temp

hvitved · hvitved · commit 5edbe52b153c · 2024-01-30T11:29:42.000+01:00
diff --git a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected
@@ -31,17 +31,17 @@ edges
 | CollectionFlow.cs:26:58:26:61 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary<T,T> [element, property Value] : A |
 | CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:67:26:73 | access to indexer : A |
 | CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A |
-| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A |
-| CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A | CollectionFlow.cs:28:68:28:85 | access to property Value : A |
+| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : Object [property Value] : A |
+| CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : Object [property Value] : A | CollectionFlow.cs:28:68:28:85 | access to property Value : A |
 | CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A |
 | CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A |
 | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A |
 | CollectionFlow.cs:32:58:32:61 | dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A |
 | CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A |
 | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A |
 | CollectionFlow.cs:34:57:34:60 | dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A |
-| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A |
-| CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A | CollectionFlow.cs:34:66:34:81 | access to property Key : A |
+| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : Object [property Key] : A |
+| CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : Object [property Key] : A | CollectionFlow.cs:34:66:34:81 | access to property Key : A |
 | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : A[] [element] : A |
 | CollectionFlow.cs:36:49:36:52 | args : null [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : null [element] : A |
 | CollectionFlow.cs:36:63:36:66 | access to parameter args : A[] [element] : A | CollectionFlow.cs:36:63:36:69 | access to array element |
@@ -291,7 +291,7 @@ nodes
 | CollectionFlow.cs:26:67:26:73 | access to indexer : A | semmle.label | access to indexer : A |
 | CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | semmle.label | dict : Dictionary<T,T> [element, property Value] : A |
 | CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | semmle.label | access to parameter dict : Dictionary<T,T> [element, property Value] : A |
-| CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A | semmle.label | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A |
+| CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : Object [property Value] : A | semmle.label | call to method First<KeyValuePair<Int32,T>> : Object [property Value] : A |
 | CollectionFlow.cs:28:68:28:85 | access to property Value : A | semmle.label | access to property Value : A |
 | CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | semmle.label | dict : Dictionary<T,T> [element, property Value] : A |
 | CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | semmle.label | access to parameter dict : Dictionary<T,T> [element, property Value] : A |
@@ -303,7 +303,7 @@ nodes
 | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | semmle.label | call to method First<T> : A |
 | CollectionFlow.cs:34:57:34:60 | dict : Dictionary<T,T> [element, property Key] : A | semmle.label | dict : Dictionary<T,T> [element, property Key] : A |
 | CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | semmle.label | access to parameter dict : Dictionary<T,T> [element, property Key] : A |
-| CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A | semmle.label | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A |
+| CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : Object [property Key] : A | semmle.label | call to method First<KeyValuePair<T,Int32>> : Object [property Key] : A |
 | CollectionFlow.cs:34:66:34:81 | access to property Key : A | semmle.label | access to property Key : A |
 | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | semmle.label | args : A[] [element] : A |
 | CollectionFlow.cs:36:49:36:52 | args : null [element] : A | semmle.label | args : null [element] : A |
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -961,6 +961,16 @@ module MakeImpl<InputSig Lang> {
         exists(ap)
       }
 
+      pragma[nomagic]
+      additional predicate nodeMayFlowNotThrough(NodeEx node, Ap ap) {
+        revFlow(node, false) and
+        exists(ap)
+        or
+        revFlow(node, true) and
+        exists(ap) and
+        hasSinkCallCtx()
+      }
+
       pragma[nomagic]
       predicate callMayFlowThroughRev(DataFlowCall call) {
         exists(ArgNodeEx arg, boolean toReturn |
@@ -1265,6 +1275,9 @@ module MakeImpl<InputSig Lang> {
         bindingset[p, argAp, node, ap]
         predicate nodeMayFlowThrough(ParamNode p, ApApprox argAp, NodeEx node, ApApprox ap);
 
+        bindingset[node, ap]
+        predicate nodeMayFlowNotThrough(NodeEx node, ApApprox ap);
+
         bindingset[node, state, t0, ap, inSummaryCtx]
         predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t, boolean inSummaryCtx);
 
