Data flow: Add more consistency checks

2026-04-28 02:05:14 +02:00 · 2023-08-31 11:55:07 +02:00
parent d6e143a858
commit c13a8e41ad
3 changed files with 31 additions and 17 deletions
--- a/csharp/ql/consistency-queries/DataFlowConsistency.ql
+++ b/csharp/ql/consistency-queries/DataFlowConsistency.ql
@@ -75,8 +75,3 @@ private module Input implements InputSig<CsharpDataFlow> {
 }

 import MakeConsistency<CsharpDataFlow, CsharpTaintTracking, Input>
-
-query predicate multipleToString(DataFlow::Node n, string s) {
-  s = strictconcat(n.toString(), ",") and
-  strictcount(n.toString()) > 1
-}
--- a/ruby/ql/consistency-queries/DataFlowConsistency.ql
+++ b/ruby/ql/consistency-queries/DataFlowConsistency.ql
@@ -35,11 +35,11 @@ private module Input implements InputSig<RubyDataFlow> {
      n.asExpr() = arg
    )
  }
+
+  predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) {
+    arg.asExpr().getASuccessor(any(SuccessorTypes::ConditionalSuccessor c)).getASuccessor() =
+      call.asCall()
+  }
 }

 import MakeConsistency<RubyDataFlow, RubyTaintTracking, Input>
-
-query predicate multipleToString(DataFlow::Node n, string s) {
-  s = strictconcat(n.toString(), ",") and
-  strictcount(n.toString()) > 1
-}
--- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll
+++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll
@@ -58,6 +58,16 @@ signature module InputSig<DF::InputSig DataFlowLang> {

  /** Holds if `n` should be excluded from the consistency test `identityLocalStep`. */
  default predicate identityLocalStepExclude(DataFlowLang::Node n) { none() }
+
+  /** Holds if `arg` should be excluded from the consistency test `missingArgumentCall`. */
+  default predicate missingArgumentCallExclude(DataFlowLang::ArgumentNode arg) { none() }
+
+  /** Holds if `(arg, call)` should be excluded from the consistency test `multipleArgumentCall`. */
+  default predicate multipleArgumentCallExclude(
+    DataFlowLang::ArgumentNode arg, DataFlowLang::DataFlowCall call
+  ) {
+    none()
+  }
 }

 module MakeConsistency<
@@ -147,13 +157,6 @@ module MakeConsistency<
    )
  }

-  query predicate missingToString(string msg) {
-    exists(int c |
-      c = strictcount(Node n | not exists(n.toString())) and
-      msg = "Nodes without toString: " + c
-    )
-  }
-
  query predicate parameterCallable(ParameterNode p, string msg) {
    exists(DataFlowCallable c | isParameterNode(p, c, _) and c != nodeGetEnclosingCallable(p)) and
    msg = "Callable mismatch for parameter."
@@ -287,4 +290,20 @@ module MakeConsistency<
    not Input::identityLocalStepExclude(n) and
    msg = "Node steps to itself"
  }
+
+  query predicate missingArgumentCall(ArgumentNode arg, string msg) {
+    not Input::missingArgumentCallExclude(arg) and
+    not isArgumentNode(arg, _, _) and
+    msg = "Missing call for argument node."
+  }
+
+  query predicate multipleArgumentCall(ArgumentNode arg, DataFlowCall call, string msg) {
+    isArgumentNode(arg, call, _) and
+    not Input::multipleArgumentCallExclude(arg, call) and
+    strictcount(DataFlowCall call0 |
+      isArgumentNode(arg, call0, _) and
+      not Input::multipleArgumentCallExclude(arg, call0)
+    ) > 1 and
+    msg = "Multiple calls for argument node."
+  }
 }