From 284357d2a0dfc94fc2d7b5d2ef5c9073044a13c6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 17 May 2022 12:50:01 +0200 Subject: [PATCH] Data flow: Do not materialize `summaryArgParam` --- .../dataflow/internal/FlowSummaryImpl.qll | 28 +++++++++---------- .../dataflow/internal/FlowSummaryImpl.qll | 28 +++++++++---------- .../dataflow/internal/FlowSummaryImpl.qll | 28 +++++++++---------- 3 files changed, 39 insertions(+), 45 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index f5d2ce342aa5..439d70175e20 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -781,11 +781,12 @@ module Private { ) } - pragma[nomagic] - private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) { - exists(DataFlowCall call | + bindingset[ret] + private ParamNode summaryArgParam(ArgNode arg, ReturnNodeExt ret, OutNodeExt out) { + exists(DataFlowCall call, ReturnKindExt rk | result = summaryArgParam0(call, arg) and - out = rk.getAnOutNode(call) + pragma[only_bind_out](ret).getKind() = pragma[only_bind_into](rk) and + out = pragma[only_bind_into](rk).getAnOutNode(call) ) } @@ -797,9 +798,8 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryThroughStep(ArgNode arg, Node out, boolean preservesValue) { - exists(ReturnKindExt rk, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), ret, preservesValue) and - ret.getKind() = rk + exists(ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), ret, preservesValue) ) } @@ -811,10 +811,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryReadStep(summaryArgParam(arg, rk, out), c, mid) and - summaryLocalStep(mid, ret, _) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryReadStep(summaryArgParam(arg, ret, out), c, mid) and + summaryLocalStep(mid, ret, _) ) } @@ -826,10 +825,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summarySetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), mid, _) and - summaryStoreStep(mid, c, ret) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), mid, _) and + summaryStoreStep(mid, c, ret) ) } } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index f5d2ce342aa5..439d70175e20 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -781,11 +781,12 @@ module Private { ) } - pragma[nomagic] - private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) { - exists(DataFlowCall call | + bindingset[ret] + private ParamNode summaryArgParam(ArgNode arg, ReturnNodeExt ret, OutNodeExt out) { + exists(DataFlowCall call, ReturnKindExt rk | result = summaryArgParam0(call, arg) and - out = rk.getAnOutNode(call) + pragma[only_bind_out](ret).getKind() = pragma[only_bind_into](rk) and + out = pragma[only_bind_into](rk).getAnOutNode(call) ) } @@ -797,9 +798,8 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryThroughStep(ArgNode arg, Node out, boolean preservesValue) { - exists(ReturnKindExt rk, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), ret, preservesValue) and - ret.getKind() = rk + exists(ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), ret, preservesValue) ) } @@ -811,10 +811,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryReadStep(summaryArgParam(arg, rk, out), c, mid) and - summaryLocalStep(mid, ret, _) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryReadStep(summaryArgParam(arg, ret, out), c, mid) and + summaryLocalStep(mid, ret, _) ) } @@ -826,10 +825,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summarySetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), mid, _) and - summaryStoreStep(mid, c, ret) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), mid, _) and + summaryStoreStep(mid, c, ret) ) } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index f5d2ce342aa5..439d70175e20 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -781,11 +781,12 @@ module Private { ) } - pragma[nomagic] - private ParamNode summaryArgParam(ArgNode arg, ReturnKindExt rk, OutNodeExt out) { - exists(DataFlowCall call | + bindingset[ret] + private ParamNode summaryArgParam(ArgNode arg, ReturnNodeExt ret, OutNodeExt out) { + exists(DataFlowCall call, ReturnKindExt rk | result = summaryArgParam0(call, arg) and - out = rk.getAnOutNode(call) + pragma[only_bind_out](ret).getKind() = pragma[only_bind_into](rk) and + out = pragma[only_bind_into](rk).getAnOutNode(call) ) } @@ -797,9 +798,8 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryThroughStep(ArgNode arg, Node out, boolean preservesValue) { - exists(ReturnKindExt rk, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), ret, preservesValue) and - ret.getKind() = rk + exists(ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), ret, preservesValue) ) } @@ -811,10 +811,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summaryGetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryReadStep(summaryArgParam(arg, rk, out), c, mid) and - summaryLocalStep(mid, ret, _) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryReadStep(summaryArgParam(arg, ret, out), c, mid) and + summaryLocalStep(mid, ret, _) ) } @@ -826,10 +825,9 @@ module Private { * be useful to include in the exposed local data-flow/taint-tracking relations. */ predicate summarySetterStep(ArgNode arg, ContentSet c, Node out) { - exists(ReturnKindExt rk, Node mid, ReturnNodeExt ret | - summaryLocalStep(summaryArgParam(arg, rk, out), mid, _) and - summaryStoreStep(mid, c, ret) and - ret.getKind() = rk + exists(Node mid, ReturnNodeExt ret | + summaryLocalStep(summaryArgParam(arg, ret, out), mid, _) and + summaryStoreStep(mid, c, ret) ) } }