link
nvme-cli
tokunori@tokunori-desktop:~/nvme-cli$ make clean
ninja -C .build -t clean
Cleaning... 94 files.
tokunori@tokunori-desktop:~/codeal_work/codeql$ ./codeql database create --overwrite --command "make -j32" -l=c -s ../../nvme-cli codeql_db
Initializing database at /home/tokunori/codeal_work/codeql/codeql_db.
Running build command: [make, -j32]
[2024-02-24 15:04:43] [build-stdout] ninja -C .build
[2024-02-24 15:04:43] [build-stdout] ninja: Entering directory `.build'
[2024-02-24 15:04:45] [build-stdout] [1/2] Compiling C object nvme.p/nvme.c.o
[2024-02-24 15:04:45] [build-stdout] [2/2] Linking target nvme
Finalizing database at /home/tokunori/codeal_work/codeql/codeql_db.
Running pre-finalize script /home/tokunori/codeal_work/codeql/cpp/tools/pre-finalize.sh in /home/tokunori/nvme-cli.
Running TRAP import for CodeQL database at /home/tokunori/codeal_work/codeql/codeql_db...
Grouping TRAP files by link target
Grouping unlinked TRAP files together
Scanning TRAP files
Assembling TRAP files
Importing TRAP files
Merging relations
Finished writing database (relations: 7.47 MiB; string pool: 4.78 MiB).
TRAP import complete (2.1s).
Finished zipping source archive (542.57 KiB).
Successfully created database at /home/tokunori/codeal_work/codeql/codeql_db.
tokunori@tokunori-desktop:~/codeal_work/codeql$ ./codeql database analyze "codeql_db" ../ql/cpp/ql/src/Critical/UseAfterFree.ql --format csv --output cwe-critical-result.csv
Running queries.
Compiling query plan for /home/tokunori/codeal_work/codeql/../ql/cpp/ql/src/Critical/UseAfterFree.ql.
[1/1] Found in cache: /home/tokunori/codeal_work/codeql/../ql/cpp/ql/src/Critical/UseAfterFree.ql.
UseAfterFree.ql: [1/1 eval 8s] Results written to codeql/cpp-queries/Critical/UseAfterFree.bqrs.
Shutting down query evaluator.
Interpreting results.
cwe-367
[2024-02-25 03:18:03.702] tokunori@tokunori-desktop:~/codeal_work/codeql$ ./codeql database create --overwrite --command "make -j32" -l=c -s ../../nvme-cli codeql_db
tokunori@tokunori-desktop:~/codeal_work/codeql$ cat cwe-367-test-result.csv
[2024-02-25 03:18:04.902] ./codeql database analyze "codeql_db" ../ql/cpp/ql/src/Security/CWE/CWE-367/ --format csv --output cwe-367-test-result.csv
[2024-02-25 03:18:06.184] Running queries.
[2024-02-25 03:18:07.122] Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql.
[2024-02-25 03:18:07.809] [1/1] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql.
