зеркало из https://github.com/github/codeql.git
Merge branch 'main' into shared-taint-tracking
This commit is contained in:
Jeroen Ketema
Коммит
5d2984b7a5
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
|
@ -0,0 +1,2 @@
|
|||
description: Remove _Float128 type
|
||||
compatibility: full
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `_Float128x` type is no longer exposed as a builtin type. As this type could not occur any code base, this should only affect queries that explicitly looked at the builtin types.
|
||||
|
|
@ -814,9 +814,6 @@ private predicate floatingPointTypeMapping(
|
|||
// _Float128
|
||||
kind = 49 and base = 2 and domain = TRealDomain() and realKind = 49 and extended = false
|
||||
or
|
||||
// _Float128x
|
||||
kind = 50 and base = 2 and domain = TRealDomain() and realKind = 50 and extended = true
|
||||
or
|
||||
// _Float16
|
||||
kind = 52 and base = 2 and domain = TRealDomain() and realKind = 52 and extended = false
|
||||
or
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<CppOldDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<CppOldDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides C++-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowUtil
|
||||
}
|
||||
|
||||
module CppOldDataFlow implements DataFlowParameter {
|
||||
module CppOldDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<CppDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<CppDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides IR-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowUtil
|
||||
}
|
||||
|
||||
module CppDataFlow implements DataFlowParameter {
|
||||
module CppDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -608,7 +608,7 @@ case @builtintype.kind of
|
|||
| 47 = @std_float64 // _Float64
|
||||
| 48 = @float64x // _Float64x
|
||||
| 49 = @std_float128 // _Float128
|
||||
| 50 = @float128x // _Float128x
|
||||
// ... 50 _Float128x
|
||||
| 51 = @char8_t
|
||||
| 52 = @float16 // _Float16
|
||||
| 53 = @complex_float16 // _Complex _Float16
|
||||
|
|
|
|||
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
|
@ -0,0 +1,13 @@
|
|||
class BuiltinType extends @builtintype {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
predicate isFloat128xBuiltinType(BuiltinType type) {
|
||||
exists(int kind | builtintypes(type, _, kind, _, _, _) | kind = 50)
|
||||
}
|
||||
|
||||
from BuiltinType type, string name, int kind, int kind_new, int size, int sign, int alignment
|
||||
where
|
||||
builtintypes(type, name, kind, size, sign, alignment) and
|
||||
if isFloat128xBuiltinType(type) then kind_new = 1 else kind_new = kind
|
||||
select type, name, kind_new, size, sign, alignment
|
||||
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
Разница между файлами не показана из-за своего большого размера
Загрузить разницу
|
|
@ -0,0 +1,3 @@
|
|||
description: Remove _Float128 type
|
||||
compatibility: partial
|
||||
builtintypes.rel: run builtintypes.qlo
|
||||
|
|
@ -13,7 +13,6 @@
|
|||
| file://:0:0:0:0 | _Float64 |
|
||||
| file://:0:0:0:0 | _Float64x |
|
||||
| file://:0:0:0:0 | _Float128 |
|
||||
| file://:0:0:0:0 | _Float128x |
|
||||
| file://:0:0:0:0 | _Imaginary double |
|
||||
| file://:0:0:0:0 | _Imaginary float |
|
||||
| file://:0:0:0:0 | _Imaginary long double |
|
||||
|
|
|
|||
|
|
@ -33,7 +33,6 @@
|
|||
| file://:0:0:0:0 | _Float64 | 8 |
|
||||
| file://:0:0:0:0 | _Float64x | 16 |
|
||||
| file://:0:0:0:0 | _Float128 | 16 |
|
||||
| file://:0:0:0:0 | _Float128x | 32 |
|
||||
| file://:0:0:0:0 | _Imaginary double | 8 |
|
||||
| file://:0:0:0:0 | _Imaginary float | 4 |
|
||||
| file://:0:0:0:0 | _Imaginary long double | 16 |
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
| file://:0:0:0:0 | _Float64 | _Float64 |
|
||||
| file://:0:0:0:0 | _Float64x | _Float64x |
|
||||
| file://:0:0:0:0 | _Float128 | _Float128 |
|
||||
| file://:0:0:0:0 | _Float128x | _Float128x |
|
||||
| file://:0:0:0:0 | _Imaginary double | _Imaginary double |
|
||||
| file://:0:0:0:0 | _Imaginary float | _Imaginary float |
|
||||
| file://:0:0:0:0 | _Imaginary long double | _Imaginary long double |
|
||||
|
|
|
|||
|
|
@ -14,7 +14,6 @@
|
|||
| _Float64 | BinaryFloatingPointType, RealNumberType | | | | |
|
||||
| _Float64x | BinaryFloatingPointType, RealNumberType | | | | |
|
||||
| _Float128 | BinaryFloatingPointType, RealNumberType | | | | |
