Protobufs: improve comment and code style

No functional changes
2026-01-30 14:52:57 +01:00 · 2020-09-03 17:36:29 +01:00
parent 65dc6272d1
commit 56f6e67671
2 changed files with 7 additions and 13 deletions
--- a/ql/src/semmle/go/dataflow/SSA.qll
+++ b/ql/src/semmle/go/dataflow/SSA.qll
@@ -306,7 +306,7 @@ private newtype TSsaWithFields =
  TStep(SsaWithFields base, Field f) { exists(accessPathAux(base, f)) }

 /**
- * Gets a representation of `nd` as an ssa-with-fields value if there is one.
+ * Gets a representation of `insn` as an ssa-with-fields-and-elements value if there is one.
 */
 private TSsaWithFields accessPath(IR::Instruction insn) {
  exists(SsaVariable v | insn = v.getAUse() | result = TRoot(v))
--- a/ql/src/semmle/go/frameworks/Protobuf.qll
+++ b/ql/src/semmle/go/frameworks/Protobuf.qll
@@ -49,28 +49,22 @@ module Protobuf {
  }

  /**
-   * Additional taint-flow step modelling flow from MarshalInput.Message to MarshalOutput,
-   * mediated by a MarshalOptions.MarshalState call.
+   * Additional taint-flow step modelling flow from `MarshalInput.Message` to `MarshalOutput`,
+   * mediated by a `MarshalOptions.MarshalState` call.
   *
-   * Note we can taint the whole MarshalOutput as it only has one field (Buf), and taint-
+   * Note we can taint the whole `MarshalOutput` as it only has one field (`Buf`), and taint-
   * tracking always considers a field of a tainted struct to itself be tainted.
   */
  private class MarshalStateStep extends TaintTracking::AdditionalTaintStep {
    override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
-      exists(
-        DataFlow::Node marshalInput, DataFlow::Node passedMarshalInput,
-        DataFlow::CallNode marshalStateCall
-      |
+      exists(DataFlow::Node marshalInput, DataFlow::CallNode marshalStateCall |
        marshalStateCall = marshalStateMethod().getACall() and
        // pred -> marshalInput.Message
        any(DataFlow::Write w)
            .writesField(marshalInput.(DataFlow::PostUpdateNode).getPreUpdateNode(),
              inputMessageField(), pred) and
-        // marshalInput -> passedMarshalInput
-        passedMarshalInput.asExpr().getGlobalValueNumber() =
-          marshalInput.asExpr().getGlobalValueNumber() and
-        // passedMarshalInput -> marshalStateCall
-        marshalStateCall.getArgument(0) = passedMarshalInput and
+        // marshalInput -> marshalStateCall
+        marshalStateCall.getArgument(0) = globalValueNumber(marshalInput).getANode() and
        // marshalStateCall -> succ
        marshalStateCall.getResult() = succ
      )