Shared: Add barrierElement in FlowSummaryImpl.qll

2026-04-27 17:55:19 +02:00 · 2026-03-16 22:11:58 +00:00
parent f9521e9e88
commit f4550544ce
1 changed files with 41 additions and 2 deletions
--- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
+++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll
@@ -368,6 +368,19 @@ module Make<
      abstract predicate isSink(string input, string kind, Provenance provenance, string model);
    }

+    /** A barrier element. */
+    abstract class BarrierElement extends SourceBaseFinal {
+      bindingset[this]
+      BarrierElement() { any() }
+
+      /**
+       * Holds if this element is a flow barrier of kind `kind`, where data
+       * flows out as described by `output`.
+       */
+      pragma[nomagic]
+      abstract predicate isBarrier(string output, string kind, Provenance provenance, string model);
+    }
+
    private signature predicate hasKindSig(string kind);

    signature class NeutralCallableSig extends SummarizedCallableBaseFinal {
@@ -723,7 +736,19 @@ module Make<
      )
    }

-    private predicate summarySpec(string spec) {
+    private predicate isRelevantBarrier(
+      BarrierElement e, string output, string kind, Provenance provenance, string model
+    ) {
+      e.isBarrier(output, kind, provenance, model) and
+      (
+        provenance.isManual()
+        or
+        provenance.isGenerated() and
+        not exists(Provenance p | p.isManual() and e.isBarrier(_, kind, p, _))
+      )
+    }
+
+    private predicate flowSpec(string spec) {
      exists(SummarizedCallable c |
        c.propagatesFlow(spec, _, _, _, _, _)
        or
@@ -732,10 +757,12 @@ module Make<
      or
      isRelevantSource(_, spec, _, _, _)
      or
+      isRelevantBarrier(_, spec, _, _, _)
+      or
      isRelevantSink(_, spec, _, _, _)
    }

-    import AccessPathSyntax::AccessPath<summarySpec/1>
+    import AccessPathSyntax::AccessPath<flowSpec/1>

    /** Holds if specification component `token` parses as parameter `pos`. */
    predicate parseParam(AccessPathToken token, ArgumentPosition pos) {
@@ -1515,6 +1542,18 @@ module Make<
      )
    }

+    /**
+     * Holds if `barrier` is a relevant barrier element with output specification `outSpec`.
+     */
+    predicate barrierSpec(
+      BarrierElement barrier, SummaryComponentStack outSpec, string kind, string model
+    ) {
+      exists(string output |
+        isRelevantBarrier(barrier, output, kind, _, model) and
+        External::interpretSpec(output, outSpec)
+      )
+    }
+
    signature module TypesInputSig {
      /** Gets the type of content `c`. */
      DataFlowType getContentType(ContentSet c);