|
||||
| _Float128x | BinaryFloatingPointType, RealNumberType | | | | |
|
||||
| _Imaginary double | BinaryFloatingPointType, ImaginaryNumberType | | | | |
|
||||
| _Imaginary float | BinaryFloatingPointType, ImaginaryNumberType | | | | |
|
||||
| _Imaginary long double | BinaryFloatingPointType, ImaginaryNumberType | | | | |
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<CsharpDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<CsharpDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides C#-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowPublic
|
||||
}
|
||||
|
||||
module CsharpDataFlow implements DataFlowParameter {
|
||||
module CsharpDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<GoDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<GoDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides Go-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowUtil
|
||||
}
|
||||
|
||||
module GoDataFlow implements DataFlowParameter {
|
||||
module GoDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -552,7 +552,7 @@ open class KotlinFileExtractor(
|
|||
logger.warnElement("Expected annotation property to define a getter", prop)
|
||||
} else {
|
||||
val getterId = useFunction<DbMethod>(getter)
|
||||
val exprId = extractAnnotationValueExpression(v, id, i, "{${getterId}}", getter.returnType, extractEnumTypeAccesses)
|
||||
val exprId = extractAnnotationValueExpression(v, id, i, "{$getterId}", getter.returnType, extractEnumTypeAccesses)
|
||||
if (exprId != null) {
|
||||
tw.writeAnnotValue(id, getterId, exprId)
|
||||
}
|
||||
|
|
@ -587,7 +587,7 @@ open class KotlinFileExtractor(
|
|||
extractAnnotation(v, parent, idx, extractEnumTypeAccesses, contextLabel)
|
||||
}
|
||||
is IrVararg -> {
|
||||
tw.getLabelFor<DbArrayinit>("@\"annotationarray;{${parent}};$contextLabel\"").also { arrayId ->
|
||||
tw.getLabelFor<DbArrayinit>("@\"annotationarray;{$parent};$contextLabel\"").also { arrayId ->
|
||||
// Use the context type (i.e., the type the annotation expects, not the actual type of the array)
|
||||
// because the Java extractor fills in array types using the same technique. These should only
|
||||
// differ for generic annotations.
|
||||
|
|
@ -1193,7 +1193,7 @@ open class KotlinFileExtractor(
|
|||
// n + o'th parameter, where `o` is the parameter offset caused by adding any dispatch receiver to the parameter list.
|
||||
// Note we don't need to add the extension receiver here because `useValueParameter` always assumes an extension receiver
|
||||
// will be prepended if one exists.
|
||||
val realFunctionId = useFunction<DbCallable>(f)
|
||||
val realFunctionId = useFunction<DbCallable>(f, parentId, null)
|
||||
DeclarationStackAdjuster(f, OverriddenFunctionAttributes(id, id, locId, nonSyntheticParams, typeParameters = listOf(), isStatic = true)).use {
|
||||
val realParamsVarId = getValueParameterLabel(id, parameterTypes.size - 2)
|
||||
val intType = pluginContext.irBuiltIns.intType
|
||||
|
|
|
|||
|
|
@ -612,7 +612,7 @@ open class KotlinUsesExtractor(
|
|||
val componentTypeLabel = recInfo.componentTypeResults.javaResult.id
|
||||
val dimensions = recInfo.dimensions + 1
|
||||
|
||||
val id = tw.getLabelFor<DbArray>("@\"array;$dimensions;{${elementTypeLabel}}\"") {
|
||||
val id = tw.getLabelFor<DbArray>("@\"array;$dimensions;{$elementTypeLabel}\"") {
|
||||
tw.writeArrays(
|
||||
it,
|
||||
javaShortName,
|
||||
|
|
@ -1141,7 +1141,7 @@ open class KotlinUsesExtractor(
|
|||
// method (and presumably that disambiguation is never needed when the method belongs to a parameterized
|
||||
// instance of a generic class), but as of now I don't know when the raw method would be referred to.
|
||||
val typeArgSuffix = if (functionTypeParameters.isNotEmpty() && classTypeArgsIncludingOuterClasses.isNullOrEmpty()) "<${functionTypeParameters.size}>" else "";
|
||||
return "@\"$prefix;{$parentId}.$name($paramTypeIds){$returnTypeId}${typeArgSuffix}\""
|
||||
return "@\"$prefix;{$parentId}.$name($paramTypeIds){$returnTypeId}$typeArgSuffix\""
|
||||
}
|
||||
|
||||
val javaLangClass by lazy { referenceExternalClass("java.lang.Class") }
|
||||
|
|
@ -1672,7 +1672,7 @@ open class KotlinUsesExtractor(
|
|||
// clashing trap labels. These are always private, so we can just make up a label without
|
||||
// worrying about their names as seen from Java.
