Merge pull request #102 from microsoft/powershell-very-basic-flow-steps

PS: Add very basic dataflow steps
2026-05-25 00:27:09 +02:00 · 2024-09-23 18:23:58 +01:00
parent dd2c5ef897 f2d89a24f8
commit 3fa466efa9
2 changed files with 42 additions and 4 deletions
--- a/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
+++ b/powershell/ql/lib/semmle/code/powershell/controlflow/CfgNodes.qll
@@ -197,6 +197,29 @@ module ExprNodes {

    InvokeMemberCfgNode getInvokeMember() { this = result.getQualifier() }
  }
+
+  class ConditionalChildMapping extends ExprChildMapping, ConditionalExpr {
+    override predicate relevantChild(Ast n) { n = this.getCondition() or n = this.getABranch() }
+  }
+
+  /** A control-flow node that wraps a `ConditionalExpr` expression. */
+  class ConditionalCfgNode extends ExprCfgNode {
+    override string getAPrimaryQlClass() { result = "ConditionalCfgNode" }
+
+    override ConditionalChildMapping e;
+
+    final override ConditionalExpr getExpr() { result = super.getExpr() }
+
+    final ExprCfgNode getCondition() { e.hasCfgChild(e.getCondition(), this, result) }
+
+    final ExprCfgNode getBranch(boolean value) { e.hasCfgChild(e.getBranch(value), this, result) }
+
+    final ExprCfgNode getABranch() { result = this.getBranch(_) }
+
+    final ExprCfgNode getIfTrue() { e.hasCfgChild(e.getIfTrue(), this, result) }
+
+    final ExprCfgNode getIfFalse() { e.hasCfgChild(e.getIfFalse(), this, result) }
+  }
 }

 module StmtNodes {
--- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll
+++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll
@@ -89,10 +89,14 @@ module SsaFlow {
 module LocalFlow {
  pragma[nomagic]
  predicate localFlowStepCommon(Node nodeFrom, Node nodeTo) {
-    none() // TODO
+    nodeFrom.asExpr() = nodeTo.asExpr().(CfgNodes::ExprNodes::ConditionalCfgNode).getABranch()
+    or
+    nodeFrom.asStmt() = nodeTo.asStmt().(CfgNodes::StmtNodes::AssignStmtCfgNode).getRightHandSide()
  }

-  predicate localMustFlowStep(Node node1, Node node2) { none() }
+  predicate localMustFlowStep(Node nodeFrom, Node nodeTo) {
+    nodeFrom.asStmt() = nodeTo.asStmt().(CfgNodes::StmtNodes::AssignStmtCfgNode).getRightHandSide()
+  }
 }

 /** Provides logic related to captured variables. */
@@ -125,11 +129,22 @@ private module Cached {
   * data flow.
   */
  cached
-  predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) { none() }
+  predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo, string model) {
+    (
+      LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)
+      or
+      SsaFlow::localFlowStep(_, nodeFrom, nodeTo, _)
+    ) and
+    model = ""
+  }

  /** This is the local flow predicate that is exposed. */
  cached
-  predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) { none() }
+  predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) {
+    LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)
+    or
+    SsaFlow::localFlowStep(_, nodeFrom, nodeTo, _)
+  }

  cached
  newtype TContentSet = TSingletonContent(Content c)