From cd8d16183cb7ce0a6e6d4db93d39e7485e873f45 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 22 Jul 2019 15:41:37 +0200 Subject: [PATCH] Java/CPP/C#: Sync dataflow. --- .../cpp/dataflow/internal/DataFlowImpl.qll | 30 +++++++++---------- .../cpp/dataflow/internal/DataFlowImpl2.qll | 30 +++++++++---------- .../cpp/dataflow/internal/DataFlowImpl3.qll | 30 +++++++++---------- .../cpp/dataflow/internal/DataFlowImpl4.qll | 30 +++++++++---------- .../cpp/ir/dataflow/internal/DataFlowImpl.qll | 30 +++++++++---------- .../ir/dataflow/internal/DataFlowImpl2.qll | 30 +++++++++---------- .../ir/dataflow/internal/DataFlowImpl3.qll | 30 +++++++++---------- .../ir/dataflow/internal/DataFlowImpl4.qll | 30 +++++++++---------- .../csharp/dataflow/internal/DataFlowImpl.qll | 30 +++++++++---------- .../java/dataflow/internal/DataFlowImpl2.qll | 30 +++++++++---------- .../java/dataflow/internal/DataFlowImpl3.qll | 30 +++++++++---------- .../java/dataflow/internal/DataFlowImpl4.qll | 30 +++++++++---------- .../java/dataflow/internal/DataFlowImpl5.qll | 30 +++++++++---------- .../dataflow/internal/DataFlowImplDepr.qll | 30 +++++++++---------- 14 files changed, 210 insertions(+), 210 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl2.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl3.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImpl4.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl2.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl3.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll +++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImpl4.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll +++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl2.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl3.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl4.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImpl5.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) } diff --git a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplDepr.qll b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplDepr.qll index 8a62e2fe10d..5a6de5af0f4 100644 --- a/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplDepr.qll +++ b/java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplDepr.qll @@ -851,8 +851,6 @@ private class AccessPathFrontNilNode extends Node { localFlowBigStep(_, this, false, _) or additionalJumpStep(_, this, _) - or - simpleArgumentFlowsThrough(_, this, _, _) ) } @@ -914,10 +912,10 @@ private predicate flowCandFwd0(Node node, boolean fromArg, AccessPathFront apf, argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathFrontNil nil | + exists(Node mid, AccessPathFrontNil nil, DataFlowType t | flowCandFwd(mid, fromArg, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - apf = node.(AccessPathFrontNilNode).getApf() + simpleArgumentFlowsThrough(mid, node, t, config) and + apf = TFrontNil(t) ) ) or @@ -1187,10 +1185,10 @@ private predicate flowFwd0( argumentValueFlowsThrough(mid, node, _) ) or - exists(Node mid, AccessPathNil nil | + exists(Node mid, AccessPathNil nil, DataFlowType t | flowFwd(mid, fromArg, _, nil, config) and - simpleArgumentFlowsThrough(mid, node, _, config) and - ap = node.(AccessPathNilNode).getAp() and + simpleArgumentFlowsThrough(mid, node, t, config) and + ap = TNil(t) and apf = ap.(AccessPathNil).getFront() ) ) @@ -1539,7 +1537,7 @@ private predicate pathStep(PathNodeMid mid, Node node, CallContext cc, AccessPat or pathOutOfCallable(mid, node, cc) and ap = mid.getAp() or - pathThroughCallable(mid, node, cc) and ap = node.(AccessPathNilNode).getAp() + pathThroughCallable(mid, node, cc, ap) or valuePathThroughCallable(mid, node, cc) and ap = mid.getAp() } @@ -1670,14 +1668,14 @@ private predicate pathIntoCallable( /** Holds if data may flow from `p` to a return of kind `kind`. */ pragma[nomagic] private predicate paramFlowsThrough( - ParameterNode p, ReturnKind kind, CallContextCall cc, Configuration config + ParameterNode p, ReturnKind kind, CallContextCall cc, AccessPathNil apnil, Configuration config ) { exists(PathNodeMid mid, ReturnNode ret | mid.getNode() = ret and kind = ret.getKind() and cc = mid.getCallContext() and config = mid.getConfiguration() and - mid.getAp() instanceof AccessPathNil + apnil = mid.getAp() | cc = TSomeCall(p, true) or @@ -1689,11 +1687,11 @@ private predicate paramFlowsThrough( pragma[noinline] private predicate pathThroughCallable0( - DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc + DataFlowCall call, PathNodeMid mid, ReturnKind kind, CallContext cc, AccessPathNil apnil ) { exists(ParameterNode p, CallContext innercc | pathIntoCallable(mid, p, cc, innercc, call) and - paramFlowsThrough(p, kind, innercc, unbind(mid.getConfiguration())) and + paramFlowsThrough(p, kind, innercc, apnil, unbind(mid.getConfiguration())) and not parameterValueFlowsThrough(p, kind, innercc) and mid.getAp() instanceof AccessPathNil ) @@ -1704,9 +1702,11 @@ private predicate pathThroughCallable0( * The context `cc` is restored to its value prior to entering the callable. */ pragma[noinline] -private predicate pathThroughCallable(PathNodeMid mid, OutNode out, CallContext cc) { +private predicate pathThroughCallable( + PathNodeMid mid, OutNode out, CallContext cc, AccessPathNil apnil +) { exists(DataFlowCall call, ReturnKind kind | - pathThroughCallable0(call, mid, kind, cc) and + pathThroughCallable0(call, mid, kind, cc, apnil) and out = getAnOutNode(call, kind) ) }