|
||||
val extensionPropertyDiscriminator = getExtensionReceiverType(f)?.let { "extension;${useType(it).javaResult.id}" } ?: ""
|
||||
return "@\"field;{$parentId};${extensionPropertyDiscriminator}${f.name.asString()}\""
|
||||
return "@\"field;{$parentId};$extensionPropertyDiscriminator${f.name.asString()}\""
|
||||
}
|
||||
|
||||
fun useField(f: IrField): Label<out DbField> =
|
||||
|
|
|
|||
|
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Fixed a typo in the `StdlibRandomSource` class in `RandomDataSource.qll`, which caused the class to improperly model calls to the `nextBytes` method. Queries relying on `StdlibRandomSource` may see an increase in results.
|
||||
|
|
@ -17,11 +17,11 @@ extensions:
|
|||
- ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "path-injection", "manual"]
|
||||
- ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "getFileStore", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # the FileStore class is unlikely to be used for later sanitization
|
||||
- ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "path-injection", "manual"]
|
||||
- ["java.nio.file", "Files", False, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "path-injection", "manual"]
|
||||
|
|
@ -37,11 +37,6 @@ extensions:
|
|||
- ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "file-content-store", "manual"]
|
||||
- ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "path-injection", "manual"]
|
||||
- ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "file-content-store", "manual"]
|
||||
- ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "FileSystem", False, "getPath", "", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation
|
||||
- ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "path-injection", "ai-manual"]
|
||||
- ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "request-forgery", "ai-manual"]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
extensions:
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: supportedThreatModels
|
||||
data:
|
||||
- ["default"] # The "default" threat model is always included.
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
extensions:
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: threatModelGrouping
|
||||
data:
|
||||
# Default threat model
|
||||
- ["remote", "default"]
|
||||
- ["uri-path", "default"]
|
||||
|
||||
# Android threat models
|
||||
- ["android-external-storage-dir", "android"]
|
||||
- ["contentprovider", "android"]
|
||||
|
||||
# Remote threat models
|
||||
- ["request", "remote"]
|
||||
- ["response", "remote"]
|
||||
|
||||
# Local threat models
|
||||
- ["database", "local"]
|
||||
- ["cli", "local"]
|
||||
- ["environment", "local"]
|
||||
- ["file", "local"]
|
||||
|
|
@ -16,4 +16,5 @@ dataExtensions:
|
|||
- ext/*.model.yml
|
||||
- ext/generated/*.model.yml
|
||||
- ext/experimental/*.model.yml
|
||||
- ext/threatmodels/*.model.yml
|
||||
warnOnImplicitThis: true
|
||||
|
|
|
|||
|
|
@ -0,0 +1,31 @@
|
|||
/**
|
||||
* INTERNAL use only. This is an experimental API subject to change without notice.
|
||||
*
|
||||
* This module provides extensible predicates for configuring which kinds of MaD models
|
||||
* are applicable to generic queries.
|
||||
*/
|
||||
|
||||
private import ExternalFlowExtensions
|
||||
|
||||
/**
|
||||
* Holds if the specified kind of source model is supported for the current query.
|
||||
*/
|
||||
extensible private predicate supportedThreatModels(string kind);
|
||||
|
||||
/**
|
||||
* Holds if the specified kind of source model is containted within the specified group.
|
||||
*/
|
||||
extensible private predicate threatModelGrouping(string kind, string group);
|
||||
|
||||
/**
|
||||
* Gets the threat models that are direct descendants of the specified kind/group.
|
||||
*/
|
||||
private string getChildThreatModel(string group) { threatModelGrouping(result, group) }
|
||||
|
||||
/**
|
||||
* Holds if the source model kind `kind` is relevant for generic queries
|
||||
* under the current threat model configuration.
