Restrict dataflow node creation to source and source-referenced entities

2025-12-17 01:03:14 +01:00 · 2024-09-16 16:00:59 +01:00
parent c7e3682597
commit 66f48f767e
1 changed files with 35 additions and 4 deletions
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -995,6 +995,30 @@ private class InstanceCallable extends Callable {
  Location getARelevantLocation() { result = l }
 }

+/**
+ * A callable which is either itself defined in source or which is the target
+ * of some call in source, and therefore ought to have dataflow nodes created.
+ */
+private class CallableUsedInSource extends Callable {
+  CallableUsedInSource() {
+    this.fromSource()
+    or
+    this.getACall().fromSource()
+  }
+}
+
+/**
+ * A field or property which is either itself defined in source or which is the target
+ * of some access in source, and therefore ought to have dataflow nodes created.
+ */
+private class FieldOrPropertyUsedInSource extends FieldOrProperty {
+  FieldOrPropertyUsedInSource() {
+    this.fromSource()
+    or
+    this.getAnAccess().fromSource()
+  }
+}
+
 /** A collection of cached types and predicates to be evaluated in the same stage. */
 cached
 private module Cached {
@@ -1018,8 +1042,13 @@ private module Cached {
    TAssignableDefinitionNode(AssignableDefinition def, ControlFlow::Node cfn) {
      cfn = def.getExpr().getAControlFlowNode()
    } or
-    TExplicitParameterNode(Parameter p, DataFlowCallable c) { p = c.asCallable(_).getAParameter() } or
-    TInstanceParameterNode(InstanceCallable c, Location l) { l = c.getARelevantLocation() } or
+    TExplicitParameterNode(Parameter p, DataFlowCallable c) {
+      p = c.asCallable(_).(CallableUsedInSource).getAParameter()
+    } or
+    TInstanceParameterNode(InstanceCallable c, Location l) {
+      c instanceof CallableUsedInSource and
+      l = c.getARelevantLocation()
+    } or
    TDelegateSelfReferenceNode(Callable c) { lambdaCreationExpr(_, c) } or
    TLocalFunctionCreationNode(ControlFlow::Nodes::ElementNode cfn, Boolean isPostUpdate) {
      cfn.getAstNode() instanceof LocalFunctionStmt
@@ -1055,11 +1084,13 @@ private module Cached {
      or
      lambdaCallExpr(_, cfn)
    } or
-    TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
+    TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) {
+      sn.getSummarizedCallable() instanceof CallableUsedInSource
+    } or
    TParamsArgumentNode(ControlFlow::Node callCfn) {
      callCfn = any(Call c | isParamsArg(c, _, _)).getAControlFlowNode()
    } or
-    TFlowInsensitiveFieldNode(FieldOrProperty f) { f.isFieldLike() } or
+    TFlowInsensitiveFieldNode(FieldOrPropertyUsedInSource f) { f.isFieldLike() } or
    TFlowInsensitiveCapturedVariableNode(LocalScopeVariable v) { v.isCaptured() } or
    TInstanceParameterAccessNode(ControlFlow::Node cfn, Boolean isPostUpdate) {
      cfn = getAPrimaryConstructorParameterCfn(_)