mirror of
https://github.com/github/codeql.git
synced 2026-07-02 18:15:33 +02:00
C++: Remove support for marking variables as sources and sinks in MaD.
This commit is contained in:
@@ -931,31 +931,6 @@ private Element interpretElement0(
|
||||
signature = "" and
|
||||
elementSpec(namespace, type, subtypes, name, signature, _)
|
||||
)
|
||||
or
|
||||
// Member variables
|
||||
elementSpec(namespace, type, subtypes, name, signature, _) and
|
||||
signature = "" and
|
||||
exists(Class namedClass, Class classWithMember, MemberVariable member |
|
||||
member.getName() = name and
|
||||
member = classWithMember.getAMember() and
|
||||
namedClass.hasQualifiedName(namespace, type) and
|
||||
result = member
|
||||
|
|
||||
// field declared in the named type or a subtype of it (or an extension of any)
|
||||
subtypes = true and
|
||||
classWithMember = namedClass.getADerivedClass*()
|
||||
or
|
||||
// field declared directly in the named type (or an extension of it)
|
||||
subtypes = false and
|
||||
classWithMember = namedClass
|
||||
)
|
||||
or
|
||||
// Global or namespace variables
|
||||
elementSpec(namespace, type, subtypes, name, signature, _) and
|
||||
signature = "" and
|
||||
type = "" and
|
||||
subtypes = false and
|
||||
result = any(GlobalOrNamespaceVariable v | v.hasQualifiedName(namespace, name))
|
||||
}
|
||||
|
||||
cached
|
||||
|
||||
@@ -218,40 +218,11 @@ module SourceSinkInterpretationInput implements
|
||||
|
||||
/** Provides additional sink specification logic. */
|
||||
bindingset[c]
|
||||
predicate interpretOutput(string c, InterpretNode mid, InterpretNode node) {
|
||||
// Allow variables to be picked as output nodes.
|
||||
exists(Node n, Element ast |
|
||||
n = node.asNode() and
|
||||
ast = mid.asElement()
|
||||
|
|
||||
c = "" and
|
||||
n.asExpr().(VariableAccess).getTarget() = ast
|
||||
)
|
||||
}
|
||||
predicate interpretOutput(string c, InterpretNode mid, InterpretNode node) { none() }
|
||||
|
||||
/** Provides additional source specification logic. */
|
||||
bindingset[c]
|
||||
predicate interpretInput(string c, InterpretNode mid, InterpretNode node) {
|
||||
exists(Node n, Element ast, VariableAccess e |
|
||||
n = node.asNode() and
|
||||
ast = mid.asElement() and
|
||||
e.getTarget() = ast
|
||||
|
|
||||
// Allow variables to be picked as input nodes.
|
||||
// We could simply do this as `e = n.asExpr()`, but that would not allow
|
||||
// us to pick `x` as a sink in an example such as `x = source()` (but
|
||||
// only subsequent uses of `x`) since the variable access on `x` doesn't
|
||||
// actually load the value of `x`. So instead, we pick the instruction
|
||||
// node corresponding to the generated `StoreInstruction` and use the
|
||||
// expression associated with the destination instruction. This means
|
||||
// that the `x` in `x = source()` can be marked as an input.
|
||||
c = "" and
|
||||
exists(StoreInstruction store |
|
||||
store.getDestinationAddress().getUnconvertedResultExpression() = e and
|
||||
n.asInstruction() = store
|
||||
)
|
||||
)
|
||||
}
|
||||
predicate interpretInput(string c, InterpretNode mid, InterpretNode node) { none() }
|
||||
}
|
||||
|
||||
module Private {
|
||||
|
||||
@@ -28,6 +28,26 @@ multipleArgumentCall
|
||||
lambdaCallEnclosingCallableMismatch
|
||||
speculativeStepAlreadyHasModel
|
||||
testFailures
|
||||
| tests.cpp:20:25:20:45 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:21:34:21:54 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:25:34:25:54 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:72:28:72:34 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:79:49:79:55 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:99:17:99:37 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:100:26:100:46 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:122:26:122:32 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:128:35:128:41 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:167:33:167:53 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:168:41:168:61 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:169:42:169:62 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:272:32:272:52 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:278:24:278:44 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:309:34:309:54 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:310:47:310:67 | // $ interpretElement | Missing result: interpretElement |
|
||||
| tests.cpp:334:37:334:43 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:347:34:347:40 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:351:44:351:50 | // $ ir | Missing result: ir |
|
||||
| tests.cpp:352:68:352:74 | // $ ir | Missing result: ir |
|
||||
summaryCalls
|
||||
| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturn in madCallArg0ReturnToReturn |
|
||||
| file://:0:0:0:0 | [summary] call to [summary param] 0 in madCallArg0ReturnToReturnFirst in madCallArg0ReturnToReturnFirst |
|
||||
|
||||
Reference in New Issue
Block a user