C#: Use manual sink callables as exclusion for extrapolated sinks.

2026-04-23 15:55:18 +02:00 · 2024-05-14 10:43:33 +02:00
parent d272d6a9ca
commit c59c7cf02a
1 changed files with 13 additions and 2 deletions
--- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
+++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll
@@ -226,13 +226,24 @@ private predicate isRelevantMemberAccess(DataFlow::Node node) {

 predicate sinkModelSanitizer(DataFlow::Node node) { none() }

+private class ManualNeutralSinkCallable extends Callable {
+  ManualNeutralSinkCallable() {
+    this =
+      any(FlowSummaryImpl::Public::NeutralCallable nc |
+        nc.hasManualModel() and nc.getKind() = "sink"
+      )
+  }
+}
+
 /**
 * Holds if `source` is an api entrypoint relevant for creating sink models.
 */
 predicate apiSource(DataFlow::Node source) {
  (isRelevantMemberAccess(source) or source instanceof DataFlow::ParameterNode) and
-  relevant(source.getEnclosingCallable()) and
-  not hasManualModel(source.getEnclosingCallable())
+  exists(Callable enclosing | enclosing = source.getEnclosingCallable() |
+    relevant(enclosing) and
+    not enclosing instanceof ManualNeutralSinkCallable
+  )
 }

 /**