user_url | request_forgery_tests.rs:8:37:8:45 | &user_url [&ref] | provenance | | | request_forgery_tests.rs:16:13:16:15 | url | request_forgery_tests.rs:17:39:17:41 | url | provenance | | -| request_forgery_tests.rs:16:27:16:49 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:16:27:16:49 | ...::format(...) | request_forgery_tests.rs:16:27:16:49 | { ... } | provenance | | | request_forgery_tests.rs:16:27:16:49 | ...::must_use(...) | request_forgery_tests.rs:16:13:16:15 | url | provenance | | | request_forgery_tests.rs:16:27:16:49 | MacroExpr | request_forgery_tests.rs:16:27:16:49 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:16:27:16:49 | { ... } | request_forgery_tests.rs:16:27:16:49 | ...::must_use(...) | provenance | MaD:4 | | request_forgery_tests.rs:17:38:17:41 | &url [&ref] | request_forgery_tests.rs:17:25:17:36 | ...::get | provenance | MaD:1 Sink:MaD:1 | | request_forgery_tests.rs:17:39:17:41 | url | request_forgery_tests.rs:17:38:17:41 | &url [&ref] | provenance | | | request_forgery_tests.rs:20:13:20:15 | url | request_forgery_tests.rs:21:39:21:41 | url | provenance | | -| request_forgery_tests.rs:20:27:20:57 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:20:27:20:57 | ...::format(...) | request_forgery_tests.rs:20:27:20:57 | { ... } | provenance | | | request_forgery_tests.rs:20:27:20:57 | ...::must_use(...) | request_forgery_tests.rs:20:13:20:15 | url | provenance | | | request_forgery_tests.rs:20:27:20:57 | MacroExpr | request_forgery_tests.rs:20:27:20:57 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:20:27:20:57 | { ... } | request_forgery_tests.rs:20:27:20:57 | ...::must_use(...) | provenance | MaD:4 | | request_forgery_tests.rs:21:38:21:41 | &url [&ref] | request_forgery_tests.rs:21:25:21:36 | ...::get | provenance | MaD:1 Sink:MaD:1 | | request_forgery_tests.rs:21:39:21:41 | url | request_forgery_tests.rs:21:38:21:41 | &url [&ref] | provenance | | | request_forgery_tests.rs:24:13:24:15 | url | request_forgery_tests.rs:25:39:25:41 | url | provenance | | -| request_forgery_tests.rs:24:27:24:70 | ...::format(...) | request_forgery_tests.rs:4:5:4:14 | res | provenance | | +| request_forgery_tests.rs:24:27:24:70 | ...::format(...) | request_forgery_tests.rs:24:27:24:70 | { ... } | provenance | | | request_forgery_tests.rs:24:27:24:70 | ...::must_use(...) | request_forgery_tests.rs:24:13:24:15 | url | provenance | | | request_forgery_tests.rs:24:27:24:70 | MacroExpr | request_forgery_tests.rs:24:27:24:70 | ...::format(...) | provenance | MaD:3 | | request_forgery_tests.rs:24:27:24:70 | { ... } | request_forgery_tests.rs:24:27:24:70 | ...::must_use(...) | provenance | MaD:4 | @@ -70,9 +67,6 @@ models | 3 | Summary: alloc::fmt::format; Argument[0]; ReturnValue; taint | | 4 | Summary: core::hint::must_use; Argument[0]; ReturnValue; value | nodes -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | -| request_forgery_tests.rs:4:5:4:14 | res | semmle.label | res | | request_forgery_tests.rs:5:29:5:36 | user_url | semmle.label | user_url | | request_forgery_tests.rs:5:29:5:36 | user_url | semmle.label | user_url | | request_forgery_tests.rs:8:24:8:35 | ...::get | semmle.label | ...::get | From f0842e430dbb15b8a70c3b06239fc31352a3196d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 7 Oct 2025 15:15:34 +0200 Subject: [PATCH 269/307] C#: Respect the context when extracting locations for type parameters and tuple typles. --- .../Entities/Types/TupleType.cs | 4 ++-- .../Entities/Types/TypeParameter.cs | 6 ++---- .../Semmle.Extraction.CSharp/Extractor/Context.cs | 12 ++++++++++++ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs index 7e7d3df107f4..18d71c997886 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TupleType.cs @@ -54,8 +54,8 @@ public override void Populate(TextWriter trapFile) // Note: symbol.Locations seems to be very inconsistent // about what locations are available for a tuple type. // Sometimes it's the source code, and sometimes it's empty. - foreach (var l in Symbol.Locations) - WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); + var locations = Context.GetLocations(Symbol); + WriteLocationsToTrap(trapFile.type_location, this, locations); } private readonly Lazy tupleElementsLazy; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs index 303421d32e76..8c7c0edde761 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Types/TypeParameter.cs @@ -28,10 +28,8 @@ public override void Populate(TextWriter trapFile) if (Context.ExtractLocation(Symbol)) { - foreach (var l in Symbol.Locations) - { - WriteLocationToTrap(trapFile.type_location, this, Context.CreateLocation(l)); - } + var locations = Context.GetLocations(Symbol); + WriteLocationsToTrap(trapFile.type_location, this, locations); } if (IsSourceDeclaration) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs index 44a2fcda5c22..74b3b186b517 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Extractor/Context.cs @@ -554,6 +554,18 @@ public bool ExtractLocation(ISymbol symbol) => SymbolEqualityComparer.Default.Equals(symbol, symbol.OriginalDefinition) && scope.InScope(symbol); + /// + /// Gets the locations of the symbol that are either + /// (1) In assemblies. + /// (2) In the current context. + /// + /// The symbol + /// List of locations + public IEnumerable GetLocations(ISymbol symbol) => + symbol.Locations + .Where(l => !l.IsInSource || IsLocationInContext(l)) + .Select(CreateLocation); + public bool IsLocationInContext(Location location) => location.SourceTree == SourceTree; From eb84b1441a83e8dc26651e52c29d7ec62ebec229 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 7 Oct 2025 15:24:54 +0200 Subject: [PATCH 270/307] C#: Add some locations tests for type parameters and tuple types. --- .../ql/test/library-tests/locations/Base.cs | 2 ++ .../test/library-tests/locations/Multiple1.cs | 12 ++++++++++ .../test/library-tests/locations/Multiple2.cs | 10 ++++++++ .../locations/locations.expected | 23 +++++++++++++++++++ .../test/library-tests/locations/locations.ql | 7 +++++- 5 files changed, 53 insertions(+), 1 deletion(-) diff --git a/csharp/ql/test/library-tests/locations/Base.cs b/csharp/ql/test/library-tests/locations/Base.cs index 02082e0e6c4b..413534319c4e 100644 --- a/csharp/ql/test/library-tests/locations/Base.cs +++ b/csharp/ql/test/library-tests/locations/Base.cs @@ -4,3 +4,5 @@ public void M() { } public class InnerBase { } } + +public abstract class Base2 { } diff --git a/csharp/ql/test/library-tests/locations/Multiple1.cs b/csharp/ql/test/library-tests/locations/Multiple1.cs index 34bec96c0699..1d8a6491b145 100644 --- a/csharp/ql/test/library-tests/locations/Multiple1.cs +++ b/csharp/ql/test/library-tests/locations/Multiple1.cs @@ -1 +1,13 @@ public partial class Multiple { } + +public partial class MultipleGeneric { } + +public class Multiple1Specific +{ + public static (int, string) M() + { + (int, string) x = (0, ""); + (int, int) y = (0, 0); + return x; + } +} diff --git a/csharp/ql/test/library-tests/locations/Multiple2.cs b/csharp/ql/test/library-tests/locations/Multiple2.cs index 34bec96c0699..e63833066167 100644 --- a/csharp/ql/test/library-tests/locations/Multiple2.cs +++ b/csharp/ql/test/library-tests/locations/Multiple2.cs @@ -1 +1,11 @@ public partial class Multiple { } + +public partial class MultipleGeneric { } + +public class Multiple2Specific +{ + public void M() + { + (int, string) z = (0, ""); + } +} diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 122921ac1e3a..1710f4e3cec3 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -28,6 +28,8 @@ member_locations | Base.cs:1:23:1:29 | Base`1 | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | | Base.cs:1:23:1:29 | Base`1 | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | | C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | +| Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:7:33:7:33 | M | Multiple1.cs:7:33:7:33 | Multiple1.cs:7:33:7:33 | +| Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:7:17:7:17 | M | Multiple2.cs:7:17:7:17 | Multiple2.cs:7:17:7:17 | | Sub.cs:1:14:1:16 | Sub | Sub.cs:3:17:3:20 | SubM | Sub.cs:3:17:3:20 | Sub.cs:3:17:3:20 | accessor_location | A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | @@ -67,11 +69,22 @@ type_location | Base.cs:1:28:1:28 | T | Base.cs:1:28:1:28 | Base.cs:1:28:1:28 | | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:8:23:8:30 | Base2`1 | Base.cs:8:23:8:30 | Base.cs:8:23:8:30 | +| Base.cs:8:29:8:29 | T | Base.cs:8:29:8:29 | Base.cs:8:29:8:29 | | C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | | Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | | Multiple1.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Multiple1.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:39 | Multiple1.cs:3:22:3:39 | +| Multiple1.cs:3:22:3:39 | MultipleGeneric`1 | Multiple2.cs:3:22:3:39 | Multiple2.cs:3:22:3:39 | +| Multiple1.cs:3:38:3:38 | S | Multiple1.cs:3:38:3:38 | Multiple1.cs:3:38:3:38 | +| Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:5:14:5:30 | Multiple1.cs:5:14:5:30 | +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple1.cs:7:19:7:31 | Multiple1.cs:7:19:7:31 | +| Multiple1.cs:10:9:10:18 | (Int32,Int32) | Multiple1.cs:10:9:10:18 | Multiple1.cs:10:9:10:18 | | Multiple2.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | | Multiple2.cs:1:22:1:29 | Multiple | Multiple2.cs:1:22:1:29 | Multiple2.cs:1:22:1:29 | +| Multiple2.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:39 | Multiple1.cs:3:22:3:39 | +| Multiple2.cs:3:22:3:39 | MultipleGeneric`1 | Multiple2.cs:3:22:3:39 | Multiple2.cs:3:22:3:39 | +| Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2.cs:5:14:5:30 | | Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | calltype_location | A.cs:12:14:12:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | @@ -81,3 +94,13 @@ calltype_location | C.cs:9:17:9:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | | Sub.cs:1:14:1:16 | call to constructor Base | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | | Sub.cs:6:17:6:31 | object creation of type InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +typeparameter_location +| A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | +| Base.cs:1:28:1:28 | T | Base.cs:1:28:1:28 | Base.cs:1:28:1:28 | +| Base.cs:8:29:8:29 | T | Base.cs:8:29:8:29 | Base.cs:8:29:8:29 | +| Multiple1.cs:3:38:3:38 | S | Multiple1.cs:3:38:3:38 | Multiple1.cs:3:38:3:38 | +| Multiple1.cs:3:38:3:38 | S | Multiple2.cs:3:38:3:38 | Multiple2.cs:3:38:3:38 | +tupletype_location +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple1.cs:7:19:7:31 | Multiple1.cs:7:19:7:31 | +| Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple2.cs:9:9:9:21 | Multiple2.cs:9:9:9:21 | +| Multiple1.cs:10:9:10:18 | (Int32,Int32) | Multiple1.cs:10:9:10:18 | Multiple1.cs:10:9:10:18 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql index 04ea140340bd..670a27408115 100644 --- a/csharp/ql/test/library-tests/locations/locations.ql +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -4,7 +4,8 @@ query predicate member_locations(Type t, Member m, SourceLocation l) { t = m.getDeclaringType() and l = m.getLocation() and not l instanceof EmptyLocation and - not m instanceof Constructor + not m instanceof Constructor and + t.fromSource() } query predicate accessor_location(Type t, Accessor a, SourceLocation l) { @@ -21,3 +22,7 @@ query predicate calltype_location(Call call, Type t, SourceLocation l) { t = call.getType() and l = t.getALocation() } + +query predicate typeparameter_location(TypeParameter tp, SourceLocation l) { tp.getALocation() = l } + +query predicate tupletype_location(TupleType tt, SourceLocation l) { tt.getALocation() = l } From 55b15a261a796ba42165605723e26830e981f7f0 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Tue, 7 Oct 2025 16:50:07 +0200 Subject: [PATCH 271/307] Java: Add integration test for buildless lambda recovery --- .../DB-CHECK.expected | 3 ++ .../ExtractionErrors.expected | 3 ++ .../ExtractionErrors.qlref | 1 + .../Test.java | 35 +++++++++++++++++++ .../test.py | 5 +++ .../unused_variable.expected | 7 ++++ .../unused_variable.ql | 5 +++ 7 files changed, 59 insertions(+) create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java create mode 100755 java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected create mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected new file mode 100644 index 000000000000..fdef550779a6 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected @@ -0,0 +1,3 @@ +[VALUE_NOT_IN_TYPE] predicate diagnostics(@diagnostic id, string generated_by, int severity, string error_tag, string error_message, string full_error_message, @location_default location): Value -16777184 of field location is not in type @location_default. The value is however in the following types: @diagnostic. Appears in tuple (-16777200,"CodeQL Java extractor",5,"","Failed to traverse method body at /private/var/folders/y2/gcxfwn2j4slfs8cnlt6bzsn40000gn/T/pytest-of-idrissrio/pytest-19/ql/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test/test/Test.java:10:17:10:42","",-16777184) +[VALUE_NOT_IN_TYPE] predicate diagnostic_for(@diagnostic diagnostic, @compilation compilation, int file_number, int file_number_diagnostic_number): Value -16777188 of field diagnostic is not in type @diagnostic. Appears in tuple (-16777188,-16777216,0,14) +[VALUE_NOT_IN_TYPE] predicate diagnostic_for(@diagnostic diagnostic, @compilation compilation, int file_number, int file_number_diagnostic_number): Value -16777176 of field diagnostic is not in type @diagnostic. Appears in tuple (-16777176,-16777216,0,21) diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected new file mode 100644 index 000000000000..c9e472ebeb60 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.expected @@ -0,0 +1,3 @@ +| Frontend errors in file: (2 errors during annotation processing) | 2 | +| Frontend errors in file: Test.java (7 javac errors) | 2 | +| Unknown errors in file: Test.java (5) | 2 | diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref new file mode 100644 index 000000000000..488db09ab058 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/ExtractionErrors.qlref @@ -0,0 +1 @@ +Diagnostics/ExtractionErrors.ql diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java new file mode 100644 index 000000000000..e1df4c2a42f8 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/Test.java @@ -0,0 +1,35 @@ +// The import below is intentionally commented out to test buildless recovery. +// import java.util.stream.Stream; + +public class LambdaBuildlessRecoveryTest { + + private Stream getStringStream() { + return getStringStream(); + } + + public void testSimpleLambdaExpression() { + int unused = 0; + Stream s = getStringStream(); + Stream mapped = s.map(x -> x); + mapped.forEach(System.out::println); + } + + public void testLambdaWithBlockBody() { + int unused = 42; + Stream s = getStringStream(); + Stream filtered = s.filter(item -> { + int unused = 42; + String proc = item.toUpperCase(); + return proc.length() > 0; + }); + filtered.forEach(System.out::println); + } + + public void testVariableCapture() { + int unused = 99; + String prefix = "proc_"; + Stream s = getStringStream(); + Stream result = s.map(item -> prefix + item); + result.forEach(System.out::println); + } +} diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py new file mode 100755 index 000000000000..773127096a75 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test.py @@ -0,0 +1,5 @@ +def test(codeql, java, use_java_17): + codeql.database.create( + build_mode="none", + source_root="." + ) \ No newline at end of file diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected new file mode 100644 index 000000000000..a017b85d85ec --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected @@ -0,0 +1,7 @@ +| Test.java:11:9:11:23 | int unused | +| Test.java:13:9:13:46 | Stream mapped | +| Test.java:18:9:18:24 | int unused | +| Test.java:20:9:24:11 | Stream filtered | +| Test.java:29:9:29:24 | int unused | +| Test.java:30:9:30:32 | String prefix | +| Test.java:32:9:32:61 | Stream result | diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql new file mode 100644 index 000000000000..cba463c08273 --- /dev/null +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.ql @@ -0,0 +1,5 @@ +import java + +from LocalVariableDecl v +where not exists(v.getAnAccess()) and exists(v.getFile().getRelativePath()) +select v From f69e5f5ffc1c3e76f26baca12cee157085dc2aa2 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Tue, 7 Oct 2025 16:51:09 +0200 Subject: [PATCH 272/307] Java: Accept new test results after extractor changes --- .../lambda-expression-buildless-recovery/DB-CHECK.expected | 3 --- .../unused_variable.expected | 7 ++----- 2 files changed, 2 insertions(+), 8 deletions(-) delete mode 100644 java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected deleted file mode 100644 index fdef550779a6..000000000000 --- a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/DB-CHECK.expected +++ /dev/null @@ -1,3 +0,0 @@ -[VALUE_NOT_IN_TYPE] predicate diagnostics(@diagnostic id, string generated_by, int severity, string error_tag, string error_message, string full_error_message, @location_default location): Value -16777184 of field location is not in type @location_default. The value is however in the following types: @diagnostic. Appears in tuple (-16777200,"CodeQL Java extractor",5,"","Failed to traverse method body at /private/var/folders/y2/gcxfwn2j4slfs8cnlt6bzsn40000gn/T/pytest-of-idrissrio/pytest-19/ql/java/ql/integration-tests/java/lambda-expression-buildless-recovery/test/test/Test.java:10:17:10:42","",-16777184) -[VALUE_NOT_IN_TYPE] predicate diagnostic_for(@diagnostic diagnostic, @compilation compilation, int file_number, int file_number_diagnostic_number): Value -16777188 of field diagnostic is not in type @diagnostic. Appears in tuple (-16777188,-16777216,0,14) -[VALUE_NOT_IN_TYPE] predicate diagnostic_for(@diagnostic diagnostic, @compilation compilation, int file_number, int file_number_diagnostic_number): Value -16777176 of field diagnostic is not in type @diagnostic. Appears in tuple (-16777176,-16777216,0,21) diff --git a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected index a017b85d85ec..282d65e7e63f 100644 --- a/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected +++ b/java/ql/integration-tests/java/lambda-expression-buildless-recovery/unused_variable.expected @@ -1,7 +1,4 @@ | Test.java:11:9:11:23 | int unused | -| Test.java:13:9:13:46 | Stream mapped | | Test.java:18:9:18:24 | int unused | -| Test.java:20:9:24:11 | Stream filtered | -| Test.java:29:9:29:24 | int unused | -| Test.java:30:9:30:32 | String prefix | -| Test.java:32:9:32:61 | Stream result | +| Test.java:21:13:21:28 | int unused | +| Test.java:29:9:29:24 | int unused | \ No newline at end of file From 791a92b146a6abe47b824c90188e8054cc67e09c Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 7 Oct 2025 17:32:36 +0100 Subject: [PATCH 273/307] C++: Add a changenote for C/C++ BMN GA --- cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md diff --git a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md new file mode 100644 index 000000000000..dce0cabc38c0 --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* The C/C++ "build-mode: none" support is now General Availability (GA). From 8c02130bcfa11d152dc656f383de32abe5bf23fe Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Thu, 18 Sep 2025 18:46:11 +0100 Subject: [PATCH 274/307] DataFlow: Rearrange files to group the parts that can be shared with overlay aware. --- shared/dataflow/codeql/dataflow/DataFlow.qll | 106 +++++++-------- .../codeql/dataflow/TaintTracking.qll | 124 +++++++++--------- 2 files changed, 115 insertions(+), 115 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 3483287e3b39..54263ebea942 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -691,59 +691,6 @@ module DataFlowMake Lang> { predicate flowToExpr(DataFlowExpr sink); } - /** - * Constructs a global data flow computation. - */ - module Global implements GlobalFlowSig { - private module C implements FullStateConfigSig { - import DefaultState - import Config - - predicate accessPathLimit = Config::accessPathLimit/0; - - predicate isAdditionalFlowStep(Node node1, Node node2, string model) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - } - - private module Stage1 = ImplStage1; - - import Stage1::PartialFlow - - private module Flow = Impl; - - import Flow - } - - /** - * Constructs a global data flow computation using flow state. - */ - module GlobalWithState implements GlobalFlowSig { - private module C implements FullStateConfigSig { - import Config - - predicate accessPathLimit = Config::accessPathLimit/0; - - predicate isAdditionalFlowStep(Node node1, Node node2, string model) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - - predicate isAdditionalFlowStep( - Node node1, FlowState state1, Node node2, FlowState state2, string model - ) { - Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" - } - } - - private module Stage1 = ImplStage1; - - import Stage1::PartialFlow - - private module Flow = Impl; - - import Flow - } - signature class PathNodeSig { /** Gets a textual representation of this element. */ string toString(); @@ -1140,4 +1087,57 @@ module DataFlowMake Lang> { // Re-export the PathGraph so the user can import a single module and get both PathNode and the query predicates import PathGraph } + + /** + * Constructs a global data flow computation. + */ + module Global implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import DefaultState + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = Impl; + + import Flow + } + + /** + * Constructs a global data flow computation using flow state. + */ + module GlobalWithState implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + Node node1, FlowState state1, Node node2, FlowState state2, string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = Impl; + + import Flow + } } diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index bd4b4ecd6ca5..5a4235407b25 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -83,68 +83,6 @@ module TaintFlowMake< } } - /** - * Constructs a global taint tracking computation. - */ - module Global implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import DataFlowInternal::DefaultState - import Config - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, DataFlowLang::Node node2, string model - ) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - private module Stage1 = DataFlowInternalStage1::ImplStage1; - - import Stage1::PartialFlow - - private module Flow = DataFlowInternal::Impl; - - import Flow - } - - /** - * Constructs a global taint tracking computation using flow state. - */ - module GlobalWithState implements DataFlow::GlobalFlowSig { - private module Config0 implements DataFlowInternal::FullStateConfigSig { - import Config - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, DataFlowLang::Node node2, string model - ) { - Config::isAdditionalFlowStep(node1, node2) and model = "Config" - } - - predicate isAdditionalFlowStep( - DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, - string model - ) { - Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" - } - } - - private module C implements DataFlowInternal::FullStateConfigSig { - import AddTaintDefaults - } - - private module Stage1 = DataFlowInternalStage1::ImplStage1; - - import Stage1::PartialFlow - - private module Flow = DataFlowInternal::Impl; - - import Flow - } - signature int speculationLimitSig(); private module AddSpeculativeTaintSteps< @@ -216,6 +154,68 @@ module TaintFlowMake< } } + /** + * Constructs a global taint tracking computation. + */ + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::Impl; + + import Flow + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::Impl; + + import Flow + } + /** * Constructs a global taint tracking computation that also allows a given * maximum number of speculative taint steps. From 82e4fc9f0ff21042bd39ade62910c4070a9a2b33 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Thu, 18 Sep 2025 18:48:01 +0100 Subject: [PATCH 275/307] AlertFiltering: Expose filtering further. --- shared/util/codeql/util/AlertFiltering.qll | 26 +++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/shared/util/codeql/util/AlertFiltering.qll b/shared/util/codeql/util/AlertFiltering.qll index 1480421ae59e..60597327c3b0 100644 --- a/shared/util/codeql/util/AlertFiltering.qll +++ b/shared/util/codeql/util/AlertFiltering.qll @@ -82,6 +82,21 @@ module AlertFilteringImpl { ) } + /** Holds if diff information is available in this evaluation. */ + predicate diffInformationAvailable() { + restrictAlertsTo(_, _, _) or restrictAlertsToExactLocation(_, _, _, _, _) + } + + /** + * Holds if diff information is available, and `filePath` is in the diff + * range. + */ + predicate fileIsInDiff(string filePath) { + restrictAlertsTo(filePath, _, _) + or + restrictAlertsToExactLocation(filePath, _, _, _, _) + } + /** * Holds if the given location is a match for one of the active filtering * predicates in this module, or if all filtering predicates are inactive @@ -92,8 +107,17 @@ module AlertFilteringImpl { */ bindingset[location] predicate filterByLocation(Location location) { - not restrictAlertsTo(_, _, _) and not restrictAlertsToExactLocation(_, _, _, _, _) + not diffInformationAvailable() or + locationIsInDiff(location) + } + + /** + * Like `filterByLocation`, except that if there is no diff range, this + * predicate never holds. + */ + bindingset[location] + predicate locationIsInDiff(Location location) { exists(string filePath | restrictAlertsToEntireFile(filePath) and location.hasLocationInfo(filePath, _, _, _, _) From c49e2ab2dacc12f396db0eb34341bb8acf51adc0 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Thu, 18 Sep 2025 18:55:18 +0100 Subject: [PATCH 276/307] DataFlow: Add code to do overlay informed dataflow. --- .../internal/DataFlowImplSpecific.qll | 3 + shared/dataflow/codeql/dataflow/DataFlow.qll | 16 +++++ .../codeql/dataflow/TaintTracking.qll | 8 +++ .../codeql/dataflow/internal/DataFlowImpl.qll | 8 +++ .../dataflow/internal/DataFlowImplStage1.qll | 62 +++++++++++++++++-- 5 files changed, 92 insertions(+), 5 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll index 65034ee08b93..97f5020142e0 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/DataFlowImplSpecific.qll @@ -6,6 +6,7 @@ module; private import semmle.code.Location private import codeql.dataflow.DataFlow +private import semmle.code.java.Overlay module Private { import DataFlowPrivate @@ -29,4 +30,6 @@ module JavaDataFlow implements InputSig { predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1; predicate viableImplInCallContext = Private::viableImplInCallContext/2; + + predicate isEvaluatingInOverlay = isOverlay/0; } diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 54263ebea942..f2fd4979c57d 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -349,6 +349,18 @@ signature module InputSig { /** Holds if `fieldFlowBranchLimit` should be ignored for flow going into/out of `c`. */ default predicate ignoreFieldFlowBranchLimit(DataFlowCallable c) { none() } + + /** + * Holds if the evaluator is currently evaluating with an overlay. The + * implementation of this predicate needs to be `overlay[local]`. For a + * language with no overlay support, `none()` is a valid implementation. + * + * When called from a local predicate, this predicate holds if we are in the + * overlay-only local evaluation. When called from a global predicate, this + * predicate holds if we are evaluating globally with overlay and base both + * visible. + */ + default predicate isEvaluatingInOverlay() { none() } } module Configs Lang> { @@ -1101,6 +1113,8 @@ module DataFlowMake Lang> { predicate isAdditionalFlowStep(Node node1, Node node2, string model) { Config::isAdditionalFlowStep(node1, node2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module Stage1 = ImplStage1; @@ -1130,6 +1144,8 @@ module DataFlowMake Lang> { ) { Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module Stage1 = ImplStage1; diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 5a4235407b25..1f6cabbbba12 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -167,6 +167,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, node2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -201,6 +203,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -232,6 +236,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, node2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { @@ -270,6 +276,8 @@ module TaintFlowMake< ) { Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" } + + predicate observeOverlayInformedIncrementalMode() { none() } } private module C implements DataFlowInternal::FullStateConfigSig { diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index a7e0736432ac..c21858cc1679 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -143,6 +143,14 @@ module MakeImpl Lang> { */ predicate observeDiffInformedIncrementalMode(); + /** + * Holds if sources and sinks should be filtered to only include those that + * are in the overlay database. This only has an effect when running + * in overlay-informed incremental mode. This should be used in conjunction + * with the `OverlayImpl` implementation to merge the base results back in. + */ + predicate observeOverlayInformedIncrementalMode(); + Location getASelectedSourceLocation(Node source); Location getASelectedSinkLocation(Node sink); diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index c7883df0de18..07ebe057f025 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -4,7 +4,7 @@ * Provides an implementation of a fast initial pruning of global * (interprocedural) data flow reachability (Stage 1). */ -overlay[local?] +overlay[local?] // when this is removed, put `overlay[local?]