mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow
This commit is contained in:
Tom Hvitved
@@ -750,6 +750,27 @@ module Private {
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `p` can reach `n` in a summarized callable, using only value-preserving
|
||||
* local steps. `clearsOrExcepts` records whether any node on the path from `p` to
|
||||
* `n` either clears or expects contents.
|
||||
*/
|
||||
private predicate paramReachesLocal(ParamNode p, Node n, boolean clearsOrExcepts) {
|
||||
viableParam(_, _, _, p) and
|
||||
n = p and
|
||||
clearsOrExcepts = false
|
||||
or
|
||||
exists(Node mid, boolean clearsOrExceptsMid |
|
||||
paramReachesLocal(p, mid, clearsOrExceptsMid) and
|
||||
summaryLocalStep(mid, n, true) and
|
||||
if
|
||||
summaryClearsContent(n, _) or
|
||||
summaryExpectsContent(n, _)
|
||||
then clearsOrExcepts = true
|
||||
else clearsOrExcepts = clearsOrExceptsMid
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if use-use flow starting from `arg` should be prohibited.
|
||||
*
|
||||
@@ -759,15 +780,11 @@ module Private {
|
||||
*/
|
||||
pragma[nomagic]
|
||||
predicate prohibitsUseUseFlow(ArgNode arg, SummarizedCallable sc) {
|
||||
exists(ParamNode p, Node mid, ParameterPosition ppos, Node ret |
|
||||
exists(ParamNode p, ParameterPosition ppos, Node ret |
|
||||
paramReachesLocal(p, ret, true) and
|
||||
p = summaryArgParam0(_, arg, sc) and
|
||||
p.isParameterOf(_, pragma[only_bind_into](ppos)) and
|
||||
summaryLocalStep(p, mid, true) and
|
||||
summaryLocalStep(mid, ret, true) and
|
||||
isParameterPostUpdate(ret, _, pragma[only_bind_into](ppos))
|
||||
|
|
||||
summaryClearsContent(mid, _) or
|
||||
summaryExpectsContent(mid, _)
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -564,8 +564,6 @@ edges
|
||||
| array_flow.rb:334:10:334:10 | a [element] : | array_flow.rb:334:10:334:13 | ...[...] |
|
||||
| array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:339:9:339:9 | a [element 2] : |
|
||||
| array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:339:9:339:9 | a [element 2] : |
|
||||
| array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:345:10:345:10 | a [element 2] : |
|
||||
| array_flow.rb:338:16:338:25 | call to source : | array_flow.rb:345:10:345:10 | a [element 2] : |
|
||||
| array_flow.rb:339:9:339:9 | [post] a [element] : | array_flow.rb:343:10:343:10 | a [element] : |
|
||||
| array_flow.rb:339:9:339:9 | [post] a [element] : | array_flow.rb:343:10:343:10 | a [element] : |
|
||||
| array_flow.rb:339:9:339:9 | [post] a [element] : | array_flow.rb:344:10:344:10 | a [element] : |
|
||||
@@ -588,8 +586,6 @@ edges
|
||||
| array_flow.rb:343:10:343:10 | a [element] : | array_flow.rb:343:10:343:13 | ...[...] |
|
||||
| array_flow.rb:344:10:344:10 | a [element] : | array_flow.rb:344:10:344:13 | ...[...] |
|
||||
| array_flow.rb:344:10:344:10 | a [element] : | array_flow.rb:344:10:344:13 | ...[...] |
|
||||
| array_flow.rb:345:10:345:10 | a [element 2] : | array_flow.rb:345:10:345:13 | ...[...] |
|
||||
| array_flow.rb:345:10:345:10 | a [element 2] : | array_flow.rb:345:10:345:13 | ...[...] |
|
||||
| array_flow.rb:345:10:345:10 | a [element] : | array_flow.rb:345:10:345:13 | ...[...] |
|
||||
| array_flow.rb:345:10:345:10 | a [element] : | array_flow.rb:345:10:345:13 | ...[...] |
|
||||
| array_flow.rb:349:16:349:25 | call to source : | array_flow.rb:350:9:350:9 | a [element 2] : |
|
||||
@@ -4098,8 +4094,6 @@ nodes
|
||||
| array_flow.rb:344:10:344:10 | a [element] : | semmle.label | a [element] : |
|
||||
| array_flow.rb:344:10:344:13 | ...[...] | semmle.label | ...[...] |
|
||||
