mirror of
https://github.com/github/codeql.git
synced 2026-04-21 06:55:31 +02:00
Further optimisation
This commit is contained in:
@@ -2098,6 +2098,7 @@ class LabelName extends Name {
|
||||
* may be identified as such, so not all type expressions can be determined by
|
||||
* a bottom-up analysis. In such cases, `isTypeExprTopDown` below is useful.
|
||||
*/
|
||||
pragma[nomagic]
|
||||
private predicate isTypeExprBottomUp(Expr e) {
|
||||
e instanceof TypeName
|
||||
or
|
||||
|
||||
@@ -501,10 +501,11 @@ module IR {
|
||||
override StructLit lit;
|
||||
|
||||
/** Gets the name of the initialized field. */
|
||||
pragma[nomagic]
|
||||
string getFieldName() {
|
||||
if elt instanceof KeyValueExpr
|
||||
then result = elt.(KeyValueExpr).getKey().(Ident).getName()
|
||||
else lit.getStructType().hasOwnField(i, result, _, _)
|
||||
else pragma[only_bind_out](lit.getStructType()).hasOwnField(i, result, _, _)
|
||||
}
|
||||
|
||||
/** Gets the initialized field. */
|
||||
|
||||
@@ -190,6 +190,7 @@ predicate sliceStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
*/
|
||||
abstract class FunctionModel extends Function {
|
||||
/** Holds if taint propagates through this function from `input` to `output`. */
|
||||
pragma[nomagic]
|
||||
abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output);
|
||||
|
||||
/** Gets an input node for this model for the call `c`. */
|
||||
|
||||
@@ -75,6 +75,15 @@ module OpenUrlRedirect {
|
||||
}
|
||||
}
|
||||
|
||||
bindingset[var, w]
|
||||
pragma[inline_late]
|
||||
private predicate useIsDominated(
|
||||
SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead
|
||||
) {
|
||||
w.dominatesNode(sanitizedRead.asInstruction()) and
|
||||
sanitizedRead = var.getAUse()
|
||||
}
|
||||
|
||||
/**
|
||||
* An access to a variable that is preceded by an assignment to its `Path` field.
|
||||
*
|
||||
@@ -83,13 +92,10 @@ module OpenUrlRedirect {
|
||||
*/
|
||||
class PathAssignmentBarrier extends Barrier, Read {
|
||||
PathAssignmentBarrier() {
|
||||
exists(Write w, Field f, SsaWithFields var |
|
||||
f.getName() = "Path" and
|
||||
exists(Write w, SsaWithFields var |
|
||||
hasHostnameSanitizingSubstring(w.getRhs()) and
|
||||
this = var.getAUse()
|
||||
|
|
||||
w.writesField(var.getAUse(), f, _) and
|
||||
w.dominatesNode(insn)
|
||||
w.writesField(var.getAUse(), any(Field f | f.getName() = "Path"), _) and
|
||||
useIsDominated(var, w, this)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user