diff --git a/ql/lib/codeql/actions/dataflow/internal/DataFlowImplSpecific.qll b/ql/lib/codeql/actions/dataflow/internal/DataFlowImplSpecific.qll index 4abb455b0dd..2d3b9696ef6 100644 --- a/ql/lib/codeql/actions/dataflow/internal/DataFlowImplSpecific.qll +++ b/ql/lib/codeql/actions/dataflow/internal/DataFlowImplSpecific.qll @@ -6,6 +6,9 @@ private import codeql.dataflow.DataFlow module ActionsDataFlow implements InputSig { - import DataFlowPrivate + import DataFlowPrivate as Private import DataFlowPublic + import Private + + predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1; } diff --git a/ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll b/ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll index b4abb3e8aa5..8b57ea2436e 100644 --- a/ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll +++ b/ql/lib/codeql/actions/dataflow/internal/DataFlowPrivate.qll @@ -207,27 +207,6 @@ predicate stepOutputDefToUse(Node nodeFrom, Node nodeTo) { ) } -predicate test1(UsesExpr u, string f, JobStmt j) { - u.getLocation().getFile().getBaseName() = "inter1.yml" and - f = u.getId() and - j = u.getJob() -} - -predicate test2(StepOutputAccessExpr r, string f, JobStmt j) { - r.getLocation().getFile().getBaseName() = "inter1.yml" and - f = r.getStepId() and - j = r.getJob() -} - -predicate test3(UsesExpr u, StepOutputAccessExpr r, Node n) { - r.getLocation().getFile().getBaseName() = "inter1.yml" and - u.getLocation().getFile().getBaseName() = "inter1.yml" and - u.getId() = r.getStepId() and - u.getJob() = r.getJob() and - // el SOAE has no mapping DF NODE - n.asExpr() = r -} - predicate jobOutputDefToUse(Node nodeFrom, Node nodeTo) { // nodeTo is a JobOutputAccessExpr and nodeFrom is the Job output expression exists(Expression astFrom, JobOutputAccessExpr astTo | @@ -310,3 +289,10 @@ predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { no /** Extra data-flow steps needed for lambda flow analysis. */ predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } + +/** + * Since our model is so simple, we dont want to compress the local flow steps. + * This compression is normally done to not show SSA steps, casts, etc. + */ +predicate neverSkipInPathGraph(Node node) { any() } + diff --git a/ql/src/Security/CWE-094/ExpressionInjection.ql b/ql/src/Security/CWE-094/ExpressionInjection.ql index f8d6e0c804b..4af1e2c286a 100644 --- a/ql/src/Security/CWE-094/ExpressionInjection.ql +++ b/ql/src/Security/CWE-094/ExpressionInjection.ql @@ -24,6 +24,7 @@ private module MyConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExpressionInjectionSink } + //predicate neverSkip(DataFlow::Node node) { any() } } module MyFlow = TaintTracking::Global;