| array_flow.rb:344:10:344:13 | ...[...] | semmle.label | ...[...] |
|
||||
| array_flow.rb:345:10:345:10 | a [element 2] : | semmle.label | a [element 2] : |
|
||||
| array_flow.rb:345:10:345:10 | a [element 2] : | semmle.label | a [element 2] : |
|
||||
| array_flow.rb:345:10:345:10 | a [element] : | semmle.label | a [element] : |
|
||||
| array_flow.rb:345:10:345:10 | a [element] : | semmle.label | a [element] : |
|
||||
| array_flow.rb:345:10:345:13 | ...[...] | semmle.label | ...[...] |
|
||||
|
||||
@@ -102,7 +102,6 @@ edges
|
||||
| hash_flow.rb:185:9:185:12 | hash [element :a] : | hash_flow.rb:185:9:185:23 | call to delete : |
|
||||
| hash_flow.rb:185:9:185:23 | call to delete : | hash_flow.rb:186:10:186:10 | a |
|
||||
| hash_flow.rb:194:15:194:25 | call to taint : | hash_flow.rb:197:9:197:12 | hash [element :a] : |
|
||||
| hash_flow.rb:194:15:194:25 | call to taint : | hash_flow.rb:202:10:202:13 | hash [element :a] : |
|
||||
| hash_flow.rb:197:9:197:12 | [post] hash [element :a] : | hash_flow.rb:202:10:202:13 | hash [element :a] : |
|
||||
| hash_flow.rb:197:9:197:12 | hash [element :a] : | hash_flow.rb:197:9:197:12 | [post] hash [element :a] : |
|
||||
| hash_flow.rb:197:9:197:12 | hash [element :a] : | hash_flow.rb:197:9:200:7 | call to delete_if [element :a] : |
|
||||
@@ -307,7 +306,6 @@ edges
|
||||
| hash_flow.rb:477:29:477:33 | value : | hash_flow.rb:479:14:479:18 | value |
|
||||
| hash_flow.rb:482:10:482:10 | b [element :a] : | hash_flow.rb:482:10:482:14 | ...[...] |
|
||||
| hash_flow.rb:489:15:489:25 | call to taint : | hash_flow.rb:492:9:492:12 | hash [element :a] : |
|
||||
| hash_flow.rb:489:15:489:25 | call to taint : | hash_flow.rb:498:10:498:13 | hash [element :a] : |
|
||||
| hash_flow.rb:492:9:492:12 | [post] hash [element :a] : | hash_flow.rb:498:10:498:13 | hash [element :a] : |
|
||||
| hash_flow.rb:492:9:492:12 | hash [element :a] : | hash_flow.rb:492:9:492:12 | [post] hash [element :a] : |
|
||||
| hash_flow.rb:492:9:492:12 | hash [element :a] : | hash_flow.rb:492:9:496:7 | call to reject! [element :a] : |
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
failures
|
||||
| summaries.rb:106:6:106:9 | ...[...] | Unexpected result: hasValueFlow=elem1 |
|
||||
| summaries.rb:107:6:107:9 | ...[...] | Unexpected result: hasValueFlow=elem2 |
|
||||
edges
|
||||
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:2:6:2:12 | tainted |
|
||||
| summaries.rb:1:11:1:36 | call to identity : | summaries.rb:2:6:2:12 | tainted |
|
||||
@@ -99,14 +97,10 @@ edges
|
||||
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:87:5:87:5 | a [element 1] : |
|
||||
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:91:5:91:5 | a [element 1] : |
|
||||
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:91:5:91:5 | a [element 1] : |
|
||||
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:103:1:103:1 | d [element 1] : |
|
||||
| summaries.rb:79:15:79:29 | call to source : | summaries.rb:103:1:103:1 | d [element 1] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:86:6:86:6 | a [element 2] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:86:6:86:6 | a [element 2] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:95:1:95:1 | a [element 2] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:95:1:95:1 | a [element 2] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:103:1:103:1 | d [element 2] : |
|
||||
| summaries.rb:79:32:79:46 | call to source : | summaries.rb:103:1:103:1 | d [element 2] : |
|
||||
| summaries.rb:81:1:81:1 | [post] a [element] : | summaries.rb:82:6:82:6 | a [element] : |
|
||||
| summaries.rb:81:1:81:1 | [post] a [element] : | summaries.rb:82:6:82:6 | a [element] : |
