Shared: Avoid generating taint based heuristic summaries when a content sensitive summary can be generated.

2025-12-17 01:03:14 +01:00 · 2025-05-13 10:56:43 +02:00
parent 64371688d7
commit 6c9f248fdb
1 changed files with 6 additions and 6 deletions
--- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
+++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
@@ -995,13 +995,13 @@ module MakeModelGeneratorFactory<
          DataFlowSummaryTargetApi api0, string input0, string output0, boolean preservesValue0
        |
          // If the heuristic summary is taint-based, and we can generate a content-sensitive
-          // summary that is value-preserving then we omit generating any heuristic summary.
-          preservesValue = false and
-          preservesValue0 = true
+          // summary then we omit generating the heuristic summary.
+          preservesValue = false
          or
-          // However, if they're both value-preserving (or both taint-based) then we only
-          // generate a heuristic summary if we didn't generate a content-sensitive summary.
-          preservesValue = preservesValue0 and
+          // If they're both value-preserving then we only generate a heuristic summary if
+          // we didn't generate a content-sensitive summary on the same input/output pair.
+          preservesValue = true and
+          preservesValue0 = true and
          input0 = input and
          output0 = output
        |