hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18633 from aschackmull/dataflow/refactor-flowstate

Browse Source 
Dataflow: Refactor FlowState to be paired with Node
This commit is contained in:
Anders Schack-Mulligen
2025-02-05 09:43:25 +01:00
committed by GitHub
parent 670ecb3298 73d7250688
commit bcec7ee234
6 changed files with 3041 additions and 2701 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql
View File

@@ -251,25 +251,19 @@ module PropNameTrackingConfig implements DataFlow::StateConfigSig {
node = DataFlow::MakeStateBarrierGuard<FlowState, BarrierGuard>::getABarrierNode(state) node = DataFlow::MakeStateBarrierGuard<FlowState, BarrierGuard>::getABarrierNode(state)
} }
predicate isAdditionalFlowStep( predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2 // Step through `p -> x[p]`
) { exists(DataFlow::PropRead read |
exists(state1) and node1 = read.getPropertyNameExpr().flow() and
state2 = state1 and not read.(DynamicPropRead).hasDominatingAssignment() and
( node2 = read
// Step through `p -> x[p]` )
exists(DataFlow::PropRead read | or
node1 = read.getPropertyNameExpr().flow() and // Step through `x -> x[p]`
not read.(DynamicPropRead).hasDominatingAssignment() and exists(DynamicPropRead read |
node2 = read not read.hasDominatingAssignment() and
) node1 = read.getBase() and
or node2 = read
// Step through `x -> x[p]`
exists(DynamicPropRead read |
not read.hasDominatingAssignment() and
node1 = read.getBase() and
node2 = read
)
) )
} }

17
shared/dataflow/codeql/dataflow/DataFlow.qll
View File

@@ -643,6 +643,7 @@ private module PathGraphSigMod {
module DataFlowMake<LocationSig Location, InputSig<Location> Lang> { module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
private import Lang private import Lang
private import internal.DataFlowImpl::MakeImpl<Location, Lang> private import internal.DataFlowImpl::MakeImpl<Location, Lang>
private import internal.DataFlowImplStage1::MakeImplStage1<Location, Lang>
import Configs<Location, Lang> import Configs<Location, Lang>
/** /**
@@ -700,7 +701,13 @@ module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
} }
} }
import Impl<C> private module Stage1 = ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = Impl<C, Stage1::Stage1NoState>;
import Flow
} }
/** /**
@@ -723,7 +730,13 @@ module DataFlowMake<LocationSig Location, InputSig<Location> Lang> {
} }
} }
import Impl<C> private module Stage1 = ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = Impl<C, Stage1::Stage1WithState>;
import Flow
} }
signature class PathNodeSig { signature class PathNodeSig {

34
shared/dataflow/codeql/dataflow/TaintTracking.qll
View File

@@ -5,6 +5,7 @@
private import DataFlow as DF private import DataFlow as DF
private import internal.DataFlowImpl private import internal.DataFlowImpl
private import internal.DataFlowImplStage1
private import codeql.util.Location private import codeql.util.Location
/** /**
@@ -47,6 +48,7 @@ module TaintFlowMake<
private import TaintTrackingLang private import TaintTrackingLang
private import DF::DataFlowMake<Location, DataFlowLang> as DataFlow private import DF::DataFlowMake<Location, DataFlowLang> as DataFlow
private import MakeImpl<Location, DataFlowLang> as DataFlowInternal private import MakeImpl<Location, DataFlowLang> as DataFlowInternal
private import MakeImplStage1<Location, DataFlowLang> as DataFlowInternalStage1
private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements private module AddTaintDefaults<DataFlowInternal::FullStateConfigSig Config> implements
DataFlowInternal::FullStateConfigSig DataFlowInternal::FullStateConfigSig
@@ -94,7 +96,13 @@ module TaintFlowMake<
import AddTaintDefaults<Config0> import AddTaintDefaults<Config0>
} }
import DataFlowInternal::Impl<C> private module Stage1 = DataFlowInternalStage1::ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = DataFlowInternal::Impl<C, Stage1::Stage1NoState>;
import Flow
} }
/** /**
@@ -122,7 +130,13 @@ module TaintFlowMake<
import AddTaintDefaults<Config0> import AddTaintDefaults<Config0>
} }
import DataFlowInternal::Impl<C> private module Stage1 = DataFlowInternalStage1::ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = DataFlowInternal::Impl<C, Stage1::Stage1WithState>;
import Flow
} }
signature int speculationLimitSig(); signature int speculationLimitSig();
@@ -218,7 +232,13 @@ module TaintFlowMake<
import AddTaintDefaults<AddSpeculativeTaintSteps<Config0, speculationLimit/0>> import AddTaintDefaults<AddSpeculativeTaintSteps<Config0, speculationLimit/0>>
} }
import DataFlowInternal::Impl<C> private module Stage1 = DataFlowInternalStage1::ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = DataFlowInternal::Impl<C, Stage1::Stage1WithState>;
import Flow
} }
/** /**
@@ -250,6 +270,12 @@ module TaintFlowMake<
import AddTaintDefaults<AddSpeculativeTaintSteps<Config0, speculationLimit/0>> import AddTaintDefaults<AddSpeculativeTaintSteps<Config0, speculationLimit/0>>
} }
import DataFlowInternal::Impl<C> private module Stage1 = DataFlowInternalStage1::ImplStage1<C>;
import Stage1::PartialFlow
private module Flow = DataFlowInternal::Impl<C, Stage1::Stage1WithState>;
import Flow
} }
} }

3138
shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
View File

File diff suppressed because it is too large Load Diff

8
shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll
View File

@@ -67,7 +67,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
/** /**
* Holds if `source` is a relevant data flow source. * Holds if `source` is a relevant data flow source.
*/ */
signature predicate sourceNode(Node source); signature predicate sourceNodeSig(Node source);
/** /**
* EXPERIMENTAL: This API is subject to change without notice. * EXPERIMENTAL: This API is subject to change without notice.
@@ -75,7 +75,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
* Given a source definition, this constructs a simple forward flow * Given a source definition, this constructs a simple forward flow
* computation with an access path limit of 1. * computation with an access path limit of 1.
*/ */
module SimpleGlobal<sourceNode/1 source> { module SimpleGlobal<sourceNodeSig/1 source> {
import TypeTracking::TypeTrack<source/1> import TypeTracking::TypeTrack<source/1>
} }
} }
@@ -853,6 +853,10 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
class SndLevelScopeOption = SndLevelScopeOption::Option; class SndLevelScopeOption = SndLevelScopeOption::Option;
final class NodeEx extends TNodeEx { final class NodeEx extends TNodeEx {
NodeEx getNodeEx() { result = this }
Unit getState() { any() }
string toString() { string toString() {
result = this.asNode().toString() result = this.asNode().toString()
or or

2513
shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll Normal file
View File

File diff suppressed because it is too large Load Diff