diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index b3a0dab7303..8501130e2e7 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -9,6 +9,7 @@ dependencies: codeql/controlflow: ${workspace} codeql/dataflow: ${workspace} codeql/mad: ${workspace} + codeql/rangeanalysis: ${workspace} codeql/ssa: ${workspace} codeql/threat-models: ${workspace} codeql/tutorial: ${workspace} diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll index 65af6fb13a8..b37222c1daa 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/Bound.qll @@ -4,67 +4,31 @@ overlay[local?] module; +private import csharp as CS private import internal.rangeanalysis.BoundSpecific +private import internal.rangeanalysis.BoundSpecific as BoundSpecific +private import codeql.rangeanalysis.Bound as SharedBound -private newtype TBound = - TBoundZero() or - TBoundSsa(SsaVariable v) { v.getSourceVariable().getType() instanceof IntegralType } or - TBoundExpr(Expr e) { - interestingExprBound(e) and - not exists(SsaVariable v | e = v.getAUse()) - } +private module BoundImpl = SharedBound::Bound; /** * A bound that may be inferred for an expression plus/minus an integer delta. */ -abstract class Bound extends TBound { - /** Gets a textual representation of this bound. */ - abstract string toString(); - - /** Gets an expression that equals this bound plus `delta`. */ - abstract Expr getExpr(int delta); - - /** Gets an expression that equals this bound. */ - Expr getExpr() { result = this.getExpr(0) } - - /** Gets the location of this bound. */ - abstract Location getLocation(); -} +class Bound = BoundImpl::Bound; /** * The bound that corresponds to the integer 0. This is used to represent all * integer bounds as bounds are always accompanied by an added integer delta. */ -class ZeroBound extends Bound, TBoundZero { - override string toString() { result = "0" } - - override Expr getExpr(int delta) { result.(ConstantIntegerExpr).getIntValue() = delta } - - override Location getLocation() { result.hasLocationInfo("", 0, 0, 0, 0) } -} +class ZeroBound = BoundImpl::ZeroBound; /** * A bound corresponding to the value of an SSA variable. */ -class SsaBound extends Bound, TBoundSsa { - /** Gets the SSA variable that equals this bound. */ - SsaVariable getSsa() { this = TBoundSsa(result) } - - override string toString() { result = this.getSsa().toString() } - - override Expr getExpr(int delta) { result = this.getSsa().getAUse() and delta = 0 } - - override Location getLocation() { result = this.getSsa().getLocation() } -} +class SsaBound = BoundImpl::SsaBound; /** * A bound that corresponds to the value of a specific expression that might be * interesting, but isn't otherwise represented by the value of an SSA variable. */ -class ExprBound extends Bound, TBoundExpr { - override string toString() { result = this.getExpr().toString() } - - override Expr getExpr(int delta) { this = TBoundExpr(result) and delta = 0 } - - override Location getLocation() { result = this.getExpr().getLocation() } -} +class ExprBound = BoundImpl::ExprBound; \ No newline at end of file diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll index 03742268430..069f0034eed 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/rangeanalysis/BoundSpecific.qll @@ -7,16 +7,26 @@ private import semmle.code.csharp.dataflow.SSA::Ssa as Ssa private import semmle.code.csharp.dataflow.internal.rangeanalysis.ConstantUtils as CU private import semmle.code.csharp.dataflow.internal.rangeanalysis.RangeUtils as RU private import semmle.code.csharp.dataflow.internal.rangeanalysis.SsaUtils as SU - -class SsaVariable = SU::SsaVariable; - -class Expr = CS::ControlFlowNodes::ExprNode; - -class Location = CS::Location; - -class IntegralType = CS::IntegralType; - -class ConstantIntegerExpr = CU::ConstantIntegerExpr; +private import codeql.rangeanalysis.Bound as SharedBound /** Holds if `e` is a bound expression and it is not an SSA variable read. */ -predicate interestingExprBound(Expr e) { CU::systemArrayLengthAccess(e.getExpr()) } + + +module BoundDefs implements SharedBound::BoundDefinitions { + class Type = CS::Type; + + class SsaVariable = SU::SsaVariable; + + class SsaSourceVariable = Ssa::SourceVariable; + + class Expr = CS::ControlFlowNodes::ExprNode; + + class IntegralType = CS::IntegralType; + + class ConstantIntegerExpr = CU::ConstantIntegerExpr; + + /** Holds if `e` is a bound expression and it is not an SSA variable read. */ + predicate interestingExprBound(Expr e) { + CU::systemArrayLengthAccess(e.getExpr()) + } +} diff --git a/java/ql/lib/semmle/code/java/dataflow/Bound.qll b/java/ql/lib/semmle/code/java/dataflow/Bound.qll index a1588020838..0cfe3e9039d 100644 --- a/java/ql/lib/semmle/code/java/dataflow/Bound.qll +++ b/java/ql/lib/semmle/code/java/dataflow/Bound.qll @@ -8,12 +8,26 @@ private import java as J private import internal.rangeanalysis.BoundSpecific as BoundSpecific private import codeql.rangeanalysis.Bound as SharedBound -module BoundInstantiation = SharedBound::Bound; +private module BoundImpl = SharedBound::Bound; -class Bound = BoundInstantiation::Bound; +/** + * A bound that may be inferred for an expression plus/minus an integer delta. + */ +class Bound = BoundImpl::Bound; -class ZeroBound = BoundInstantiation::ZeroBound; +/** + * The bound that corresponds to the integer 0. This is used to represent all + * integer bounds as bounds are always accompanied by an added integer delta. + */ +class ZeroBound = BoundImpl::ZeroBound; -class SsaBound = BoundInstantiation::SsaBound; +/** + * A bound corresponding to the value of an SSA variable. + */ +class SsaBound = BoundImpl::SsaBound; -class ExprBound = BoundInstantiation::ExprBound; \ No newline at end of file +/** + * A bound that corresponds to the value of a specific expression that might be + * interesting, but isn't otherwise represented by the value of an SSA variable. + */ +class ExprBound = BoundImpl::ExprBound; \ No newline at end of file