Improve join orders for top 5 perf regressions in QA

2026-04-18 05:24:01 +02:00 · 2024-10-02 23:16:22 +01:00
parent 365ccf4903
commit bf5ba33c2e
4 changed files with 21 additions and 5 deletions
--- a/go/ql/lib/semmle/go/frameworks/Afero.qll
+++ b/go/ql/lib/semmle/go/frameworks/Afero.qll
@@ -65,7 +65,7 @@ module Afero {
      exists(Function f |
        f.hasQualifiedName(aferoPackage(),
          ["WriteReader", "SafeWriteReader", "WriteFile", "ReadFile", "ReadDir"]) and
-        this = f.getACall() and
+        this = pragma[only_bind_out](f.getACall()) and
        pathArg = 1 and
        not aferoSanitizer(this.getArgument(0))
      )
@@ -73,7 +73,7 @@ module Afero {
      exists(Method m |
        m.hasQualifiedName(aferoPackage(), "Afero",
          ["WriteReader", "SafeWriteReader", "WriteFile", "ReadFile", "ReadDir"]) and
-        this = m.getACall() and
+        this = pragma[only_bind_out](m.getACall()) and
        pathArg = 0 and
        not aferoSanitizer(this.getReceiver())
      )
--- a/go/ql/lib/semmle/go/frameworks/GoMicro.qll
+++ b/go/ql/lib/semmle/go/frameworks/GoMicro.qll
@@ -98,6 +98,12 @@ module GoMicro {
    }
  }

+  bindingset[m]
+  pragma[inline_late]
+  private predicate implementsServiceType(Method m) {
+    m.implements(any(ServiceInterfaceType i).getNamedType().getMethod(_))
+  }
+
  /**
   * A service handler.
   */
@@ -106,7 +112,7 @@ module GoMicro {
      exists(DataFlow::CallNode call |
        call.getTarget() instanceof ServiceRegisterHandler and
        this = call.getArgument(1).getType().getMethod(_) and
-        this.implements(any(ServiceInterfaceType i).getNamedType().getMethod(_))
+        implementsServiceType(this)
      )
    }
  }
--- a/go/ql/lib/semmle/go/frameworks/Twirp.qll
+++ b/go/ql/lib/semmle/go/frameworks/Twirp.qll
@@ -118,13 +118,19 @@ module Twirp {
    override string getKind() { result = "URL" }
  }

+  bindingset[m]
+  pragma[inline_late]
+  private predicate implementsServiceType(Method m) {
+    m.implements(any(ServiceInterfaceType i).getNamedType().getMethod(_))
+  }
+
  /** A service handler. */
  class ServiceHandler extends Method {
    ServiceHandler() {
      exists(DataFlow::CallNode call |
        call.getTarget() instanceof ServerConstructor and
        this = call.getArgument(0).getType().getMethod(_) and
-        this.implements(any(ServiceInterfaceType i).getNamedType().getMethod(_))
+        implementsServiceType(this)
      )
    }
  }
--- a/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
+++ b/go/ql/src/Security/CWE-798/HardcodedCredentials.ql
@@ -17,13 +17,17 @@ import go
 import semmle.go.security.HardcodedCredentials
 import semmle.go.security.SensitiveActions

+bindingset[write]
+pragma[inline_late]
+private predicate isWriteRhs(Write write, DataFlow::Node rhs) { write.getRhs() = rhs }
+
 /**
 * Holds if `sink` is used in a context that suggests it may hold sensitive data of
 * the given `type`.
 */
 predicate isSensitive(DataFlow::Node sink, SensitiveExpr::Classification type) {
  exists(Write write, string name |
-    write.getRhs() = sink and
+    isWriteRhs(write, sink) and
    name = write.getLhs().getName() and
    // allow obvious test password variables
    not name.regexpMatch(HeuristicNames::notSensitive())