` on `isOverlayNode`. module; private import codeql.util.Unit @@ -129,23 +129,75 @@ module MakeImplStage1 Lang> { private module AlertFiltering = AlertFilteringImpl; + /** + * Holds if the given node is visible in overlay-only local evaluation. + * + * This predicate needs to be `overlay[local?]`, either directly or + * through annotations from an outer scope. If `Node` is global for the + * language under analysis, then every node is considered an overlay + * node, which means there will effectively be no overlay-based + * filtering of sources and sinks. + */ + private predicate isOverlayNode(Node node) { + isEvaluatingInOverlay() and + // Any local node is an overlay node if we are evaluating in overlay mode + exists(node) + } + + /** + * The filtering if we aren't meant to be diff-informed. + * + * Shared between sources and sinks. + */ + pragma[inline] + private predicate nonDiffInformedFilter(Node node) { + // If we are in base-only global evaluation, do not filter out any sources. + not isEvaluatingInOverlay() + or + // If the configuration doesn't merge overlays, do not filter out any sources. + not Config::observeOverlayInformedIncrementalMode() + or + // If we are in global evaluation with an overlay present, restrict + // sources to those visible in the overlay. + isOverlayNode(node) + } + + overlay[global] pragma[nomagic] private predicate isFilteredSource(Node source) { Config::isSource(source, _) and + // Data flow is always incremental in one of two ways. + // 1. If the configuration is diff-informed, we filter to only include nodes in the diff, + // which gives the smallest set of nodes. + // If diff information is not available, we do not filter at all. + // 2. If not, in global evaluation with overlay, we filter to only + // include nodes from files in the overlay; flow from + // other nodes will be added back later. + // We start by seeing if we should be in case 1. if Config::observeDiffInformedIncrementalMode() - then AlertFiltering::filterByLocation(Config::getASelectedSourceLocation(source)) - else any() + then + // Case 1: We are meant to be diff-informed. + // We still only filter if we have diff information. + AlertFiltering::diffInformationAvailable() + implies + AlertFiltering::locationIsInDiff(Config::getASelectedSourceLocation(source)) + else nonDiffInformedFilter(source) } + overlay[global] pragma[nomagic] private predicate isFilteredSink(Node sink) { ( Config::isSink(sink, _) or Config::isSink(sink) ) and + // See the comments in `isFilteredSource` for the reasoning behind the following. if Config::observeDiffInformedIncrementalMode() - then AlertFiltering::filterByLocation(Config::getASelectedSinkLocation(sink)) - else any() + then + AlertFiltering::diffInformationAvailable() + implies + AlertFiltering::locationIsInDiff(Config::getASelectedSinkLocation(sink)) + else nonDiffInformedFilter(sink) } private predicate hasFilteredSource() { isFilteredSource(_) } From 3c110f2eb80ea316e3b9f0e60feba02e65abf983 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Fri, 19 Sep 2025 15:56:02 +0100 Subject: [PATCH 277/307] DataFlow: Add code for merging base with overlay. --- shared/dataflow/codeql/dataflow/DataFlow.qll | 77 +++++++- .../codeql/dataflow/TaintTracking.qll | 175 +++++++++++++++++- .../codeql/dataflow/internal/DataFlowImpl.qll | 52 +++++- 3 files changed, 295 insertions(+), 9 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index f2fd4979c57d..94bae26e7aa4 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -657,7 +657,7 @@ private module PathGraphSigMod { } } -module DataFlowMake Lang> { +module DataFlowMakeCore Lang> { private import Lang private import internal.DataFlowImpl::MakeImpl private import internal.DataFlowImplStage1::MakeImplStage1 @@ -1099,6 +1099,13 @@ module DataFlowMake Lang> { // Re-export the PathGraph so the user can import a single module and get both PathNode and the query predicates import PathGraph } +} + +module DataFlowMake Lang> { + import DataFlowMakeCore + private import Lang + private import internal.DataFlowImpl::MakeImpl + private import internal.DataFlowImplStage1::MakeImplStage1 /** * Constructs a global data flow computation. @@ -1157,3 +1164,71 @@ module DataFlowMake Lang> { import Flow } } + +module DataFlowMakeOverlay Lang> { + import DataFlowMakeCore + private import Lang + private import internal.DataFlowImpl::MakeImpl + private import internal.DataFlowImplStage1::MakeImplStage1 + + /** + * Constructs a global data flow computation. + */ + module Global implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import DefaultState + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = OverlayImpl; + + import Flow + } + + /** + * Constructs a global data flow computation using flow state. + */ + module GlobalWithState implements GlobalFlowSig { + private module C implements FullStateConfigSig { + import Config + + predicate accessPathLimit = Config::accessPathLimit/0; + + predicate isAdditionalFlowStep(Node node1, Node node2, string model) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + Node node1, FlowState state1, Node node2, FlowState state2, string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module Stage1 = ImplStage1; + + import Stage1::PartialFlow + + private module Flow = OverlayImpl; + + import Flow + } +} diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index 1f6cabbbba12..cb4fad7c8ce0 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -47,16 +47,16 @@ signature module InputSig Lang> { /** * Construct the modules for taint-tracking analyses. */ -module TaintFlowMake< +private module TaintFlowMakeCore< LocationSig Location, DF::InputSig DataFlowLang, InputSig TaintTrackingLang> { - private import TaintTrackingLang - private import DF::DataFlowMake as DataFlow - private import MakeImpl as DataFlowInternal - private import MakeImplStage1 as DataFlowInternalStage1 + import TaintTrackingLang + import DF::DataFlowMakeCore as DataFlow + import MakeImpl as DataFlowInternal + import MakeImplStage1 as DataFlowInternalStage1 - private module AddTaintDefaults implements + module AddTaintDefaults implements DataFlowInternal::FullStateConfigSig { import Config @@ -85,7 +85,7 @@ module TaintFlowMake< signature int speculationLimitSig(); - private module AddSpeculativeTaintSteps< + module AddSpeculativeTaintSteps< DataFlowInternal::FullStateConfigSig Config, speculationLimitSig/0 speculationLimit> implements DataFlowInternal::FullStateConfigSig { @@ -153,6 +153,13 @@ module TaintFlowMake< state1.getState() = state2.getState() } } +} + +module TaintFlowMake< + LocationSig Location, DF::InputSig DataFlowLang, + InputSig TaintTrackingLang> +{ + private import TaintFlowMakeCore /** * Constructs a global taint tracking computation. @@ -288,8 +295,162 @@ module TaintFlowMake< import Stage1::PartialFlow + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } +} + +module TaintFlowMakeOverlay< + LocationSig Location, DF::InputSig DataFlowLang, + InputSig TaintTrackingLang> +{ + private import TaintFlowMakeCore + + /** + * Constructs a global taint tracking computation. + */ + module Global implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } + + /** + * Constructs a global taint tracking computation using flow state. + */ + module GlobalWithState implements DataFlow::GlobalFlowSig { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } + + /** + * Constructs a global taint tracking computation that also allows a given + * maximum number of speculative taint steps. + */ + module SpeculativeGlobal + implements DataFlow::GlobalFlowSig + { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import DataFlowInternal::DefaultState + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults> + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + private module Flow = DataFlowInternal::Impl; import Flow } + + /** + * Constructs a global taint tracking computation using flow state that also + * allows a given maximum number of speculative taint steps. + */ + module SpeculativeGlobalWithState< + DataFlow::StateConfigSig Config, speculationLimitSig/0 speculationLimit> implements + DataFlow::GlobalFlowSig + { + private module Config0 implements DataFlowInternal::FullStateConfigSig { + import Config + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, DataFlowLang::Node node2, string model + ) { + Config::isAdditionalFlowStep(node1, node2) and model = "Config" + } + + predicate isAdditionalFlowStep( + DataFlowLang::Node node1, FlowState state1, DataFlowLang::Node node2, FlowState state2, + string model + ) { + Config::isAdditionalFlowStep(node1, state1, node2, state2) and model = "Config" + } + + predicate observeOverlayInformedIncrementalMode() { + not Config::observeDiffInformedIncrementalMode() + } + } + + private module C implements DataFlowInternal::FullStateConfigSig { + import AddTaintDefaults> + } + + private module Stage1 = DataFlowInternalStage1::ImplStage1; + + import Stage1::PartialFlow + + private module Flow = DataFlowInternal::OverlayImpl; + + import Flow + } } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index c21858cc1679..81ac268b8b37 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -15,7 +15,7 @@ private import DataFlowImplStage1 module MakeImpl Lang> { private import Lang - private import DataFlowMake + private import DataFlowMakeCore private import MakeImplStage1 private import DataFlowImplCommon::MakeImplCommon private import DataFlowImplCommonPublic @@ -179,6 +179,56 @@ module MakeImpl Lang> { } } + /** + * Constructs a data flow computation given a full input configuration, and + * an initial stage 1 pruning with merging of overlay and base results. + */ + module OverlayImpl Stage1> { + module Base = Impl; + + import Base + + /** + * Holds if data can flow from `source` to `sink`. + * + * This is a local predicate that only has results local to the overlay/base database. + */ + predicate flowLocal(Node source, Node sink) = forceLocal(Base::flow/2)(source, sink) + + /** + * Holds if data can flow from `source` to `sink`. + */ + predicate flow(Node source, Node sink) { + Base::flow(source, sink) + or + // If we are overlay informed (i.e. we are not diff-informed), we + // merge in the local results which includes the base database results. + flowLocal(source, sink) and Config::observeOverlayInformedIncrementalMode() + } + + /** + * Holds if data can flow from some source to `sink`. + * This predicate that only has results local to the overlay/base database. + */ + predicate flowToLocal(Node sink) = forceLocal(Base::flowTo/1)(sink) + + /** + * Holds if data can flow from some source to `sink`. + */ + predicate flowTo(Node sink) { + Base::flowTo(sink) + or + // If we are overlay informed (i.e. we are not diff-informed), we + // merge in the local results which includes the base database results. + flowToLocal(sink) and Config::observeOverlayInformedIncrementalMode() + } + + /** + * Holds if data can flow from some source to `sink`. + */ + predicate flowToExpr(Lang::DataFlowExpr sink) { flowTo(exprNode(sink)) } + } + /** * Constructs a data flow computation given a full input configuration, and * an initial stage 1 pruning. From 542bdf079291f5ef12ceffcd2bb3142f71ed08e8 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Wed, 24 Sep 2025 14:51:34 +0100 Subject: [PATCH 278/307] Java: Use Overlay dataflow in java. --- java/ql/lib/semmle/code/java/dataflow/DataFlow.qll | 2 +- java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll b/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll index 54eb809c7b97..c99a8a5a58e4 100644 --- a/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/DataFlow.qll @@ -10,6 +10,6 @@ import java module DataFlow { private import semmle.code.java.dataflow.internal.DataFlowImplSpecific private import codeql.dataflow.DataFlow - import DataFlowMake + import DataFlowMakeOverlay import Public } diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll index 159604a95bd6..34c7b717428b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll +++ b/java/ql/lib/semmle/code/java/dataflow/TaintTracking.qll @@ -13,5 +13,5 @@ module TaintTracking { private import semmle.code.java.dataflow.internal.DataFlowImplSpecific private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific private import codeql.dataflow.TaintTracking - import TaintFlowMake + import TaintFlowMakeOverlay } From 7a8d2392eeac95ed7010bfacb22c49e3b7470331 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Thu, 25 Sep 2025 17:21:50 +0100 Subject: [PATCH 279/307] Daatflow: Fix bug --- shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index 07ebe057f025..982e4a1c6af5 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -150,6 +150,7 @@ module MakeImplStage1 Lang> { * Shared between sources and sinks. */ pragma[inline] + overlay[global] private predicate nonDiffInformedFilter(Node node) { // If we are in base-only global evaluation, do not filter out any sources. not isEvaluatingInOverlay() From 193cd46a767a0854396cf66b31296263ffc45686 Mon Sep 17 00:00:00 2001 From: Alex Eyers-Taylor Date: Fri, 3 Oct 2025 20:39:41 +0100 Subject: [PATCH 280/307] DataFlow: Adress comments on overlay informed dataflow --- shared/dataflow/codeql/dataflow/DataFlow.qll | 6 ++---- .../codeql/dataflow/TaintTracking.qll | 6 +++--- .../codeql/dataflow/internal/DataFlowImpl.qll | 19 ++++++++++--------- .../dataflow/internal/DataFlowImplStage1.qll | 8 ++++---- 4 files changed, 19 insertions(+), 20 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 94bae26e7aa4..49f84d45b2ad 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -657,10 +657,8 @@ private module PathGraphSigMod { } } -module DataFlowMakeCore Lang> { +private module DataFlowMakeCore Lang> { private import Lang - private import internal.DataFlowImpl::MakeImpl - private import internal.DataFlowImplStage1::MakeImplStage1 import Configs /** @@ -1166,7 +1164,7 @@ module DataFlowMake Lang> { } module DataFlowMakeOverlay Lang> { - import DataFlowMakeCore + import DataFlowMake private import Lang private import internal.DataFlowImpl::MakeImpl private import internal.DataFlowImplStage1::MakeImplStage1 diff --git a/shared/dataflow/codeql/dataflow/TaintTracking.qll b/shared/dataflow/codeql/dataflow/TaintTracking.qll index cb4fad7c8ce0..7bb9535d0964 100644 --- a/shared/dataflow/codeql/dataflow/TaintTracking.qll +++ b/shared/dataflow/codeql/dataflow/TaintTracking.qll @@ -52,7 +52,7 @@ private module TaintFlowMakeCore< InputSig TaintTrackingLang> { import TaintTrackingLang - import DF::DataFlowMakeCore as DataFlow + import DF::DataFlowMake as DataFlow import MakeImpl as DataFlowInternal import MakeImplStage1 as DataFlowInternalStage1 @@ -295,7 +295,7 @@ module TaintFlowMake< import Stage1::PartialFlow - private module Flow = DataFlowInternal::OverlayImpl; + private module Flow = DataFlowInternal::Impl; import Flow } @@ -407,7 +407,7 @@ module TaintFlowMakeOverlay< import Stage1::PartialFlow - private module Flow = DataFlowInternal::Impl; + private module Flow = DataFlowInternal::OverlayImpl; import Flow } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index 81ac268b8b37..099866ab6bd0 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -15,7 +15,7 @@ private import DataFlowImplStage1 module MakeImpl Lang> { private import Lang - private import DataFlowMakeCore + private import DataFlowMake private import MakeImplStage1 private import DataFlowImplCommon::MakeImplCommon private import DataFlowImplCommonPublic @@ -145,7 +145,8 @@ module MakeImpl Lang> { /** * Holds if sources and sinks should be filtered to only include those that - * are in the overlay database. This only has an effect when running + * may lead to a flow path with either a source or a sink in the overlay database. + * This only has an effect when running * in overlay-informed incremental mode. This should be used in conjunction * with the `OverlayImpl` implementation to merge the base results back in. */ @@ -184,22 +185,22 @@ module MakeImpl Lang> { * an initial stage 1 pruning with merging of overlay and base results. */ module OverlayImpl Stage1> { - module Base = Impl; + private module Flow = Impl; - import Base + import Flow /** * Holds if data can flow from `source` to `sink`. * * This is a local predicate that only has results local to the overlay/base database. */ - predicate flowLocal(Node source, Node sink) = forceLocal(Base::flow/2)(source, sink) + private predicate flowLocal(Node source, Node sink) = forceLocal(Flow::flow/2)(source, sink) /** * Holds if data can flow from `source` to `sink`. */ predicate flow(Node source, Node sink) { - Base::flow(source, sink) + Flow::flow(source, sink) or // If we are overlay informed (i.e. we are not diff-informed), we // merge in the local results which includes the base database results. @@ -208,15 +209,15 @@ module MakeImpl Lang> { /** * Holds if data can flow from some source to `sink`. - * This predicate that only has results local to the overlay/base database. + * This is a local predicate that only has results local to the overlay/base database. */ - predicate flowToLocal(Node sink) = forceLocal(Base::flowTo/1)(sink) + predicate flowToLocal(Node sink) = forceLocal(Flow::flowTo/1)(sink) /** * Holds if data can flow from some source to `sink`. */ predicate flowTo(Node sink) { - Base::flowTo(sink) + Flow::flowTo(sink) or // If we are overlay informed (i.e. we are not diff-informed), we // merge in the local results which includes the base database results. diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index 982e4a1c6af5..bb79ff62f5be 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -149,17 +149,17 @@ module MakeImplStage1 Lang> { * * Shared between sources and sinks. */ - pragma[inline] overlay[global] + pragma[inline] private predicate nonDiffInformedFilter(Node node) { - // If we are in base-only global evaluation, do not filter out any sources. + // If we are in base-only global evaluation, do not filter out any sources/sinks. not isEvaluatingInOverlay() or - // If the configuration doesn't merge overlays, do not filter out any sources. + // If the configuration doesn't merge overlays, do not filter out any sources/sinks. not Config::observeOverlayInformedIncrementalMode() or // If we are in global evaluation with an overlay present, restrict - // sources to those visible in the overlay. + // sources/sinks to those visible in the overlay. isOverlayNode(node) } From 8a2be0910ccc7420e9074b005af888de420c5b8d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 7 Oct 2025 23:10:31 +0100 Subject: [PATCH 281/307] Rust: Add change note for Rust GA. --- rust/ql/lib/change-notes/2025-10-07-rust-ga.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 rust/ql/lib/change-notes/2025-10-07-rust-ga.md diff --git a/rust/ql/lib/change-notes/2025-10-07-rust-ga.md b/rust/ql/lib/change-notes/2025-10-07-rust-ga.md new file mode 100644 index 000000000000..f24f4f6e4c36 --- /dev/null +++ b/rust/ql/lib/change-notes/2025-10-07-rust-ga.md @@ -0,0 +1,4 @@ +--- +category: feature +--- +* Rust analysis is now Generally Available (GA). From cdfa58645a4695a842616367c2dc1b1c7adb29f1 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 8 Oct 2025 10:14:51 +0200 Subject: [PATCH 282/307] C#: Add change-note. --- csharp/ql/lib/change-notes/2025-10-08-entity-locations.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-10-08-entity-locations.md diff --git a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md new file mode 100644 index 000000000000..a96afe072513 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. From 99f5dcaaa4a9fe4b59d977c4c2cc925c0ae04cfc Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 8 Oct 2025 10:32:51 +0200 Subject: [PATCH 283/307] Java: Fix bug in ConstantExpAppearsNonConstant. --- .../Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql index 28ae63bfd363..4bbeefaee6e0 100644 --- a/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +++ b/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql @@ -19,7 +19,7 @@ predicate isConstantExp(Expr e) { // A literal is constant. e instanceof Literal or - e instanceof TypeAccess and not e.(TypeAccess).getType() instanceof ErrorType + e instanceof TypeAccess or e instanceof ArrayTypeAccess or @@ -53,6 +53,7 @@ predicate isConstantExp(Expr e) { from Expr e where isConstantExp(e) and + not e.(TypeAccess).getType() instanceof ErrorType and exists(Expr child | e.getAChildExpr() = child | not isConstantExp(child) and not child instanceof Annotation From f8626cd41777acd30a21e0877649b8fef660afdd Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 8 Oct 2025 10:42:10 -0500 Subject: [PATCH 284/307] changedocs for 2.23.2 --- .../codeql-changelog/codeql-cli-2.10.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.10.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.10.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.10.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.10.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.10.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.11.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.12.7.rst | 2 +- .../codeql-changelog/codeql-cli-2.13.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.13.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.13.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.13.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.13.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.14.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.15.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.16.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.17.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.18.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.18.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.18.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.18.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.18.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.19.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.19.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.19.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.19.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.19.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.20.7.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.21.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.22.4.rst | 12 +-- .../codeql-changelog/codeql-cli-2.23.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.23.2.rst | 89 +++++++++++++++++++ .../codeql-changelog/codeql-cli-2.4.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.4.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.4.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.4.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.4.