|
||||
*/
|
||||
predicate sourceModelKindConfig(string kind) {
|
||||
exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group))
|
||||
}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<JavaDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<JavaDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides Java-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowUtil
|
||||
}
|
||||
|
||||
module JavaDataFlow implements DataFlowParameter {
|
||||
module JavaDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -103,7 +103,7 @@ class StdlibRandomSource extends RandomDataSource {
|
|||
}
|
||||
|
||||
override Expr getOutput() {
|
||||
if m.hasName("getBytes") then result = this.getArgument(0) else result = this
|
||||
if m.hasName("nextBytes") then result = this.getArgument(0) else result = this
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1 @@
|
|||
class Empty { }
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
| default |
|
||||
| remote |
|
||||
| request |
|
||||
| response |
|
||||
| uri-path |
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
|
||||
|
||||
query predicate supportedThreatModels(string kind) {
|
||||
ExternalFlowConfiguration::sourceModelKindConfig(kind)
|
||||
}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
| cli |
|
||||
| database |
|
||||
| default |
|
||||
| environment |
|
||||
| file |
|
||||
| local |
|
||||
| remote |
|
||||
| request |
|
||||
| response |
|
||||
| uri-path |
|
||||
|
|
@ -0,0 +1,7 @@
|
|||
extensions:
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: supportedThreatModels
|
||||
data:
|
||||
- ["local"] # Add the "local" group threat model.
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
import semmle.code.java.dataflow.ExternalFlowConfiguration as ExternalFlowConfiguration
|
||||
|
||||
query predicate supportedThreatModels(string kind) {
|
||||
ExternalFlowConfiguration::sourceModelKindConfig(kind)
|
||||
}
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<PythonDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<PythonDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides Python-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
// we need to export `Unit` for the DataFlowImpl* files
|
||||
private import python as Python
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ module Public {
|
|||
import DataFlowUtil
|
||||
}
|
||||
|
||||
module PythonDataFlow implements DataFlowParameter {
|
||||
module PythonDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -673,14 +673,14 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "regex"
|
||||
version = "1.9.1"
|
||||
version = "1.9.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b2eae68fc220f7cf2532e4494aded17545fce192d59cd996e0fe7887f4ceb575"
|
||||
checksum = "81bc1d4caf89fac26a70747fe603c130093b53c773888797a6329091246d651a"
|
||||
dependencies = [
|
||||
"aho-corasick",
|
||||
"memchr",
|
||||
"regex-automata 0.3.2",
|
||||
"regex-syntax 0.7.3",
|
||||
"regex-automata 0.3.6",
|
||||
"regex-syntax 0.7.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -694,13 +694,13 @@ dependencies = [
|
|||
|
||||
[[package]]
|
||||
name = "regex-automata"
|
||||
version = "0.3.2"
|
||||
version = "0.3.6"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "83d3daa6976cffb758ec878f108ba0e062a45b2d6ca3a2cca965338855476caf"
|
||||
checksum = "fed1ceff11a1dddaee50c9dc8e4938bd106e9d89ae372f192311e7da498e3b69"
|
||||
dependencies = [
|
||||
"aho-corasick",
|
||||
"memchr",
|
||||
"regex-syntax 0.7.3",
|
||||
"regex-syntax 0.7.4",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
|
|
@ -711,9 +711,9 @@ checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
|
|||
|
||||
[[package]]
|
||||
name = "regex-syntax"
|
||||
version = "0.7.3"
|
||||
version = "0.7.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "2ab07dc67230e4a4718e70fd5c20055a4334b121f1f9db8fe63ef39ce9b8c846"
|
||||
checksum = "e5ea92a5b6195c6ef2a0295ea818b312502c6fc94dde986c5553242e18fd4ce2"
|
||||
|
||||
[[package]]
|
||||
name = "rustix"
|
||||
|
|
|
|||
|
|
@ -9,4 +9,4 @@ edition = "2018"
|
|||
lazy_static = "1.4.0"
|
||||
chrono = "0.4.26"
|
||||
rayon = "1.7.0"
|
||||
regex = "1.9.1"
|
||||
regex = "1.9.3"
|
||||
|
|
|
|||
|
|
@ -16,5 +16,5 @@ clap = { version = "4.2", features = ["derive"] }
|
|||
tracing = "0.1"
|
||||
tracing-subscriber = { version = "0.3.17", features = ["env-filter"] }
|
||||
rayon = "1.7.0"
|
||||
regex = "1.9.1"
|
||||
regex = "1.9.3"
|
||||
codeql-extractor = { path = "../../shared/tree-sitter-extractor" }
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<RubyDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<RubyDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides Ruby-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module Private {
|
||||
import DataFlowPrivate
|
||||
|
|
@ -13,7 +13,7 @@ module Public {
|
|||
import DataFlowPublic
|
||||
}
|
||||
|
||||
module RubyDataFlow implements DataFlowParameter {
|
||||
module RubyDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,234 @@
|
|||
/**
|
||||
* Provides an implementation of global (interprocedural) data flow. This file
|
||||
* re-exports the local (intraprocedural) data flow analysis from
|
||||
* `DataFlowImplSpecific::Public` and adds a global analysis, mainly exposed
|
||||
* through the `Global` and `GlobalWithState` modules.
