diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll index 2145073b9f9..4b9a9e1fbff 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll @@ -300,6 +300,12 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) { ) } +/** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ +predicate heapParameter(ParameterPosition pos) { none() } + /** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */ bindingset[s] ArgumentPosition parseParamBody(string s) { diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll index 88844f24537..9a17315ab34 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll @@ -251,6 +251,12 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) { ) } +/** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ +predicate heapParameter(ParameterPosition pos) { none() } + /** * Holds if specification component `c` parses as return value `n` or a range * containing `n`. diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll index d9782c2eecf..94681870d47 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImplSpecific.qll @@ -319,6 +319,12 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode n) { ) } +/** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ +predicate heapParameter(ParameterPosition pos) { pos = -2 } + /** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */ bindingset[s] ArgumentPosition parseParamBody(string s) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll index 51002143919..0c96e7a2b2b 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImplSpecific.qll @@ -241,6 +241,12 @@ private module UnusedSourceSinkInterpretation { /** Provides additional source specification logic. */ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } + + /** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ + predicate heapParameter(ParameterPosition pos) { none() } } import UnusedSourceSinkInterpretation diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll index e97014a5451..727f9a73f40 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImplSpecific.qll @@ -289,6 +289,12 @@ private module UnusedSourceSinkInterpretation { /** Provides additional source specification logic. */ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node) { none() } + + /** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ + predicate heapParameter(ParameterPosition pos) { none() } } import UnusedSourceSinkInterpretation diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 7977e18120f..d1ca22db203 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -1222,14 +1222,18 @@ module Private { node.asNode().(PostUpdateNode).getPreUpdateNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ArgumentPosition apos, ParameterPosition ppos | node.asNode().(ParamNode).isParameterOf(mid.asCallable(), ppos) and parameterMatch(ppos, apos) | - c = "Parameter" or parseParam(c, apos) + c = "Parameter" and not heapParameter(ppos) + or + parseParam(c, apos) ) or c = "ReturnValue" and @@ -1259,7 +1263,9 @@ module Private { node.asNode().(ArgNode).argumentOf(mid.asCall(), apos) and parameterMatch(ppos, apos) | - c = "Argument" or parseArg(c, ppos) + c = "Argument" and not heapParameter(ppos) + or + parseArg(c, ppos) ) or exists(ReturnNodeExt ret | diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll index ca1b9a316b5..4feaf989c4f 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImplSpecific.qll @@ -213,6 +213,12 @@ predicate interpretInputSpecific(string c, InterpretNode mid, InterpretNode node ) } +/** + * Holds if `pos` is the position of the `heap` parameter, and thus should not + * be included by models that specify "any argument" or "any parameter". + */ +predicate heapParameter(ParameterPosition pos) { none() } + /** Gets the argument position obtained by parsing `X` in `Parameter[X]`. */ bindingset[s] ArgumentPosition parseParamBody(string s) {