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.4.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.7.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.8.rst | 2 +- .../codeql-changelog/codeql-cli-2.5.9.rst | 2 +- .../codeql-changelog/codeql-cli-2.6.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.6.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.6.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.6.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.7.6.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.4.rst | 2 +- .../codeql-changelog/codeql-cli-2.8.5.rst | 2 +- .../codeql-changelog/codeql-cli-2.9.0.rst | 2 +- .../codeql-changelog/codeql-cli-2.9.1.rst | 2 +- .../codeql-changelog/codeql-cli-2.9.2.rst | 2 +- .../codeql-changelog/codeql-cli-2.9.3.rst | 2 +- .../codeql-changelog/codeql-cli-2.9.4.rst | 2 +- .../codeql-changelog/index.rst | 3 +- 121 files changed, 215 insertions(+), 125 deletions(-) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.2.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.0.rst index 96826b256080..7b7cba95fd33 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.0.rst @@ -9,7 +9,7 @@ CodeQL 2.10.0 (2022-06-27) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.1.rst index b059afcfc9eb..17c0589c596b 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.1.rst @@ -9,7 +9,7 @@ CodeQL 2.10.1 (2022-07-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.2.rst index 37e094f74954..93794d214cef 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.2.rst @@ -9,7 +9,7 @@ CodeQL 2.10.2 (2022-08-02) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.3.rst index 75d3183d4dd4..f66721b9128c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.3.rst @@ -9,7 +9,7 @@ CodeQL 2.10.3 (2022-08-15) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.4.rst index c6d9c4c78052..7e15085db021 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.4.rst @@ -9,7 +9,7 @@ CodeQL 2.10.4 (2022-08-31) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.5.rst index 9c2373e358c9..72082e16d70b 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.10.5.rst @@ -9,7 +9,7 @@ CodeQL 2.10.5 (2022-09-13) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.0.rst index a9b32080979f..332d060068e6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.0.rst @@ -9,7 +9,7 @@ CodeQL 2.11.0 (2022-09-28) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.1.rst index d7aff79a0782..3847694a0fe0 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.1.rst @@ -9,7 +9,7 @@ CodeQL 2.11.1 (2022-10-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.2.rst index 83083a9c3a99..9e0dd258b072 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.2.rst @@ -9,7 +9,7 @@ CodeQL 2.11.2 (2022-10-25) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.3.rst index 893d8b52ae19..fb3948cdfcef 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.3.rst @@ -9,7 +9,7 @@ CodeQL 2.11.3 (2022-11-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.4.rst index ab22a2455837..37b52835a7f3 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.4.rst @@ -9,7 +9,7 @@ CodeQL 2.11.4 (2022-11-24) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.5.rst index 1ccd87c81ad9..9a0f23f55c69 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.5.rst @@ -9,7 +9,7 @@ CodeQL 2.11.5 (2022-12-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.6.rst index cc4dabd21ac0..2455de41316e 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.11.6.rst @@ -9,7 +9,7 @@ CodeQL 2.11.6 (2022-12-13) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst index 0b7c47773d6e..0993702172f3 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.0.rst @@ -9,7 +9,7 @@ CodeQL 2.12.0 (2023-01-10) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.1.rst index c0dd4057e9e5..88d9a9d202fc 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.1.rst @@ -9,7 +9,7 @@ CodeQL 2.12.1 (2023-01-23) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.2.rst index 22df6d46a067..fc78c1bfb2b2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.2.rst @@ -9,7 +9,7 @@ CodeQL 2.12.2 (2023-02-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.3.rst index f32583017867..f954f4361501 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.3.rst @@ -9,7 +9,7 @@ CodeQL 2.12.3 (2023-02-23) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.4.rst index 8545a2f77ca3..9c84debe0a94 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.4.rst @@ -9,7 +9,7 @@ CodeQL 2.12.4 (2023-03-09) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.5.rst index 5a0c6ae4f929..a25613a96e6d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.5.rst @@ -9,7 +9,7 @@ CodeQL 2.12.5 (2023-03-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst index aa61cc37f8b6..cf542efebda2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.6.rst @@ -9,7 +9,7 @@ CodeQL 2.12.6 (2023-04-04) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.7.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.7.rst index f9c0b12d10f0..6fd4d8f416c8 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.7.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.12.7.rst @@ -9,7 +9,7 @@ CodeQL 2.12.7 (2023-04-18) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst index 046e0f548ca6..3d3bb5485983 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.0.rst @@ -9,7 +9,7 @@ CodeQL 2.13.0 (2023-04-20) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.1.rst index 3af28abf08b6..ba78f5fc2f46 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.1.rst @@ -9,7 +9,7 @@ CodeQL 2.13.1 (2023-05-03) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst index 1cff52445193..09c97c03ff68 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.3.rst @@ -9,7 +9,7 @@ CodeQL 2.13.3 (2023-05-31) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.4.rst index 6bc1dc9daecc..8443cea4738e 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.4.rst @@ -9,7 +9,7 @@ CodeQL 2.13.4 (2023-06-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.5.rst index f559a2d6154b..b0877954388d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.13.5.rst @@ -9,7 +9,7 @@ CodeQL 2.13.5 (2023-07-05) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.0.rst index 3583785a0825..9c2a459120a7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.0.rst @@ -9,7 +9,7 @@ CodeQL 2.14.0 (2023-07-13) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.1.rst index 736f48e5ddcb..bcdebcae4f7c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.1.rst @@ -9,7 +9,7 @@ CodeQL 2.14.1 (2023-07-27) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.2.rst index ccc388fe210c..82362f17567b 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.2.rst @@ -9,7 +9,7 @@ CodeQL 2.14.2 (2023-08-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.3.rst index 2707003615ba..fc6861d094c5 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.3.rst @@ -9,7 +9,7 @@ CodeQL 2.14.3 (2023-08-25) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.4.rst index 9ad1517025fb..7880af6540e3 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.4.rst @@ -9,7 +9,7 @@ CodeQL 2.14.4 (2023-09-12) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.5.rst index c56fced5e1d8..d3cc1ba634c7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.5.rst @@ -9,7 +9,7 @@ CodeQL 2.14.5 (2023-09-14) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.6.rst index a6e8643624c1..ef518ba829be 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.14.6.rst @@ -9,7 +9,7 @@ CodeQL 2.14.6 (2023-09-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.0.rst index 14635c0fb50b..320d322cf196 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.0.rst @@ -9,7 +9,7 @@ CodeQL 2.15.0 (2023-10-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.1.rst index b98fcd1cd3c2..d82569c71f7c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.1.rst @@ -9,7 +9,7 @@ CodeQL 2.15.1 (2023-10-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.2.rst index c542a4df350f..60baabb9e5a2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.2.rst @@ -9,7 +9,7 @@ CodeQL 2.15.2 (2023-11-13) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.3.rst index 1bcadd72b5a4..fc9e283ecfca 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.3.rst @@ -9,7 +9,7 @@ CodeQL 2.15.3 (2023-11-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.4.rst index f7cbcd802108..f72f1cb8c06c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.4.rst @@ -9,7 +9,7 @@ CodeQL 2.15.4 (2023-12-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.5.rst index 31977c615994..c674850e7cdc 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.15.5.rst @@ -9,7 +9,7 @@ CodeQL 2.15.5 (2023-12-20) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.0.rst index 127994f29994..c516ae0fb629 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.0.rst @@ -9,7 +9,7 @@ CodeQL 2.16.0 (2024-01-16) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.1.rst index cd328246d8ca..99a675dbe775 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.1.rst @@ -9,7 +9,7 @@ CodeQL 2.16.1 (2024-01-25) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.2.rst index db04b157756a..c7529d18cf44 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.2.rst @@ -9,7 +9,7 @@ CodeQL 2.16.2 (2024-02-12) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.3.rst index 016bf7583fb5..5071c80291c1 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.3.rst @@ -9,7 +9,7 @@ CodeQL 2.16.3 (2024-02-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.4.rst index a73ce5982fd7..f3200dfa5fa6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.4.rst @@ -9,7 +9,7 @@ CodeQL 2.16.4 (2024-03-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.5.rst index cb602e126d1b..f416159c3eec 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.5.rst @@ -9,7 +9,7 @@ CodeQL 2.16.5 (2024-03-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst index dba880ceaaef..16c87249130d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.16.6.rst @@ -9,7 +9,7 @@ CodeQL 2.16.6 (2024-03-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst index 9551941ea389..51c181559201 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.0.rst @@ -9,7 +9,7 @@ CodeQL 2.17.0 (2024-04-04) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst index c162c3f95541..de95f2a7d8b2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.1.rst @@ -9,7 +9,7 @@ CodeQL 2.17.1 (2024-04-24) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.2.rst index 9fb2aee867b4..6f6fc6f24271 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.2.rst @@ -9,7 +9,7 @@ CodeQL 2.17.2 (2024-05-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.3.rst index 45286dd27236..345c66059a90 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.3.rst @@ -9,7 +9,7 @@ CodeQL 2.17.3 (2024-05-17) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.4.rst index e705d8fe17f9..9ae59714b905 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.4.rst @@ -9,7 +9,7 @@ CodeQL 2.17.4 (2024-06-03) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.5.rst index e86eb795b1ed..d32b5a327e7f 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.5.rst @@ -9,7 +9,7 @@ CodeQL 2.17.5 (2024-06-12) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.6.rst index 584d45889d53..74abb31897e8 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.17.6.rst @@ -9,7 +9,7 @@ CodeQL 2.17.6 (2024-06-27) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.0.rst index c299355c00e7..99764e480a57 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.0.rst @@ -9,7 +9,7 @@ CodeQL 2.18.0 (2024-07-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.1.rst index a13cd9cdc5da..5d4dd5179a14 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.1.rst @@ -9,7 +9,7 @@ CodeQL 2.18.1 (2024-07-25) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.2.rst index 3bc21179a89c..bc67ac410d4b 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.2.rst @@ -9,7 +9,7 @@ CodeQL 2.18.2 (2024-08-13) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.3.rst index 31ecd6e0ed7c..77792853900d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.3.rst @@ -9,7 +9,7 @@ CodeQL 2.18.3 (2024-08-28) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.4.rst index 14f7cb966478..185563147254 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.18.4.rst @@ -9,7 +9,7 @@ CodeQL 2.18.4 (2024-09-12) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.0.rst index 0184b8118176..ce5973268db6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.0.rst @@ -9,7 +9,7 @@ CodeQL 2.19.0 (2024-09-18) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst index 352a229a4221..f2948d0db67c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.1.rst @@ -9,7 +9,7 @@ CodeQL 2.19.1 (2024-10-04) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.2.rst index b21bc2566a87..edc40712dc0a 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.2.rst @@ -9,7 +9,7 @@ CodeQL 2.19.2 (2024-10-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.3.rst index c078993aa3f1..183adc77e417 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.3.rst @@ -9,7 +9,7 @@ CodeQL 2.19.3 (2024-11-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst index 9235d63fe2cf..2135aa8f7598 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.19.4.rst @@ -9,7 +9,7 @@ CodeQL 2.19.4 (2024-12-02) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst index 70fed1e9cfda..1d1422d381cb 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.0.rst @@ -9,7 +9,7 @@ CodeQL 2.20.0 (2024-12-09) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.1.rst index 11f30e960864..5d3d2d99f9ea 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.1.rst @@ -9,7 +9,7 @@ CodeQL 2.20.1 (2025-01-09) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.2.rst index ed4d502ea2d8..c657bf0c48e4 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.2.rst @@ -9,7 +9,7 @@ CodeQL 2.20.2 (2025-01-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.3.rst index 053d11610a47..1fca15790f1d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.3.rst @@ -9,7 +9,7 @@ CodeQL 2.20.3 (2025-01-24) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst index c3012e020c78..673d4a55d591 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.4.rst @@ -9,7 +9,7 @@ CodeQL 2.20.4 (2025-02-06) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst index 855f25655ec6..d3264090af14 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.5.rst @@ -9,7 +9,7 @@ CodeQL 2.20.5 (2025-02-20) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst index 76c038bded29..841b637cc344 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.6.rst @@ -9,7 +9,7 @@ CodeQL 2.20.6 (2025-03-06) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst index fd6885b025e6..144382c97376 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst @@ -9,7 +9,7 @@ CodeQL 2.20.7 (2025-03-18) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst index b6396b2be4e2..a9a272088318 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst @@ -9,7 +9,7 @@ CodeQL 2.21.0 (2025-04-03) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.1.rst index 40587985d9d9..ada0a6102fcb 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.1.rst @@ -9,7 +9,7 @@ CodeQL 2.21.1 (2025-04-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.2.rst index 636cf2fe63d5..97d52abf744b 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.2.rst @@ -9,7 +9,7 @@ CodeQL 2.21.2 (2025-05-01) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst index d499f27dcb12..71a8e3a68240 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.3.rst @@ -9,7 +9,7 @@ CodeQL 2.21.3 (2025-05-15) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.4.rst index c21a9940b4b5..6fcbc0cd0ca7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.4.rst @@ -9,7 +9,7 @@ CodeQL 2.21.4 (2025-06-02) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst index d60b0e957694..4288b9c2e98a 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.0.rst @@ -9,7 +9,7 @@ CodeQL 2.22.0 (2025-06-11) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst index 0b051d5473fb..6aed611d5cf6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.1.rst @@ -9,7 +9,7 @@ CodeQL 2.22.1 (2025-06-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.2.rst index 92c440a05afd..6164266e10ff 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.2.rst @@ -9,7 +9,7 @@ CodeQL 2.22.2 (2025-07-29) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst index 7a1d554855de..4f1d34ff2ddd 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.3.rst @@ -9,7 +9,7 @@ CodeQL 2.22.3 (2025-08-06) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.4.rst index 97dc83d41dab..1a592436a8fb 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.22.4.rst @@ -9,7 +9,7 @@ CodeQL 2.22.4 (2025-08-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- @@ -33,11 +33,6 @@ C/C++ * The :code:`cpp/short-global-name` query will no longer give alerts for instantiations of template variables, only for the template itself. * Fixed a false positive in :code:`cpp/overflow-buffer` when the type of the destination buffer is a reference to a class/struct type. -Golang -"""""" - -* Go 1.25 is now supported. - JavaScript/TypeScript """"""""""""""""""""" @@ -84,6 +79,11 @@ C/C++ * Improved dataflow through global variables in the new dataflow library (:code:`semmle.code.cpp.dataflow.new.DataFlow` and :code:`semmle.code.cpp.dataflow.new.TaintTracking`). Queries based on these libraries will produce more results on codebases with many global variables. * The global value numbering library (:code:`semmle.code.cpp.valuenumbering.GlobalValueNumbering` and :code:`semmle.code.cpp.ir.ValueNumbering`) has been improved so more expressions are assigned the same value number. +Golang +"""""" + +* Go 1.25 is now supported. + Java/Kotlin """"""""""" diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.0.rst index d87754d8391a..4091be0911e2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.0.rst @@ -9,7 +9,7 @@ CodeQL 2.23.0 (2025-09-04) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.2.rst new file mode 100644 index 000000000000..246af4c3be17 --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.2.rst @@ -0,0 +1,89 @@ +.. _codeql-cli-2.23.2: + +========================== +CodeQL 2.23.2 (2025-10-02) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.23.2 runs a total of 479 security queries when configured with the Default suite (covering 166 CWE). The Extended suite enables an additional 135 queries (covering 35 more CWE). 1 security query has been added with this release. + +CodeQL CLI +---------- + +Bug Fixes +~~~~~~~~~ + +* The :code:`codeql generate query-help` command now prepends the query's name (taken from the :code:`.ql` file) as a level-one heading when processing markdown query help, for consistency with help generated from a :code:`.qhelp` file. + +New Features +~~~~~~~~~~~~ + +* CodeQL Go analysis now supports the "Git Source" type for `private package registries `__. This is in addition to the existing support for the "GOPROXY server" type. + +Query Packs +----------- + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* The modeling of null guards based on complex pattern expressions has been improved, which in turn improves the query :code:`cs/dereferenced-value-may-be-null` by removing false positives. +* The query :code:`cs/xmldoc/missing-summary` has been removed from the :code:`code-quality` suite, to align with other languages. + +Python +"""""" + +* The queries that check for unmatchable :code:`$` and :code:`^` in regular expressions did not account correctly for occurrences inside lookahead and lookbehind assertions. These occurrences are now handled correctly, eliminating this source of false positives. +* The :code:`py/inheritance/signature-mismatch` query has been modernized. It produces more precise results and more descriptive alert messages. +* The :code:`py/inheritance/incorrect-overriding-signature` query has been deprecated. Its results have been consolidated into the :code:`py/inheritance/signature-mismatch` query. + +New Queries +~~~~~~~~~~~ + +Rust +"""" + +* Added a new query, :code:`rust/non-https-url`, for detecting the use of non-HTTPS URLs that can be intercepted by third parties. + +Language Libraries +------------------ + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +JavaScript/TypeScript +""""""""""""""""""""" + +* Added modeling of :code:`GraphQLObjectType` resolver function parameters as remote sources. +* Support for the `graphql `__ library has been improved. Data flow from GraphQL query sources and variables to resolver function parameters is now tracked. +* Added support for the :code:`aws-sdk` and :code:`@aws-sdk/client-dynamodb`, :code:`@aws-sdk/client-athena`, :code:`@aws-sdk/client-s3`, and :code:`@aws-sdk/client-rds-data` packages. + +Python +"""""" + +* Data flow tracking through global variables now supports nested field access patterns such as :code:`global_var.obj.field`. This improves the precision of taint tracking analysis when data flows through complex global variable structures. + +New Features +~~~~~~~~~~~~ + +Ruby +"""" + +* Initial modeling for the Ruby Grape framework in :code:`Grape.qll` has been added to detect API endpoints, parameters, and headers within Grape API classes. + +Rust +"""" + +* The models-as-data format for sources now supports access paths of the form + :code:`Argument[i].Parameter[j]`. This denotes that the source passes tainted data to the :code:`j`\ th parameter of its :code:`i`\ th argument (which must be a function or a closure). diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.1.rst index 58d7f61cba88..af61c689885d 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.1.rst @@ -9,7 +9,7 @@ CodeQL 2.4.1 (2020-12-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.2.rst index 26cd430bd5f6..dcbd51e613a7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.2.rst @@ -9,7 +9,7 @@ CodeQL 2.4.2 (2021-01-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.3.rst index 7bd90f4e6218..6936a0a200e0 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.3.rst @@ -9,7 +9,7 @@ CodeQL 2.4.3 (2021-01-29) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.4.rst index 5b918dc90e85..8c0709928af6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.4.rst @@ -9,7 +9,7 @@ CodeQL 2.4.4 (2021-02-12) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.5.rst index 9d4a5b329b12..9ef2182c9f56 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.5.rst @@ -9,7 +9,7 @@ CodeQL 2.4.5 (2021-03-08) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.6.rst index c5f1a57ea0df..ba551f3333d6 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.4.6.rst @@ -9,7 +9,7 @@ CodeQL 2.4.6 (2021-03-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.0.rst index 45b21c0d03c3..0e983e5cacb7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.0.rst @@ -9,7 +9,7 @@ CodeQL 2.5.0 (2021-03-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.1.rst index 7aa11611c713..8f259708fdcb 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.1.rst @@ -9,7 +9,7 @@ CodeQL 2.5.1 (2021-04-19) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.2.rst index dde165f5f3c1..09049680fae5 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.2.rst @@ -9,7 +9,7 @@ CodeQL 2.5.2 (2021-04-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.3.rst index 05717dacb041..518a699fbf37 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.3.rst @@ -9,7 +9,7 @@ CodeQL 2.5.3 (2021-04-30) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.4.rst index 85cb51020415..33a1ee1e802f 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.4.rst @@ -9,7 +9,7 @@ CodeQL 2.5.4 (2021-05-03) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.5.rst index 349d9c2ab4ca..02946e207fff 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.5.rst @@ -9,7 +9,7 @@ CodeQL 2.5.5 (2021-05-17) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.6.rst index 5d9b4fab3aa7..8f7444f3339e 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.6.rst @@ -9,7 +9,7 @@ CodeQL 2.5.6 (2021-06-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.7.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.7.rst index 31c0fcbc387b..a79252fdbe8f 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.7.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.7.rst @@ -9,7 +9,7 @@ CodeQL 2.5.7 (2021-07-02) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.8.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.8.rst index 753da44a257b..da7e793d1c6f 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.8.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.8.rst @@ -9,7 +9,7 @@ CodeQL 2.5.8 (2021-07-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.9.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.9.rst index e142a305026b..cc9120def9e3 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.9.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.5.9.rst @@ -9,7 +9,7 @@ CodeQL 2.5.9 (2021-08-09) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.rst index 494f9ed2d71f..6b7a81e5ac51 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.0.rst @@ -9,7 +9,7 @@ CodeQL 2.6.0 (2021-08-24) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.1.rst index 0ff5d4bd9f05..a9e030c403ac 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.1.rst @@ -9,7 +9,7 @@ CodeQL 2.6.1 (2021-09-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.2.rst index af7c4b7042b2..6a67b21f33c5 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.2.rst @@ -9,7 +9,7 @@ CodeQL 2.6.2 (2021-09-21) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.3.rst index e566b818a00c..d5c4e3e3f575 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.6.3.rst @@ -9,7 +9,7 @@ CodeQL 2.6.3 (2021-10-06) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.0.rst index dbbd36aea5e6..9ac5b7f3e92a 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.0.rst @@ -9,7 +9,7 @@ CodeQL 2.7.0 (2021-10-27) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.1.rst index f28740575f3d..09aead4a36e2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.1.rst @@ -9,7 +9,7 @@ CodeQL 2.7.1 (2021-11-15) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.2.rst index ecd7d53c3e01..c2c0d35179c9 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.2.rst @@ -9,7 +9,7 @@ CodeQL 2.7.2 (2021-11-22) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.3.rst index ffac75543cab..af2cac49d3f7 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.3.rst @@ -9,7 +9,7 @@ CodeQL 2.7.3 (2021-12-06) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.5.rst index d754aec07cbd..c3107ea0386e 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.5.rst @@ -9,7 +9,7 @@ CodeQL 2.7.5 (2022-01-17) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.6.