diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll index d0c48d8148c..506774857d8 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll @@ -631,7 +631,7 @@ module MakeImpl Lang> { private newtype TSummaryCtx = TSummaryCtxNone() or - TSummaryCtxSome(ParamNd p, Typ t, Ap ap, TypOption stored, Boolean mustReturn) { + TSummaryCtxSome(ParamNd p, Typ t, Ap ap, TypOption stored, boolean mustReturn) { fwdFlowInFlowThrough(p, _, t, ap, stored, mustReturn) } or TSummaryCtxSource(Boolean mustEscape) @@ -1019,9 +1019,9 @@ module MakeImpl Lang> { private predicate fwdFlowInFlowThrough( ParamNd p, CcCall innercc, Typ t, Ap ap, TypOption stored, boolean mustReturn ) { - exists(SummaryCtx outerSummaryCtx | - FwdFlowInThrough::fwdFlowIn(_, _, _, p, _, innercc, outerSummaryCtx, t, ap, stored, _) and - outerSummaryCtx.isValidForFlowThrough(mustReturn) + exists(SummaryCtx summaryCtx | + FwdFlowInThrough::fwdFlowIn(_, _, _, p, _, innercc, summaryCtx, t, ap, stored, _) and + summaryCtx.isValidForFlowThrough(mustReturn) ) } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll index 17bb1be28e6..51ebb3f8a73 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll @@ -47,11 +47,12 @@ module MakeImplCommon Lang> { } } - newtype TFlowFeature = + private newtype TFlowFeature = TFeatureHasSourceCallContext() or TFeatureHasSinkCallContext() or TFeatureEqualSourceSinkCallContext() or - TFeatureEscapesSourceCallContext(Boolean strict) + TFeatureEscapesSourceCallContext() or + TFeatureEscapesSourceCallContextOrEqualSourceSinkCallContext() /** A flow configuration feature for use in `Configuration::getAFeature()`. */ class FlowFeature extends TFlowFeature { @@ -89,22 +90,16 @@ module MakeImplCommon Lang> { * the sink. */ class FeatureEscapesSourceCallContext extends FlowFeature, TFeatureEscapesSourceCallContext { - FeatureEscapesSourceCallContext() { this = TFeatureEscapesSourceCallContext(true) } - override string toString() { result = "FeatureEscapesSourceCallContext" } } /** - * A flow configuration feature that is the disjuction of `FeatureEscapesSourceCallContext` + * A flow configuration feature that is the disjunction of `FeatureEscapesSourceCallContext` * and `FeatureEqualSourceSinkCallContext`. */ class FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext extends FlowFeature, - TFeatureEscapesSourceCallContext + TFeatureEscapesSourceCallContextOrEqualSourceSinkCallContext { - FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext() { - this = TFeatureEscapesSourceCallContext(false) - } - override string toString() { result = "FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext" } diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index 0f50507ea68..426576d3ace 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -64,7 +64,7 @@ module MakeImplStage1 Lang> { predicate hasSourceCallCtx(); - predicate hasFeatureEscapesSourceCallContext(boolean nonEmpty); + predicate hasFeatureEscapesSourceCallContext(boolean strict); predicate hasSinkCallCtx(); @@ -1019,7 +1019,10 @@ module MakeImplStage1 Lang> { } predicate hasFeatureEscapesSourceCallContext(boolean strict) { - Config::getAFeature() = TFeatureEscapesSourceCallContext(strict) + Config::getAFeature() instanceof FeatureEscapesSourceCallContext and strict = true + or + Config::getAFeature() instanceof FeatureEscapesSourceCallContextOrEqualSourceSinkCallContext and + strict = false } predicate hasSinkCallCtx() {