|
||||
* adds a global analysis, mainly exposed through the `Global` and `GlobalWithState`
|
||||
* modules.
|
||||
*/
|
||||
|
||||
import DataFlowParameter
|
||||
/** Provides language-specific data flow parameters. */
|
||||
signature module InputSig {
|
||||
class Node {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
|
||||
module Configs<DataFlowParameter Lang> {
|
||||
/**
|
||||
* Holds if this element is at the specified location.
|
||||
* The location spans column `startcolumn` of line `startline` to
|
||||
* column `endcolumn` of line `endline` in file `filepath`.
|
||||
* For more information, see
|
||||
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
);
|
||||
}
|
||||
|
||||
class ParameterNode extends Node;
|
||||
|
||||
class ArgumentNode extends Node;
|
||||
|
||||
class ReturnNode extends Node {
|
||||
ReturnKind getKind();
|
||||
}
|
||||
|
||||
class OutNode extends Node;
|
||||
|
||||
class PostUpdateNode extends Node {
|
||||
Node getPreUpdateNode();
|
||||
}
|
||||
|
||||
class CastNode extends Node;
|
||||
|
||||
predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos);
|
||||
|
||||
predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos);
|
||||
|
||||
DataFlowCallable nodeGetEnclosingCallable(Node node);
|
||||
|
||||
DataFlowType getNodeType(Node node);
|
||||
|
||||
predicate nodeIsHidden(Node node);
|
||||
|
||||
class DataFlowExpr;
|
||||
|
||||
/** Gets the node corresponding to `e`. */
|
||||
Node exprNode(DataFlowExpr e);
|
||||
|
||||
class DataFlowCall {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
|
||||
DataFlowCallable getEnclosingCallable();
|
||||
}
|
||||
|
||||
class DataFlowCallable {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
class ReturnKind {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
/** Gets a viable implementation of the target of the given `Call`. */
|
||||
DataFlowCallable viableCallable(DataFlowCall c);
|
||||
|
||||
/**
|
||||
* Holds if the set of viable implementations that can be called by `call`
|
||||
* might be improved by knowing the call context.
|
||||
*/
|
||||
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c);
|
||||
|
||||
/**
|
||||
* Gets a viable dispatch target of `call` in the context `ctx`. This is
|
||||
* restricted to those `call`s for which a context might make a difference.
|
||||
*/
|
||||
DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx);
|
||||
|
||||
/**
|
||||
* Gets a node that can read the value returned from `call` with return kind
|
||||
* `kind`.
|
||||
*/
|
||||
OutNode getAnOutNode(DataFlowCall call, ReturnKind kind);
|
||||
|
||||
class DataFlowType {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
string ppReprType(DataFlowType t);
|
||||
|
||||
bindingset[t1, t2]
|
||||
predicate compatibleTypes(DataFlowType t1, DataFlowType t2);
|
||||
|
||||
predicate typeStrongerThan(DataFlowType t1, DataFlowType t2);
|
||||
|
||||
class Content {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
predicate forceHighPrecision(Content c);
|
||||
|
||||
/**
|
||||
* An entity that represents a set of `Content`s.
|
||||
*
|
||||
* The set may be interpreted differently depending on whether it is
|
||||
* stored into (`getAStoreContent`) or read from (`getAReadContent`).
|
||||
*/
|
||||
class ContentSet {
|
||||
/** Gets a content that may be stored into when storing into this set. */
|
||||
Content getAStoreContent();
|
||||
|
||||
/** Gets a content that may be read from when reading from this set. */
|
||||
Content getAReadContent();
|
||||
}
|
||||
|
||||
class ContentApprox {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
ContentApprox getContentApprox(Content c);
|
||||
|
||||
class ParameterPosition {
|
||||
/** Gets a textual representation of this element. */
|
||||
bindingset[this]
|
||||
string toString();
|
||||
}
|
||||
|
||||
class ArgumentPosition {
|
||||
/** Gets a textual representation of this element. */
|
||||
bindingset[this]
|
||||
string toString();
|
||||
}
|
||||
|
||||
predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos);
|
||||
|
||||
predicate simpleLocalFlowStep(Node node1, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` through a non-local step
|
||||
* that does not follow a call edge. For example, a step through a global
|
||||
* variable.
|
||||
*/
|
||||
predicate jumpStep(Node node1, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` via a read of `c`. Thus,
|
||||
* `node1` references an object with a content `c.getAReadContent()` whose
|
||||
* value ends up in `node2`.
