Merge pull request #8628 from michaelnebel/csharp/generatedkind

C#: Introduce generated flag as a part of the kind column for flow summaries
2026-05-02 12:15:17 +02:00 · 2022-04-07 08:43:30 +02:00
parent 879b8a1200 2562910b94
commit 72d4c97463
27 changed files with 467 additions and 299 deletions
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
@@ -806,10 +806,10 @@ module Private {
  module External {
    /** Holds if `spec` is a relevant external specification. */
    private predicate relevantSpec(string spec) {
-      summaryElement(_, spec, _, _) or
-      summaryElement(_, _, spec, _) or
-      sourceElement(_, spec, _) or
-      sinkElement(_, spec, _)
+      summaryElement(_, spec, _, _, _) or
+      summaryElement(_, _, spec, _, _) or
+      sourceElement(_, spec, _, _) or
+      sinkElement(_, spec, _, _)
    }

    private class AccessPathRange extends AccessPath::Range {
@@ -875,13 +875,20 @@ module Private {
    }

    private class SummarizedCallableExternal extends SummarizedCallable {
-      SummarizedCallableExternal() { summaryElement(this, _, _, _) }
+      SummarizedCallableExternal() { summaryElement(this, _, _, _, _) }
+
+      private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) {
+        summaryElement(this, inSpec, outSpec, kind, false)
+        or
+        summaryElement(this, inSpec, outSpec, kind, true) and
+        not summaryElement(this, _, _, _, false)
+      }

      override predicate propagatesFlow(
        SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
      ) {
        exists(AccessPath inSpec, AccessPath outSpec, string kind |
-          summaryElement(this, inSpec, outSpec, kind) and
+          this.relevantSummaryElement(inSpec, outSpec, kind) and
          interpretSpec(inSpec, input) and
          interpretSpec(outSpec, output)
        |
@@ -910,7 +917,7 @@ module Private {

    private predicate sourceElementRef(InterpretNode ref, AccessPath output, string kind) {
      exists(SourceOrSinkElement e |
-        sourceElement(e, output, kind) and
+        sourceElement(e, output, kind, _) and
        if outputNeedsReference(output.getToken(0))
        then e = ref.getCallTarget()
        else e = ref.asElement()
@@ -919,7 +926,7 @@ module Private {

    private predicate sinkElementRef(InterpretNode ref, AccessPath input, string kind) {
      exists(SourceOrSinkElement e |
-        sinkElement(e, input, kind) and
+        sinkElement(e, input, kind, _) and
        if inputNeedsReference(input.getToken(0))
        then e = ref.getCallTarget()
        else e = ref.asElement()
--- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
+++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll
@@ -42,13 +42,17 @@ DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() }

 /**
 * Holds if an external flow summary exists for `c` with input specification
- * `input`, output specification `output`, and kind `kind`.
+ * `input`, output specification `output`, kind `kind`, and a flag `generated`
+ * stating whether the summary is autogenerated.
 */
-predicate summaryElement(DataFlowCallable c, string input, string output, string kind) {
+predicate summaryElement(
+  DataFlowCallable c, string input, string output, string kind, boolean generated
+) {
  exists(FlowSummary::SummarizedCallable sc, boolean preservesValue |
    sc.propagatesFlowExt(input, output, preservesValue) and
    c.asLibraryCallable() = sc and
-    if preservesValue = true then kind = "value" else kind = "taint"
+    (if preservesValue = true then kind = "value" else kind = "taint") and
+    generated = false
  )
 }

@@ -128,16 +132,18 @@ NormalReturnKind getReturnValueKind() { any() }
 */
 private module UnusedSourceSinkInterpretation {
  /**
-   * Holds if an external source specification exists for `e` with output specification
-   * `output` and kind `kind`.
+   * Holds if an external source specification exists for `n` with output specification
+   * `output`, kind `kind`, and a flag `generated` stating whether the source specification is
+   * autogenerated.
   */
-  predicate sourceElement(AstNode n, string output, string kind) { none() }
+  predicate sourceElement(AstNode n, string output, string kind, boolean generated) { none() }

  /**
   * Holds if an external sink specification exists for `n` with input specification
-   * `input` and kind `kind`.
+   * `input`, kind `kind` and a flag `generated` stating whether the sink specification is
+   * autogenerated.
   */
-  predicate sinkElement(AstNode n, string input, string kind) { none() }
+  predicate sinkElement(AstNode n, string input, string kind, boolean generated) { none() }

  class SourceOrSinkElement = AstNode;