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.6.rst index ef418261258f..6d9820c064d2 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.6.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.7.6.rst @@ -9,7 +9,7 @@ CodeQL 2.7.6 (2022-01-24) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.0.rst index 03e16acf5d92..602465d13f60 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.0.rst @@ -9,7 +9,7 @@ CodeQL 2.8.0 (2022-02-04) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst index 184a488ca4a0..d25904b4028e 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.1.rst @@ -9,7 +9,7 @@ CodeQL 2.8.1 (2022-02-15) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.2.rst index 6c778328d9bf..1f7aba695559 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.2.rst @@ -9,7 +9,7 @@ CodeQL 2.8.2 (2022-02-28) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.3.rst index 0a5c75d06d66..9fcc89afbc91 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.3.rst @@ -9,7 +9,7 @@ CodeQL 2.8.3 (2022-03-14) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.4.rst index a9cb1ddde703..83766ab58bcf 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.4.rst @@ -9,7 +9,7 @@ CodeQL 2.8.4 (2022-03-29) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.5.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.5.rst index e9dcb93b10c5..9cd2e1b7a67c 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.5.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.8.5.rst @@ -9,7 +9,7 @@ CodeQL 2.8.5 (2022-04-07) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.0.rst index 3b2892453988..bf104cfb5d37 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.0.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.0.rst @@ -9,7 +9,7 @@ CodeQL 2.9.0 (2022-04-26) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.1.rst index 0a2cd31ba3b4..0e983c973d75 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.1.rst @@ -9,7 +9,7 @@ CodeQL 2.9.1 (2022-05-05) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.2.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.2.rst index ff7548ce259e..a3ae23941189 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.2.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.2.rst @@ -9,7 +9,7 @@ CodeQL 2.9.2 (2022-05-16) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.3.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.3.rst index fe8834674d50..c5f145658205 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.3.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.3.rst @@ -9,7 +9,7 @@ CodeQL 2.9.3 (2022-05-31) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.4.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.4.rst index 1cd748682c59..0bac2d62b6f1 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.4.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.9.4.rst @@ -9,7 +9,7 @@ CodeQL 2.9.4 (2022-06-20) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index 41230fc72f1c..48d9badc7653 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -4,13 +4,14 @@ CodeQL change logs ================== -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. A list of queries for each suite and language `is available here `__. .. toctree:: :maxdepth: 1 + codeql-cli-2.23.2 codeql-cli-2.23.1 codeql-cli-2.23.0 codeql-cli-2.22.4 From 9c610e8bab506a10a0258f5596db72dc4c78c909 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 8 Oct 2025 10:57:17 -0500 Subject: [PATCH 285/307] Update links in CodeQL CLI changelog --- .../codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst index 1c4ac1996875..ff22a3f647cf 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.23.1.rst @@ -9,7 +9,7 @@ CodeQL 2.23.1 (2025-09-23) :local: :backlinks: none -This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. Security Coverage ----------------- From 546d59ff9d6f337710d952e3084ee05a59decbf3 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Wed, 8 Oct 2025 12:41:11 +0200 Subject: [PATCH 286/307] Java: Wait for test HTTP servers to be ready before running buildless test --- .../test.py | 23 ++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py index 8a5efabf941a..a74fd05be8ff 100644 --- a/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py +++ b/java/ql/integration-tests/java/buildless-dependency-different-repository/test.py @@ -1,12 +1,29 @@ import subprocess import logging +import time +import socket + + +def wait_for_port(port, process, timeout=100): + start = time.time() + while time.time() - start < timeout: + # Check if process died + if process.poll() is not None: + raise RuntimeError(f"Server process exited with code {process.returncode}") + try: + with socket.create_connection(("localhost", port), timeout=1): + return True + except (socket.timeout, ConnectionRefusedError, OSError): + time.sleep(0.2) + raise RuntimeError(f"Port {port} not ready within {timeout}s") def test(codeql, java): - # Each of these serves the "repo" and "repo2" directories on http://localhost:924[89] - repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428", "-b", "localhost"], cwd="repo") - repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429", "-b", "localhost"], cwd="repo2") + repo_server_process = subprocess.Popen(["python3", "-m", "http.server", "9428", "-b", "localhost"], cwd="repo", stderr=subprocess.PIPE, stdout=subprocess.PIPE) + repo_server_process2 = subprocess.Popen(["python3", "-m", "http.server", "9429", "-b", "localhost"], cwd="repo2", stderr=subprocess.PIPE, stdout=subprocess.PIPE) try: + wait_for_port(9428, repo_server_process) + wait_for_port(9429, repo_server_process2) codeql.database.create( extractor_option="buildless=true", _env={"CODEQL_EXTRACTOR_JAVA_OPTION_BUILDLESS_CLASSPATH_FROM_BUILD_FILES": "true"}, From 0c9cd09140a9b2b4e880156e69cfe23ac5fb4371 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 9 Oct 2025 11:34:14 +0100 Subject: [PATCH 287/307] Make NumericOrBooleanSanitizer easier to access and rename it --- go/ql/lib/semmle/go/security/Sanitizers.qll | 16 ++++++++++++++++ .../go/security/SqlInjectionCustomizations.qll | 10 +++++----- 2 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 go/ql/lib/semmle/go/security/Sanitizers.qll diff --git a/go/ql/lib/semmle/go/security/Sanitizers.qll b/go/ql/lib/semmle/go/security/Sanitizers.qll new file mode 100644 index 000000000000..4391e12c25a0 --- /dev/null +++ b/go/ql/lib/semmle/go/security/Sanitizers.qll @@ -0,0 +1,16 @@ +/** + * Classes to represent sanitizers commonly used in dataflow and taint tracking + * configurations. + */ + +import go + +/** + * A node whose type is a simple type unlikely to carry taint, such as a + * numeric or boolean type. + */ +class SimpleTypeSanitizer extends DataFlow::Node { + SimpleTypeSanitizer() { + this.getType() instanceof NumericType or this.getType() instanceof BoolType + } +} diff --git a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll index 0b2f96a92838..f26168ad1d77 100644 --- a/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll +++ b/go/ql/lib/semmle/go/security/SqlInjectionCustomizations.qll @@ -4,6 +4,7 @@ */ import go +private import semmle.go.security.Sanitizers /** * Provides extension points for customizing the taint tracking configuration for reasoning about @@ -39,12 +40,11 @@ module SqlInjection { /** A NoSql query, considered as a taint sink for SQL injection. */ class NoSqlQueryAsSink extends Sink instanceof NoSql::Query { } + /** DEPRECATED: Use `SimpleTypeSanitizer` from semmle.go.security.Sanitizers instead. */ + deprecated class NumericOrBooleanSanitizer = SimpleTypeSanitizer; + /** * A numeric- or boolean-typed node, considered a sanitizer for sql injection. */ - class NumericOrBooleanSanitizer extends Sanitizer { - NumericOrBooleanSanitizer() { - this.getType() instanceof NumericType or this.getType() instanceof BoolType - } - } + private class DefaultSanitizer extends Sanitizer instanceof SimpleTypeSanitizer { } } From 7599fdd8fa0047d398efcda216d7998c5783e3b1 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 9 Oct 2025 11:57:10 +0100 Subject: [PATCH 288/307] Add request forgery test for numeric type --- .../Security/CWE-918/RequestForgery.expected | 133 ++++++++++-------- .../Security/CWE-918/RequestForgery.ext.yml | 6 + .../test/query-tests/Security/CWE-918/tst.go | 9 ++ 3 files changed, 87 insertions(+), 61 deletions(-) create mode 100644 go/ql/test/query-tests/Security/CWE-918/RequestForgery.ext.yml diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 129613a3f1ab..224a2c2b72e9 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,18 +1,19 @@ #select | RequestForgery.go:11:15:11:66 | call to Get | RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | The $@ of this request depends on a $@. | RequestForgery.go:11:24:11:65 | ...+... | URL | RequestForgery.go:8:12:8:34 | call to FormValue | user-provided value | -| tst.go:18:2:18:18 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | The $@ of this request depends on a $@. | tst.go:18:11:18:17 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:20:2:20:19 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | The $@ of this request depends on a $@. | tst.go:20:12:20:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:22:2:22:38 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | The $@ of this request depends on a $@. | tst.go:22:12:22:18 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:24:2:24:28 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | The $@ of this request depends on a $@. | tst.go:24:16:24:22 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:28:2:28:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | The $@ of this request depends on a $@. | tst.go:27:35:27:41 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:31:2:31:15 | call to Do | tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | The $@ of this request depends on a $@. | tst.go:30:68:30:74 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:33:2:33:20 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | The $@ of this request depends on a $@. | tst.go:33:13:33:19 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:34:2:34:21 | call to Head | tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | The $@ of this request depends on a $@. | tst.go:34:14:34:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:35:2:35:40 | call to Post | tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | The $@ of this request depends on a $@. | tst.go:35:14:35:20 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:36:2:36:30 | call to PostForm | tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | The $@ of this request depends on a $@. | tst.go:36:18:36:24 | tainted | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:38:2:38:30 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | The $@ of this request depends on a $@. | tst.go:38:11:38:29 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:40:2:40:41 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | The $@ of this request depends on a $@. | tst.go:40:11:40:40 | ...+... | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | -| tst.go:48:2:48:21 | call to Get | tst.go:10:13:10:35 | call to FormValue | tst.go:48:11:48:20 | call to String | The $@ of this request depends on a $@. | tst.go:48:11:48:20 | call to String | URL | tst.go:10:13:10:35 | call to FormValue | user-provided value | +| tst.go:19:2:19:18 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:19:11:19:17 | tainted | The $@ of this request depends on a $@. | tst.go:19:11:19:17 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:21:2:21:19 | call to Head | tst.go:11:13:11:35 | call to FormValue | tst.go:21:12:21:18 | tainted | The $@ of this request depends on a $@. | tst.go:21:12:21:18 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:23:2:23:38 | call to Post | tst.go:11:13:11:35 | call to FormValue | tst.go:23:12:23:18 | tainted | The $@ of this request depends on a $@. | tst.go:23:12:23:18 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:25:2:25:28 | call to PostForm | tst.go:11:13:11:35 | call to FormValue | tst.go:25:16:25:22 | tainted | The $@ of this request depends on a $@. | tst.go:25:16:25:22 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:29:2:29:15 | call to Do | tst.go:11:13:11:35 | call to FormValue | tst.go:28:35:28:41 | tainted | The $@ of this request depends on a $@. | tst.go:28:35:28:41 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:32:2:32:15 | call to Do | tst.go:11:13:11:35 | call to FormValue | tst.go:31:68:31:74 | tainted | The $@ of this request depends on a $@. | tst.go:31:68:31:74 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:34:2:34:20 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:34:13:34:19 | tainted | The $@ of this request depends on a $@. | tst.go:34:13:34:19 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:35:2:35:21 | call to Head | tst.go:11:13:11:35 | call to FormValue | tst.go:35:14:35:20 | tainted | The $@ of this request depends on a $@. | tst.go:35:14:35:20 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:36:2:36:40 | call to Post | tst.go:11:13:11:35 | call to FormValue | tst.go:36:14:36:20 | tainted | The $@ of this request depends on a $@. | tst.go:36:14:36:20 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:37:2:37:30 | call to PostForm | tst.go:11:13:11:35 | call to FormValue | tst.go:37:18:37:24 | tainted | The $@ of this request depends on a $@. | tst.go:37:18:37:24 | tainted | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:39:2:39:30 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | The $@ of this request depends on a $@. | tst.go:39:11:39:29 | ...+... | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:41:2:41:41 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | The $@ of this request depends on a $@. | tst.go:41:11:41:40 | ...+... | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:49:2:49:21 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:49:11:49:20 | call to String | The $@ of this request depends on a $@. | tst.go:49:11:49:20 | call to String | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | +| tst.go:53:2:53:26 | call to Get | tst.go:52:42:52:52 | call to intSource | tst.go:53:11:53:25 | ...+... | The $@ of this request depends on a $@. | tst.go:53:11:53:25 | ...+... | URL | tst.go:52:42:52:52 | call to intSource | user-provided value | | websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value | | websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value | | websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value | @@ -23,59 +24,69 @@ | websocket.go:197:7:197:36 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:22:197:35 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value | | websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value | edges -| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:18:11:18:17 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:20:12:20:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:22:12:22:18 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:24:16:24:22 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:27:35:27:41 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:30:68:30:74 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:33:13:33:19 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:34:14:34:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:36:18:36:24 | tainted | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:38:11:38:29 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:40:11:40:40 | ...+... | provenance | Src:MaD:1 | -| tst.go:10:13:10:35 | call to FormValue | tst.go:47:11:47:18 | tainted2 | provenance | Src:MaD:1 | -| tst.go:47:2:47:2 | implicit dereference [postupdate] | tst.go:47:2:47:2 | u [postupdate] | provenance | | -| tst.go:47:2:47:2 | u [postupdate] | tst.go:48:11:48:11 | u | provenance | | -| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | implicit dereference [postupdate] | provenance | Config | -| tst.go:47:11:47:18 | tainted2 | tst.go:47:2:47:2 | u [postupdate] | provenance | Config | -| tst.go:48:11:48:11 | u | tst.go:48:11:48:20 | call to String | provenance | MaD:3 | -| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:2 | -| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:2 | +| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:19:11:19:17 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:21:12:21:18 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:23:12:23:18 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:25:16:25:22 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:28:35:28:41 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:31:68:31:74 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:34:13:34:19 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:36:14:36:20 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:37:18:37:24 | tainted | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | provenance | Src:MaD:2 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:48:11:48:18 | tainted2 | provenance | Src:MaD:2 | +| tst.go:48:2:48:2 | implicit dereference [postupdate] | tst.go:48:2:48:2 | u [postupdate] | provenance | | +| tst.go:48:2:48:2 | u [postupdate] | tst.go:49:11:49:11 | u | provenance | | +| tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | implicit dereference [postupdate] | provenance | Config | +| tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | u [postupdate] | provenance | Config | +| tst.go:49:11:49:11 | u | tst.go:49:11:49:20 | call to String | provenance | MaD:5 | +| tst.go:52:9:52:53 | []type{args} [array] | tst.go:52:9:52:53 | call to Sprintf | provenance | MaD:4 | +| tst.go:52:9:52:53 | call to Sprintf | tst.go:53:11:53:25 | ...+... | provenance | | +| tst.go:52:42:52:52 | call to intSource | tst.go:52:9:52:53 | []type{args} [array] | provenance | Src:MaD:1 | +| tst.go:52:42:52:52 | call to intSource | tst.go:52:9:52:53 | call to Sprintf | provenance | Src:MaD:1 FunctionModel | +| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:3 | +| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:3 | models -| 1 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | -| 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | -| 3 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 1 | Source: main; ; false; intSource; ; ; ReturnValue; remote; manual | +| 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | +| 3 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | +| 4 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | +| 5 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | -| tst.go:10:13:10:35 | call to FormValue | semmle.label | call to FormValue | -| tst.go:18:11:18:17 | tainted | semmle.label | tainted | -| tst.go:20:12:20:18 | tainted | semmle.label | tainted | -| tst.go:22:12:22:18 | tainted | semmle.label | tainted | -| tst.go:24:16:24:22 | tainted | semmle.label | tainted | -| tst.go:27:35:27:41 | tainted | semmle.label | tainted | -| tst.go:30:68:30:74 | tainted | semmle.label | tainted | -| tst.go:33:13:33:19 | tainted | semmle.label | tainted | -| tst.go:34:14:34:20 | tainted | semmle.label | tainted | +| tst.go:11:13:11:35 | call to FormValue | semmle.label | call to FormValue | +| tst.go:19:11:19:17 | tainted | semmle.label | tainted | +| tst.go:21:12:21:18 | tainted | semmle.label | tainted | +| tst.go:23:12:23:18 | tainted | semmle.label | tainted | +| tst.go:25:16:25:22 | tainted | semmle.label | tainted | +| tst.go:28:35:28:41 | tainted | semmle.label | tainted | +| tst.go:31:68:31:74 | tainted | semmle.label | tainted | +| tst.go:34:13:34:19 | tainted | semmle.label | tainted | | tst.go:35:14:35:20 | tainted | semmle.label | tainted | -| tst.go:36:18:36:24 | tainted | semmle.label | tainted | -| tst.go:38:11:38:29 | ...+... | semmle.label | ...+... | -| tst.go:40:11:40:40 | ...+... | semmle.label | ...+... | -| tst.go:47:2:47:2 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | -| tst.go:47:2:47:2 | u [postupdate] | semmle.label | u [postupdate] | -| tst.go:47:11:47:18 | tainted2 | semmle.label | tainted2 | -| tst.go:48:11:48:11 | u | semmle.label | u | -| tst.go:48:11:48:20 | call to String | semmle.label | call to String | +| tst.go:36:14:36:20 | tainted | semmle.label | tainted | +| tst.go:37:18:37:24 | tainted | semmle.label | tainted | +| tst.go:39:11:39:29 | ...+... | semmle.label | ...+... | +| tst.go:41:11:41:40 | ...+... | semmle.label | ...+... | +| tst.go:48:2:48:2 | implicit dereference [postupdate] | semmle.label | implicit dereference [postupdate] | +| tst.go:48:2:48:2 | u [postupdate] | semmle.label | u [postupdate] | +| tst.go:48:11:48:18 | tainted2 | semmle.label | tainted2 | +| tst.go:49:11:49:11 | u | semmle.label | u | +| tst.go:49:11:49:20 | call to String | semmle.label | call to String | +| tst.go:52:9:52:53 | []type{args} [array] | semmle.label | []type{args} [array] | +| tst.go:52:9:52:53 | call to Sprintf | semmle.label | call to Sprintf | +| tst.go:52:42:52:52 | call to intSource | semmle.label | call to intSource | +| tst.go:53:11:53:25 | ...+... | semmle.label | ...+... | | websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | | websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput | | websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer | diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.ext.yml b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.ext.yml new file mode 100644 index 000000000000..1fc92a07144b --- /dev/null +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.ext.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["main", "", False, "intSource", "", "", "ReturnValue", "remote", "manual"] diff --git a/go/ql/test/query-tests/Security/CWE-918/tst.go b/go/ql/test/query-tests/Security/CWE-918/tst.go index 02f65507abd5..479d7aa8c92e 100644 --- a/go/ql/test/query-tests/Security/CWE-918/tst.go +++ b/go/ql/test/query-tests/Security/CWE-918/tst.go @@ -2,6 +2,7 @@ package main import ( "context" + "fmt" "net/http" "net/url" ) @@ -46,8 +47,16 @@ func handler2(w http.ResponseWriter, req *http.Request) { u, _ := url.Parse("http://example.com/relative-path") u.Host = tainted2 http.Get(u.String()) // $ Alert + + // Simple types are considered sanitized. + url := fmt.Sprintf("%s/%d", "some-url", intSource()) // $ SPURIOUS: Source + http.Get("http://" + url) // $ SPURIOUS: Alert } func main() { } + +func intSource() int64 { + return 0 +} From 3cbce80d0bf48a2bd8b90d9ddbb593a701e65c5a Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 9 Oct 2025 12:15:29 +0100 Subject: [PATCH 289/307] Add SimpleTypeSanitizer to `go/request-forgery` --- .../security/RequestForgeryCustomizations.qll | 6 ++ .../Security/CWE-918/RequestForgery.expected | 65 ++++++++----------- .../test/query-tests/Security/CWE-918/tst.go | 4 +- 3 files changed, 35 insertions(+), 40 deletions(-) diff --git a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll index 1298785b726c..82f9df4b5064 100644 --- a/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll +++ b/go/ql/lib/semmle/go/security/RequestForgeryCustomizations.qll @@ -9,6 +9,7 @@ import semmle.go.dataflow.barrierguardutil.RedirectCheckBarrierGuard import semmle.go.dataflow.barrierguardutil.RegexpCheck import semmle.go.dataflow.barrierguardutil.UrlCheck import semmle.go.dataflow.ExternalFlow +private import semmle.go.security.Sanitizers /** Provides classes and predicates for the request forgery query. */ module RequestForgery { @@ -114,6 +115,11 @@ module RequestForgery { * considered a barrier guard for `url`. */ class UrlCheckAsBarrierGuard extends UrlCheckBarrier, Sanitizer { } + + /** + * A simple-typed node, considered a sanitizer for request forgery. + */ + private class DefaultSanitizer extends Sanitizer instanceof SimpleTypeSanitizer { } } /** A sink for request forgery, considered as a sink for safe URL flow. */ diff --git a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 224a2c2b72e9..15b0e179e983 100644 --- a/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/go/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -13,7 +13,6 @@ | tst.go:39:2:39:30 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | The $@ of this request depends on a $@. | tst.go:39:11:39:29 | ...+... | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | | tst.go:41:2:41:41 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | The $@ of this request depends on a $@. | tst.go:41:11:41:40 | ...+... | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | | tst.go:49:2:49:21 | call to Get | tst.go:11:13:11:35 | call to FormValue | tst.go:49:11:49:20 | call to String | The $@ of this request depends on a $@. | tst.go:49:11:49:20 | call to String | URL | tst.go:11:13:11:35 | call to FormValue | user-provided value | -| tst.go:53:2:53:26 | call to Get | tst.go:52:42:52:52 | call to intSource | tst.go:53:11:53:25 | ...+... | The $@ of this request depends on a $@. | tst.go:53:11:53:25 | ...+... | URL | tst.go:52:42:52:52 | call to intSource | user-provided value | | websocket.go:65:12:65:53 | call to Dial | websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:65:27:65:40 | untrustedInput | WebSocket URL | websocket.go:60:21:60:31 | call to Referer | user-provided value | | websocket.go:79:13:79:40 | call to DialConfig | websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:78:36:78:49 | untrustedInput | WebSocket URL | websocket.go:74:21:74:31 | call to Referer | user-provided value | | websocket.go:91:3:91:50 | call to Dial | websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:91:31:91:44 | untrustedInput | WebSocket URL | websocket.go:88:21:88:31 | call to Referer | user-provided value | @@ -24,44 +23,38 @@ | websocket.go:197:7:197:36 | call to BuildProxy | websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:197:22:197:35 | untrustedInput | WebSocket URL | websocket.go:195:21:195:31 | call to Referer | user-provided value | | websocket.go:204:7:204:29 | call to New | websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | The $@ of this request depends on a $@. | websocket.go:204:15:204:28 | untrustedInput | WebSocket URL | websocket.go:202:21:202:31 | call to Referer | user-provided value | edges -| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:19:11:19:17 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:21:12:21:18 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:23:12:23:18 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:25:16:25:22 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:28:35:28:41 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:31:68:31:74 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:34:13:34:19 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:36:14:36:20 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:37:18:37:24 | tainted | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | provenance | Src:MaD:2 | -| tst.go:11:13:11:35 | call to FormValue | tst.go:48:11:48:18 | tainted2 | provenance | Src:MaD:2 | +| RequestForgery.go:8:12:8:34 | call to FormValue | RequestForgery.go:11:24:11:65 | ...+... | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:19:11:19:17 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:21:12:21:18 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:23:12:23:18 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:25:16:25:22 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:28:35:28:41 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:31:68:31:74 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:34:13:34:19 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:35:14:35:20 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:36:14:36:20 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:37:18:37:24 | tainted | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:39:11:39:29 | ...+... | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:41:11:41:40 | ...+... | provenance | Src:MaD:1 | +| tst.go:11:13:11:35 | call to FormValue | tst.go:48:11:48:18 | tainted2 | provenance | Src:MaD:1 | | tst.go:48:2:48:2 | implicit dereference [postupdate] | tst.go:48:2:48:2 | u [postupdate] | provenance | | | tst.go:48:2:48:2 | u [postupdate] | tst.go:49:11:49:11 | u | provenance | | | tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | implicit dereference [postupdate] | provenance | Config | | tst.go:48:11:48:18 | tainted2 | tst.go:48:2:48:2 | u [postupdate] | provenance | Config | -| tst.go:49:11:49:11 | u | tst.go:49:11:49:20 | call to String | provenance | MaD:5 | -| tst.go:52:9:52:53 | []type{args} [array] | tst.go:52:9:52:53 | call to Sprintf | provenance | MaD:4 | -| tst.go:52:9:52:53 | call to Sprintf | tst.go:53:11:53:25 | ...+... | provenance | | -| tst.go:52:42:52:52 | call to intSource | tst.go:52:9:52:53 | []type{args} [array] | provenance | Src:MaD:1 | -| tst.go:52:42:52:52 | call to intSource | tst.go:52:9:52:53 | call to Sprintf | provenance | Src:MaD:1 FunctionModel | -| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:3 | -| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:3 | +| tst.go:49:11:49:11 | u | tst.go:49:11:49:20 | call to String | provenance | MaD:3 | +| websocket.go:60:21:60:31 | call to Referer | websocket.go:65:27:65:40 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:74:21:74:31 | call to Referer | websocket.go:78:36:78:49 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:88:21:88:31 | call to Referer | websocket.go:91:31:91:44 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:107:21:107:31 | call to Referer | websocket.go:110:15:110:28 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:126:21:126:31 | call to Referer | websocket.go:129:38:129:51 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:154:21:154:31 | call to Referer | websocket.go:155:31:155:44 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:160:21:160:31 | call to Referer | websocket.go:162:31:162:44 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:195:21:195:31 | call to Referer | websocket.go:197:22:197:35 | untrustedInput | provenance | Src:MaD:2 | +| websocket.go:202:21:202:31 | call to Referer | websocket.go:204:15:204:28 | untrustedInput | provenance | Src:MaD:2 | models -| 1 | Source: main; ; false; intSource; ; ; ReturnValue; remote; manual | -| 2 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | -| 3 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | -| 4 | Summary: fmt; ; false; Sprintf; ; ; Argument[1].ArrayElement; ReturnValue; taint; manual | -| 5 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | +| 1 | Source: net/http; Request; true; FormValue; ; ; ReturnValue; remote; manual | +| 2 | Source: net/http; Request; true; Referer; ; ; ReturnValue; remote; manual | +| 3 | Summary: fmt; Stringer; true; String; ; ; Argument[receiver]; ReturnValue; taint; manual | nodes | RequestForgery.go:8:12:8:34 | call to FormValue | semmle.label | call to FormValue | | RequestForgery.go:11:24:11:65 | ...+... | semmle.label | ...+... | @@ -83,10 +76,6 @@ nodes | tst.go:48:11:48:18 | tainted2 | semmle.label | tainted2 | | tst.go:49:11:49:11 | u | semmle.label | u | | tst.go:49:11:49:20 | call to String | semmle.label | call to String | -| tst.go:52:9:52:53 | []type{args} [array] | semmle.label | []type{args} [array] | -| tst.go:52:9:52:53 | call to Sprintf | semmle.label | call to Sprintf | -| tst.go:52:42:52:52 | call to intSource | semmle.label | call to intSource | -| tst.go:53:11:53:25 | ...+... | semmle.label | ...+... | | websocket.go:60:21:60:31 | call to Referer | semmle.label | call to Referer | | websocket.go:65:27:65:40 | untrustedInput | semmle.label | untrustedInput | | websocket.go:74:21:74:31 | call to Referer | semmle.label | call to Referer | diff --git a/go/ql/test/query-tests/Security/CWE-918/tst.go b/go/ql/test/query-tests/Security/CWE-918/tst.go index 479d7aa8c92e..e237f5f30e75 100644 --- a/go/ql/test/query-tests/Security/CWE-918/tst.go +++ b/go/ql/test/query-tests/Security/CWE-918/tst.go @@ -49,8 +49,8 @@ func handler2(w http.ResponseWriter, req *http.Request) { http.Get(u.String()) // $ Alert // Simple types are considered sanitized. - url := fmt.Sprintf("%s/%d", "some-url", intSource()) // $ SPURIOUS: Source - http.Get("http://" + url) // $ SPURIOUS: Alert + url := fmt.Sprintf("%s/%d", "some-url", intSource()) + http.Get("http://" + url) } func main() { From 37151791b42a7f056ca636dc18c4e69605aa9ff7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 9 Oct 2025 12:24:58 +0100 Subject: [PATCH 290/307] Add change notes --- ...-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md | 4 ++++ .../2025-10-09-sanitize-simple-types-request-forgery.md | 4 ++++ 2 files changed, 8 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md create mode 100644 go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md diff --git a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md new file mode 100644 index 000000000000..647d9a4332cd --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. diff --git a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md new file mode 100644 index 000000000000..1bbf8c7f88a9 --- /dev/null +++ b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. From b9eae31172e8d01a21e0e748c9eed8305826a6b4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 10:44:08 +0200 Subject: [PATCH 291/307] C#: Add parameter locations test. --- csharp/ql/test/library-tests/locations/A.cs | 4 +-- .../locations/locations.expected | 34 +++++++++++++++++++ .../test/library-tests/locations/locations.ql | 4 +++ 3 files changed, 40 insertions(+), 2 deletions(-) diff --git a/csharp/ql/test/library-tests/locations/A.cs b/csharp/ql/test/library-tests/locations/A.cs index 7f641a0024e8..451f684ecd40 100644 --- a/csharp/ql/test/library-tests/locations/A.cs +++ b/csharp/ql/test/library-tests/locations/A.cs @@ -5,8 +5,8 @@ public abstract class A public abstract T Prop { get; } public abstract T this[int index] { get; set; } public abstract event EventHandler Event; - public void Apply(T t) { } - public abstract object ToObject(T t); + public void Apply(T t1) { } + public abstract object ToObject(T t2); } public class A2 : A diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index 1710f4e3cec3..ead96a89ab2e 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -104,3 +104,37 @@ tupletype_location | Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple1.cs:7:19:7:31 | Multiple1.cs:7:19:7:31 | | Multiple1.cs:7:19:7:31 | (Int32,String) | Multiple2.cs:9:9:9:21 | Multiple2.cs:9:9:9:21 | | Multiple1.cs:10:9:10:18 | (Int32,Int32) | Multiple1.cs:10:9:10:18 | Multiple1.cs:10:9:10:18 | +parameter_locations +| A.cs:6:41:6:43 | get_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:41:6:43 | get_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:41:6:43 | get_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:32:6:36 | index | A.cs:6:32:6:36 | A.cs:6:32:6:36 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | value | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | value | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | value | A.cs:6:46:6:48 | A.cs:6:46:6:48 | +| A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | value | A.cs:7:40:7:44 | A.cs:7:40:7:44 | +| A.cs:8:17:8:21 | Apply | A.cs:8:25:8:26 | t1 | A.cs:8:25:8:26 | A.cs:8:25:8:26 | +| A.cs:8:17:8:21 | Apply | A.cs:8:25:8:26 | t1 | A.cs:8:25:8:26 | A.cs:8:25:8:26 | +| A.cs:8:17:8:21 | Apply | A.cs:8:25:8:26 | t1 | A.cs:8:25:8:26 | A.cs:8:25:8:26 | +| A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | +| A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | +| A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | +| A.cs:18:9:18:11 | get_Item | A.cs:16:37:16:37 | i | A.cs:16:37:16:37 | A.cs:16:37:16:37 | +| A.cs:19:9:19:11 | set_Item | A.cs:16:37:16:37 | i | A.cs:16:37:16:37 | A.cs:16:37:16:37 | +| A.cs:19:9:19:11 | set_Item | A.cs:19:9:19:11 | value | A.cs:19:9:19:11 | A.cs:19:9:19:11 | +| A.cs:24:9:24:11 | add_Event | A.cs:24:9:24:11 | value | A.cs:24:9:24:11 | A.cs:24:9:24:11 | +| A.cs:25:9:25:14 | remove_Event | A.cs:25:9:25:14 | value | A.cs:25:9:25:14 | A.cs:25:9:25:14 | +| A.cs:28:28:28:35 | ToObject | A.cs:28:44:28:44 | t | A.cs:28:44:28:44 | A.cs:28:44:28:44 | +| B.cs:9:9:9:11 | get_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | +| B.cs:10:9:10:11 | set_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | +| B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | value | B.cs:10:9:10:11 | B.cs:10:9:10:11 | +| B.cs:15:9:15:11 | add_Event | B.cs:15:9:15:11 | value | B.cs:15:9:15:11 | B.cs:15:9:15:11 | +| B.cs:16:9:16:14 | remove_Event | B.cs:16:9:16:14 | value | B.cs:16:9:16:14 | B.cs:16:9:16:14 | +| B.cs:19:28:19:35 | ToObject | B.cs:19:41:19:41 | t | B.cs:19:41:19:41 | B.cs:19:41:19:41 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql index 670a27408115..0346db8432cd 100644 --- a/csharp/ql/test/library-tests/locations/locations.ql +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -26,3 +26,7 @@ query predicate calltype_location(Call call, Type t, SourceLocation l) { query predicate typeparameter_location(TypeParameter tp, SourceLocation l) { tp.getALocation() = l } query predicate tupletype_location(TupleType tt, SourceLocation l) { tt.getALocation() = l } + +query predicate parameter_locations(Callable c, Parameter p, SourceLocation l) { + p.getCallable() = c and p.getALocation() = l +} From f200c3ce850ca72d640762898303063135984288 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 10:48:34 +0200 Subject: [PATCH 292/307] C#: Add field location example. --- csharp/ql/test/library-tests/locations/A.cs | 1 + .../locations/locations.expected | 43 ++++++++++--------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/csharp/ql/test/library-tests/locations/A.cs b/csharp/ql/test/library-tests/locations/A.cs index 451f684ecd40..116bc648db06 100644 --- a/csharp/ql/test/library-tests/locations/A.cs +++ b/csharp/ql/test/library-tests/locations/A.cs @@ -7,6 +7,7 @@ public abstract class A public abstract event EventHandler Event; public void Apply(T t1) { } public abstract object ToObject(T t2); + public object Field; } public class A2 : A diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index ead96a89ab2e..ae33df976afb 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -4,21 +4,24 @@ member_locations | A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | | A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | +| A.cs:3:23:3:26 | A | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | | A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A`1 | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | -| A.cs:12:14:12:15 | A2 | A.cs:14:28:14:31 | Prop | A.cs:14:28:14:31 | A.cs:14:28:14:31 | -| A.cs:12:14:12:15 | A2 | A.cs:16:28:16:31 | Item | A.cs:16:28:16:31 | A.cs:16:28:16:31 | -| A.cs:12:14:12:15 | A2 | A.cs:22:40:22:44 | Event | A.cs:22:40:22:44 | A.cs:22:40:22:44 | -| A.cs:12:14:12:15 | A2 | A.cs:28:28:28:35 | ToObject | A.cs:28:28:28:35 | A.cs:28:28:28:35 | -| A.cs:12:14:12:15 | A2 | A.cs:30:17:30:17 | M | A.cs:30:17:30:17 | A.cs:30:17:30:17 | +| A.cs:3:23:3:26 | A`1 | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | +| A.cs:13:14:13:15 | A2 | A.cs:15:28:15:31 | Prop | A.cs:15:28:15:31 | A.cs:15:28:15:31 | +| A.cs:13:14:13:15 | A2 | A.cs:17:28:17:31 | Item | A.cs:17:28:17:31 | A.cs:17:28:17:31 | +| A.cs:13:14:13:15 | A2 | A.cs:23:40:23:44 | Event | A.cs:23:40:23:44 | A.cs:23:40:23:44 | +| A.cs:13:14:13:15 | A2 | A.cs:29:28:29:35 | ToObject | A.cs:29:28:29:35 | A.cs:29:28:29:35 | +| A.cs:13:14:13:15 | A2 | A.cs:31:17:31:17 | M | A.cs:31:17:31:17 | A.cs:31:17:31:17 | | B.cs:3:14:3:14 | B | B.cs:5:25:5:28 | Prop | B.cs:5:25:5:28 | B.cs:5:25:5:28 | | B.cs:3:14:3:14 | B | B.cs:7:25:7:28 | Item | B.cs:7:25:7:28 | B.cs:7:25:7:28 | | B.cs:3:14:3:14 | B | B.cs:13:40:13:44 | Event | B.cs:13:40:13:44 | B.cs:13:40:13:44 | @@ -47,11 +50,11 @@ accessor_location | A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:12:14:12:15 | A2 | A.cs:14:36:14:37 | get_Prop | A.cs:14:36:14:37 | A.cs:14:36:14:37 | -| A.cs:12:14:12:15 | A2 | A.cs:18:9:18:11 | get_Item | A.cs:18:9:18:11 | A.cs:18:9:18:11 | -| A.cs:12:14:12:15 | A2 | A.cs:19:9:19:11 | set_Item | A.cs:19:9:19:11 | A.cs:19:9:19:11 | -| A.cs:12:14:12:15 | A2 | A.cs:24:9:24:11 | add_Event | A.cs:24:9:24:11 | A.cs:24:9:24:11 | -| A.cs:12:14:12:15 | A2 | A.cs:25:9:25:14 | remove_Event | A.cs:25:9:25:14 | A.cs:25:9:25:14 | +| A.cs:13:14:13:15 | A2 | A.cs:15:36:15:37 | get_Prop | A.cs:15:36:15:37 | A.cs:15:36:15:37 | +| A.cs:13:14:13:15 | A2 | A.cs:19:9:19:11 | get_Item | A.cs:19:9:19:11 | A.cs:19:9:19:11 | +| A.cs:13:14:13:15 | A2 | A.cs:20:9:20:11 | set_Item | A.cs:20:9:20:11 | A.cs:20:9:20:11 | +| A.cs:13:14:13:15 | A2 | A.cs:25:9:25:11 | add_Event | A.cs:25:9:25:11 | A.cs:25:9:25:11 | +| A.cs:13:14:13:15 | A2 | A.cs:26:9:26:14 | remove_Event | A.cs:26:9:26:14 | A.cs:26:9:26:14 | | B.cs:3:14:3:14 | B | B.cs:5:33:5:33 | get_Prop | B.cs:5:33:5:33 | B.cs:5:33:5:33 | | B.cs:3:14:3:14 | B | B.cs:9:9:9:11 | get_Item | B.cs:9:9:9:11 | B.cs:9:9:9:11 | | B.cs:3:14:3:14 | B | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | B.cs:10:9:10:11 | @@ -62,7 +65,7 @@ type_location | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | A.cs:3:23:3:26 | A`1 | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | -| A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | | Base.cs:1:23:1:29 | Base`1 | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | @@ -87,11 +90,11 @@ type_location | Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2.cs:5:14:5:30 | | Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | calltype_location -| A.cs:12:14:12:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | -| A.cs:32:20:32:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| A.cs:13:14:13:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:33:20:33:24 | object creation of type A2 | A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | | B.cs:3:14:3:14 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | C.cs:7:15:7:21 | object creation of type B | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | -| C.cs:9:17:9:24 | object creation of type A2 | A.cs:12:14:12:15 | A2 | A.cs:12:14:12:15 | A.cs:12:14:12:15 | +| C.cs:9:17:9:24 | object creation of type A2 | A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | | Sub.cs:1:14:1:16 | call to constructor Base | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | | Sub.cs:6:17:6:31 | object creation of type InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | typeparameter_location @@ -126,12 +129,12 @@ parameter_locations | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | -| A.cs:18:9:18:11 | get_Item | A.cs:16:37:16:37 | i | A.cs:16:37:16:37 | A.cs:16:37:16:37 | -| A.cs:19:9:19:11 | set_Item | A.cs:16:37:16:37 | i | A.cs:16:37:16:37 | A.cs:16:37:16:37 | -| A.cs:19:9:19:11 | set_Item | A.cs:19:9:19:11 | value | A.cs:19:9:19:11 | A.cs:19:9:19:11 | -| A.cs:24:9:24:11 | add_Event | A.cs:24:9:24:11 | value | A.cs:24:9:24:11 | A.cs:24:9:24:11 | -| A.cs:25:9:25:14 | remove_Event | A.cs:25:9:25:14 | value | A.cs:25:9:25:14 | A.cs:25:9:25:14 | -| A.cs:28:28:28:35 | ToObject | A.cs:28:44:28:44 | t | A.cs:28:44:28:44 | A.cs:28:44:28:44 | +| A.cs:19:9:19:11 | get_Item | A.cs:17:37:17:37 | i | A.cs:17:37:17:37 | A.cs:17:37:17:37 | +| A.cs:20:9:20:11 | set_Item | A.cs:17:37:17:37 | i | A.cs:17:37:17:37 | A.cs:17:37:17:37 | +| A.cs:20:9:20:11 | set_Item | A.cs:20:9:20:11 | value | A.cs:20:9:20:11 | A.cs:20:9:20:11 | +| A.cs:25:9:25:11 | add_Event | A.cs:25:9:25:11 | value | A.cs:25:9:25:11 | A.cs:25:9:25:11 | +| A.cs:26:9:26:14 | remove_Event | A.cs:26:9:26:14 | value | A.cs:26:9:26:14 | A.cs:26:9:26:14 | +| A.cs:29:28:29:35 | ToObject | A.cs:29:44:29:44 | t | A.cs:29:44:29:44 | A.cs:29:44:29:44 | | B.cs:9:9:9:11 | get_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | | B.cs:10:9:10:11 | set_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | value | B.cs:10:9:10:11 | B.cs:10:9:10:11 | From 051b83f036edd65f84b6dc78c0b3a1a4f2858ded Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 11:44:57 +0200 Subject: [PATCH 293/307] C#: Only extract the unbound location for fields and parameters and use this location in the QL code. --- csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs | 5 ++++- .../extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs | 5 +++-- csharp/ql/lib/semmle/code/csharp/Variable.qll | 4 ++-- 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs index 61b5c40e6e50..75a35c2a5f02 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs @@ -49,7 +49,10 @@ public override void Populate(TextWriter trapFile) } } - WriteLocationsToTrap(trapFile.field_location, this, Locations); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.field_location, this, Locations); + } if (!IsSourceDeclaration || !Symbol.FromSource()) return; diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs index a5d208fc86fe..8b099261a10e 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Parameter.cs @@ -115,9 +115,10 @@ public override void Populate(TextWriter trapFile) var type = Type.Create(Context, Symbol.Type); trapFile.@params(this, Name, type.TypeRef, Ordinal, ParamKind, Parent!, Original); - foreach (var l in Symbol.Locations) + if (Context.ExtractLocation(Symbol)) { - WriteLocationToTrap(trapFile.param_location, this, Context.CreateLocation(l)); + var locations = Context.GetLocations(Symbol); + WriteLocationsToTrap(trapFile.param_location, this, locations); } if (!Symbol.Locations.Any() && diff --git a/csharp/ql/lib/semmle/code/csharp/Variable.qll b/csharp/ql/lib/semmle/code/csharp/Variable.qll index 02018c260a68..746ea6acd2f6 100644 --- a/csharp/ql/lib/semmle/code/csharp/Variable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Variable.qll @@ -213,7 +213,7 @@ class Parameter extends LocalScopeVariable, Attributable, TopLevelExprParent, @p params(this, _, getTypeRef(result), _, _, _, _) } - override Location getALocation() { param_location(this, result) } + override Location getALocation() { param_location(this.getUnboundDeclaration(), result) } override string toString() { result = this.getName() } @@ -449,7 +449,7 @@ class Field extends Variable, AssignableMember, Attributable, TopLevelExprParent fields(this, _, _, _, getTypeRef(result), _) } - override Location getALocation() { field_location(this, result) } + override Location getALocation() { field_location(this.getUnboundDeclaration(), result) } override string toString() { result = Variable.super.toString() } From 02428fc46708ee1d027839ebf5bb8895e9c6d491 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 13:59:17 +0200 Subject: [PATCH 294/307] C#: Add some location examples for constructors, destructors and operators. --- csharp/ql/test/library-tests/locations/A.cs | 4 + .../locations/locations.expected | 76 ++++++++++++++----- .../test/library-tests/locations/locations.ql | 1 - 3 files changed, 60 insertions(+), 21 deletions(-) diff --git a/csharp/ql/test/library-tests/locations/A.cs b/csharp/ql/test/library-tests/locations/A.cs index 116bc648db06..565683622da9 100644 --- a/csharp/ql/test/library-tests/locations/A.cs +++ b/csharp/ql/test/library-tests/locations/A.cs @@ -8,6 +8,10 @@ public abstract class A public void Apply(T t1) { } public abstract object ToObject(T t2); public object Field; + public A() { } + public A(T t) { } + ~A() { } + public static A operator +(A a1, A a2) { return a1; } } public class A2 : A diff --git a/csharp/ql/test/library-tests/locations/locations.expected b/csharp/ql/test/library-tests/locations/locations.expected index ae33df976afb..d41369ddcd40 100644 --- a/csharp/ql/test/library-tests/locations/locations.expected +++ b/csharp/ql/test/library-tests/locations/locations.expected @@ -5,34 +5,61 @@ member_locations | A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | | A.cs:3:23:3:26 | A | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | +| A.cs:3:23:3:26 | A | A.cs:11:12:11:12 | A | A.cs:11:12:11:12 | A.cs:11:12:11:12 | +| A.cs:3:23:3:26 | A | A.cs:12:12:12:12 | A | A.cs:12:12:12:12 | A.cs:12:12:12:12 | +| A.cs:3:23:3:26 | A | A.cs:13:6:13:6 | ~A | A.cs:13:6:13:6 | A.cs:13:6:13:6 | +| A.cs:3:23:3:26 | A | A.cs:14:33:14:33 | + | A.cs:14:33:14:33 | A.cs:14:33:14:33 | | A.cs:3:23:3:26 | A | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | | A.cs:3:23:3:26 | A | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | +| A.cs:3:23:3:26 | A | A.cs:11:12:11:12 | A | A.cs:11:12:11:12 | A.cs:11:12:11:12 | +| A.cs:3:23:3:26 | A | A.cs:12:12:12:12 | A | A.cs:12:12:12:12 | A.cs:12:12:12:12 | +| A.cs:3:23:3:26 | A | A.cs:13:6:13:6 | ~A | A.cs:13:6:13:6 | A.cs:13:6:13:6 | +| A.cs:3:23:3:26 | A | A.cs:14:33:14:33 | + | A.cs:14:33:14:33 | A.cs:14:33:14:33 | | A.cs:3:23:3:26 | A`1 | A.cs:5:23:5:26 | Prop | A.cs:5:23:5:26 | A.cs:5:23:5:26 | | A.cs:3:23:3:26 | A`1 | A.cs:6:23:6:26 | Item | A.cs:6:23:6:26 | A.cs:6:23:6:26 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:8:17:8:21 | Apply | A.cs:8:17:8:21 | A.cs:8:17:8:21 | | A.cs:3:23:3:26 | A`1 | A.cs:9:28:9:35 | ToObject | A.cs:9:28:9:35 | A.cs:9:28:9:35 | | A.cs:3:23:3:26 | A`1 | A.cs:10:19:10:23 | Field | A.cs:10:19:10:23 | A.cs:10:19:10:23 | -| A.cs:13:14:13:15 | A2 | A.cs:15:28:15:31 | Prop | A.cs:15:28:15:31 | A.cs:15:28:15:31 | -| A.cs:13:14:13:15 | A2 | A.cs:17:28:17:31 | Item | A.cs:17:28:17:31 | A.cs:17:28:17:31 | -| A.cs:13:14:13:15 | A2 | A.cs:23:40:23:44 | Event | A.cs:23:40:23:44 | A.cs:23:40:23:44 | -| A.cs:13:14:13:15 | A2 | A.cs:29:28:29:35 | ToObject | A.cs:29:28:29:35 | A.cs:29:28:29:35 | -| A.cs:13:14:13:15 | A2 | A.cs:31:17:31:17 | M | A.cs:31:17:31:17 | A.cs:31:17:31:17 | +| A.cs:3:23:3:26 | A`1 | A.cs:11:12:11:12 | A | A.cs:11:12:11:12 | A.cs:11:12:11:12 | +| A.cs:3:23:3:26 | A`1 | A.cs:12:12:12:12 | A | A.cs:12:12:12:12 | A.cs:12:12:12:12 | +| A.cs:3:23:3:26 | A`1 | A.cs:13:6:13:6 | ~A | A.cs:13:6:13:6 | A.cs:13:6:13:6 | +| A.cs:3:23:3:26 | A`1 | A.cs:14:33:14:33 | + | A.cs:14:33:14:33 | A.cs:14:33:14:33 | +| A.cs:17:14:17:15 | A2 | A.cs:17:14:17:15 | A2 | A.cs:17:14:17:15 | A.cs:17:14:17:15 | +| A.cs:17:14:17:15 | A2 | A.cs:19:28:19:31 | Prop | A.cs:19:28:19:31 | A.cs:19:28:19:31 | +| A.cs:17:14:17:15 | A2 | A.cs:21:28:21:31 | Item | A.cs:21:28:21:31 | A.cs:21:28:21:31 | +| A.cs:17:14:17:15 | A2 | A.cs:27:40:27:44 | Event | A.cs:27:40:27:44 | A.cs:27:40:27:44 | +| A.cs:17:14:17:15 | A2 | A.cs:33:28:33:35 | ToObject | A.cs:33:28:33:35 | A.cs:33:28:33:35 | +| A.cs:17:14:17:15 | A2 | A.cs:35:17:35:17 | M | A.cs:35:17:35:17 | A.cs:35:17:35:17 | +| B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | | B.cs:3:14:3:14 | B | B.cs:5:25:5:28 | Prop | B.cs:5:25:5:28 | B.cs:5:25:5:28 | | B.cs:3:14:3:14 | B | B.cs:7:25:7:28 | Item | B.cs:7:25:7:28 | B.cs:7:25:7:28 | | B.cs:3:14:3:14 | B | B.cs:13:40:13:44 | Event | B.cs:13:40:13:44 | B.cs:13:40:13:44 | | B.cs:3:14:3:14 | B | B.cs:19:28:19:35 | ToObject | B.cs:19:28:19:35 | B.cs:19:28:19:35 | +| Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:26 | Base | Base.cs:1:23:1:26 | Base.cs:1:23:1:26 | | Base.cs:1:23:1:29 | Base | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | | Base.cs:1:23:1:29 | Base | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:1:23:1:29 | Base`1 | Base.cs:1:23:1:26 | Base | Base.cs:1:23:1:26 | Base.cs:1:23:1:26 | | Base.cs:1:23:1:29 | Base`1 | Base.cs:3:17:3:17 | M | Base.cs:3:17:3:17 | Base.cs:3:17:3:17 | | Base.cs:1:23:1:29 | Base`1 | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | +| Base.cs:8:23:8:30 | Base2`1 | Base.cs:8:23:8:27 | Base2 | Base.cs:8:23:8:27 | Base.cs:8:23:8:27 | +| C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C | C.cs:3:7:3:7 | C.cs:3:7:3:7 | | C.cs:3:7:3:7 | C | C.cs:5:17:5:17 | M | C.cs:5:17:5:17 | C.cs:5:17:5:17 | +| Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple1.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:36 | MultipleGeneric | Multiple1.cs:3:22:3:36 | Multiple1.cs:3:22:3:36 | +| Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:5:14:5:30 | Multiple1.cs:5:14:5:30 | | Multiple1.cs:5:14:5:30 | Multiple1Specific | Multiple1.cs:7:33:7:33 | M | Multiple1.cs:7:33:7:33 | Multiple1.cs:7:33:7:33 | +| Multiple2.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple | Multiple1.cs:1:22:1:29 | Multiple1.cs:1:22:1:29 | +| Multiple2.cs:3:22:3:39 | MultipleGeneric`1 | Multiple1.cs:3:22:3:36 | MultipleGeneric | Multiple1.cs:3:22:3:36 | Multiple1.cs:3:22:3:36 | +| Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2.cs:5:14:5:30 | | Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:7:17:7:17 | M | Multiple2.cs:7:17:7:17 | Multiple2.cs:7:17:7:17 | +| Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | | Sub.cs:1:14:1:16 | Sub | Sub.cs:3:17:3:20 | SubM | Sub.cs:3:17:3:20 | Sub.cs:3:17:3:20 | accessor_location | A.cs:3:23:3:26 | A | A.cs:5:30:5:32 | get_Prop | A.cs:5:30:5:32 | A.cs:5:30:5:32 | @@ -50,11 +77,11 @@ accessor_location | A.cs:3:23:3:26 | A`1 | A.cs:6:46:6:48 | set_Item | A.cs:6:46:6:48 | A.cs:6:46:6:48 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | add_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | | A.cs:3:23:3:26 | A`1 | A.cs:7:40:7:44 | remove_Event | A.cs:7:40:7:44 | A.cs:7:40:7:44 | -| A.cs:13:14:13:15 | A2 | A.cs:15:36:15:37 | get_Prop | A.cs:15:36:15:37 | A.cs:15:36:15:37 | -| A.cs:13:14:13:15 | A2 | A.cs:19:9:19:11 | get_Item | A.cs:19:9:19:11 | A.cs:19:9:19:11 | -| A.cs:13:14:13:15 | A2 | A.cs:20:9:20:11 | set_Item | A.cs:20:9:20:11 | A.cs:20:9:20:11 | -| A.cs:13:14:13:15 | A2 | A.cs:25:9:25:11 | add_Event | A.cs:25:9:25:11 | A.cs:25:9:25:11 | -| A.cs:13:14:13:15 | A2 | A.cs:26:9:26:14 | remove_Event | A.cs:26:9:26:14 | A.cs:26:9:26:14 | +| A.cs:17:14:17:15 | A2 | A.cs:19:36:19:37 | get_Prop | A.cs:19:36:19:37 | A.cs:19:36:19:37 | +| A.cs:17:14:17:15 | A2 | A.cs:23:9:23:11 | get_Item | A.cs:23:9:23:11 | A.cs:23:9:23:11 | +| A.cs:17:14:17:15 | A2 | A.cs:24:9:24:11 | set_Item | A.cs:24:9:24:11 | A.cs:24:9:24:11 | +| A.cs:17:14:17:15 | A2 | A.cs:29:9:29:11 | add_Event | A.cs:29:9:29:11 | A.cs:29:9:29:11 | +| A.cs:17:14:17:15 | A2 | A.cs:30:9:30:14 | remove_Event | A.cs:30:9:30:14 | A.cs:30:9:30:14 | | B.cs:3:14:3:14 | B | B.cs:5:33:5:33 | get_Prop | B.cs:5:33:5:33 | B.cs:5:33:5:33 | | B.cs:3:14:3:14 | B | B.cs:9:9:9:11 | get_Item | B.cs:9:9:9:11 | B.cs:9:9:9:11 | | B.cs:3:14:3:14 | B | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | B.cs:10:9:10:11 | @@ -65,7 +92,7 @@ type_location | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | A.cs:3:23:3:26 | A`1 | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | A.cs:3:25:3:25 | T | A.cs:3:25:3:25 | A.cs:3:25:3:25 | -| A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | +| A.cs:17:14:17:15 | A2 | A.cs:17:14:17:15 | A.cs:17:14:17:15 | | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | | Base.cs:1:23:1:29 | Base`1 | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | @@ -90,11 +117,11 @@ type_location | Multiple2.cs:5:14:5:30 | Multiple2Specific | Multiple2.cs:5:14:5:30 | Multiple2.cs:5:14:5:30 | | Sub.cs:1:14:1:16 | Sub | Sub.cs:1:14:1:16 | Sub.cs:1:14:1:16 | calltype_location -| A.cs:13:14:13:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | -| A.cs:33:20:33:24 | object creation of type A2 | A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | +| A.cs:17:14:17:15 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | +| A.cs:37:20:37:24 | object creation of type A2 | A.cs:17:14:17:15 | A2 | A.cs:17:14:17:15 | A.cs:17:14:17:15 | | B.cs:3:14:3:14 | call to constructor A | A.cs:3:23:3:26 | A | A.cs:3:23:3:26 | A.cs:3:23:3:26 | | C.cs:7:15:7:21 | object creation of type B | B.cs:3:14:3:14 | B | B.cs:3:14:3:14 | B.cs:3:14:3:14 | -| C.cs:9:17:9:24 | object creation of type A2 | A.cs:13:14:13:15 | A2 | A.cs:13:14:13:15 | A.cs:13:14:13:15 | +| C.cs:9:17:9:24 | object creation of type A2 | A.cs:17:14:17:15 | A2 | A.cs:17:14:17:15 | A.cs:17:14:17:15 | | Sub.cs:1:14:1:16 | call to constructor Base | Base.cs:1:23:1:29 | Base | Base.cs:1:23:1:29 | Base.cs:1:23:1:29 | | Sub.cs:6:17:6:31 | object creation of type InnerBase | Base.cs:5:18:5:26 | InnerBase | Base.cs:5:18:5:26 | Base.cs:5:18:5:26 | typeparameter_location @@ -129,12 +156,21 @@ parameter_locations | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | | A.cs:9:28:9:35 | ToObject | A.cs:9:39:9:40 | t2 | A.cs:9:39:9:40 | A.cs:9:39:9:40 | -| A.cs:19:9:19:11 | get_Item | A.cs:17:37:17:37 | i | A.cs:17:37:17:37 | A.cs:17:37:17:37 | -| A.cs:20:9:20:11 | set_Item | A.cs:17:37:17:37 | i | A.cs:17:37:17:37 | A.cs:17:37:17:37 | -| A.cs:20:9:20:11 | set_Item | A.cs:20:9:20:11 | value | A.cs:20:9:20:11 | A.cs:20:9:20:11 | -| A.cs:25:9:25:11 | add_Event | A.cs:25:9:25:11 | value | A.cs:25:9:25:11 | A.cs:25:9:25:11 | -| A.cs:26:9:26:14 | remove_Event | A.cs:26:9:26:14 | value | A.cs:26:9:26:14 | A.cs:26:9:26:14 | -| A.cs:29:28:29:35 | ToObject | A.cs:29:44:29:44 | t | A.cs:29:44:29:44 | A.cs:29:44:29:44 | +| A.cs:12:12:12:12 | A | A.cs:12:16:12:16 | t | A.cs:12:16:12:16 | A.cs:12:16:12:16 | +| A.cs:12:12:12:12 | A | A.cs:12:16:12:16 | t | A.cs:12:16:12:16 | A.cs:12:16:12:16 | +| A.cs:12:12:12:12 | A | A.cs:12:16:12:16 | t | A.cs:12:16:12:16 | A.cs:12:16:12:16 | +| A.cs:14:33:14:33 | + | A.cs:14:40:14:41 | a1 | A.cs:14:40:14:41 | A.cs:14:40:14:41 | +| A.cs:14:33:14:33 | + | A.cs:14:40:14:41 | a1 | A.cs:14:40:14:41 | A.cs:14:40:14:41 | +| A.cs:14:33:14:33 | + | A.cs:14:40:14:41 | a1 | A.cs:14:40:14:41 | A.cs:14:40:14:41 | +| A.cs:14:33:14:33 | + | A.cs:14:49:14:50 | a2 | A.cs:14:49:14:50 | A.cs:14:49:14:50 | +| A.cs:14:33:14:33 | + | A.cs:14:49:14:50 | a2 | A.cs:14:49:14:50 | A.cs:14:49:14:50 | +| A.cs:14:33:14:33 | + | A.cs:14:49:14:50 | a2 | A.cs:14:49:14:50 | A.cs:14:49:14:50 | +| A.cs:23:9:23:11 | get_Item | A.cs:21:37:21:37 | i | A.cs:21:37:21:37 | A.cs:21:37:21:37 | +| A.cs:24:9:24:11 | set_Item | A.cs:21:37:21:37 | i | A.cs:21:37:21:37 | A.cs:21:37:21:37 | +| A.cs:24:9:24:11 | set_Item | A.cs:24:9:24:11 | value | A.cs:24:9:24:11 | A.cs:24:9:24:11 | +| A.cs:29:9:29:11 | add_Event | A.cs:29:9:29:11 | value | A.cs:29:9:29:11 | A.cs:29:9:29:11 | +| A.cs:30:9:30:14 | remove_Event | A.cs:30:9:30:14 | value | A.cs:30:9:30:14 | A.cs:30:9:30:14 | +| A.cs:33:28:33:35 | ToObject | A.cs:33:44:33:44 | t | A.cs:33:44:33:44 | A.cs:33:44:33:44 | | B.cs:9:9:9:11 | get_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | | B.cs:10:9:10:11 | set_Item | B.cs:7:34:7:34 | i | B.cs:7:34:7:34 | B.cs:7:34:7:34 | | B.cs:10:9:10:11 | set_Item | B.cs:10:9:10:11 | value | B.cs:10:9:10:11 | B.cs:10:9:10:11 | diff --git a/csharp/ql/test/library-tests/locations/locations.ql b/csharp/ql/test/library-tests/locations/locations.ql index 0346db8432cd..d97852d7b3b5 100644 --- a/csharp/ql/test/library-tests/locations/locations.ql +++ b/csharp/ql/test/library-tests/locations/locations.ql @@ -4,7 +4,6 @@ query predicate member_locations(Type t, Member m, SourceLocation l) { t = m.getDeclaringType() and l = m.getLocation() and not l instanceof EmptyLocation and - not m instanceof Constructor and t.fromSource() } From 89681a49e638476f3841872374eb33d97c6662ee Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 14:03:14 +0200 Subject: [PATCH 295/307] C#: Only extract the unbound locations for constructors, destructors and user defined operators and use this in the QL code. --- .../Entities/Constructor.cs | 15 +++++++++++++-- .../Entities/Destructor.cs | 5 ++++- .../Entities/UserOperator.cs | 5 ++++- csharp/ql/lib/semmle/code/csharp/Callable.qll | 6 +++--- 4 files changed, 24 insertions(+), 7 deletions(-) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs index 4fa035446ef5..462fd8067888 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs @@ -29,7 +29,10 @@ public override void Populate(TextWriter trapFile) ContainingType!.PopulateGenerics(); trapFile.constructors(this, Symbol.ContainingType.Name, ContainingType, (Constructor)OriginalDefinition); - WriteLocationToTrap(trapFile.constructor_location, this, Location); + if (Context.ExtractLocation(Symbol) && (!IsDefault || IsBestSourceLocation)) + { + WriteLocationToTrap(trapFile.constructor_location, this, Location); + } if (MakeSynthetic) { @@ -168,7 +171,15 @@ Symbol.ContainingType.TypeKind is TypeKind.Class or TypeKind.Struct && Symbol.ContainingType.IsSourceDeclaration() && !Symbol.ContainingType.IsAnonymousType; - private bool MakeSynthetic => IsPrimary || IsDefault; + /// + /// Returns true if we consider the reporting location of this constructor entity the best + /// location of the constructor. + /// For partial classes with default constructors, Roslyn consider each partial class declaration + /// as the possible location for the implicit default constructor. + /// + private bool IsBestSourceLocation => ReportingLocation is not null && Context.IsLocationInContext(ReportingLocation); + + private bool MakeSynthetic => IsPrimary || (IsDefault && IsBestSourceLocation); [return: NotNullIfNotNull(nameof(constructor))] public static new Constructor? Create(Context cx, IMethodSymbol? constructor) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs index 3d07c7d42de9..13e86792fc35 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Destructor.cs @@ -15,7 +15,10 @@ public override void Populate(TextWriter trapFile) ContainingType!.PopulateGenerics(); trapFile.destructors(this, $"~{Symbol.ContainingType.Name}", ContainingType, OriginalDefinition(Context, this, Symbol)); - WriteLocationToTrap(trapFile.destructor_location, this, Location); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationToTrap(trapFile.destructor_location, this, Location); + } } private static new Destructor OriginalDefinition(Context cx, Destructor original, IMethodSymbol symbol) diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs index e37d16567e1b..40a40aab556d 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/UserOperator.cs @@ -26,7 +26,10 @@ public override void Populate(TextWriter trapFile) returnType.TypeRef, (UserOperator)OriginalDefinition); - WriteLocationsToTrap(trapFile.operator_location, this, Locations); + if (Context.ExtractLocation(Symbol)) + { + WriteLocationsToTrap(trapFile.operator_location, this, Locations); + } if (IsSourceDeclaration) { diff --git a/csharp/ql/lib/semmle/code/csharp/Callable.qll b/csharp/ql/lib/semmle/code/csharp/Callable.qll index ef0d0673ce2a..44e7c3cf4ca8 100644 --- a/csharp/ql/lib/semmle/code/csharp/Callable.qll +++ b/csharp/ql/lib/semmle/code/csharp/Callable.qll @@ -357,7 +357,7 @@ class Constructor extends Callable, Member, Attributable, @constructor { override Constructor getUnboundDeclaration() { constructors(this, _, _, result) } - override Location getALocation() { constructor_location(this, result) } + override Location getALocation() { constructor_location(this.getUnboundDeclaration(), result) } override predicate fromSource() { Member.super.fromSource() and not this.isCompilerGenerated() } @@ -450,7 +450,7 @@ class Destructor extends Callable, Member, Attributable, @destructor { override Destructor getUnboundDeclaration() { destructors(this, _, _, result) } - override Location getALocation() { destructor_location(this, result) } + override Location getALocation() { destructor_location(this.getUnboundDeclaration(), result) } override string toString() { result = Callable.super.toString() } @@ -484,7 +484,7 @@ class Operator extends Callable, Member, Attributable, Overridable, @operator { override Operator getUnboundDeclaration() { operators(this, _, _, _, _, result) } - override Location getALocation() { operator_location(this, result) } + override Location getALocation() { operator_location(this.getUnboundDeclaration(), result) } override string toString() { result = Callable.super.toString() } From 11f20457e229506b01fc9b674e2d76ebe50fbc5e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 9 Oct 2025 14:15:07 +0100 Subject: [PATCH 296/307] Fix team name --- CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS b/CODEOWNERS index 472edff683bd..ae1506f12a3c 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,5 +1,5 @@ # Catch-all for anything which isn't matched by a line lower down -* @github/codeql-alert-coverage-eng +* @github/code-scanning-alert-coverage # CodeQL language libraries /actions/ @github/codeql-dynamic From e8fd843e52a65c3de69a604ee2f4500c85f86fdc Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Oct 2025 16:17:17 +0200 Subject: [PATCH 297/307] C#: Update some tuple related tests. --- .../assignables/Assignables.expected | 8 -------- .../library-tests/csharp7/TupleTypes.expected | 20 ++++++++----------- .../test/library-tests/csharp7/TupleTypes.ql | 4 ++-- 3 files changed, 10 insertions(+), 22 deletions(-) diff --git a/csharp/ql/test/library-tests/assignables/Assignables.expected b/csharp/ql/test/library-tests/assignables/Assignables.expected index 6c11ac4869a8..97c22cd91275 100644 --- a/csharp/ql/test/library-tests/assignables/Assignables.expected +++ b/csharp/ql/test/library-tests/assignables/Assignables.expected @@ -43,12 +43,6 @@ | Assignables.cs:92:23:92:23 | b | | Assignables.cs:92:33:92:33 | s | | Assignables.cs:95:40:95:44 | tuple | -| Assignables.cs:97:24:97:24 | Item1 | -| Assignables.cs:97:27:97:36 | Item2 | -| Assignables.cs:101:6:101:8 | Item1 | -| Assignables.cs:101:11:101:24 | Item2 | -| Assignables.cs:101:12:101:15 | Item1 | -| Assignables.cs:101:18:101:23 | Item2 | | Assignables.cs:108:13:108:13 | i | | Assignables.cs:109:14:109:14 | p | | Assignables.cs:113:25:113:25 | i | @@ -69,8 +63,6 @@ | Assignables.cs:132:13:132:13 | x | | Assignables.cs:133:29:133:29 | s | | Assignables.cs:138:19:138:19 | x | -| Discards.cs:5:6:5:8 | Item1 | -| Discards.cs:5:11:5:16 | Item2 | | Discards.cs:5:30:5:30 | x | | Discards.cs:19:14:19:14 | x | | Discards.cs:20:17:20:17 | y | diff --git a/csharp/ql/test/library-tests/csharp7/TupleTypes.expected b/csharp/ql/test/library-tests/csharp7/TupleTypes.expected index 9d7f3330151b..86bd4d542b99 100644 --- a/csharp/ql/test/library-tests/csharp7/TupleTypes.expected +++ b/csharp/ql/test/library-tests/csharp7/TupleTypes.expected @@ -1,12 +1,8 @@ -| (Int32,(String,Int32)) | (int, (string, int)) | ValueTuple | 2 | 0 | CSharp7.cs:96:19:96:19 | Item1 | -| (Int32,(String,Int32)) | (int, (string, int)) | ValueTuple | 2 | 1 | CSharp7.cs:102:22:102:46 | Item2 | -| (Int32,Double) | (int, double) | ValueTuple | 2 | 0 | CSharp7.cs:213:6:213:8 | Item1 | -| (Int32,Double) | (int, double) | ValueTuple | 2 | 1 | CSharp7.cs:213:11:213:16 | Item2 | -| (Int32,Int32) | (int, int) | ValueTuple | 2 | 0 | CSharp7.cs:62:10:62:10 | Item1 | -| (Int32,Int32) | (int, int) | ValueTuple | 2 | 1 | CSharp7.cs:62:17:62:17 | Item2 | -| (Int32,String) | (int, string) | ValueTuple | 2 | 0 | CSharp7.cs:95:19:95:19 | Item1 | -| (Int32,String) | (int, string) | ValueTuple | 2 | 1 | CSharp7.cs:95:22:95:37 | Item2 | -| (String,Int32) | (string, int) | ValueTuple | 2 | 0 | CSharp7.cs:82:17:82:17 | Item1 | -| (String,Int32) | (string, int) | ValueTuple | 2 | 1 | CSharp7.cs:82:23:82:23 | Item2 | -| (String,String) | (string, string) | ValueTuple | 2 | 0 | CSharp7.cs:87:19:87:27 | Item1 | -| (String,String) | (string, string) | ValueTuple | 2 | 1 | CSharp7.cs:87:30:87:33 | Item2 | +| (Int32,(String,Int32)) | (int, (string, int)) | ValueTuple | 2 | 0 | Item1 | +| (Int32,(String,Int32)) | (int, (string, int)) | ValueTuple | 2 | 1 | Item2 | +| (Int32,Double) | (int, double) | ValueTuple | 2 | 0 | Item1 | +| (Int32,Double) | (int, double) | ValueTuple | 2 | 1 | Item2 | +| (Int32,String) | (int, string) | ValueTuple | 2 | 0 | Item1 | +| (Int32,String) | (int, string) | ValueTuple | 2 | 1 | Item2 | +| (String,String) | (string, string) | ValueTuple | 2 | 0 | Item1 | +| (String,String) | (string, string) | ValueTuple | 2 | 1 | Item2 | diff --git a/csharp/ql/test/library-tests/csharp7/TupleTypes.ql b/csharp/ql/test/library-tests/csharp7/TupleTypes.ql index 288fe1bfe982..c8fd4ac9ab03 100644 --- a/csharp/ql/test/library-tests/csharp7/TupleTypes.ql +++ b/csharp/ql/test/library-tests/csharp7/TupleTypes.ql @@ -1,6 +1,6 @@ import csharp from TupleType tt, int i -where tt.getAnElement().fromSource() +where tt.fromSource() select tt.getName(), tt.toStringWithTypes(), tt.getUnderlyingType().toStringWithTypes(), - tt.getArity(), i, tt.getElement(i) + tt.getArity(), i, tt.getElement(i).getName() From 0fc2875527537c0c3da393ae788ff2b670fe8c62 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 10 Oct 2025 09:31:42 +0200 Subject: [PATCH 298/307] Rust: Include tuple structs/variants in `CallExprBase.getStaticTarget()` --- .../ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll | 4 ++-- .../lib/codeql/rust/elements/internal/MethodCallExprImpl.qll | 3 +++ rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll | 2 +- rust/ql/lib/codeql/rust/internal/TypeInference.qll | 4 ++-- rust/ql/test/library-tests/definitions/Definitions.expected | 1 + 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll index 19abc6e3df34..05d5aee7a065 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/CallExprBaseImpl.qll @@ -19,8 +19,8 @@ module Impl { * A function or method call expression. See `CallExpr` and `MethodCallExpr` for further details. */ class CallExprBase extends Generated::CallExprBase { - /** Gets the static target of this call, if any. */ - final Function getStaticTarget() { result = TypeInference::resolveCallTarget(this) } + /** Gets the static target (function or tuple struct/variant) of this call, if any. */ + final Addressable getStaticTarget() { result = TypeInference::resolveCallTarget(this) } override Expr getArg(int index) { result = this.getArgList().getArg(index) } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll index ac8d9b210e9a..7617ae456bbb 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll @@ -38,5 +38,8 @@ module Impl { override string toStringImpl() { result = strictconcat(int i | | this.toStringPart(i) order by i) } + + /** Gets the static target of this method call, if any. */ + final Function getStaticTarget() { result = super.getStaticTarget() } } } diff --git a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll index 123824b3d696..b34b3abf7cb8 100644 --- a/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll +++ b/rust/ql/lib/codeql/rust/frameworks/rustcrypto/RustCrypto.qll @@ -26,7 +26,7 @@ class StreamCipherInit extends Cryptography::CryptographicOperation::Range { // `cipher::KeyIvInit::new`, `cipher::KeyIvInit::new_from_slices`, `rc2::Rc2::new_with_eff_key_len` or similar. exists(CallExprBase ce, string rawAlgorithmName | ce = this.asExpr().getExpr() and - ce.getStaticTarget().getName().getText() = + ce.getStaticTarget().(Function).getName().getText() = ["new", "new_from_slice", "new_with_eff_key_len", "new_from_slices"] and // extract the algorithm name from the type of `ce` or its receiver. exists(Type t, TypePath tp | diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index c9dbf0bac13b..c450670a1fc9 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -2505,9 +2505,9 @@ private module Cached { ) } - /** Gets a function that `call` resolves to, if any. */ + /** Gets an item (function or tuple struct/variant) that `call` resolves to, if any. */ cached - Function resolveCallTarget(Call call) { + Addressable resolveCallTarget(Call call) { result = resolveMethodCallTarget(call) or result = resolveFunctionCallTarget(call) diff --git a/rust/ql/test/library-tests/definitions/Definitions.expected b/rust/ql/test/library-tests/definitions/Definitions.expected index 3786ab947f2d..23ad4e291de3 100644 --- a/rust/ql/test/library-tests/definitions/Definitions.expected +++ b/rust/ql/test/library-tests/definitions/Definitions.expected @@ -7,6 +7,7 @@ | main.rs:18:16:18:16 | T | main.rs:18:10:18:10 | T | path | | main.rs:19:23:19:23 | T | main.rs:18:10:18:10 | T | path | | main.rs:19:29:19:32 | Self | main.rs:16:5:16:24 | struct S2 | path | +| main.rs:20:13:20:14 | S2 | main.rs:16:5:16:24 | struct S2 | path | | main.rs:20:16:20:16 | x | main.rs:19:20:19:20 | x | local variable | | main.rs:29:5:29:11 | println | {EXTERNAL LOCATION} | MacroRules | path | | main.rs:29:22:29:26 | value | main.rs:29:50:29:54 | value | format argument | From b8c3a28de3e4fc7a6a617370ab14fd46652a52c9 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 10 Oct 2025 11:47:19 +0200 Subject: [PATCH 299/307] C#: Add change note. --- csharp/ql/lib/change-notes/2025-10-10-entity-locations.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-10-10-entity-locations.md diff --git a/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md new file mode 100644 index 000000000000..72aa663febe0 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. From 500421d891b0967ef5fe8465adbab4ea1a32cafa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Oct 2025 03:14:48 +0000 Subject: [PATCH 300/307] Bump the extractor-dependencies group in /go/extractor with 2 updates Bumps the extractor-dependencies group in /go/extractor with 2 updates: [golang.org/x/mod](https://github.com/golang/mod) and [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/mod` from 0.28.0 to 0.29.0 - [Commits](https://github.com/golang/mod/compare/v0.28.0...v0.29.0) Updates `golang.org/x/tools` from 0.37.0 to 0.38.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.37.0...v0.38.0) --- updated-dependencies: - dependency-name: golang.org/x/mod dependency-version: 0.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies - dependency-name: golang.org/x/tools dependency-version: 0.38.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] --- go/extractor/go.mod | 4 ++-- go/extractor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go/extractor/go.mod b/go/extractor/go.mod index 3369f28a9548..e8cdde572e17 100644 --- a/go/extractor/go.mod +++ b/go/extractor/go.mod @@ -9,8 +9,8 @@ toolchain go1.25.0 // when adding or removing dependencies, run // bazel mod tidy require ( - golang.org/x/mod v0.28.0 - golang.org/x/tools v0.37.0 + golang.org/x/mod v0.29.0 + golang.org/x/tools v0.38.0 ) require golang.org/x/sync v0.17.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum index 1fa55e6db7c0..9b34f09461c1 100644 --- a/go/extractor/go.sum +++ b/go/extractor/go.sum @@ -1,8 +1,8 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= -golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U= -golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI= +golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= +golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w= golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug= golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= -golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE= -golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w= +golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ= +golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs= From c4b27d5f281697ca033a2aa4a20e84db1eeabd98 Mon Sep 17 00:00:00 2001 From: Taus Date: Mon, 13 Oct 2025 13:50:43 +0000 Subject: [PATCH 301/307] Python: Fix `ImportError` in `imp.py` under Python 3.14 It seems `_ERR_MSG` was silently removed in Python 3.14, leading to an `ImportError` when running the extractor. To fix this, we explicitly set `_ERR_MSG` when the existing import fails (using `_ERR_MSG_PREFIX` which is available in Python 3.14+, along with the bits that make up the difference between this and `_ERR_MSG`). --- python/extractor/imp.py | 9 ++++++++- python/extractor/semmle/util.py | 2 +- .../2025-10-13-fix-importerror-on-python-3.14.md | 4 ++++ 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100644 python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md diff --git a/python/extractor/imp.py b/python/extractor/imp.py index 6a0685559fd1..8d703250b671 100644 --- a/python/extractor/imp.py +++ b/python/extractor/imp.py @@ -17,9 +17,16 @@ # Platform doesn't support dynamic loading. create_dynamic = None -from importlib._bootstrap import _ERR_MSG, _exec, _load, _builtin_from_name +from importlib._bootstrap import _exec, _load, _builtin_from_name from importlib._bootstrap_external import SourcelessFileLoader +# In Python 3.14, `_ERR_MSG` was removed in favor of `_ERR_MSG_PREFIX`. +try: + from importlib._bootstrap import _ERR_MSG +except ImportError: + from importlib._bootstrap import _ERR_MSG_PREFIX + _ERR_MSG = _ERR_MSG_PREFIX + '{name!r}' + from importlib import machinery from importlib import util import importlib diff --git a/python/extractor/semmle/util.py b/python/extractor/semmle/util.py index 8196f76e4375..2f6a18ac7a97 100644 --- a/python/extractor/semmle/util.py +++ b/python/extractor/semmle/util.py @@ -10,7 +10,7 @@ #Semantic version of extractor. #Update this if any changes are made -VERSION = "7.1.4" +VERSION = "7.1.5" PY_EXTENSIONS = ".py", ".pyw" diff --git a/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md b/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md new file mode 100644 index 000000000000..d2eefde0e119 --- /dev/null +++ b/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* The Python extractor no longer crashes with an `ImportError` when run using Python 3.14. From 33542f7d40619a50556b3870186211e136c9cddf Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 14 Oct 2025 09:30:24 +0000 Subject: [PATCH 302/307] Release preparation for version 2.23.3 --- actions/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/0.4.19.md | 3 +++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/0.6.11.md | 3 +++ actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 10 +++++++++ cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md | 4 ---- .../6.0.0.md} | 13 +++++++---- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.5.2.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../lib/change-notes/released/1.7.50.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- .../ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../src/change-notes/released/1.7.50.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 9 ++++++++ .../2025-10-02-entity-locations.md | 4 ---- .../2025-10-07-entity-locations.md | 4 ---- .../2025-10-08-entity-locations.md | 4 ---- .../2025-10-10-entity-locations.md | 4 ---- csharp/ql/lib/change-notes/released/5.2.6.md | 8 +++++++ csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 4 ++++ csharp/ql/src/change-notes/released/1.4.2.md | 3 +++ csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ .../codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 22 +++++++++++++++++++ .../change-notes/2025-09-19-api-changes.md | 5 ----- ...9-use-use-flow-proper-post-update-nodes.md | 4 ---- .../2025-09-30-fewer-safe-urls.md | 4 ---- ...lidated-url-redirection-struct-init-fix.md | 4 ---- ...02-writenode-writescomponent-deprecated.md | 4 ---- ...-sqlinjection-numericorbooleansanitizer.md | 4 ---- ...9-sanitize-simple-types-request-forgery.md | 4 ---- go/ql/lib/change-notes/released/5.0.0.md | 21 ++++++++++++++++++ go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.4.7.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 6 +++++ .../7.7.2.md} | 7 +++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.8.2.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 4 ++++ .../ql/lib/change-notes/released/2.6.13.md | 3 +++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 4 ++++ .../ql/src/change-notes/released/2.1.2.md | 3 +++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 6 +++++ .../4.0.17.md} | 7 +++--- python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 4 ++++ python/ql/src/change-notes/released/1.6.7.md | 3 +++ python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 4 ++++ ruby/ql/lib/change-notes/released/5.1.1.md | 3 +++ ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 4 ++++ ruby/ql/src/change-notes/released/1.4.7.md | 3 +++ ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 10 +++++++++ .../2025-09-29-data-flow-function-pointer.md | 4 ---- .../ql/lib/change-notes/2025-10-07-rust-ga.md | 4 ---- rust/ql/lib/change-notes/released/0.1.18.md | 9 ++++++++ rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 6 +++++ .../0.1.18.md} | 7 +++--- rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/concepts/CHANGELOG.md | 4 ++++ .../concepts/change-notes/released/0.0.7.md | 3 +++ shared/concepts/codeql-pack.release.yml | 2 +- shared/concepts/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.17.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ .../dataflow/change-notes/released/2.0.17.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.33.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/quantum/CHANGELOG.md | 4 ++++ .../quantum/change-notes/released/0.0.11.md | 3 +++ shared/quantum/codeql-pack.release.yml | 2 +- shared/quantum/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.33.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 4 ++++ shared/ssa/change-notes/released/2.0.9.md | 3 +++ shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.33.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ .../tutorial/change-notes/released/1.0.33.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ .../typeflow/change-notes/released/1.0.33.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../change-notes/released/0.0.14.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ .../change-notes/released/2.0.17.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.33.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.20.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.33.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.33.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 4 ++++ swift/ql/lib/change-notes/released/5.0.9.md | 3 +++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.2.7.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 178 files changed, 448 insertions(+), 152 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.19.md create mode 100644 actions/ql/src/change-notes/released/0.6.11.md delete mode 100644 cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md rename cpp/ql/lib/change-notes/{2025-09-18-guards.md => released/6.0.0.md} (65%) create mode 100644 cpp/ql/src/change-notes/released/1.5.2.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-02-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-07-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-08-entity-locations.md delete mode 100644 csharp/ql/lib/change-notes/2025-10-10-entity-locations.md create mode 100644 csharp/ql/lib/change-notes/released/5.2.6.md create mode 100644 csharp/ql/src/change-notes/released/1.4.2.md create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.33.md delete mode 100644 go/ql/lib/change-notes/2025-09-19-api-changes.md delete mode 100644 go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md delete mode 100644 go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md delete mode 100644 go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md delete mode 100644 go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md delete mode 100644 go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md delete mode 100644 go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md create mode 100644 go/ql/lib/change-notes/released/5.0.0.md create mode 100644 go/ql/src/change-notes/released/1.4.7.md rename java/ql/lib/change-notes/{2025-10-07-array-entrypointtype.md => released/7.7.2.md} (89%) create mode 100644 java/ql/src/change-notes/released/1.8.2.md create mode 100644 javascript/ql/lib/change-notes/released/2.6.13.md create mode 100644 javascript/ql/src/change-notes/released/2.1.2.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.33.md rename python/ql/lib/change-notes/{2025-10-13-fix-importerror-on-python-3.14.md => released/4.0.17.md} (77%) create mode 100644 python/ql/src/change-notes/released/1.6.7.md create mode 100644 ruby/ql/lib/change-notes/released/5.1.1.md create mode 100644 ruby/ql/src/change-notes/released/1.4.7.md delete mode 100644 rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md delete mode 100644 rust/ql/lib/change-notes/2025-10-07-rust-ga.md create mode 100644 rust/ql/lib/change-notes/released/0.1.18.md rename rust/ql/src/change-notes/{2025-09-19-insecure-cookie.md => released/0.1.18.md} (78%) create mode 100644 shared/concepts/change-notes/released/0.0.7.md create mode 100644 shared/controlflow/change-notes/released/2.0.17.md create mode 100644 shared/dataflow/change-notes/released/2.0.17.md create mode 100644 shared/mad/change-notes/released/1.0.33.md create mode 100644 shared/quantum/change-notes/released/0.0.11.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.33.md create mode 100644 shared/regex/change-notes/released/1.0.33.md create mode 100644 shared/ssa/change-notes/released/2.0.9.md create mode 100644 shared/threat-models/change-notes/released/1.0.33.md create mode 100644 shared/tutorial/change-notes/released/1.0.33.md create mode 100644 shared/typeflow/change-notes/released/1.0.33.md create mode 100644 shared/typeinference/change-notes/released/0.0.14.md create mode 100644 shared/typetracking/change-notes/released/2.0.17.md create mode 100644 shared/typos/change-notes/released/1.0.33.md create mode 100644 shared/util/change-notes/released/2.0.20.md create mode 100644 shared/xml/change-notes/released/1.0.33.md create mode 100644 shared/yaml/change-notes/released/1.0.33.md create mode 100644 swift/ql/lib/change-notes/released/5.0.9.md create mode 100644 swift/ql/src/change-notes/released/1.2.7.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index e6ae9a82059e..3de5d186721a 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.19 + +No user-facing changes. + ## 0.4.18 No user-facing changes. diff --git a/actions/ql/lib/change-notes/released/0.4.19.md b/actions/ql/lib/change-notes/released/0.4.19.md new file mode 100644 index 000000000000..fb592c5a34fe --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.19.md @@ -0,0 +1,3 @@ +## 0.4.19 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 1a848f928999..abf63707906b 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.18 +lastReleaseVersion: 0.4.19 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 80eecfca28d5..06f67aa0be6b 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.19-dev +version: 0.4.19 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index 534ba89566b2..4592fbb66da7 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.6.11 + +No user-facing changes. + ## 0.6.10 No user-facing changes. diff --git a/actions/ql/src/change-notes/released/0.6.11.md b/actions/ql/src/change-notes/released/0.6.11.md new file mode 100644 index 000000000000..3c83e3ac1120 --- /dev/null +++ b/actions/ql/src/change-notes/released/0.6.11.md @@ -0,0 +1,3 @@ +## 0.6.11 + +No user-facing changes. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index c2eebb652b05..b73e74898d0f 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.6.10 +lastReleaseVersion: 0.6.11 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index 2de1276aa82d..b758a0e68a1f 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.6.11-dev +version: 0.6.11 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 0909c8e3c881..e227764cca0a 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 6.0.0 + +### Breaking Changes + +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. + +### New Features + +* The C/C++ "build-mode: none" support is now General Availability (GA). + ## 5.6.1 No user-facing changes. diff --git a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md b/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md deleted file mode 100644 index dce0cabc38c0..000000000000 --- a/cpp/ql/lib/change-notes/2025-10-07-bmn-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* The C/C++ "build-mode: none" support is now General Availability (GA). diff --git a/cpp/ql/lib/change-notes/2025-09-18-guards.md b/cpp/ql/lib/change-notes/released/6.0.0.md similarity index 65% rename from cpp/ql/lib/change-notes/2025-09-18-guards.md rename to cpp/ql/lib/change-notes/released/6.0.0.md index a739df714713..5f5a355f5944 100644 --- a/cpp/ql/lib/change-notes/2025-09-18-guards.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -1,4 +1,9 @@ ---- -category: breaking ---- -* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. \ No newline at end of file +## 6.0.0 + +### Breaking Changes + +* The "Guards" libraries (`semmle.code.cpp.controlflow.Guards` and `semmle.code.cpp.controlflow.IRGuards`) have been totally rewritten to recognize many more guards. The API remains unchanged, but the `GuardCondition` class now extends `Element` instead of `Expr`. + +### New Features + +* The C/C++ "build-mode: none" support is now General Availability (GA). diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index 2dcac412aa9c..f8c4fa43ccb7 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.6.1 +lastReleaseVersion: 6.0.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 435d013c47b6..dadd68c23f55 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 5.6.2-dev +version: 6.0.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index 39549ed1bdc2..4b876310708b 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.5.2 + +No user-facing changes. + ## 1.5.1 No user-facing changes. diff --git a/cpp/ql/src/change-notes/released/1.5.2.md b/cpp/ql/src/change-notes/released/1.5.2.md new file mode 100644 index 000000000000..384c27833f18 --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.5.2.md @@ -0,0 +1,3 @@ +## 1.5.2 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index c5775c46013c..7eb901bae56a 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.1 +lastReleaseVersion: 1.5.2 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index f5193698fdb7..f33aa8fc5627 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.5.2-dev +version: 1.5.2 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index bcfd38e14942..7b4887608d94 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.50 + +No user-facing changes. + ## 1.7.49 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md new file mode 100644 index 000000000000..187bfe4d01f4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.50.md @@ -0,0 +1,3 @@ +## 1.7.50 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index fe16fdfefdc8..dab079d66444 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.49 +lastReleaseVersion: 1.7.50 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 3c14c29940c0..6ef842443088 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.50-dev +version: 1.7.50 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index bcfd38e14942..7b4887608d94 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.50 + +No user-facing changes. + ## 1.7.49 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md new file mode 100644 index 000000000000..187bfe4d01f4 --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.50.md @@ -0,0 +1,3 @@ +## 1.7.50 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index fe16fdfefdc8..dab079d66444 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.49 +lastReleaseVersion: 1.7.50 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index efb3216f3b9b..16479e216b37 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.50-dev +version: 1.7.50 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 095eab5cdbaf..a722d924f3b8 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,12 @@ +## 5.2.6 + +### Minor Analysis Improvements + +* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. + ## 5.2.5 No user-facing changes. diff --git a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md deleted file mode 100644 index dd13aab6292e..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-02-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md deleted file mode 100644 index 44f36fe44c6a..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-07-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md deleted file mode 100644 index a96afe072513..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-08-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. diff --git a/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md b/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md deleted file mode 100644 index 72aa663febe0..000000000000 --- a/csharp/ql/lib/change-notes/2025-10-10-entity-locations.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/change-notes/released/5.2.6.md b/csharp/ql/lib/change-notes/released/5.2.6.md new file mode 100644 index 000000000000..54ef01bfbf87 --- /dev/null +++ b/csharp/ql/lib/change-notes/released/5.2.6.md @@ -0,0 +1,8 @@ +## 5.2.6 + +### Minor Analysis Improvements + +* The extraction of location information for parameters, fields, constructors, destructors and user operators has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. +* The extraction of location information for type parameters and tuples types has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of location information for named types (classes, structs, etc.) has been optimized. Previously, location information was extracted multiple times for each type when it was declared across multiple files. Now, the extraction context is respected during the extraction phase, ensuring locations are only extracted within the appropriate context. This change should be transparent to end-users but may improve extraction performance in some cases. +* The extraction of the location for bound generic entities (methods, accessors, indexers, properties, and events) has been optimized. Previously, location information was extracted multiple times for each bound generic. Now, only the location of the unbound generic declaration is extracted during the extraction phase, and the QL library explicitly reuses this location for all bound instances of the same generic. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 63222f8b4a01..1ac2b5309f2d 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.2.5 +lastReleaseVersion: 5.2.6 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 2f92b5edafdb..8dd6bc6ec101 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.2.6-dev +version: 5.2.6 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 7fa8992c49af..40ea9e3693a8 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.2 + +No user-facing changes. + ## 1.4.1 ### Minor Analysis Improvements diff --git a/csharp/ql/src/change-notes/released/1.4.2.md b/csharp/ql/src/change-notes/released/1.4.2.md new file mode 100644 index 000000000000..37be01f40d98 --- /dev/null +++ b/csharp/ql/src/change-notes/released/1.4.2.md @@ -0,0 +1,3 @@ +## 1.4.2 + +No user-facing changes. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 43ccf4467bed..a76cacdf7997 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.1 +lastReleaseVersion: 1.4.2 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index fad06a3e9289..1ea66ed1c4e0 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.4.2-dev +version: 1.4.2 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index 331bb4c220e0..102463df544a 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.33.md b/go/ql/consistency-queries/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 70529ff4f909..d9d08c55e176 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.33-dev +version: 1.0.33 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index adf218a99e44..ce835278cb18 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,25 @@ +## 5.0.0 + +### Breaking Changes + +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. + +### Deprecated APIs + +* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. + +### Major Analysis Improvements + +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. + +### Minor Analysis Improvements + +* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. + ## 4.3.5 No user-facing changes. diff --git a/go/ql/lib/change-notes/2025-09-19-api-changes.md b/go/ql/lib/change-notes/2025-09-19-api-changes.md deleted file mode 100644 index 071ec2719b3f..000000000000 --- a/go/ql/lib/change-notes/2025-09-19-api-changes.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: breaking ---- -* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. -* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. diff --git a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md b/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md deleted file mode 100644 index 607f23dfb03e..000000000000 --- a/go/ql/lib/change-notes/2025-09-19-use-use-flow-proper-post-update-nodes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. diff --git a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md b/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md deleted file mode 100644 index 5eeee51c4a3c..000000000000 --- a/go/ql/lib/change-notes/2025-09-30-fewer-safe-urls.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. diff --git a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md b/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md deleted file mode 100644 index 9e5d5aa14a2f..000000000000 --- a/go/ql/lib/change-notes/2025-10-02-unvalidated-url-redirection-struct-init-fix.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. diff --git a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md b/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md deleted file mode 100644 index 834266e36b96..000000000000 --- a/go/ql/lib/change-notes/2025-10-02-writenode-writescomponent-deprecated.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. diff --git a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md b/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md deleted file mode 100644 index 647d9a4332cd..000000000000 --- a/go/ql/lib/change-notes/2025-10-09-deprecate-sqlinjection-numericorbooleansanitizer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: deprecated ---- -* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. diff --git a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md b/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md deleted file mode 100644 index 1bbf8c7f88a9..000000000000 --- a/go/ql/lib/change-notes/2025-10-09-sanitize-simple-types-request-forgery.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. diff --git a/go/ql/lib/change-notes/released/5.0.0.md b/go/ql/lib/change-notes/released/5.0.0.md new file mode 100644 index 000000000000..869479762804 --- /dev/null +++ b/go/ql/lib/change-notes/released/5.0.0.md @@ -0,0 +1,21 @@ +## 5.0.0 + +### Breaking Changes + +* The member predicate `writesField` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing a struct literal. A new member predicate `writesFieldPreUpdate` has been added for cases where this behaviour is not desired. +* The member predicate `writesElement` on `DataFlow::Write` now uses the post-update node for `base` when that is the node being updated, which is in all cases except initializing an array/slice/map literal. A new member predicate `writesElementPreUpdate` has been added for cases where this behaviour is not desired. + +### Deprecated APIs + +* The class `SqlInjection::NumericOrBooleanSanitizer` has been deprecated. Use `SimpleTypeSanitizer` from `semmle.go.security.Sanitizers` instead. +* The member predicate `writesComponent` on `DataFlow::Write` has been deprecated. Instead, use `writesFieldPreUpdate` and `writesElementPreUpdate`, or their new versions `writesField` and `writesElement`. + +### Major Analysis Improvements + +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. + +### Minor Analysis Improvements + +* The query `go/request-forgery` will no longer report alerts when the user input is of a simple type, like a number or a boolean. +* For the query `go/unvalidated-url-redirection`, when untrusted data is assigned to the `Host` field of a `url.URL` struct, we consider the whole struct untrusted. We now also include the case when this happens during struct initialization, for example `&url.URL{Host: untrustedData}`. +* `go/unvalidated-url-redirection` and `go/request-forgery` have a shared notion of a safe URL, which is known to not be malicious. Some URLs which were incorrectly considered safe are now correctly considered unsafe. This may lead to more alerts for those two queries. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index d6a085129424..c9e54136ca5c 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.3.5 +lastReleaseVersion: 5.0.0 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 20ace6482e44..2cc2dbe29063 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.3.6-dev +version: 5.0.0 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index 65d6436fce3e..eb370a8cdddc 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.7 + +No user-facing changes. + ## 1.4.6 No user-facing changes. diff --git a/go/ql/src/change-notes/released/1.4.7.md b/go/ql/src/change-notes/released/1.4.7.md new file mode 100644 index 000000000000..4f064ad746f9 --- /dev/null +++ b/go/ql/src/change-notes/released/1.4.7.md @@ -0,0 +1,3 @@ +## 1.4.7 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 3b00bbce928c..163362bd6321 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index c85a94a90f58..660386f898e1 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.4.7-dev +version: 1.4.7 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 0e74414917b6..5d6fcbde3360 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 7.7.2 + +### Minor Analysis Improvements + +* Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. + ## 7.7.1 No user-facing changes. diff --git a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md b/java/ql/lib/change-notes/released/7.7.2.md similarity index 89% rename from java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md rename to java/ql/lib/change-notes/released/7.7.2.md index 45b898b6b2a6..43d4f94b816f 100644 --- a/java/ql/lib/change-notes/2025-10-07-array-entrypointtype.md +++ b/java/ql/lib/change-notes/released/7.7.2.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 7.7.2 + +### Minor Analysis Improvements + * Fields of certain objects are considered tainted if the object is tainted. This holds, for example, for objects that occur directly as sources in the active threat model (for instance, a remote flow source). This has now been amended to also include array types, such that if an array like `MyPojo[]` is a source, then fields of a tainted `MyPojo` are now also considered tainted. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index c94dbb3cd65d..25c09b25d217 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.7.1 +lastReleaseVersion: 7.7.2 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index dabb65e61cef..2885944ca320 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.7.2-dev +version: 7.7.2 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index 1e6df88fc31d..06133dffeba8 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.8.2 + +No user-facing changes. + ## 1.8.1 No user-facing changes. diff --git a/java/ql/src/change-notes/released/1.8.2.md b/java/ql/src/change-notes/released/1.8.2.md new file mode 100644 index 000000000000..12e641fd7205 --- /dev/null +++ b/java/ql/src/change-notes/released/1.8.2.md @@ -0,0 +1,3 @@ +## 1.8.2 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index 28a7c123ae84..559af8348bb0 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.8.1 +lastReleaseVersion: 1.8.2 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index b1ee0395fb2e..0d507c465864 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.8.2-dev +version: 1.8.2 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 975d14e10988..1e874227c37b 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.6.13 + +No user-facing changes. + ## 2.6.12 ### Minor Analysis Improvements diff --git a/javascript/ql/lib/change-notes/released/2.6.13.md b/javascript/ql/lib/change-notes/released/2.6.13.md new file mode 100644 index 000000000000..475bfb69be95 --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.13.md @@ -0,0 +1,3 @@ +## 2.6.13 + +No user-facing changes. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 8b34428a8454..9240f755da88 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.12 +lastReleaseVersion: 2.6.13 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index da942ea28a88..ca5e521255a2 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.13-dev +version: 2.6.13 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index 46aae437f779..f03b3a66e4d3 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.1.2 + +No user-facing changes. + ## 2.1.1 No user-facing changes. diff --git a/javascript/ql/src/change-notes/released/2.1.2.md b/javascript/ql/src/change-notes/released/2.1.2.md new file mode 100644 index 000000000000..6e72407c8c7a --- /dev/null +++ b/javascript/ql/src/change-notes/released/2.1.2.md @@ -0,0 +1,3 @@ +## 2.1.2 + +No user-facing changes. