Merge pull request #19404 from MathiasVP/cleanup-PropagateFlowConfig

Shared: Use `isSink/1` in `PropagateFlowConfig`
2026-05-03 12:45:27 +02:00 · 2025-04-29 10:30:01 +01:00
parent d784473dcd b91a2cc159
commit daf953fabe
1 changed files with 6 additions and 2 deletions
--- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
+++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
@@ -484,10 +484,14 @@ module MakeModelGenerator<
      }

      predicate isSink(DataFlow::Node sink, FlowState state) {
+        // Sinks are provided by `isSink/1`
+        none()
+      }
+
+      predicate isSink(DataFlow::Node sink) {
        sink instanceof ReturnNodeExt and
        not isOwnInstanceAccessNode(sink) and
-        not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and
-        (state instanceof TaintRead or state instanceof TaintStore)
+        not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink)))
      }

      predicate isAdditionalFlowStep(