Update dataflow libraries and add support for CSV summary flow #574
Conversation
|
(Needs testing, but I don't think this is testable without making one of those changes.) |
|
Confirmed with some copying, pasting and diffing that 90f96e4 is only moving code, not making any substantial change. |
|
There are also test failures to look at |
|
I'd suggest we should add some actual models with this btw so we're not committing unused code -- perhaps port a small library that we already model by other means? |
smowton
left a comment
smowton
left a comment
There was a problem hiding this comment.
To talk about at standup: can we make SourceOrSinkElement a newtype?
sauyon
force-pushed
the
dataflow-update
branch
from
1a0884a to
937df2e
Compare
sauyon
force-pushed
the
dataflow-update
branch
from
ef9ade2 to
71fdb1c
Compare
| class SourceOrSinkElement extends TSourceOrSinkElement { | ||
| Entity asEntity() { this = TEntityElement(result) } | ||
|
|
||
| AstNode asAstNode() { this = TAstElement(result) } |
There was a problem hiding this comment.
Looks like the only current user casts this straight to DataFlowCall? Could we use that instead of AstNode?
|
This is currently still not in a working state, but I'm pretty stuck now; |
smowton
left a comment
smowton
left a comment
There was a problem hiding this comment.
Looking into this now...
|
@sauyon have pushed two fix commits that get the basic test passing:
I haven't looked into within-summary read and store steps or callables with parameter side-effects yet, but this is at least enough to get the most basic test passing. |
sauyon
force-pushed
the
dataflow-update
branch
from
b9de8e9 to
260b197
Compare
sauyon
force-pushed
the
dataflow-update
branch
3 times, most recently
from
d448b2f to
4251f31
Compare
|
@smowton Do you know what the status of this is? Does it just need to be rebased, or are changes needed? |
|
@sauyon could you give an update? |
|
I believe I was waiting on a review for the parts that do work (csv modeling). Content flow isn't currently working. I was intending to get to that but I am currently at KubeCon so that may be a bit delayed. |
|
It seems that it supports "ReturnValue", "ReturnValue[n]" and "ReturnValue[n1..n2]". I assume "ReturnValue" is a synonym for "ReturnValue[0]". I guess that makes sense, since most of the time functions return a |
sauyon
force-pushed
the
dataflow-update
branch
from
4251f31 to
31fd94c
Compare
I forgot to address this; I think this is a good idea, but I think it was easier to make it work this way. I'll take a quick look after the variadic stuff and if it's easy I'll put it in, otherwise it's probably worth just doing later. |
owen-mc
force-pushed
the
dataflow-update
branch
2 times, most recently
from
d11bd77 to
d0c60dd
Compare
|
On further thought I think we should leave I've added some tests. I think this is ready to be re-reviewed now. |
| or | ||
| exists(c.(MethodCallNode).getTarget().getBody()) | ||
| ) | ||
| pos = i |
There was a problem hiding this comment.
#34 suggests that commit "Track receiver arguments to interface calls" may have performance or accuracy consequences. To consider, can we get what we need without reverting the desired effects of that PR?
ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
Outdated
Show resolved
Hide resolved
| var b test.B | ||
|
|
||
| b.Sink1(arg) | ||
| b.SinkMethod().(io.Writer).Write(arg.([]byte)) |
There was a problem hiding this comment.
No sink found on this line?
There was a problem hiding this comment.
@sauyon and I had a quick look and this does seem to be a bug. He'll try and dig into it some more.
|
Note this PR currently contains a test, |
This reverts commit b4742cc.
The documentation in ExternalFlow.qll does not specify that "ReturnValue" can be used as the input column.
The location of the dataflow libraries in codeql-go has changed and there is a new file to be synced.
# Conflicts: # ql/test/library-tests/semmle/go/dataflow/ExternalFlow/srcs.expected
PointerContent needs to have the PointerType specified as well
owen-mc
force-pushed
the
dataflow-update
branch
from
1da7c1f to
537e4f4
Compare
I removed asFunctionNode() because it would need an import, but it doesn't seem to be used anywhere.
owen-mc
force-pushed
the
dataflow-update
branch
from
537e4f4 to
a01f90b
Compare
This branch originally included a commit to enable flow through receivers when there is no function body. This was dropped, to be pursued later.
viableParamArg should be evaluated first.
…ith Configurations This is particularly important for ConversionWithoutBoundsCheckConfig which has 20 configs. By paring DataFlow::Node down to only those that have a local-flow successor, or only those with an isAdditionalFlowStep for some related configuration, the result size can be significantly reduced prior to taking the product against Configuration and finally paring down using config.fullBarrier etc. Saves about 1m20s per analysis on cockroachdb.
3 participants
Currently I'm bodging
SourceOrSinkNodeby usingAstNodebecause we don't have a class that includes both a call and a callee. (Other than data-flow nodes, which can't be used because it causes non-monotonic recursion.)Possibly the easiest solution would be to add a
Topclass, but alternatively we could extractdecls for all functions, or split data-flow nodes into to layers.To resolve before merging:
clearsContentgetACallee(possible implementation available at Update dataflow libraries and add support for CSV summary flow #574 (comment))CallNode.getRootrather than.asExpr().getEnclosingCallable()DataFlowCallablea user-facing name, since it is exposed to them ingetACalleeIncludingExternals()