@@ -1333,29 +1346,19 @@ module MakeImpl<InputSig Lang> {
           NodeEx node, FlowState state, Cc cc, ParamNodeOption summaryCtx, ArgTypOption argT,
           ApOption argAp, Typ t0, Typ t, Ap ap, ApApprox apa
         ) {
-          exists(ParamNodeOption summaryCtx0, ApOption argAp0, boolean inSummaryCtx |
-            fwdFlow0(node, state, cc, summaryCtx0, argT, argAp0, t0, ap, apa) and
+          exists(boolean inSummaryCtx |
+            fwdFlow0(node, state, cc, summaryCtx, argT, argAp, t0, ap, apa) and
             PrevStage::revFlow(node, state, apa) and
             (
               exists(ParamNode p, ApApprox argApa |
-                summaryCtx0 = TParamNodeSome(p) and
-                argAp0 = apSome(any(Ap argAp1 | argApa = getApprox(argAp1)))
-              |
-                if Param::nodeMayFlowThrough(p, argApa, node, apa)
-                then
-                  summaryCtx = summaryCtx0 and
-                  argAp = argAp0 and
-                  inSummaryCtx = true
-                else (
-                  summaryCtx = TParamNodeNone() and
-                  argAp = apNone() and
-                  inSummaryCtx = false
-                )
+                summaryCtx = TParamNodeSome(p) and
+                argAp = apSome(any(Ap argAp1 | argApa = getApprox(argAp1))) and
+                Param::nodeMayFlowThrough(p, argApa, node, apa) and
+                inSummaryCtx = true
               )
               or
-              summaryCtx0 = TParamNodeNone() and
-              summaryCtx = summaryCtx0 and
-              argAp = argAp0 and
+              summaryCtx = TParamNodeNone() and
+              (cc instanceof CcNoCall or Param::nodeMayFlowNotThrough(node, apa)) and
               inSummaryCtx = false
             ) and
             filter(node, state, t0, ap, t, inSummaryCtx)
@@ -1414,22 +1417,24 @@ module MakeImpl<InputSig Lang> {
           or
           // flow into a callable
           exists(Typ t0 | fwdFlowIn(node, apa, state, cc, t0, ap) |
-            if PrevStage::parameterMayFlowThrough(node, apa)
-            then
-              summaryCtx = TParamNodeSome(node.asNode()) and
-              argT = ArgTypOption::some(toArgTyp(t)) and
-              argAp = apSome(ap) and
-              t = t0 // getNodeTyp(node)
-            else (
-              summaryCtx = TParamNodeNone() and
-              argT instanceof ArgTypOption::None and
-              argAp = apNone() and
-              t = t0
-            )
+            PrevStage::parameterMayFlowThrough(node, apa) and
+            summaryCtx = TParamNodeSome(node.asNode()) and
+            argT = ArgTypOption::some(toArgTyp(t)) and
+            argAp = apSome(ap) and
+            t = t0 // getNodeTyp(node)
+            or
+            Param::nodeMayFlowNotThrough(node, apa) and
+            summaryCtx = TParamNodeNone() and
+            argT instanceof ArgTypOption::None and
+            argAp = apNone() and
+            t = t0
           )
           or
           // flow out of a callable
-          fwdFlowOut(_, _, node, state, cc, summaryCtx, argT, argAp, t, ap, apa)
+          fwdFlowOut(_, _, node, state, cc, _, _, _, t, ap, apa) and
+          argT instanceof ArgTypOption::None and
+          argAp = apNone() and
+          summaryCtx = TParamNodeNone()
           or
           // flow through a callable
           exists(
@@ -2373,6 +2378,14 @@ module MakeImpl<InputSig Lang> {
           )
         }
 
+        pragma[nomagic]
+        additional predicate nodeMayFlowNotThrough(NodeEx node, Ap ap) {
+          revFlow(node, _, TReturnCtxNone(), _, ap)
+          or
+          revFlow(node, _, TReturnCtxNoFlowThrough(), _, ap) and
+          hasSinkCallCtx()
+        }
+
         pragma[nomagic]
         private predicate revFlowThroughArg(
           DataFlowCall call, ArgNodeEx arg, FlowState state, ReturnCtx returnCtx, ApOption returnAp,
@@ -2682,6 +2695,11 @@ module MakeImpl<InputSig Lang> {
         exists(argAp)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       pragma[nomagic]
       private predicate expectsContentCand(NodeEx node) {
         exists(Content c |
@@ -3009,6 +3027,11 @@ module MakeImpl<InputSig Lang> {
         PrevStage::nodeMayFlowThrough(p, argAp, node, ap)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       pragma[nomagic]
       private predicate expectsContentCand(NodeEx node, Ap ap) {
         exists(Content c |
@@ -3090,6 +3113,11 @@ module MakeImpl<InputSig Lang> {
         PrevStage::nodeMayFlowThrough(p, argAp, node, ap)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       pragma[nomagic]
       private predicate expectsContentCand(NodeEx node, Ap ap) {
         exists(Content c |
@@ -3136,6 +3164,7 @@ module MakeImpl<InputSig Lang> {
     private predicate strengthenType(
       NodeEx node, DataFlowType t0, DataFlowType t, boolean inSummaryCtx
     ) {
+      exists(inSummaryCtx) and
       if castingNodeEx(node)
       then
         exists(DataFlowType nt | nt = node.getDataFlowType() |
@@ -3196,6 +3225,11 @@ module MakeImpl<InputSig Lang> {
         PrevStage::nodeMayFlowThrough(p, argAp, node, ap)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       pragma[nomagic]
       private predicate clearSet(NodeEx node, ContentSet c) {
         PrevStage::revFlow(node) and
@@ -3295,6 +3329,11 @@ module MakeImpl<InputSig Lang> {
         PrevStage::nodeMayFlowThrough(p, argAp, node, ap)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       pragma[nomagic]
       private predicate clearSet(NodeEx node, ContentSet c) {
         PrevStage::revFlow(node) and
@@ -3582,6 +3621,11 @@ module MakeImpl<InputSig Lang> {
         PrevStage::nodeMayFlowThrough(p, argAp, node, ap)
       }
 
+      bindingset[node, ap]
+      predicate nodeMayFlowNotThrough(NodeEx node, PrevStage::Ap ap) {
+        PrevStage::nodeMayFlowNotThrough(node, ap)
+      }
+
       bindingset[node, state, t0, ap, inSummaryCtx]
       predicate filter(NodeEx node, FlowState state, Typ t0, Ap ap, Typ t, boolean inSummaryCtx) {
         strengthenType(node, t0, t, inSummaryCtx) and
@@ -4557,7 +4601,8 @@ module MakeImpl<InputSig Lang> {
         (
           sc = TSummaryCtxSome(p, state, t, ap)
           or
-          not exists(TSummaryCtxSome(p, state, t, ap)) and
+          // not exists(TSummaryCtxSome(p, state, t, ap)) and
+          Stage5::nodeMayFlowNotThrough(p, ap.getApprox()) and
           sc = TSummaryCtxNone() and
           // When the call contexts of source and sink needs to match then there's
           // never any reason to enter a callable except to find a summary. See also
