hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add and use WriteNode.writesElementPreUpdate

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-09-29 17:20:11 +01:00
parent 6fcd35885e
commit 59e3c14a5e
2 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
go/ql/lib/semmle/go/controlflow/ControlFlowGraph.qll
View File

@@ -188,9 +188,7 @@ module ControlFlow {
* initialized. * initialized.
*/ */
predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) { predicate writesElement(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
exists(DataFlow::Node b | exists(DataFlow::Node b | this.writesElementPreUpdate(b, index, rhs) |
this.writesElementInsn(b.asInstruction(), index.asInstruction(), rhs.asInstruction())
|
this.isInitialization() and base = b this.isInitialization() and base = b
or or
not this.isInitialization() and not this.isInitialization() and
@@ -198,6 +196,21 @@ module ControlFlow {
) )
} }
/**
* Holds if this node sets the value of element `index` on `base` (or its implicit dereference)
* to `rhs`.
*
* For example, for the assignment `xs[i] = v`, `base` is the post-update node of the data-flow
* node corresponding to `xs` or (if `xs` is a pointer) the implicit dereference `*xs`, `index`
* is the data-flow node corresponding to `i`, and `rhs` is the data-flow node corresponding to
* `base`. If this `WriteNode` corresponds to the initialization of an array/slice/map then
* there is no need for a post-update node and `base` is the array/slice/map literal being
* initialized.
*/
predicate writesElementPreUpdate(DataFlow::Node base, DataFlow::Node index, DataFlow::Node rhs) {
this.writesElementInsn(base.asInstruction(), index.asInstruction(), rhs.asInstruction())
}
private predicate writesElementInsn( private predicate writesElementInsn(
IR::Instruction base, IR::Instruction index, IR::Instruction rhs IR::Instruction base, IR::Instruction index, IR::Instruction rhs
) { ) {

8
go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
View File

@@ -52,13 +52,7 @@ module NetHttp {
MapWrite() { MapWrite() {
this.getType().hasQualifiedName("net/http", "Header") and this.getType().hasQualifiedName("net/http", "Header") and
exists(Write write, DataFlow::Node base | any(Write write).writesElementPreUpdate(this, index, rhs)
write.writesElement(base, index, rhs) and
// The following line works because `Http::HeaderWrite::Range` extends
// `DataFlow::ExprNode`, which is incompatible with
// `DataFlow::PostUpdateNode`.
this = [base, base.(DataFlow::PostUpdateNode).getPreUpdateNode()]
)
} }
override DataFlow::Node getName() { result = index } override DataFlow::Node getName() { result = index }