hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 16:25:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Data flow: Add hook for preventing lambda dispatch in source call contexts

Browse Source
This commit is contained in:
Tom Hvitved
2026-03-25 11:39:40 +01:00
parent eb64fcd208
commit 1e1a8732a3
6 changed files with 73 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowImplSpecific.qll
View File

@@ -29,4 +29,6 @@ module CsharpDataFlow implements InputSig<Location> {
predicate neverSkipInPathGraph(Node n) {
exists(n.(AssignableDefinitionNode).getDefinition().getTargetAccess())
}
DataFlowType getSourceContextParameterNodeType() { result.isSourceContextParameterType() }
}

17
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -1179,7 +1179,8 @@ private module Cached {
cached
newtype TDataFlowType =
TGvnDataFlowType(Gvn::GvnType t) or
TDelegateDataFlowType(Callable lambda) { lambdaCreationExpr(_, lambda) }
TDelegateDataFlowType(Callable lambda) { lambdaCreationExpr(_, lambda) } or
TSourceContextParameterType()
}
import Cached
@@ -2394,6 +2395,8 @@ class DataFlowType extends TDataFlowType {
Callable asDelegate() { this = TDelegateDataFlowType(result) }
predicate isSourceContextParameterType() { this = TSourceContextParameterType() }
/**
* Gets an expression that creates a delegate of this type.
*
@@ -2412,6 +2415,9 @@ class DataFlowType extends TDataFlowType {
result = this.asGvnType().toString()
or
result = this.asDelegate().toString()
or
this.isSourceContextParameterType() and
result = "<source context parameter type>"
}
}
@@ -2469,6 +2475,11 @@ private predicate compatibleTypesDelegateLeft(DataFlowType dt1, DataFlowType dt2
)
}
pragma[nomagic]
private predicate compatibleTypesSourceContextParameterTypeLeft(DataFlowType dt1, DataFlowType dt2) {
dt1.isSourceContextParameterType() and not exists(dt2.asDelegate())
}
/**
* Holds if `t1` and `t2` are compatible, that is, whether data can flow from
* a node of type `t1` to a node of type `t2`.
@@ -2499,6 +2510,10 @@ predicate compatibleTypes(DataFlowType dt1, DataFlowType dt2) {
compatibleTypesDelegateLeft(dt2, dt1)
or
dt1.asDelegate() = dt2.asDelegate()
or
compatibleTypesSourceContextParameterTypeLeft(dt1, dt2)
or
compatibleTypesSourceContextParameterTypeLeft(dt2, dt1)
}
pragma[nomagic]

1
csharp/ql/test/utils/modelgenerator/dataflow/CaptureContentSummaryModels.expected
View File

@@ -1,3 +1,2 @@
unexpectedModel
| Unexpected contentbased-summary found: Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];ReturnValue;value;dfc-generated |
expectedModel