Merge remote-tracking branch 'upstream/rc/1.20' into mergeback-2019-03-19

2026-05-11 09:49:26 +02:00 · 2019-03-19 14:09:03 +00:00
parent a31794f20c 17e8b64f59
commit 6fbf487524
41 changed files with 538 additions and 191 deletions
--- a/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/Configuration.qll
@@ -570,10 +570,24 @@ private predicate reachableFromInput(
  callInputStep(f, invk, input, nd, cfg) and
  summary = PathSummary::level()
  or
-  exists(DataFlow::Node mid, PathSummary oldSummary, PathSummary newSummary |
+  exists(DataFlow::Node mid, PathSummary oldSummary |
    reachableFromInput(f, invk, input, mid, cfg, oldSummary) and
-    flowStep(mid, cfg, nd, newSummary) and
-    summary = oldSummary.append(newSummary)
+    appendStep(mid, cfg, oldSummary, nd, summary)
+  )
+}
+
+/**
+ * Holds if there is a step from `pred` to `succ` under `cfg` that can be appended
+ * to a path represented by `oldSummary` yielding a path represented by `newSummary`.
+ */
+pragma[noinline]
+private predicate appendStep(
+  DataFlow::Node pred, DataFlow::Configuration cfg, PathSummary oldSummary, DataFlow::Node succ,
+  PathSummary newSummary
+) {
+  exists(PathSummary stepSummary |
+    flowStep(pred, cfg, succ, stepSummary) and
+    newSummary = oldSummary.append(stepSummary)
  )
 }

--- a/javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll
+++ b/javascript/ql/src/semmle/javascript/dataflow/TypeTracking.qll
@@ -216,7 +216,7 @@ private newtype TTypeBackTracker = MkTypeBackTracker(boolean hasReturn) {
 *   t.start() and
 *   result = (< some API call >).getArgument(< n >).getALocalSource()
 *   or
- *   exists (DataFlow::TypeTracker t2 |
+ *   exists (DataFlow::TypeBackTracker t2 |
 *     result = myCallback(t2).backtrack(t2, t)
 *   )
 * }
--- a/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
+++ b/javascript/ql/src/semmle/javascript/frameworks/Electron.qll
@@ -16,7 +16,7 @@ module Electron {
  /**
   * An instantiation of `BrowserWindow` or `BrowserView`.
   */
-  abstract private class NewBrowserObject extends BrowserObject, DataFlow::TrackedNode {
+  abstract private class NewBrowserObject extends BrowserObject, DataFlow::SourceNode {
    DataFlow::NewNode self;

    NewBrowserObject() { this = self }
@@ -250,10 +250,10 @@ module Electron {
    /**
     * An additional flow step  via an Electron IPC message.
     */
-    private class IPCAdditionalFlowStep extends DataFlow::Configuration {
-      IPCAdditionalFlowStep() { this instanceof DataFlow::Configuration }
+    private class IPCAdditionalFlowStep extends DataFlow::AdditionalFlowStep {
+      IPCAdditionalFlowStep() { ipcFlowStep(this, _) }

-      override predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
+      override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
        ipcFlowStep(pred, succ)
      }
    }