|
||||
| summaries.rb:81:1:81:1 | [post] a [element] : | summaries.rb:84:6:84:6 | a [element] : |
|
||||
@@ -191,28 +185,14 @@ edges
|
||||
| summaries.rb:99:1:99:1 | a [element 2] : | summaries.rb:99:1:99:1 | [post] a [element 2] : |
|
||||
| summaries.rb:102:6:102:6 | a [element 2] : | summaries.rb:102:6:102:9 | ...[...] |
|
||||
| summaries.rb:102:6:102:6 | a [element 2] : | summaries.rb:102:6:102:9 | ...[...] |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 1] : | summaries.rb:106:6:106:6 | d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 1] : | summaries.rb:106:6:106:6 | d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 2] : | summaries.rb:107:6:107:6 | d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 2] : | summaries.rb:107:6:107:6 | d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | summaries.rb:104:1:104:1 | d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | summaries.rb:104:1:104:1 | d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | summaries.rb:108:6:108:6 | d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | summaries.rb:108:6:108:6 | d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 1] : | summaries.rb:103:1:103:1 | [post] d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 1] : | summaries.rb:103:1:103:1 | [post] d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 2] : | summaries.rb:103:1:103:1 | [post] d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 2] : | summaries.rb:103:1:103:1 | [post] d [element 2] : |
|
||||
| summaries.rb:103:8:103:22 | call to source : | summaries.rb:103:1:103:1 | [post] d [element 3] : |
|
||||
| summaries.rb:103:8:103:22 | call to source : | summaries.rb:103:1:103:1 | [post] d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | [post] d [element 3] : | summaries.rb:108:6:108:6 | d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | [post] d [element 3] : | summaries.rb:108:6:108:6 | d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | d [element 3] : | summaries.rb:104:1:104:1 | [post] d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | d [element 3] : | summaries.rb:104:1:104:1 | [post] d [element 3] : |
|
||||
| summaries.rb:106:6:106:6 | d [element 1] : | summaries.rb:106:6:106:9 | ...[...] |
|
||||
| summaries.rb:106:6:106:6 | d [element 1] : | summaries.rb:106:6:106:9 | ...[...] |
|
||||
| summaries.rb:107:6:107:6 | d [element 2] : | summaries.rb:107:6:107:9 | ...[...] |
|
||||
| summaries.rb:107:6:107:6 | d [element 2] : | summaries.rb:107:6:107:9 | ...[...] |
|
||||
| summaries.rb:108:6:108:6 | d [element 3] : | summaries.rb:108:6:108:9 | ...[...] |
|
||||
| summaries.rb:108:6:108:6 | d [element 3] : | summaries.rb:108:6:108:9 | ...[...] |
|
||||
| summaries.rb:111:1:111:1 | [post] x [@value] : | summaries.rb:112:6:112:6 | x [@value] : |
|
||||
@@ -407,30 +387,14 @@ nodes
|
||||
| summaries.rb:102:6:102:6 | a [element 2] : | semmle.label | a [element 2] : |
|
||||
| summaries.rb:102:6:102:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:102:6:102:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 1] : | semmle.label | [post] d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 1] : | semmle.label | [post] d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 2] : | semmle.label | [post] d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 2] : | semmle.label | [post] d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | semmle.label | [post] d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | [post] d [element 3] : | semmle.label | [post] d [element 3] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 1] : | semmle.label | d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 1] : | semmle.label | d [element 1] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 2] : | semmle.label | d [element 2] : |
