From 6a9bd0de1d1a4f12bd599c5754aecaa7fb085608 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 28 Aug 2024 14:13:28 +0200 Subject: [PATCH] Dataflow: Include FlowState in SummaryCtx. --- .../codeql/dataflow/internal/DataFlowImpl.qll | 30 ++++++++++--------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index f42da2f2fc0..48d6ba61e2f 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -1565,7 +1565,7 @@ module MakeImpl Lang> { fwdFlowIn(node, apa, state, cc, t, ap, allowsFlowThrough) and if allowsFlowThrough = true then ( - summaryCtx = TSummaryCtxSome(node, t, ap) + summaryCtx = TSummaryCtxSome(node, state, t, ap) ) else ( summaryCtx = TSummaryCtxNone() and // When the call contexts of source and sink needs to match then there's @@ -1592,7 +1592,9 @@ module MakeImpl Lang> { private newtype TSummaryCtx = TSummaryCtxNone() or - TSummaryCtxSome(ParamNodeEx p, Typ t, Ap ap) { fwdFlowIn(p, _, _, _, t, ap, true) } + TSummaryCtxSome(ParamNodeEx p, FlowState state, Typ t, Ap ap) { + fwdFlowIn(p, _, state, _, t, ap, true) + } /** * A context for generating flow summaries. This represents flow entry through @@ -1616,10 +1618,11 @@ module MakeImpl Lang> { /** A summary context from which a flow summary can be generated. */ private class SummaryCtxSome extends SummaryCtx, TSummaryCtxSome { private ParamNodeEx p; + private FlowState state; private Typ t; private Ap ap; - SummaryCtxSome() { this = TSummaryCtxSome(p, t, ap) } + SummaryCtxSome() { this = TSummaryCtxSome(p, state, t, ap) } ParamNodeEx getParamNode() { result = p } @@ -2074,7 +2077,7 @@ module MakeImpl Lang> { fwdFlow(pragma[only_bind_into](ret), state, ccc, summaryCtx, t, ap, pragma[only_bind_into](apa)) and summaryCtx = - TSummaryCtxSome(pragma[only_bind_into](p), _, pragma[only_bind_into](argAp)) and + TSummaryCtxSome(pragma[only_bind_into](p), _, _, pragma[only_bind_into](argAp)) and not outBarrier(ret, state) and kind = ret.getKind() and parameterFlowThroughAllowed(p, kind) and @@ -2110,9 +2113,9 @@ module MakeImpl Lang> { pragma[nomagic] private predicate fwdFlowIsEntered0( DataFlowCall call, ArgNodeEx arg, Cc cc, CcCall innerCc, SummaryCtx summaryCtx, - ParamNodeEx p, Typ t, Ap ap + ParamNodeEx p, FlowState state, Typ t, Ap ap ) { - FwdFlowIn::fwdFlowIn(call, arg, _, p, _, cc, innerCc, + FwdFlowIn::fwdFlowIn(call, arg, _, p, state, cc, innerCc, summaryCtx, t, ap, _, _, true) } @@ -2125,9 +2128,9 @@ module MakeImpl Lang> { DataFlowCall call, ArgNodeEx arg, Cc cc, CcCall innerCc, SummaryCtx summaryCtx, SummaryCtxSome innerSummaryCtx ) { - exists(ParamNodeEx p, Typ t, Ap ap | - fwdFlowIsEntered0(call, arg, cc, innerCc, summaryCtx, p, t, ap) and - innerSummaryCtx = TSummaryCtxSome(p, t, ap) + exists(ParamNodeEx p, FlowState state, Typ t, Ap ap | + fwdFlowIsEntered0(call, arg, cc, innerCc, summaryCtx, p, state, t, ap) and + innerSummaryCtx = TSummaryCtxSome(p, state, t, ap) ) } @@ -2160,7 +2163,7 @@ module MakeImpl Lang> { Ap argAp, ApApprox argApa, Ap ap ) { exists(DataFlowCall call, ApApprox apa, boolean allowsFieldFlow | - returnFlowsThrough0(call, state, ccc, ap, apa, ret, TSummaryCtxSome(p, argT, argAp), + returnFlowsThrough0(call, state, ccc, ap, apa, ret, TSummaryCtxSome(p, _, argT, argAp), argApa) and flowThroughOutOfCall(call, ccc, ret, _, allowsFieldFlow, argApa, apa) and pos = ret.getReturnPosition() and @@ -2522,7 +2525,7 @@ module MakeImpl Lang> { exists(Ap ap0 | parameterMayFlowThrough(p, _) and revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, ap0) and - fwdFlow(n, state, any(CcCall ccc), TSummaryCtxSome(p, _, ap), _, ap0, _) + fwdFlow(n, state, any(CcCall ccc), TSummaryCtxSome(p, _, _, ap), _, ap0, _) ) } @@ -3114,8 +3117,7 @@ module MakeImpl Lang> { | fwdFlowThroughStep0(call, arg, cc, state, ccc, summaryCtx, t, ap, apa, ret, innerSummaryCtx, innerArgApa) and - innerSummaryCtx = TSummaryCtxSome(p, innerArgT, innerArgAp) and - revFlow(arg, state0, _, _, _) and + innerSummaryCtx = TSummaryCtxSome(p, state0, innerArgT, innerArgAp) and pn1 = mkPathNode(arg, state0, cc, summaryCtx, innerArgT, innerArgAp) and pn2 = typeStrengthenToPathNode(p, state0, ccc, innerSummaryCtx, innerArgT, innerArgAp) and pn3 = mkPathNode(ret, state, ccc, innerSummaryCtx, t, ap) @@ -3244,7 +3246,7 @@ module MakeImpl Lang> { fwdFlowInStep(arg, node, state, outercc, cc, outerSummaryCtx, t, ap, allowsFlowThrough) and label = "" and if allowsFlowThrough = true - then summaryCtx = TSummaryCtxSome(node, t, ap) + then summaryCtx = TSummaryCtxSome(node, state, t, ap) else summaryCtx = TSummaryCtxNone() ) or