hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-15 16:23:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Shared: Prefer source/sink models with manual provenance over generated

Browse Source
This commit is contained in:
Tom Hvitved
2025-12-12 09:52:58 +01:00
parent 6f27863453
commit c4a8e9df21
1 changed files with 28 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -662,6 +662,30 @@ module Make<
unsupportedCallable(callable, _, _, _)
}
private predicate isRelevantSource(
SourceElement e, string output, string kind, Provenance provenance, string model
) {
e.isSource(output, kind, provenance, model) and
(
provenance.isManual()
or
provenance.isGenerated() and
not exists(Provenance p | p.isManual() and e.isSource(_, kind, p, _))
)
}
private predicate isRelevantSink(
SinkElement e, string input, string kind, Provenance provenance, string model
) {
e.isSink(input, kind, provenance, model) and
(
provenance.isManual()
or
provenance.isGenerated() and
not exists(Provenance p | p.isManual() and e.isSink(_, kind, p, _))
)
}
private predicate summarySpec(string spec) {
exists(SummarizedCallable c |
c.propagatesFlow(spec, _, _, _)
@@ -669,9 +693,9 @@ module Make<
c.propagatesFlow(_, spec, _, _)
)
or
any(SourceElement s).isSource(spec, _, _, _)
isRelevantSource(_, spec, _, _, _)
or
any(SinkElement s).isSink(spec, _, _, _)
isRelevantSink(_, spec, _, _, _)
}
import AccessPathSyntax::AccessPath<summarySpec/1>
@@ -1034,7 +1058,7 @@ module Make<
SourceElement source, SummaryComponentStack s, string kind, string model
) {
exists(string outSpec |
source.isSource(outSpec, kind, _, model) and
isRelevantSource(source, outSpec, kind, _, model) and
External::interpretSpec(outSpec, s)
)
}
@@ -1057,7 +1081,7 @@ module Make<
SinkElement sink, SummaryComponentStack s, string kind, string model
) {
exists(string inSpec |
sink.isSink(inSpec, kind, _, model) and
isRelevantSink(sink, inSpec, kind, _, model) and
External::interpretSpec(inSpec, s)
)
}