hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19273 from MathiasVP/prepare-shared-mad-generation-for-cpp

Browse Source 
Shared: Prepare model generation for C++ adoption
This commit is contained in:
Mathias Vorreiter Pedersen
2025-04-11 07:22:56 -07:00
committed by GitHub
parent 877118fb3b ea3bb8cf0c
commit 11aef7019e
4 changed files with 68 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
View File

@@ -44,23 +44,19 @@ signature module ModelGeneratorInputSig<LocationSig Location, InputSig<Location>
* Gets the type of this node.
*/
Type getType();
/**
* Gets the enclosing callable of this node.
*/
Callable getEnclosingCallable();
/**
* Gets the enclosing callable of this node, when considered as an expression.
*/
Callable getAsExprEnclosingCallable();
/**
* Gets the parameter corresponding to this node, if any.
*/
Parameter asParameter();
}
/** Gets the enclosing callable of `node`. */
Callable getEnclosingCallable(NodeExtended node);
/**
* Gets the enclosing callable of `node`, when considered as an expression.
*/
Callable getAsExprEnclosingCallable(NodeExtended node);
/** Gets the parameter corresponding to this node, if any. */
Parameter asParameter(NodeExtended n);
/**
* A class of callables that are potentially relevant for generating summary or
* neutral models.
@@ -226,6 +222,14 @@ signature module ModelGeneratorInputSig<LocationSig Location, InputSig<Location>
*/
default Lang::ParameterPosition getReturnKindParamPosition(Lang::ReturnKind node) { none() }
/**
* Gets the string that represents the return value corresponding to the
* return kind `kind`.
*
* For most languages this will be the string "ReturnValue".
*/
default string getReturnValueString(Lang::ReturnKind kind) { result = "ReturnValue" }
/**
* Holds if it is irrelevant to generate models for `api` based on data flow analysis.
*
@@ -321,9 +325,11 @@ module MakeModelGenerator<
private module PrintReturnNodeExt<printCallableParamSig/2 printCallableParam> {
string getOutput(ReturnNodeExt node) {
node.getKind() instanceof DataFlow::ValueReturnKind and
not exists(node.getPosition()) and
result = "ReturnValue"
exists(DataFlow::ValueReturnKind valueReturnKind |
valueReturnKind = node.getKind() and
not exists(node.getPosition()) and
result = getReturnValueString(valueReturnKind.getKind())
)
or
exists(DataFlow::ParameterPosition pos |
pos = node.getPosition() and
@@ -390,7 +396,7 @@ module MakeModelGenerator<
* Gets the MaD string representation of the parameter node `p`.
*/
string parameterNodeAsInput(DataFlow::ParameterNode p) {
result = parameterAccess(p.(NodeExtended).asParameter())
result = parameterAccess(asParameter(p))
or
result = qualifierString() and p instanceof InstanceParameterNode
}
@@ -465,7 +471,7 @@ module MakeModelGenerator<
predicate isSource(DataFlow::Node source, FlowState state) {
source instanceof DataFlow::ParameterNode and
exists(Callable c |
c = source.(NodeExtended).getEnclosingCallable() and
c = getEnclosingCallable(source) and
c instanceof DataFlowSummaryTargetApi and
not isUninterestingForHeuristicDataFlowModels(c)
) and
@@ -475,7 +481,7 @@ module MakeModelGenerator<
predicate isSink(DataFlow::Node sink, FlowState state) {
sink instanceof ReturnNodeExt and
not isOwnInstanceAccessNode(sink) and
not exists(captureQualifierFlow(sink.(NodeExtended).getAsExprEnclosingCallable())) and
not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and
(state instanceof TaintRead or state instanceof TaintStore)
}
@@ -519,8 +525,8 @@ module MakeModelGenerator<
DataFlowSummaryTargetApi api, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt
) {
exists(string input, string output |
p.(NodeExtended).getEnclosingCallable() = api and
returnNodeExt.getEnclosingCallable() = api and
getEnclosingCallable(p) = api and
getEnclosingCallable(returnNodeExt) = api and
input = parameterNodeAsInput(p) and
output = getOutput(returnNodeExt) and
input != output and
@@ -570,11 +576,12 @@ module MakeModelGenerator<
private module PropagateContentFlowConfig implements ContentDataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof DataFlow::ParameterNode and
source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSummaryTargetApi
getEnclosingCallable(source) instanceof DataFlowSummaryTargetApi
}
predicate isSink(DataFlow::Node sink) {
sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSummaryTargetApi
sink instanceof ReturnNodeExt and
getEnclosingCallable(sink) instanceof DataFlowSummaryTargetApi
}
predicate isAdditionalFlowStep = isAdditionalContentFlowStep/2;
@@ -613,7 +620,7 @@ module MakeModelGenerator<
* when used in content flow.
*/
private string parameterNodeAsContentInput(DataFlow::ParameterNode p) {
result = parameterContentAccess(p.(NodeExtended).asParameter())
result = parameterContentAccess(asParameter(p))
or
result = qualifierString() and p instanceof InstanceParameterNode
}
@@ -667,8 +674,8 @@ module MakeModelGenerator<
PropagateContentFlow::AccessPath stores, boolean preservesValue
) {
PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and
returnNodeExt.getEnclosingCallable() = api and
p.(NodeExtended).getEnclosingCallable() = api
getEnclosingCallable(returnNodeExt) = api and
getEnclosingCallable(p) = api
}
/**
@@ -687,7 +694,7 @@ module MakeModelGenerator<
private DataFlow::ParameterNode parameter;
ContentDataFlowSummaryTargetApi() {
count(string input, string output |
strictcount(string input, string output |
exists(
PropagateContentFlow::AccessPath reads, ReturnNodeExt returnNodeExt,
PropagateContentFlow::AccessPath stores
@@ -712,8 +719,8 @@ module MakeModelGenerator<
PropagateContentFlow::AccessPath stores, boolean preservesValue
) {
PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and
returnNodeExt.getEnclosingCallable() = api and
p.(NodeExtended).getEnclosingCallable() = api and
getEnclosingCallable(returnNodeExt) = api and
getEnclosingCallable(p) = api and
p = api.getARelevantParameterNode()
}
@@ -985,7 +992,8 @@ module MakeModelGenerator<
}
predicate isSink(DataFlow::Node sink) {
sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSourceTargetApi
sink instanceof ReturnNodeExt and
getEnclosingCallable(sink) instanceof DataFlowSourceTargetApi
}
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext }
@@ -1008,8 +1016,8 @@ module MakeModelGenerator<
exists(NodeExtended source, ReturnNodeExt sink, string kind |
PropagateFromSource::flow(source, sink) and
sourceNode(source, kind) and
api = sink.getEnclosingCallable() and
not irrelevantSourceSinkApi(source.getEnclosingCallable(), api) and
api = getEnclosingCallable(sink) and
not irrelevantSourceSinkApi(getEnclosingCallable(source), api) and
result = ModelPrinting::asSourceModel(api, getOutput(sink), kind)
)
}
@@ -1024,7 +1032,7 @@ module MakeModelGenerator<
module PropagateToSinkConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
apiSource(source) and
source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSinkTargetApi
getEnclosingCallable(source) instanceof DataFlowSinkTargetApi
}
predicate isSink(DataFlow::Node sink) {
@@ -1053,7 +1061,7 @@ module MakeModelGenerator<
exists(NodeExtended src, NodeExtended sink, string kind |
PropagateToSink::flow(src, sink) and
sinkNode(sink, kind) and
api = src.getEnclosingCallable() and
api = getEnclosingCallable(src) and
result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind)
)
}