|
||||
*/
|
||||
predicate readStep(Node node1, ContentSet c, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` via a store into `c`. Thus,
|
||||
* `node2` references an object with a content `c.getAStoreContent()` that
|
||||
* contains the value of `node1`.
|
||||
*/
|
||||
predicate storeStep(Node node1, ContentSet c, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if values stored inside content `c` are cleared at node `n`. For example,
|
||||
* any value stored inside `f` is cleared at the pre-update node associated with `x`
|
||||
* in `x.f = newValue`.
|
||||
*/
|
||||
predicate clearsContent(Node n, ContentSet c);
|
||||
|
||||
/**
|
||||
* Holds if the value that is being tracked is expected to be stored inside content `c`
|
||||
* at node `n`.
|
||||
*/
|
||||
predicate expectsContent(Node n, ContentSet c);
|
||||
|
||||
/**
|
||||
* Holds if the node `n` is unreachable when the call context is `call`.
|
||||
*/
|
||||
predicate isUnreachableInCall(Node n, DataFlowCall call);
|
||||
|
||||
default int accessPathLimit() { result = 5 }
|
||||
|
||||
/**
|
||||
* Holds if flow is allowed to pass from parameter `p` and back to itself as a
|
||||
* side-effect, resulting in a summary from `p` to itself.
|
||||
*
|
||||
* One example would be to allow flow like `p.foo = p.bar;`, which is disallowed
|
||||
* by default as a heuristic.
|
||||
*/
|
||||
predicate allowParameterReturnInSelf(ParameterNode p);
|
||||
|
||||
class LambdaCallKind;
|
||||
|
||||
/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */
|
||||
predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c);
|
||||
|
||||
/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */
|
||||
predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver);
|
||||
|
||||
/** Extra data-flow steps needed for lambda flow analysis. */
|
||||
predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue);
|
||||
|
||||
/**
|
||||
* Holds if `n` should never be skipped over in the `PathGraph` and in path
|
||||
* explanations.
|
||||
*/
|
||||
default predicate neverSkipInPathGraph(Node n) { none() }
|
||||
|
||||
/**
|
||||
* Gets an additional term that is added to the `join` and `branch` computations to reflect
|
||||
* an additional forward or backwards branching factor that is not taken into account
|
||||
* when calculating the (virtual) dispatch cost.
|
||||
*
|
||||
* Argument `arg` is part of a path from a source to a sink, and `p` is the target parameter.
|
||||
*/
|
||||
int getAdditionalFlowIntoCallNodeTerm(ArgumentNode arg, ParameterNode p);
|
||||
|
||||
predicate golangSpecificParamArgFilter(DataFlowCall call, ParameterNode p, ArgumentNode arg);
|
||||
}
|
||||
|
||||
module Configs<InputSig Lang> {
|
||||
private import Lang
|
||||
private import DataFlowImplCommon::MakeImplCommon<Lang>
|
||||
private import internal.DataFlowImplCommon::MakeImplCommon<Lang>
|
||||
import DataFlowImplCommonPublic
|
||||
|
||||
/** An input configuration for data flow. */
|
||||
|
|
@ -211,9 +430,9 @@ module Configs<DataFlowParameter Lang> {
|
|||
}
|
||||
}
|
||||
|
||||
module DataFlowMake<DataFlowParameter Lang> {
|
||||
module DataFlowMake<InputSig Lang> {
|
||||
private import Lang
|
||||
private import DataFlowImpl::MakeImpl<Lang>
|
||||
private import internal.DataFlowImpl::MakeImpl<Lang>
|
||||
import Configs<Lang>
|
||||
|
||||
/**
|
||||
|
|
|
|||
|
|
@ -1,220 +0,0 @@
|
|||
signature module DataFlowParameter {
|
||||
class Node {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
|
||||
/**
|
||||
* Holds if this element is at the specified location.
|
||||
* The location spans column `startcolumn` of line `startline` to
|
||||
* column `endcolumn` of line `endline` in file `filepath`.
