C#: Add MaD source and sink test query to shared library.

2026-04-23 15:55:18 +02:00 · 2024-03-15 15:37:03 +01:00
parent 4177c38ed4
commit 90db9b330f
4 changed files with 90 additions and 14 deletions
--- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
@@ -1468,13 +1468,13 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
         * Holds if an external source specification exists for `n` with output specification
         * `output` and kind `kind`.
         */
-        predicate sourceElement(Element n, string output, string kind);
+        predicate sourceElement(Element n, string output, string kind, Provenance provenance);

        /**
         * Holds if an external sink specification exists for `n` with input specification
         * `input` and kind `kind`.
         */
-        predicate sinkElement(Element n, string input, string kind);
+        predicate sinkElement(Element n, string input, string kind, Provenance provenance);

        class SourceOrSinkElement extends Element;

@@ -1529,8 +1529,8 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
        private import SourceSinkInterpretationInput

        private predicate sourceSinkSpec(string spec) {
-          sourceElement(_, spec, _) or
-          sinkElement(_, spec, _)
+          sourceElement(_, spec, _, _) or
+          sinkElement(_, spec, _, _)
        }

        private module AccessPath = AccessPathSyntax::AccessPath<sourceSinkSpec/1>;
@@ -1562,7 +1562,7 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
          InterpretNode ref, SourceSinkAccessPath output, string kind
        ) {
          exists(SourceOrSinkElement e |
-            sourceElement(e, output, kind) and
+            sourceElement(e, output, kind, _) and
            if outputNeedsReferenceExt(output.getToken(0))
            then e = ref.getCallTarget()
            else e = ref.asElement()
@@ -1576,7 +1576,7 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {

        private predicate sinkElementRef(InterpretNode ref, SourceSinkAccessPath input, string kind) {
          exists(SourceOrSinkElement e |
-            sinkElement(e, input, kind) and
+            sinkElement(e, input, kind, _) and
            if inputNeedsReferenceExt(input.getToken(0))
            then e = ref.getCallTarget()
            else e = ref.asElement()
@@ -1691,6 +1691,63 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
            interpretInput(input, input.getNumToken(), ref, node)
          )
        }
+
+        signature module TestSourceSinkInputSig {
+          /**
+           * A class or source elements relevant for testing.
+           */
+          class RelevantSourceCallable instanceof SourceOrSinkElement {
+            /** Gets the string representation of this callable used by `source/1`. */
+            string getCallableCsv();
+          }
+
+          /**
+           * A class or sink elements relevant for testing.
+           */
+          class RelevantSinkCallable instanceof SourceOrSinkElement {
+            /** Gets the string representation of this callable used by `source/1`. */
+            string getCallableCsv();
+          }
+        }
+
+        /** Provides query predicates for outputting a set of relevant sources and sinks. */
+        module TestSourceSinkOutput<TestSourceSinkInputSig TestSourceSinkInput> {
+          private import TestSourceSinkInput
+
+          /**
+           * Holds if there exists a relevant source callable with information roughly corresponding to `csv`.
+           * Used for testing.
+           * The syntax is: "namespace;type;overrides;name;signature;ext;outputspec;kind;provenance",
+           * ext is hardcoded to empty.
+           */
+          query predicate source(string csv) {
+            exists(RelevantSourceCallable c, string output, string kind, Provenance provenance |
+              sourceElement(c, output, kind, provenance) and
+              csv =
+                c.getCallableCsv() // Callable information
+                  + output + ";" // output
+                  + kind + ";" // kind
+                  + provenance // provenance
+            )
+          }
+
+          /**
+           * Holds if there exists a relevant sink callable with information roughly corresponding to `csv`.
+           * Used for testing.
+           * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;kind;provenance",
+           * ext is hardcoded to empty.
+           */
+          query predicate sink(string csv) {
+            exists(RelevantSinkCallable c, string input, string kind, Provenance provenance |
+              sinkElement(c, input, kind, provenance) and
+              csv =
+                c.getCallableCsv() // Callable information
+                  + input + ";" // input
+                  + kind + ";" // kind
+                  + provenance // provenance
+            )
+          }
+        }
      }
    }

@@ -1746,7 +1803,8 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
      }

      /**
-       * A query predicate for outputting flow summaries in semi-colon separated format in QL tests.
+       * Holds if there exists a relevant summary callable with information roughly corresponding to `csv`.
+       * Used for testing.
       * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance",
       * ext is hardcoded to empty.
       */
@@ -1766,7 +1824,8 @@ module Make<DF::InputSig DataFlowLang, InputSig<DataFlowLang> Input> {
      }

      /**
-       * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes.
+       * Holds if there exists a relevant neutral callable with information roughly corresponding to `csv`.
+       * Used for testing.
       * The syntax is: "namespace;type;name;signature;kind;provenance"",
       */
      query predicate neutral(string csv) {