|
||||
| summaries.rb:103:1:103:1 | d [element 2] : | semmle.label | d [element 2] : |
|
||||
| summaries.rb:103:8:103:22 | call to source : | semmle.label | call to source : |
|
||||
| summaries.rb:103:8:103:22 | call to source : | semmle.label | call to source : |
|
||||
| summaries.rb:104:1:104:1 | [post] d [element 3] : | semmle.label | [post] d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | [post] d [element 3] : | semmle.label | [post] d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | d [element 3] : | semmle.label | d [element 3] : |
|
||||
| summaries.rb:104:1:104:1 | d [element 3] : | semmle.label | d [element 3] : |
|
||||
| summaries.rb:106:6:106:6 | d [element 1] : | semmle.label | d [element 1] : |
|
||||
| summaries.rb:106:6:106:6 | d [element 1] : | semmle.label | d [element 1] : |
|
||||
| summaries.rb:106:6:106:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:106:6:106:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:107:6:107:6 | d [element 2] : | semmle.label | d [element 2] : |
|
||||
| summaries.rb:107:6:107:6 | d [element 2] : | semmle.label | d [element 2] : |
|
||||
| summaries.rb:107:6:107:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:107:6:107:9 | ...[...] | semmle.label | ...[...] |
|
||||
| summaries.rb:108:6:108:6 | d [element 3] : | semmle.label | d [element 3] : |
|
||||
| summaries.rb:108:6:108:6 | d [element 3] : | semmle.label | d [element 3] : |
|
||||
| summaries.rb:108:6:108:9 | ...[...] | semmle.label | ...[...] |
|
||||
@@ -544,10 +508,6 @@ invalidSpecComponent
|
||||
| summaries.rb:98:6:98:9 | ...[...] | summaries.rb:81:13:81:27 | call to source : | summaries.rb:98:6:98:9 | ...[...] | $@ | summaries.rb:81:13:81:27 | call to source : | call to source : |
|
||||
| summaries.rb:102:6:102:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:102:6:102:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
|
||||
| summaries.rb:102:6:102:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:102:6:102:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
|
||||
| summaries.rb:106:6:106:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:106:6:106:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
|
||||
| summaries.rb:106:6:106:9 | ...[...] | summaries.rb:79:15:79:29 | call to source : | summaries.rb:106:6:106:9 | ...[...] | $@ | summaries.rb:79:15:79:29 | call to source : | call to source : |
|
||||
| summaries.rb:107:6:107:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:107:6:107:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
|
||||
| summaries.rb:107:6:107:9 | ...[...] | summaries.rb:79:32:79:46 | call to source : | summaries.rb:107:6:107:9 | ...[...] | $@ | summaries.rb:79:32:79:46 | call to source : | call to source : |
|
||||
| summaries.rb:108:6:108:9 | ...[...] | summaries.rb:103:8:103:22 | call to source : | summaries.rb:108:6:108:9 | ...[...] | $@ | summaries.rb:103:8:103:22 | call to source : | call to source : |
|
||||
| summaries.rb:108:6:108:9 | ...[...] | summaries.rb:103:8:103:22 | call to source : | summaries.rb:108:6:108:9 | ...[...] | $@ | summaries.rb:103:8:103:22 | call to source : | call to source : |
|
||||
| summaries.rb:112:6:112:16 | call to get_value | summaries.rb:111:13:111:26 | call to source : | summaries.rb:112:6:112:16 | call to get_value | $@ | summaries.rb:111:13:111:26 | call to source : | call to source : |
|
||||
|
||||
Reference in New Issue
Block a user