|
||||
* For more information, see
|
||||
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
|
||||
*/
|
||||
predicate hasLocationInfo(
|
||||
string filepath, int startline, int startcolumn, int endline, int endcolumn
|
||||
);
|
||||
}
|
||||
|
||||
class ParameterNode extends Node;
|
||||
|
||||
class ArgumentNode extends Node;
|
||||
|
||||
class ReturnNode extends Node {
|
||||
ReturnKind getKind();
|
||||
}
|
||||
|
||||
class OutNode extends Node;
|
||||
|
||||
class PostUpdateNode extends Node {
|
||||
Node getPreUpdateNode();
|
||||
}
|
||||
|
||||
class CastNode extends Node;
|
||||
|
||||
predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos);
|
||||
|
||||
predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos);
|
||||
|
||||
DataFlowCallable nodeGetEnclosingCallable(Node node);
|
||||
|
||||
DataFlowType getNodeType(Node node);
|
||||
|
||||
predicate nodeIsHidden(Node node);
|
||||
|
||||
class DataFlowExpr;
|
||||
|
||||
/** Gets the node corresponding to `e`. */
|
||||
Node exprNode(DataFlowExpr e);
|
||||
|
||||
class DataFlowCall {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
|
||||
DataFlowCallable getEnclosingCallable();
|
||||
}
|
||||
|
||||
class DataFlowCallable {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
class ReturnKind {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
/** Gets a viable implementation of the target of the given `Call`. */
|
||||
DataFlowCallable viableCallable(DataFlowCall c);
|
||||
|
||||
/**
|
||||
* Holds if the set of viable implementations that can be called by `call`
|
||||
* might be improved by knowing the call context.
|
||||
*/
|
||||
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c);
|
||||
|
||||
/**
|
||||
* Gets a viable dispatch target of `call` in the context `ctx`. This is
|
||||
* restricted to those `call`s for which a context might make a difference.
|
||||
*/
|
||||
DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx);
|
||||
|
||||
/**
|
||||
* Gets a node that can read the value returned from `call` with return kind
|
||||
* `kind`.
|
||||
*/
|
||||
OutNode getAnOutNode(DataFlowCall call, ReturnKind kind);
|
||||
|
||||
class DataFlowType {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
string ppReprType(DataFlowType t);
|
||||
|
||||
bindingset[t1, t2]
|
||||
predicate compatibleTypes(DataFlowType t1, DataFlowType t2);
|
||||
|
||||
predicate typeStrongerThan(DataFlowType t1, DataFlowType t2);
|
||||
|
||||
class Content {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
predicate forceHighPrecision(Content c);
|
||||
|
||||
/**
|
||||
* An entity that represents a set of `Content`s.
|
||||
*
|
||||
* The set may be interpreted differently depending on whether it is
|
||||
* stored into (`getAStoreContent`) or read from (`getAReadContent`).
|
||||
*/
|
||||
class ContentSet {
|
||||
/** Gets a content that may be stored into when storing into this set. */
|
||||
Content getAStoreContent();
|
||||
|
||||
/** Gets a content that may be read from when reading from this set. */
|
||||
Content getAReadContent();
|
||||
}
|
||||
|
||||
class ContentApprox {
|
||||
/** Gets a textual representation of this element. */
|
||||
string toString();
|
||||
}
|
||||
|
||||
ContentApprox getContentApprox(Content c);
|
||||
|
||||
class ParameterPosition {
|
||||
/** Gets a textual representation of this element. */
|
||||
bindingset[this]
|
||||
string toString();
|
||||
}
|
||||
|
||||
class ArgumentPosition {
|
||||
/** Gets a textual representation of this element. */
|
||||
bindingset[this]
|
||||
string toString();
|
||||
}
|
||||
|
||||
predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos);
|
||||
|
||||
predicate simpleLocalFlowStep(Node node1, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` through a non-local step
|
||||
* that does not follow a call edge. For example, a step through a global
|
||||
* variable.
|
||||
*/
|
||||
predicate jumpStep(Node node1, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` via a read of `c`. Thus,
|
||||
* `node1` references an object with a content `c.getAReadContent()` whose
|
||||
* value ends up in `node2`.
|
||||
*/
|
||||
predicate readStep(Node node1, ContentSet c, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if data can flow from `node1` to `node2` via a store into `c`. Thus,
|
||||
* `node2` references an object with a content `c.getAStoreContent()` that
|
||||
* contains the value of `node1`.
|
||||
*/
|
||||
predicate storeStep(Node node1, ContentSet c, Node node2);
|
||||
|
||||
/**
|
||||
* Holds if values stored inside content `c` are cleared at node `n`. For example,
|
||||
* any value stored inside `f` is cleared at the pre-update node associated with `x`
|
||||
* in `x.f = newValue`.
|
||||
*/
|
||||
predicate clearsContent(Node n, ContentSet c);
|
||||
|
||||
/**
|
||||
* Holds if the value that is being tracked is expected to be stored inside content `c`
|
||||
* at node `n`.
|
||||
*/
|
||||
predicate expectsContent(Node n, ContentSet c);
|
||||
|
||||
/**
|
||||
* Holds if the node `n` is unreachable when the call context is `call`.