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 576c2ea18d68..1a4e53e87724 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.1.1 +lastReleaseVersion: 2.1.2 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 2581f9476291..2c79885b924c 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 2.1.2-dev +version: 2.1.2 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 4cbaa48190df..a6f9fcd2377b 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.33.md b/misc/suite-helpers/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 7715f68107e7..537cf29a9df8 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.33-dev +version: 1.0.33 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 070309c08a05..cb18c48a0510 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.0.17 + +### Bug Fixes + +* The Python extractor no longer crashes with an `ImportError` when run using Python 3.14. + ## 4.0.16 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md b/python/ql/lib/change-notes/released/4.0.17.md similarity index 77% rename from python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md rename to python/ql/lib/change-notes/released/4.0.17.md index d2eefde0e119..561e2db6a31c 100644 --- a/python/ql/lib/change-notes/2025-10-13-fix-importerror-on-python-3.14.md +++ b/python/ql/lib/change-notes/released/4.0.17.md @@ -1,4 +1,5 @@ ---- -category: fix ---- +## 4.0.17 + +### Bug Fixes + * The Python extractor no longer crashes with an `ImportError` when run using Python 3.14. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index 916d99df3ad6..d1339a1f762e 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.16 +lastReleaseVersion: 4.0.17 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 35ab576bf1a9..a7a4c26b5657 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.17-dev +version: 4.0.17 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index e620dee4fca9..aef1a87136d6 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.6.7 + +No user-facing changes. + ## 1.6.6 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/released/1.6.7.md b/python/ql/src/change-notes/released/1.6.7.md new file mode 100644 index 000000000000..aba3f8d9ff70 --- /dev/null +++ b/python/ql/src/change-notes/released/1.6.7.md @@ -0,0 +1,3 @@ +## 1.6.7 + +No user-facing changes. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index f8e54f30a672..0b49adeac7da 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.6.6 +lastReleaseVersion: 1.6.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 08336cbb3eb8..2eb8d46c68c3 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.6.7-dev +version: 1.6.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index a62232991b81..32e1dd3538b3 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.1.1 + +No user-facing changes. + ## 5.1.0 ### New Features diff --git a/ruby/ql/lib/change-notes/released/5.1.1.md b/ruby/ql/lib/change-notes/released/5.1.1.md new file mode 100644 index 000000000000..28b0060cedc5 --- /dev/null +++ b/ruby/ql/lib/change-notes/released/5.1.1.md @@ -0,0 +1,3 @@ +## 5.1.1 + +No user-facing changes. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index dd8d287d0103..dcb83eca6a3a 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.0 +lastReleaseVersion: 5.1.1 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index a503103b95d0..8791a8080ac7 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 5.1.1-dev +version: 5.1.1 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7811ea73f864..29a0f89236d5 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.7 + +No user-facing changes. + ## 1.4.6 No user-facing changes. diff --git a/ruby/ql/src/change-notes/released/1.4.7.md b/ruby/ql/src/change-notes/released/1.4.7.md new file mode 100644 index 000000000000..4f064ad746f9 --- /dev/null +++ b/ruby/ql/src/change-notes/released/1.4.7.md @@ -0,0 +1,3 @@ +## 1.4.7 + +No user-facing changes. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 3b00bbce928c..163362bd6321 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index a01acd1d674d..87412b0fdd99 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.4.7-dev +version: 1.4.7 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index ec04cd624a76..228d9c21637c 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,13 @@ +## 0.1.18 + +### New Features + +* Rust analysis is now Generally Available (GA). + +### Minor Analysis Improvements + +* Improve data flow through functions being passed as function pointers. + ## 0.1.17 ### New Features diff --git a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md b/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md deleted file mode 100644 index 7d1adb06e746..000000000000 --- a/rust/ql/lib/change-notes/2025-09-29-data-flow-function-pointer.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Improve data flow through functions being passed as function pointers. \ No newline at end of file diff --git a/rust/ql/lib/change-notes/2025-10-07-rust-ga.md b/rust/ql/lib/change-notes/2025-10-07-rust-ga.md deleted file mode 100644 index f24f4f6e4c36..000000000000 --- a/rust/ql/lib/change-notes/2025-10-07-rust-ga.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: feature ---- -* Rust analysis is now Generally Available (GA). diff --git a/rust/ql/lib/change-notes/released/0.1.18.md b/rust/ql/lib/change-notes/released/0.1.18.md new file mode 100644 index 000000000000..539b38a1d9cc --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.1.18.md @@ -0,0 +1,9 @@ +## 0.1.18 + +### New Features + +* Rust analysis is now Generally Available (GA). + +### Minor Analysis Improvements + +* Improve data flow through functions being passed as function pointers. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index eddeebba7bfe..a9893ce82c48 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.17 +lastReleaseVersion: 0.1.18 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 61c2ed8e81e1..0c4fb2d1c449 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.18-dev +version: 0.1.18 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 29117e66d4cb..df1c4e498568 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.1.18 + +### New Queries + +* Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. + ## 0.1.17 ### New Queries diff --git a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md b/rust/ql/src/change-notes/released/0.1.18.md similarity index 78% rename from rust/ql/src/change-notes/2025-09-19-insecure-cookie.md rename to rust/ql/src/change-notes/released/0.1.18.md index d84da707c43c..8249024b1455 100644 --- a/rust/ql/src/change-notes/2025-09-19-insecure-cookie.md +++ b/rust/ql/src/change-notes/released/0.1.18.md @@ -1,4 +1,5 @@ ---- -category: newQuery ---- +## 0.1.18 + +### New Queries + * Added a new query, `rust/insecure-cookie`, to detect cookies created without the 'Secure' attribute. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index eddeebba7bfe..a9893ce82c48 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.17 +lastReleaseVersion: 0.1.18 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 57d3e972fc69..ae14dfe64239 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.18-dev +version: 0.1.18 groups: - rust - queries diff --git a/shared/concepts/CHANGELOG.md b/shared/concepts/CHANGELOG.md index cfaa89c5ac2a..f7d8dfad9078 100644 --- a/shared/concepts/CHANGELOG.md +++ b/shared/concepts/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.7 + +No user-facing changes. + ## 0.0.6 No user-facing changes. diff --git a/shared/concepts/change-notes/released/0.0.7.md b/shared/concepts/change-notes/released/0.0.7.md new file mode 100644 index 000000000000..84da6f18c42e --- /dev/null +++ b/shared/concepts/change-notes/released/0.0.7.md @@ -0,0 +1,3 @@ +## 0.0.7 + +No user-facing changes. diff --git a/shared/concepts/codeql-pack.release.yml b/shared/concepts/codeql-pack.release.yml index cf398ce02aa4..a2a5484910bc 100644 --- a/shared/concepts/codeql-pack.release.yml +++ b/shared/concepts/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.6 +lastReleaseVersion: 0.0.7 diff --git a/shared/concepts/qlpack.yml b/shared/concepts/qlpack.yml index 452f932edef9..a22308185fe1 100644 --- a/shared/concepts/qlpack.yml +++ b/shared/concepts/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/concepts -version: 0.0.7-dev +version: 0.0.7 groups: shared library: true dependencies: diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index df7e781268e2..cb14761bb389 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.17.md b/shared/controlflow/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 660b1e125122..6f34e5333545 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 13be0b19eb2e..99ee484c7318 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.17.md b/shared/dataflow/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 166ef444b22c..d7cb0eefb907 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 9979556a4214..eda9cf4ddb21 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.33.md b/shared/mad/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index d9767452c27c..74599911e752 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/quantum/CHANGELOG.md b/shared/quantum/CHANGELOG.md index 1857b399fe88..d9dd6b6f2e25 100644 --- a/shared/quantum/CHANGELOG.md +++ b/shared/quantum/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.11 + +No user-facing changes. + ## 0.0.10 No user-facing changes. diff --git a/shared/quantum/change-notes/released/0.0.11.md b/shared/quantum/change-notes/released/0.0.11.md new file mode 100644 index 000000000000..19a2a55bd685 --- /dev/null +++ b/shared/quantum/change-notes/released/0.0.11.md @@ -0,0 +1,3 @@ +## 0.0.11 + +No user-facing changes. diff --git a/shared/quantum/codeql-pack.release.yml b/shared/quantum/codeql-pack.release.yml index b740014e5aed..e679dc420925 100644 --- a/shared/quantum/codeql-pack.release.yml +++ b/shared/quantum/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.10 +lastReleaseVersion: 0.0.11 diff --git a/shared/quantum/qlpack.yml b/shared/quantum/qlpack.yml index 7dfaa7479629..d3100a4df451 100644 --- a/shared/quantum/qlpack.yml +++ b/shared/quantum/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/quantum -version: 0.0.11-dev +version: 0.0.11 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 50ea4c310f68..7a0776cf53cc 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.33.md b/shared/rangeanalysis/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 85341d10420b..b1d244dd8138 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 830e0da6f287..2507f237ec0a 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.33.md b/shared/regex/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index 72347bcd1601..bbf599db62f5 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index 8e4b1482e78b..cb33a2dd6137 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.9 + +No user-facing changes. + ## 2.0.8 No user-facing changes. diff --git a/shared/ssa/change-notes/released/2.0.9.md b/shared/ssa/change-notes/released/2.0.9.md new file mode 100644 index 000000000000..b89eb98bbd9d --- /dev/null +++ b/shared/ssa/change-notes/released/2.0.9.md @@ -0,0 +1,3 @@ +## 2.0.9 + +No user-facing changes. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 7ffb2d9f65be..ce305265e337 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.8 +lastReleaseVersion: 2.0.9 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 3c1f3fe02784..ef8d64df57cd 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 2.0.9-dev +version: 2.0.9 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index 331bb4c220e0..102463df544a 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.33.md b/shared/threat-models/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index e28c5f26dd84..cc8146b434c7 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.33-dev +version: 1.0.33 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 6f6d29c25040..e982f144f9c4 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.33.md b/shared/tutorial/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 33dc89bc60cc..fab2fc6fbfdb 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 592596c37d21..32d26faa9f46 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.33.md b/shared/typeflow/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 5d257b81fc61..9fc3902c6c04 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 29ece641a7e3..ad4781e2cbda 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.14 + +No user-facing changes. + ## 0.0.13 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.14.md b/shared/typeinference/change-notes/released/0.0.14.md new file mode 100644 index 000000000000..63b4d50ca454 --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.14.md @@ -0,0 +1,3 @@ +## 0.0.14 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index 044e54e4f7e5..ca29e45d0a67 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.13 +lastReleaseVersion: 0.0.14 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 5d8f8a6011f0..36e5b63799a8 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.14-dev +version: 0.0.14 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index 6b132f75a558..a536c7073034 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.17 + +No user-facing changes. + ## 2.0.16 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.17.md b/shared/typetracking/change-notes/released/2.0.17.md new file mode 100644 index 000000000000..0ed1592726c8 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.17.md @@ -0,0 +1,3 @@ +## 2.0.17 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index c10461a785cf..a5f7c15c020f 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.16 +lastReleaseVersion: 2.0.17 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 6bc1e76cfb49..2dadf4b90856 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.17-dev +version: 2.0.17 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 2661fcc93085..979e0c24d1e5 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.33.md b/shared/typos/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index a045761cd92c..ef9f5adb4543 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index 3ded7f7af706..0f0cdcc36ca0 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.20 + +No user-facing changes. + ## 2.0.19 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.20.md b/shared/util/change-notes/released/2.0.20.md new file mode 100644 index 000000000000..6756bd5f6c18 --- /dev/null +++ b/shared/util/change-notes/released/2.0.20.md @@ -0,0 +1,3 @@ +## 2.0.20 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 4aecf1e1f86f..cde101f35162 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.19 +lastReleaseVersion: 2.0.20 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index 33bf4527cf00..b90f801666d2 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.20-dev +version: 2.0.20 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 2c1d2132c7e1..f0d7c829bfb3 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.33.md b/shared/xml/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 62fcccb2453c..e18481717997 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 31243ec36be5..2ca0a52f6368 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.33 + +No user-facing changes. + ## 1.0.32 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.33.md b/shared/yaml/change-notes/released/1.0.33.md new file mode 100644 index 000000000000..3a65838479f2 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.33.md @@ -0,0 +1,3 @@ +## 1.0.33 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 7bc5c51ba7bf..914c722b5d98 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.32 +lastReleaseVersion: 1.0.33 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 6c49b5f27ba2..203802df80af 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.33-dev +version: 1.0.33 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index eb3b3da96897..4b8852b67110 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 5.0.9 + +No user-facing changes. + ## 5.0.8 No user-facing changes. diff --git a/swift/ql/lib/change-notes/released/5.0.9.md b/swift/ql/lib/change-notes/released/5.0.9.md new file mode 100644 index 000000000000..5fca9bba5f7d --- /dev/null +++ b/swift/ql/lib/change-notes/released/5.0.9.md @@ -0,0 +1,3 @@ +## 5.0.9 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index c608aca69694..2b650f0b3405 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.0.8 +lastReleaseVersion: 5.0.9 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 4ad0623d0f30..19753127baa8 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 5.0.9-dev +version: 5.0.9 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index be2f79710a9c..f3fe65f7bd82 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.2.7 + +No user-facing changes. + ## 1.2.6 No user-facing changes. diff --git a/swift/ql/src/change-notes/released/1.2.7.md b/swift/ql/src/change-notes/released/1.2.7.md new file mode 100644 index 000000000000..99f957692acd --- /dev/null +++ b/swift/ql/src/change-notes/released/1.2.7.md @@ -0,0 +1,3 @@ +## 1.2.7 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 24962f7ba24b..950e0645d4a7 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.2.6 +lastReleaseVersion: 1.2.7 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index ea5431f192eb..37771782a762 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.2.7-dev +version: 1.2.7 groups: - swift - queries From 9507ec08530d7f95679dbfe1d9032040d1073570 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:09:43 +0100 Subject: [PATCH 303/307] Fix "be be" typos --- .../ql/src/experimental/Security/CWE-200/SecretExfiltration.ql | 2 +- go/ql/lib/CHANGELOG.md | 2 +- go/ql/lib/change-notes/released/5.0.0.md | 2 +- ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql b/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql index 2e583a989893..2b4ed1a30b45 100644 --- a/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql +++ b/actions/ql/src/experimental/Security/CWE-200/SecretExfiltration.ql @@ -19,5 +19,5 @@ import SecretExfiltrationFlow::PathGraph from SecretExfiltrationFlow::PathNode source, SecretExfiltrationFlow::PathNode sink where SecretExfiltrationFlow::flowPath(source, sink) select sink.getNode(), source, sink, - "Potential secret exfiltration in $@, which may be be leaked to an attacker-controlled resource.", + "Potential secret exfiltration in $@, which may be leaked to an attacker-controlled resource.", sink, sink.getNode().asExpr().(Expression).getRawExpression() diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index ce835278cb18..71d6bfdc60f6 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -12,7 +12,7 @@ ### Major Analysis Improvements -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/released/5.0.0.md b/go/ql/lib/change-notes/released/5.0.0.md index 869479762804..096e0b350bf6 100644 --- a/go/ql/lib/change-notes/released/5.0.0.md +++ b/go/ql/lib/change-notes/released/5.0.0.md @@ -12,7 +12,7 @@ ### Major Analysis Improvements -* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. +* The shape of the Go data-flow graph has changed. Previously for code like `x := def(); use1(x); use2(x)`, there would be edges from the definition of `x` to each use. Now there is an edge from the definition to the first use, then another from the first use to the second, and so on. This means that data-flow barriers work differently - flow will not reach any uses after the barrier node. Where this is not desired it may be necessary to add an additional flow step to propagate the flow forward. Additionally, when a variable may be subject to a side-effect, such as updating an array, passing a pointer to a function that might write through it or writing to a field of a struct, there is now a dedicated post-update node representing the variable after this side-effect has taken place. Previously post-update nodes were aliases for either a variable's definition, or were equal to the pre-update node. This led to backwards steps in the data-flow graph, which could cause false positives. For example, in the previous code there would be an edge from `x` in `use2(x)` back to the definition of `x`. If we define our sources as any argument of `use2` and our sinks as any argument of `use1` then this would lead to a false positive path. Now there are distinct post-update nodes and no backwards edge to the definition, so we will not find this false positive path. ### Minor Analysis Improvements diff --git a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll index cef6cb4fa043..0342932a6144 100644 --- a/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll +++ b/ruby/ql/lib/codeql/ruby/frameworks/core/Kernel.qll @@ -51,7 +51,7 @@ module Kernel { /** * Holds if `method` is a name of a private method in the `Kernel` module. - * These can be be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`. + * These can be invoked on `self`, on `Kernel`, or using a low-level primitive like `send` or `instance_eval`. * ```ruby * puts "hello world" * Kernel.puts "hello world" From 9466279909e3392a6dc4b2e2480008dc45dce8e7 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:10:42 +0100 Subject: [PATCH 304/307] Prefer code quotes for BMN --- cpp/ql/lib/CHANGELOG.md | 2 +- cpp/ql/lib/change-notes/released/6.0.0.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e227764cca0a..1c05251c8cee 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -6,7 +6,7 @@ ### New Features -* The C/C++ "build-mode: none" support is now General Availability (GA). +* The C/C++ `build-mode: none` support is now General Availability (GA). ## 5.6.1 diff --git a/cpp/ql/lib/change-notes/released/6.0.0.md b/cpp/ql/lib/change-notes/released/6.0.0.md index 5f5a355f5944..b6eb7cef1f5a 100644 --- a/cpp/ql/lib/change-notes/released/6.0.0.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -6,4 +6,4 @@ ### New Features -* The C/C++ "build-mode: none" support is now General Availability (GA). +* The C/C++ `build-mode: none` support is now General Availability (GA). From 17352a101d0e51551b6dcc0bee48a08e2ee7c87d Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:13:23 +0100 Subject: [PATCH 305/307] Rephrase C++ BMN changelog note --- cpp/ql/lib/CHANGELOG.md | 2 +- cpp/ql/lib/change-notes/released/6.0.0.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index 1c05251c8cee..093b31078e0c 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -6,7 +6,7 @@ ### New Features -* The C/C++ `build-mode: none` support is now General Availability (GA). +* C/C++ `build-mode: none` support is now generally available. ## 5.6.1 diff --git a/cpp/ql/lib/change-notes/released/6.0.0.md b/cpp/ql/lib/change-notes/released/6.0.0.md index b6eb7cef1f5a..574e05442ec4 100644 --- a/cpp/ql/lib/change-notes/released/6.0.0.md +++ b/cpp/ql/lib/change-notes/released/6.0.0.md @@ -6,4 +6,4 @@ ### New Features -* The C/C++ `build-mode: none` support is now General Availability (GA). +* C/C++ `build-mode: none` support is now generally available. From 5310469d6958edd2f3fbb64e58f1b87a55004500 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:33:01 +0100 Subject: [PATCH 306/307] Actions: Update `SecretExfiltration` output for typo fix --- .../query-tests/Security/CWE-200/SecretExfiltration.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.expected b/actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.expected index 259746eaec9a..59b58e03be78 100644 --- a/actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.expected +++ b/actions/ql/test/query-tests/Security/CWE-200/SecretExfiltration.expected @@ -3,4 +3,4 @@ nodes | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | semmle.label | github.event.pull_request.title | subpaths #select -| .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | Potential secret exfiltration in $@, which may be be leaked to an attacker-controlled resource. | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | +| .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | Potential secret exfiltration in $@, which may be leaked to an attacker-controlled resource. | .github/workflows/test1.yml:15:11:16:75 | github.event.pull_request.title | ${{ github.event.pull_request.title }} | From b737bccb07b7b27b81b08b857aa329357ba0b1a2 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 14 Oct 2025 11:33:24 +0100 Subject: [PATCH 307/307] Python: Fix "be be" typos in qhelp --- .../CallsToInitDel/SuperclassDelCalledMultipleTimes.qhelp | 2 +- .../CallsToInitDel/SuperclassInitCalledMultipleTimes.qhelp | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/src/Classes/CallsToInitDel/SuperclassDelCalledMultipleTimes.qhelp b/python/ql/src/Classes/CallsToInitDel/SuperclassDelCalledMultipleTimes.qhelp index df9c073fcceb..e61627c878fb 100644 --- a/python/ql/src/Classes/CallsToInitDel/SuperclassDelCalledMultipleTimes.qhelp +++ b/python/ql/src/Classes/CallsToInitDel/SuperclassDelCalledMultipleTimes.qhelp @@ -16,7 +16,7 @@ If a superclass finalizer is called multiple times, this may lead to errors such cleaned up properly as expected.

    -

    There are a number of ways that a __del__ method may be be called more than once.

    +

    There are a number of ways that a __del__ method may be called more than once.

    • There may be more than one explicit call to the method in the hierarchy of __del__ methods.
    • In situations involving multiple inheritance, an finalization method may call the finalizers of each of its base types, diff --git a/python/ql/src/Classes/CallsToInitDel/SuperclassInitCalledMultipleTimes.qhelp b/python/ql/src/Classes/CallsToInitDel/SuperclassInitCalledMultipleTimes.qhelp index d7060adef8d9..e615144ff080 100644 --- a/python/ql/src/Classes/CallsToInitDel/SuperclassInitCalledMultipleTimes.qhelp +++ b/python/ql/src/Classes/CallsToInitDel/SuperclassInitCalledMultipleTimes.qhelp @@ -16,7 +16,7 @@ that it could be called multiple times. For example, it may set attributes to a values setting those attributes in a subclass.

      -

      There are a number of ways that an __init__ method may be be called more than once.

      +

      There are a number of ways that an __init__ method may be called more than once.

      • There may be more than one explicit call to the method in the hierarchy of __init__ methods.
      • In situations involving multiple inheritance, an initialization method may call the initializers of each of its base types,