Merge pull request #473 from jketema/flowstate-fix

lcartey · web-flow · commit d9f09111f79d · 2023-12-12T10:22:48.000Z
Use an IPA type for flow states
diff --git a/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql b/c/cert/src/rules/EXP39-C/DoNotAccessVariableViaPointerOfIncompatibleType.ql
@@ -42,28 +42,24 @@ class ReallocationFunction extends AllocationFunction {
   ReallocationFunction() { exists(this.getReallocPtrArg()) }
 }
 
-/**
- * A data-flow state for a pointer which has not been reallocated.
- */
-class IndirectCastDefaultFlowState extends DataFlow::FlowState {
-  IndirectCastDefaultFlowState() { this = "IndirectCastDefaultFlowState" }
-}
-
-/**
- * A data-flow state for a pointer which has been reallocated but
- * has not yet been zeroed with a memset call.
- */
-class IndirectCastReallocatedFlowState extends DataFlow::FlowState {
-  IndirectCastReallocatedFlowState() { this = "IndirectCastReallocatedFlowState" }
-}
+newtype IndirectCastFlowState =
+  /**
+   * A data-flow state for a pointer which has not been reallocated.
+   */
+  IndirectCastDefaultFlowState() or
+  /**
+   * A data-flow state for a pointer which has been reallocated but
+   * has not yet been zeroed with a memset call.
+   */
+  IndirectCastReallocatedFlowState()
 
 /**
  * A data-flow configuration to track the flow from cast expressions to either
  * other cast expressions or to dereferences of pointers reallocated with a call
  * to `realloc` but not cleared via a function call to `memset`.
  */
 module IndirectCastConfig implements DataFlow::StateConfigSig {
-  class FlowState = DataFlow::FlowState;
+  class FlowState = IndirectCastFlowState;
 
   predicate isSource(DataFlow::Node source, FlowState state) {
     state instanceof IndirectCastDefaultFlowState and
