Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency

Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll

@@ -709,7 +709,8 @@ private module Cached {
      */
     pragma[nomagic]
     private DataFlowCallable viableImplInCallContextExt(DataFlowCall call, DataFlowCall ctx) {
-      result = viableImplInCallContext(call, ctx)
+      result = viableImplInCallContext(call, ctx) and
+      result = viableCallable(call)
       or
       result = viableCallableLambda(call, TDataFlowCallSome(ctx))
       or

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll

@@ -38,6 +38,13 @@ module Consistency {
 
     /** Holds if `n` should be excluded from the consistency test `uniquePostUpdate`. */
     predicate uniquePostUpdateExclude(Node n) { none() }
+
+    /** Holds if `(call, ctx)` should be excluded from the consistency test `viableImplInCallContextTooLargeExclude`. */
+    predicate viableImplInCallContextTooLargeExclude(
+      DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable
+    ) {
+      none()
+    }
   }
 
   private class RelevantNode extends Node {
@@ -217,4 +224,12 @@ module Consistency {
     not any(ConsistencyConfiguration c).postWithInFlowExclude(n) and
     msg = "PostUpdateNode should not be the target of local flow."
   }
+
+  query predicate viableImplInCallContextTooLarge(
+    DataFlowCall call, DataFlowCall ctx, DataFlowCallable callable
+  ) {
+    callable = viableImplInCallContext(call, ctx) and
+    not callable = viableCallable(call) and
+    not any(ConsistencyConfiguration c).viableImplInCallContextTooLargeExclude(call, ctx, callable)
+  }
 }

python/ql/test/experimental/dataflow/basic/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/calls/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/consistency/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/coverage/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/fieldflow/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/global-flow/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/match/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/pep_328/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/regression/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/strange-essaflow/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/basic/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/commonSanitizer/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/customSanitizer/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep-py3/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/defaultAdditionalTaintStep/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/tainttracking/unwanted-global-flow/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/typetracking/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/experimental/dataflow/variable-capture/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/library-tests/ApiGraphs/py3/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge

python/ql/test/library-tests/frameworks/django-orm/dataflow-consistency.expected

@@ -16,3 +16,4 @@ postIsInSameCallable
 reverseRead
 argHasPostUpdate
 postWithInFlow
+viableImplInCallContextTooLarge