[2024-02-25 03:18:07.809] TOCTOUFilesystemRace.ql: TOCTOUFilesystemRace.ql: (queued)TOCTOUFilesystemRace.ql: exprs_10#join_rhsTOCTOUFilesystemRace.ql: exprparents_201#join_rhsTOCTOUFilesystemRace.ql: @castTOCTOUFilesystemRace.ql: expr_typesTOCTOUFilesystemRace.ql: num#InstructionTag::DynamicInitializationFlagConstantTag#0bb6604bTOCTOUFilesystemRace.ql: Expr::Expr.getType/0#1bba7540TOCTOUFilesystemRace.ql: Function::Function.getType/0#dispred#e26ffc1eTOCTOUFilesystemRace.ql: Declaration::DeclarationEntry.getCanonicalName/0#dispred#95e5b913TOCTOUFilesystemRace.ql: Element::Element.getEnclosingElement/0#dispred#a74df793TOCTOUFilesystemRace.ql: Literal::TextLiteral#c60dc64aTOCTOUFilesystemRace.ql: TranslatedExpr::getEnclosingFunction/1#0cfaac4dTOCTOUFilesystemRace.ql: Parameter::Parameter.getFunction/0#dispred#803faca2TOCTOUFilesystemRace.ql: CFG::getControlOrderChildDense/2#e051a738TOCTOUFilesystemRace.ql: CFG::subEdgeIncludingDestructors/4#7a1a484fTOCTOUFilesystemRace.ql: iteration 8 of CFG::normalGroupMember/3#aeb6b478TOCTOUFilesystemRace.ql: iteration 11 of PrimitiveBasicBlocks::primitive_basic_block_member/3#8012f2edTOCTOUFilesystemRace.ql: PrimitiveBasicBlocks::primitive_bb_successor/2#43186a7eTOCTOUFilesystemRace.ql: _EscapesTree::addressMayEscapeAt/1#fa9515b7_Expr::Expr.getType/0#dispred#444cc5af#sharedTOCTOUFilesystemRace.ql: _ConstantExprs::returnStmt/2#251393f3_10#join_rhs_Expr::Expr.getValue/0#dispred#5f237cff_0#TOCTOUFilesystemRace.ql: ConstantExprs::ExprEvaluator.getVariableValue/2#dispred#9246f5ce#bfffTOCTOUFilesystemRace.ql: iteration 343 of ConstantExprs::reachableRecursive/1#5bf3c6af etcTOCTOUFilesystemRace.ql: BasicBlocks::bb_successor/2#60e0df8cTOCTOUFilesystemRace.ql: iteration 4 of SSAUtils::live_at_exit_of_bb/2#869ea5b0 etcTOCTOUFilesystemRace.ql: SSAUtils::SsaHelper.custom_phi_node/2#dispred#56efe5a7TOCTOUFilesystemRace.ql: SSAUtils::SsaHelper.defUseRank/4#dispred#513b7744#fbfffTOCTOUFilesystemRace.ql: iteration 5 of SSAUtils::SsaHelper.ssaDefinitionReachesEndOfBB/3#7bad20ccTOCTOUFilesystemRace.ql: TranslatedExpr::getTranslatedExpr/1#72f00b5dTOCTOUFilesystemRace.ql: SideEffects::hasDefaultSideEffect/4#8eb28c5b#fbfbTOCTOUFilesystemRace.ql: TranslatedCall::TranslatedArgumentSideEffect.getIndirectionType/0#dispred#46f2cb0aTOCTOUFilesystemRace.ql: _TranslatedDeclarationEntry::TranslatedDeclarationEntry#class#a83df571_TranslatedStmt::TranTOCTOUFilesystemRace.ql: TranslatedExpr::TranslatedExpr.getResultType/0#dispred#2eebf70fTOCTOUFilesystemRace.ql: iteration 1 of TranslatedElement::TranslatedElement.getFunction/0#dispred#b7a14e3cTOCTOUFilesystemRace.ql: TInstruction::TRawInstruction#fec33b3e TOCTOUFilesystemRace.ql: Instruction::Instruction.getResultLanguageType/0#dispred#6a442fecTOCTOUFilesystemRace.ql: IRConstruction::getInstructionOpcode/2#7a2f4787TOCTOUFilesystemRace.ql: TranslatedCall::TranslatedCall.getArgument/1#dispred#0269495e_201#join_rhsTOCTOUFilesystemRace.ql: TranslatedElement::TranslatedElement.getChild/1#dispred#6aaf00cb_10#join_rhsTOCTOUFilesystemRace.ql: TranslatedElement::TranslatedElement.getInstructionRegisterOperand/2#dispred#845e6b68TOCTOUFilesystemRace.ql: iteration 2 of Expr::Expr.getUnconverted/0#530bc686TOCTOUFilesystemRace.ql: iteration 2 of TranslatedExpr::TranslatedConditionalExpr.getChildSuccessor/2#0f476f33 etcTOCTOUFilesystemRace.ql: iteration 4 of TranslatedExpr::TranslatedConditionalExpr.getChildSuccessor/2#0f476f33 etcTOCTOUFilesystemRace.ql: iteration 8 of TranslatedElement::TranslatedElement.getFirstInstruction/1#dispred#c118dc32 TOCTOUFilesystemRace.ql: iteration 4 of TranslatedCondition::ConditionContext.getChildFalseSuccessor/2#dispred#4cd54TOCTOUFilesystemRace.ql: _project#Instruction::Instruction.getSuccessor/1#dispred#2ba055f4#2_project#Instruction::InTOCTOUFilesystemRace.ql: TranslatedElement::TranslatedElement.getInstructionSuccessor/2#dispred#e26b75e5_3012#join_rTOCTOUFilesystemRace.ql: shortestDistances@IRBlock::startsBasicBlock/1#6944ea67#1@IRBlock::adjacentInBlock/2#0d89f95TOCTOUFilesystemRace.ql: IRBlock::Cached::getInstruction/2#cced55ef TOCTOUFilesystemRace.ql: Instruction::IntegerConstantInstruction#ca0cbece TOCTOUFilesystemRace.ql: boundedFastTC:IRConstruction::getNonPhiOperandDefOfIntermediate/1#e20c8cd5:IRConstruction::TOCTOUFilesystemRace.ql: Operand::UnaryOperand#daa78ee0 TOCTOUFilesystemRace.ql: boundedFastTC:IRBlock::blockImmediatelyPostDominates/2#66737676:IRBlock::Cached::TIRBlock#eTOCTOUFilesystemRace.ql: IRConstruction::Raw::getInstructionVariable/1#6aee085f TOCTOUFilesystemRace.ql: AliasAnalysis::getConstantValue/1#b81a9f8f TOCTOUFilesystemRace.ql: iteration 1 of AliasAnalysis::hasBaseAndOffset/3#022302ba TOCTOUFilesystemRace.ql: _AliasAnalysis::hasBaseAndOffset/3#022302ba_AliasAnalysis::hasBaseAndOffset/3#022302ba_201#TOCTOUFilesystemRace.ql: _IRBlock::Cached::getInstruction/2#cced55ef_ReachableBlock::ReachableBlock#5014000a#sharedTOCTOUFilesystemRace.ql: _SSAConstruction::getOldInstruction/1#98362d07_SSAConstruction::hasInstruction/1#53f30faa#sTOCTOUFilesystemRace.ql: SSAConstruction::getInstructionOpcode/2#ec2d1f97 TOCTOUFilesystemRace.ql: boundedFastTC:IRBlock::Cached::forwardEdgeRaw/2#232b5f66:_IRBlock::Cached::blockIdentity/2#TOCTOUFilesystemRace.ql: _project#SSAConstruction::getInstructionSuccessor/2#8f502edb#2_10#unique_range_project#SSACTOCTOUFilesystemRace.ql: shortestDistances@IRBlock::startsBasicBlock/1#4c7be3ed#1@IRBlock::adjacentInBlock/2#c902cfbTOCTOUFilesystemRace.ql: project#IRBlock::Cached::getInstruction/2#b0d4a3ea TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::hasUse/4#5e821c10 TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::getDefinitionOrChiInstruction/4#a2626d4b TOCTOUFilesystemRace.ql: Operand::Operand.getUse/0#dispred#3d3f23d8_10#join_rhs TOCTOUFilesystemRace.ql: Instruction::UnaryInstruction.getUnary/0#dispred#640583ca_10#join_rhsTOCTOUFilesystemRace.ql: Instruction::Instruction.getBlock/0#dispred#b0abd812 TOCTOUFilesystemRace.ql: iteration 1 of Element::ElementBase.toString/0#dispred#6e016f86 TOCTOUFilesystemRace.ql: Operand::NonPhiOperand#9ec9c488_10#join_rhs TOCTOUFilesystemRace.ql: AliasAnalysis::operandIsPropagated/3#963e10ee TOCTOUFilesystemRace.ql: _AliasAnalysis::hasBaseAndOffset/3#226ecbd8_Operand::Operand.getDef/0#dispred#41cf0e3b_OperTOCTOUFilesystemRace.ql: Operand::MemoryOperand.getMemoryAccess/0#dispred#3cc0640b TOCTOUFilesystemRace.ql: AliasedSSA::isCoveredOffset/3#8da30acf TOCTOUFilesystemRace.ql: AliasedSSA::getVariableMemoryLocationOverlap/2#4c9b449e TOCTOUFilesystemRace.ql: __AliasedSSA::MemoryLocation.canDefineReadOnly/0#dispred#dd141691_AliasedSSA::MemoryLocatioTOCTOUFilesystemRace.ql: SSAConstruction::hasChiNode/2#3f8811c1 TOCTOUFilesystemRace.ql: AliasedSSA::getOperandMemoryLocation/1#c296fc31 TOCTOUFilesystemRace.ql: _SSAConstruction::PhiInsertion::definitionHasRedefinition/3#ea5516d0_SSAConstruction::PhiInTOCTOUFilesystemRace.ql: SSAConstruction::getInstructionEnclosingIRFunction/1#5443f355 TOCTOUFilesystemRace.ql: SSAConstruction::getInstructionSuccessor/2#4698fe4a TOCTOUFilesystemRace.ql: SSAConstruction::getInstructionOperandType/2#7a947a10 TOCTOUFilesystemRace.ql: project#SSAConstruction::getInstructionSuccessor/2#4698fe4a#2_10#unique_range TOCTOUFilesystemRace.ql: IRBlock::adjacentInBlock/2#1de7c022_1#antijoin_rhs TOCTOUFilesystemRace.ql: shortestDistances@IRBlock::startsBasicBlock/1#87627033#1@IRBlock::adjacentInBlock/2#1de7c02TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::hasNonPhiDefinition/4#7da496d1 TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::getDefinitionOrChiInstruction/4#c5b0c899 TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::hasUse/4#69d16c00 TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::defUseRank/4#b00da839 TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::hasDefinitionAtRank/5#542c3cfb TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::definitionReachesRank/4#bd5ffd00_0132#join_rhs TOCTOUFilesystemRace.ql: iteration 8 of SSAConstruction::DefUse::locationLiveOnExitFromBlock/2#01e9ad4e etcTOCTOUFilesystemRace.ql: iteration 50 of SSAConstruction::DefUse::definitionReachesEndOfBlock/4#634e3fbe TOCTOUFilesystemRace.ql: Operand::RegisterOperand#70a4cccc TOCTOUFilesystemRace.ql: IRBlock::IRBlock.dominates/1#dispred#aaa17d63 TOCTOUFilesystemRace.ql: iteration 1 of TranslatedElement::ignoreExprAndDescendants/1#270fa888 TOCTOUFilesystemRace.ql: m#Call::Call.getArgument/1#dispred#ada436ba#bff TOCTOUFilesystemRace.ql: Instruction::Instruction.getResultIRType/0#dispred#b64cb06b_10#join_rhs TOCTOUFilesystemRace.ql: SSAConstruction::DefUse::definitionReachesUseWithinBlock/5#62b13073 TOCTOUFilesystemRace.ql: SSAConstruction::getMemoryOperandDefinition0/3#0b7d76f7 TOCTOUFilesystemRace.ql: SSAConstruction::chiOnlyPartiallyUpdatesLocation/1#fdf15202 TOCTOUFilesystemRace.ql: (completed)TOCTOUFilesystemRace.ql: [1/1 eval 20.4s] Results written to codeql/cpp-queries/Security/CWE/CWE-367/TOCTOUFilesyste
[2024-02-25 03:18:28.215] Shutting down query evaluator.
[2024-02-25 03:18:28.418] Interpreting results.
