Python: attempt at capturing maximal flows

(this is what used to be "all flows")
2025-12-20 18:56:32 +01:00 · 2020-06-22 11:28:28 +02:00
parent cc8367bff2
commit b65e6fba9e
3 changed files with 49 additions and 0 deletions
--- a/python/ql/test/experimental/dataflow/maximalFlows.expected
+++ b/python/ql/test/experimental/dataflow/maximalFlows.expected
@@ -0,0 +1,13 @@
+| test.py:0:0:0:0 | GSSA Variable __name__ | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:0:0:0:0 | GSSA Variable __package__ | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:0:0:0:0 | GSSA Variable b | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:1:5:1:17 | GSSA Variable obfuscated_id | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:1:19:1:19 | SSA variable x | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:1:19:1:19 | SSA variable x | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:2:3:2:3 | SSA variable y | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:2:3:2:3 | SSA variable y | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:3:3:3:3 | SSA variable z | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:3:3:3:3 | SSA variable z | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:6:1:6:1 | GSSA Variable a | test.py:4:10:4:10 | ControlFlowNode for z |
+| test.py:6:1:6:1 | GSSA Variable a | test.py:7:1:7:1 | GSSA Variable b |
+| test.py:6:1:6:1 | GSSA Variable a | test.py:7:5:7:20 | GSSA Variable a |
--- a/python/ql/test/experimental/dataflow/maximalFlows.ql
+++ b/python/ql/test/experimental/dataflow/maximalFlows.ql
@@ -0,0 +1,10 @@
+import maximalFlowsConfig
+
+from
+  DataFlow::Node source,
+  DataFlow::Node sink
+where
+  source != sink and 
+  exists(MaximalFlowsConfig cfg | cfg.hasFlow(source, sink))
+select
+  source, sink
--- a/python/ql/test/experimental/dataflow/maximalFlowsConfig.qll
+++ b/python/ql/test/experimental/dataflow/maximalFlowsConfig.qll
@@ -0,0 +1,26 @@
+import experimental.dataflow.DataFlow
+
+/**
+ * A configuration to find all "maximal" flows.
+ * To be used on small programs.
+ */
+class MaximalFlowsConfig extends DataFlow::Configuration {
+  MaximalFlowsConfig() { this = "AllFlowsConfig" }
+
+  override predicate isSource(DataFlow::Node node) {
+    node instanceof DataFlow::ParameterNode
+    or
+    node = DataFlow::TEssaNode(_) and
+    not exists(DataFlow::Node pred |
+      pred = DataFlow::TEssaNode(_) and
+      DataFlow::localFlowStep(pred, node)
+    )
+  }
+
+  override predicate isSink(DataFlow::Node node) {
+    node instanceof DataFlow::ReturnNode
+    or
+    node = DataFlow::TEssaNode(_) and
+    not exists(node.asEssaNode().getASourceUse())
+  }
+}