From 7721fb33314cee322fd4b7ac3c8bd5bfe8b2e353 Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Fri, 23 Feb 2024 11:44:08 +0100
Subject: [PATCH] Python: Setup shared read/store steps

---
 .../dataflow/new/internal/DataFlowPrivate.qll      | 14 ++++++++++++++
 .../dataflow/new/internal/TypeTrackingImpl.qll     |  4 ++++
 2 files changed, 18 insertions(+)

diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
index 47f41d0cd05..5ccfa251634 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPrivate.qll
@@ -641,11 +641,18 @@ predicate jumpStepNotSharedWithTypeTracker(Node nodeFrom, Node nodeTo) {
 //--------
 // Field flow
 //--------
+/**
+ * Subset of `storeStep` that should be shared with type-tracking.
+ */
+predicate storeStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) { none() }
+
 /**
  * Holds if data can flow from `nodeFrom` to `nodeTo` via an assignment to
  * content `c`.
  */
 predicate storeStep(Node nodeFrom, ContentSet c, Node nodeTo) {
+  storeStepCommon(nodeFrom, c, nodeTo)
+  or
   listStoreStep(nodeFrom, c, nodeTo)
   or
   setStoreStep(nodeFrom, c, nodeTo)
@@ -891,10 +898,17 @@ predicate attributeStoreStep(Node nodeFrom, AttributeContent c, Node nodeTo) {
   )
 }
 
+/**
+ * Subset of `readStep` that should be shared with type-tracking.
+ */
+predicate readStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) { none() }
+
 /**
  * Holds if data can flow from `nodeFrom` to `nodeTo` via a read of content `c`.
  */
 predicate readStep(Node nodeFrom, ContentSet c, Node nodeTo) {
+  readStepCommon(nodeFrom, c, nodeTo)
+  or
   subscriptReadStep(nodeFrom, c, nodeTo)
   or
   iterableUnpackingReadStep(nodeFrom, c, nodeTo)
diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
index 81c1f369561..68779208de9 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TypeTrackingImpl.qll
@@ -175,6 +175,8 @@ module TypeTrackingInput implements Shared::TypeTrackingInput {
       nodeTo = a.getObject()
     )
     or
+    DataFlowPrivate::storeStepCommon(nodeFrom, content, nodeTo)
+    or
     TypeTrackerSummaryFlow::basicStoreStep(nodeFrom, nodeTo, content)
   }
 
@@ -189,6 +191,8 @@ module TypeTrackingInput implements Shared::TypeTrackingInput {
       nodeTo = a
     )
     or
+    DataFlowPrivate::readStepCommon(nodeFrom, content, nodeTo)
+    or
     TypeTrackerSummaryFlow::basicLoadStep(nodeFrom, nodeTo, content)
   }