[2024-02-25 03:18:28.793] tokunori@tokunori-desktop:~/codeal_work/codeql$ ./codeql database analyze "codeql_db" ../ql/cpp/ql/src/Security/CWE/CWE-367/ --format csv --output cwe-367-test-result.csv create --overwrite --command "make -j32" -l=c -s ../../nvme-cli codeql_dbtokunori@tokunori-desktop:~/codeal_work/codeql$ cat cwe-367-test-result.csv
[2024-02-25 03:18:35.387]
[2024-02-25 03:18:35.387] tokunori@tokunori-desktop:~/codeal_work/codeql$
CWE-190
tokunori@tokunori-desktop:~/codeal_work/codeql$ ./codeql database analyze "codeql_db" ../ql/cpp/ql/src/Security/CWE/CWE-190/ --format csv --output cwe-190-result.csv
Running queries.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql.
[1/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql.
[2/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/IntegerOverflowTainted.ql.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql.
[3/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql.
[4/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/TaintedAllocationSize.ql.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql.
[5/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql.
Compiling query plan for /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql.
[6/6] Found in cache: /home/tokunori/codeal_work/ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql.
ArithmeticTainted.ql : [1/6 eval 11.6s] Results written to codeql/cpp-queries/Security/CWE/CWE-190/Arithmet
ArithmeticUncontrolled.ql : [2/6 eval 95ms] Results written to codeql/cpp-queries/Security/CWE/CWE-190/Arithmeti
ArithmeticWithExtremeValues.ql: [3/6 eval 107ms] Results written to codeql/cpp-queries/Security/CWE/CWE-190/Arithmet
ComparisonWithWiderType.ql : [4/6 eval 69ms] Results written to codeql/cpp-queries/Security/CWE/CWE-190/Compariso
IntegerOverflowTainted.ql : [5/6 eval 182ms] Results written to codeql/cpp-queries/Security/CWE/CWE-190/IntegerO
TaintedAllocationSize.ql : [6/6 eval 407ms] Results written to codeql/cpp-queries/Security/CWE/CWE-190/TaintedA
Shutting down query evaluator.
Interpreting results.
tokunori@tokunori-desktop:~/codeal_work/codeql$ cat cwe-190-result.csv
"Potential integer arithmetic overflow","A user-controlled integer arithmetic expression that is not validated can cause overflows.","warning","[[""string read by fgets""|""relative:///plugins/micron/micron-nvme.c:964:14:964:24""]] flows an expression which might overflow.","/plugins/micron/micron-nvme.c","987","23","987","58"
"Potential integer arithmetic overflow","A user-controlled integer arithmetic expression that is not validated can cause overflows.","warning","[[""string read by fgets""|""relative:///plugins/micron/micron-nvme.c:979:14:979:26""]] flows an expression which might overflow.","/plugins/micron/micron-nvme.c","988","25","988","62"
"Potential integer arithmetic overflow","A user-controlled integer arithmetic expression that is not validated can cause overflows.","warning","[[""buffer read by read""|""relative:///plugins/micron/micron-nvme.c:107:17:107:21""]] flows an expression which might overflow.","/plugins/micron/micron-nvme.c","112","9","112","31"
"Potential integer arithmetic overflow","A user-controlled integer arithmetic expression that is not validated can cause overflows.","warning","[[""buffer read by read""|""relative:///plugins/wdc/wdc-nvme.c:1497:17:1497:18""]] flows an expression which might overflow.","/plugins/wdc/wdc-nvme.c","1508","15","1508","33"
"Potential integer arithmetic overflow","A user-controlled integer arithmetic expression that is not validated can cause overflows.","warning","[[""buffer read by read""|""relative:///plugins/wdc/wdc-nvme.c:1497:17:1497:18""]] flows an expression which might overflow.
[[""buffer read by read""|""relative:///plugins/wdc/wdc-nvme.c:1517:17:1517:18""]] flows an expression which might overflow.","/plugins/wdc/wdc-nvme.c","1528","15","1528","33"