Further optimisation

2026-04-21 06:55:31 +02:00 · 2024-10-02 15:16:47 +01:00
parent ab99509a11
commit 36a031833f
4 changed files with 16 additions and 7 deletions
--- a/go/ql/lib/semmle/go/Expr.qll
+++ b/go/ql/lib/semmle/go/Expr.qll
@@ -2098,6 +2098,7 @@ class LabelName extends Name {
 * may be identified as such, so not all type expressions can be determined by
 * a bottom-up analysis. In such cases, `isTypeExprTopDown` below is useful.
 */
+pragma[nomagic]
 private predicate isTypeExprBottomUp(Expr e) {
  e instanceof TypeName
  or
--- a/go/ql/lib/semmle/go/controlflow/IR.qll
+++ b/go/ql/lib/semmle/go/controlflow/IR.qll
@@ -501,10 +501,11 @@ module IR {
    override StructLit lit;

    /** Gets the name of the initialized field. */
+    pragma[nomagic]
    string getFieldName() {
      if elt instanceof KeyValueExpr
      then result = elt.(KeyValueExpr).getKey().(Ident).getName()
-      else lit.getStructType().hasOwnField(i, result, _, _)
+      else pragma[only_bind_out](lit.getStructType()).hasOwnField(i, result, _, _)
    }

    /** Gets the initialized field. */
--- a/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
+++ b/go/ql/lib/semmle/go/dataflow/internal/TaintTrackingUtil.qll
@@ -190,6 +190,7 @@ predicate sliceStep(DataFlow::Node pred, DataFlow::Node succ) {
 */
 abstract class FunctionModel extends Function {
  /** Holds if taint propagates through this function from `input` to `output`. */
+  pragma[nomagic]
  abstract predicate hasTaintFlow(FunctionInput input, FunctionOutput output);

  /** Gets an input node for this model for the call `c`. */
--- a/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
+++ b/go/ql/lib/semmle/go/security/OpenUrlRedirectCustomizations.qll
@@ -75,6 +75,15 @@ module OpenUrlRedirect {
    }
  }

+  bindingset[var, w]
+  pragma[inline_late]
+  private predicate useIsDominated(
+    SsaWithFields var, Write w, DataFlow::ReadNode sanitizedRead
+  ) {
+    w.dominatesNode(sanitizedRead.asInstruction()) and
+    sanitizedRead = var.getAUse()
+  }
+
  /**
   * An access to a variable that is preceded by an assignment to its `Path` field.
   *
@@ -83,13 +92,10 @@ module OpenUrlRedirect {
   */
  class PathAssignmentBarrier extends Barrier, Read {
    PathAssignmentBarrier() {
-      exists(Write w, Field f, SsaWithFields var |
-        f.getName() = "Path" and
+      exists(Write w, SsaWithFields var |
        hasHostnameSanitizingSubstring(w.getRhs()) and
-        this = var.getAUse()
-      |
-        w.writesField(var.getAUse(), f, _) and
-        w.dominatesNode(insn)
+        w.writesField(var.getAUse(), any(Field f | f.getName() = "Path"), _) and
+        useIsDominated(var, w, this)
      )
    }
  }