|
||||
*/
|
||||
predicate isUnreachableInCall(Node n, DataFlowCall call);
|
||||
|
||||
default int accessPathLimit() { result = 5 }
|
||||
|
||||
/**
|
||||
* Holds if flow is allowed to pass from parameter `p` and back to itself as a
|
||||
* side-effect, resulting in a summary from `p` to itself.
|
||||
*
|
||||
* One example would be to allow flow like `p.foo = p.bar;`, which is disallowed
|
||||
* by default as a heuristic.
|
||||
*/
|
||||
predicate allowParameterReturnInSelf(ParameterNode p);
|
||||
|
||||
class LambdaCallKind;
|
||||
|
||||
/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */
|
||||
predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c);
|
||||
|
||||
/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */
|
||||
predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver);
|
||||
|
||||
/** Extra data-flow steps needed for lambda flow analysis. */
|
||||
predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue);
|
||||
|
||||
/**
|
||||
* Holds if `n` should never be skipped over in the `PathGraph` and in path
|
||||
* explanations.
|
||||
*/
|
||||
default predicate neverSkipInPathGraph(Node n) { none() }
|
||||
|
||||
/**
|
||||
* Gets an additional term that is added to the `join` and `branch` computations to reflect
|
||||
* an additional forward or backwards branching factor that is not taken into account
|
||||
* when calculating the (virtual) dispatch cost.
|
||||
*
|
||||
* Argument `arg` is part of a path from a source to a sink, and `p` is the target parameter.
|
||||
*/
|
||||
int getAdditionalFlowIntoCallNodeTerm(ArgumentNode arg, ParameterNode p);
|
||||
|
||||
predicate golangSpecificParamArgFilter(DataFlowCall call, ParameterNode p, ArgumentNode arg);
|
||||
}
|
||||
|
|
@ -6,11 +6,11 @@
|
|||
|
||||
private import codeql.util.Unit
|
||||
private import codeql.util.Option
|
||||
import DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module MakeImpl<DataFlowParameter Lang> {
|
||||
module MakeImpl<InputSig Lang> {
|
||||
private import Lang
|
||||
private import DataFlow::DataFlowMake<Lang>
|
||||
private import DataFlowMake<Lang>
|
||||
private import DataFlowImplCommon::MakeImplCommon<Lang>
|
||||
private import DataFlowImplCommonPublic
|
||||
|
||||
|
|
@ -1,6 +1,6 @@
|
|||
import DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
|
||||
module MakeImplCommon<DataFlowParameter Lang> {
|
||||
module MakeImplCommon<InputSig Lang> {
|
||||
private import Lang
|
||||
import Cached
|
||||
|
||||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImpl
|
||||
private import codeql.dataflow.internal.DataFlowImpl
|
||||
import MakeImpl<SwiftDataFlow>
|
||||
|
|
|
|||
|
|
@ -1,3 +1,3 @@
|
|||
private import DataFlowImplSpecific
|
||||
private import codeql.dataflow.DataFlowImplCommon
|
||||
private import codeql.dataflow.internal.DataFlowImplCommon
|
||||
import MakeImplCommon<SwiftDataFlow>
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@
|
|||
* Provides Swift-specific definitions for use in the data flow library.
|
||||
*/
|
||||
|
||||
private import codeql.dataflow.DataFlowParameter
|
||||
private import codeql.dataflow.DataFlow
|
||||
// we need to export `Unit` for the DataFlowImpl* files
|
||||
private import swift as Swift
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ module Public {
|
|||
import DataFlowPublic
|
||||
}
|
||||
|
||||
module SwiftDataFlow implements DataFlowParameter {
|
||||
module SwiftDataFlow implements InputSig {
|
||||
import Private
|
||||
import Public
|
||||
|
||||
|
|
|
|||
|
|
@ -56,9 +56,7 @@ private class ApplicationWithLaunchOptionsFunc extends Function {
|
|||
|
||||
private class LaunchOptionsUrlVarDecl extends VarDecl {
|
||||
LaunchOptionsUrlVarDecl() {
|
||||
// ideally this would be the more accurate, but currently less robust:
|
||||
// this.getEnclosingDecl().asNominalTypeDecl().getFullName() = "UIApplication.LaunchOptionsKey" and
|
||||
this.getType().(NominalType).getFullName() = "UIApplication.LaunchOptionsKey" and
|
||||
this.getEnclosingDecl().asNominalTypeDecl().getFullName() = "UIApplication.LaunchOptionsKey" and
|
||||
this.getName() = "url"
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче