hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Associate endpoints with their potential endpoint types and check these when determining candidates.

Browse Source 
This prevents us from associating a sink candidate with a source type and vice versa.

However, this does not fix the problem of negative characteristics for sink types excluding source candidates.
This commit is contained in:
Max Schaefer
2024-01-11 11:34:40 +00:00
parent a6d996b478
commit 03ca244df2
3 changed files with 31 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
java/ql/automodel/src/AutomodelApplicationModeCharacteristics.qll
View File

@@ -96,6 +96,18 @@ abstract private class ApplicationModeEndpoint extends TApplicationModeEndpoint
else none() // if both exist, it would be a summaryModel (not yet supported) else none() // if both exist, it would be a summaryModel (not yet supported)
} }
/**
* Gets a potential type of this endpoint to make sure that sources are
* associated with source types and sinks with sink types.
*/
AutomodelEndpointTypes::EndpointType getAPotentialType() {
this.getExtensibleType() = "sourceModel" and
result instanceof AutomodelEndpointTypes::SourceType
or
this.getExtensibleType() = "sinkModel" and
result instanceof AutomodelEndpointTypes::SinkType
}
abstract string toString(); abstract string toString();
} }

12
java/ql/automodel/src/AutomodelFrameworkModeCharacteristics.qll
View File

@@ -90,6 +90,18 @@ abstract class FrameworkModeEndpoint extends TFrameworkModeEndpoint {
abstract string getExtensibleType(); abstract string getExtensibleType();
/**
* Gets a potential type of this endpoint to make sure that sources are
* associated with source types and sinks with sink types.
*/
AutomodelEndpointTypes::EndpointType getAPotentialType() {
this.getExtensibleType() = "sourceModel" and
result instanceof AutomodelEndpointTypes::SourceType
or
this.getExtensibleType() = "sinkModel" and
result instanceof AutomodelEndpointTypes::SinkType
}
string toString() { result = this.asTop().toString() } string toString() { result = this.asTop().toString() }
Location getLocation() { result = this.asTop().getLocation() } Location getLocation() { result = this.asTop().getLocation() }

11
java/ql/automodel/src/AutomodelSharedCharacteristics.qll
View File

@@ -16,7 +16,9 @@ signature module CandidateSig {
* An endpoint is a potential candidate for modeling. This will typically be bound to the language's * An endpoint is a potential candidate for modeling. This will typically be bound to the language's
* DataFlow node class, or a subtype thereof. * DataFlow node class, or a subtype thereof.
*/ */
class Endpoint; class Endpoint {
EndpointType getAPotentialType();
}
/** /**
* A related location for an endpoint. This will typically be bound to the supertype of all AST nodes (eg., `Top`). * A related location for an endpoint. This will typically be bound to the supertype of all AST nodes (eg., `Top`).
@@ -122,9 +124,10 @@ module SharedCharacteristics<CandidateSig Candidate> {
* *
* A candidate is an endpoint that cannot be excluded from `endpointType` based on its characteristics. * A candidate is an endpoint that cannot be excluded from `endpointType` based on its characteristics.
*/ */
predicate isCandidate(Candidate::Endpoint candidateSink, Candidate::EndpointType sinkType) { predicate isCandidate(Candidate::Endpoint endpoint, Candidate::EndpointType endpointType) {
not sinkType instanceof Candidate::NegativeEndpointType and not endpointType instanceof Candidate::NegativeEndpointType and
not exists(getAnExcludingCharacteristic(candidateSink, sinkType)) endpointType = endpoint.getAPotentialType() and
not exists(getAnExcludingCharacteristic(endpoint, endpointType))
} }
/** /**