From 09daf86e33bb06218efbd1e0610581e8b36cc9ed Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Mon, 12 Jul 2021 12:09:06 +0200
Subject: [PATCH 1/2] Data flow: Fix bad join-orders in `summaryNodeType`

---
 .../code/csharp/dataflow/internal/FlowSummaryImpl.qll     | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
index ddafb23274b8..6cf3daa28632 100644
--- a/csharp/ql/src/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
@@ -375,7 +375,9 @@ module Private {
         or
         exists(ReturnKind rk |
           head = TReturnSummaryComponent(rk) and
-          result = getCallbackReturnType(getNodeType(summaryNodeInputState(c, s.drop(1))), rk)
+          result =
+            getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
+                  s.drop(1))), rk)
         )
       )
       or
@@ -392,7 +394,9 @@ module Private {
         )
         or
         exists(int i | head = TParameterSummaryComponent(i) |
-          result = getCallbackParameterType(getNodeType(summaryNodeOutputState(c, s.drop(1))), i)
+          result =
+            getCallbackParameterType(getNodeType(summaryNodeOutputState(pragma[only_bind_out](c),
+                  s.drop(1))), i)
         )
       )
     )

From 47d126e68189f5860429e03137f11dbb5de00be3 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Mon, 12 Jul 2021 12:09:51 +0200
Subject: [PATCH 2/2] Data flow: Sync

---
 .../code/java/dataflow/internal/FlowSummaryImpl.qll       | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
index ddafb23274b8..6cf3daa28632 100644
--- a/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
+++ b/java/ql/src/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
@@ -375,7 +375,9 @@ module Private {
         or
         exists(ReturnKind rk |
           head = TReturnSummaryComponent(rk) and
-          result = getCallbackReturnType(getNodeType(summaryNodeInputState(c, s.drop(1))), rk)
+          result =
+            getCallbackReturnType(getNodeType(summaryNodeInputState(pragma[only_bind_out](c),
+                  s.drop(1))), rk)
         )
       )
       or
@@ -392,7 +394,9 @@ module Private {
         )
         or
         exists(int i | head = TParameterSummaryComponent(i) |
-          result = getCallbackParameterType(getNodeType(summaryNodeOutputState(c, s.drop(1))), i)
+          result =
+            getCallbackParameterType(getNodeType(summaryNodeOutputState(pragma[only_bind_out](c),
+                  s.drop(1))), i)
         )
       )
     )