PS: Port changes from #20132 to PowerShell.

2025-12-17 01:03:14 +01:00 · 2025-08-12 14:52:12 +01:00
parent c6ab9412b6
commit 627ee8536c
1 changed files with 14 additions and 5 deletions
--- a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/SsaImpl.qll
+++ b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/SsaImpl.qll
@@ -185,7 +185,8 @@ private module Cached {
    cached // nothing is actually cached
    module BarrierGuard<guardChecksSig/3 guardChecks> {
      private predicate guardChecksAdjTypes(
-        DataFlowIntegrationInput::Guard g, DataFlowIntegrationInput::Expr e, boolean branch
+        DataFlowIntegrationInput::Guard g, DataFlowIntegrationInput::Expr e,
+        DataFlowIntegrationInput::GuardValue branch
      ) {
        guardChecks(g, e.asExprCfgNode(), branch)
      }
@@ -283,6 +284,8 @@ class ParameterExt extends TParameterExt {
 }

 private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInputSig {
+  private import codeql.util.Boolean
+
  private newtype TExpr =
    TExprCfgNode(Cfg::CfgNodes::ExprCfgNode e) or
    TFinalEnvVarRead(Scope scope, EnvVariable v) {
@@ -330,21 +333,27 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
    any(ParameterExt p).isInitializedBy(def) or def.(Ssa::WriteDefinition).assigns(_)
  }

+  class GuardValue = Boolean;
+
  class Guard extends Cfg::CfgNodes::AstCfgNode {
    /**
     * Holds if the control flow branching from `bb1` is dependent on this guard,
     * and that the edge from `bb1` to `bb2` corresponds to the evaluation of this
     * guard to `branch`.
     */
-    predicate controlsBranchEdge(SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch) {
-      this.hasBranchEdge(bb1, bb2, branch)
+    predicate valueControlsBranchEdge(
+      SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, GuardValue branch
+    ) {
+      this.hasValueBranchEdge(bb1, bb2, branch)
    }

    /**
     * Holds if the evaluation of this guard to `branch` corresponds to the edge
     * from `bb1` to `bb2`.
     */
-    predicate hasBranchEdge(SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch) {
+    predicate hasValueBranchEdge(
+      SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, GuardValue branch
+    ) {
      exists(Cfg::SuccessorTypes::ConditionalSuccessor s |
        this.getBasicBlock() = bb1 and
        bb2 = bb1.getASuccessor(s) and
@@ -354,7 +363,7 @@ private module DataFlowIntegrationInput implements Impl::DataFlowIntegrationInpu
  }

  /** Holds if the guard `guard` controls block `bb` upon evaluating to `branch`. */
-  predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) {
+  predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, GuardValue branch) {
    none()
  }
 }