Merge pull request #19443 from MathiasVP/generate-more-value-preserving-summaries-2

Shared: Generate more value-preserving flow summaries

java/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql

@@ -10,5 +10,5 @@ import internal.CaptureModels
 import SummaryModels
 
 from DataFlowSummaryTargetApi api, string flow
-where flow = ContentSensitive::captureFlow(api, _)
+where flow = ContentSensitive::captureFlow(api, _, _, _, _)
 select flow order by flow

java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql

@@ -16,7 +16,7 @@ import PartialFlow::PartialPathGraph
 
 int explorationLimit() { result = 3 }
 
-module PartialFlow = Heuristic::PropagateFlow::FlowExplorationFwd<explorationLimit/0>;
+module PartialFlow = Heuristic::PropagateTaintFlow::FlowExplorationFwd<explorationLimit/0>;
 
 from
   PartialFlow::PartialPathNode source, PartialFlow::PartialPathNode sink,

java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql

@@ -12,16 +12,15 @@ import java
 import semmle.code.java.dataflow.DataFlow
 import utils.modelgenerator.internal.CaptureModels
 import SummaryModels
-import Heuristic
-import PropagateFlow::PathGraph
+import Heuristic::PropagateTaintFlow::PathGraph
 
 from
-  PropagateFlow::PathNode source, PropagateFlow::PathNode sink, DataFlowSummaryTargetApi api,
-  DataFlow::Node p, DataFlow::Node returnNodeExt
+  Heuristic::PropagateTaintFlow::PathNode source, Heuristic::PropagateTaintFlow::PathNode sink,
+  DataFlowSummaryTargetApi api, DataFlow::Node p, DataFlow::Node returnNodeExt
 where
-  PropagateFlow::flowPath(source, sink) and
+  Heuristic::PropagateTaintFlow::flowPath(source, sink) and
   p = source.getNode() and
   returnNodeExt = sink.getNode() and
-  exists(captureThroughFlow0(api, p, returnNodeExt))
+  Heuristic::captureThroughFlow0(api, p, returnNodeExt)
 select sink.getNode(), source, sink, "There is flow from $@ to the $@.", source.getNode(),
   "parameter", sink.getNode(), "return value"

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -92,7 +92,7 @@ module ModelGeneratorCommonInput implements ModelGeneratorCommonInputSig<Locatio
 
   string qualifierString() { result = "Argument[this]" }
 
-  string parameterAccess(J::Parameter p) {
+  string parameterApproximateAccess(J::Parameter p) {
     if
       p.getType() instanceof J::Array and
       not isPrimitiveTypeUsedForBulkData(p.getType().(J::Array).getElementType())
@@ -103,20 +103,20 @@ module ModelGeneratorCommonInput implements ModelGeneratorCommonInputSig<Locatio
       else result = "Argument[" + p.getPosition() + "]"
   }
 
-  string parameterContentAccess(J::Parameter p) { result = "Argument[" + p.getPosition() + "]" }
+  string parameterExactAccess(J::Parameter p) { result = "Argument[" + p.getPosition() + "]" }
 
   class InstanceParameterNode = DataFlow::InstanceParameterNode;
 
   bindingset[c]
-  string paramReturnNodeAsOutput(Callable c, ParameterPosition pos) {
-    result = parameterAccess(c.getParameter(pos))
+  string paramReturnNodeAsApproximateOutput(Callable c, ParameterPosition pos) {
+    result = parameterApproximateAccess(c.getParameter(pos))
     or
     result = qualifierString() and pos = -1
   }
 
   bindingset[c]
-  string paramReturnNodeAsContentOutput(Callable c, ParameterPosition pos) {
-    result = parameterContentAccess(c.getParameter(pos))
+  string paramReturnNodeAsExactOutput(Callable c, ParameterPosition pos) {
+    result = parameterExactAccess(c.getParameter(pos))
     or
     result = qualifierString() and pos = -1
   }