C#: Fix broken viableImplInCallContext implementation

hvitved · hvitved · commit b2b8aa62d8e7 · 2022-09-21T17:14:29.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
@@ -176,9 +176,15 @@ private module DispatchImpl {
    */
   DataFlowCallable viableImplInCallContext(NonDelegateDataFlowCall call, DataFlowCall ctx) {
     result.getUnderlyingCallable() =
-      call.getDispatchCall()
-          .getADynamicTargetInCallContext(ctx.(NonDelegateDataFlowCall).getDispatchCall())
-          .getUnboundDeclaration()
+      getCallableForDataFlow(call.getDispatchCall()
+            .getADynamicTargetInCallContext(ctx.(NonDelegateDataFlowCall).getDispatchCall())
+            .getUnboundDeclaration())
+    or
+    exists(DataFlowCallable encl |
+      encl = viableCallable(ctx) and
+      mayBenefitFromCallContext(call, encl) and
+      result = call.getASummaryTarget()
+    )
   }
 }
 
@@ -342,9 +348,8 @@ class NonDelegateDataFlowCall extends DataFlowCall, TNonDelegateCall {
   /** Gets the underlying call. */
   DispatchCall getDispatchCall() { result = dc }
 
-  override DataFlowCallable getARuntimeTarget() {
-    result.asCallable() = getCallableForDataFlow(dc.getADynamicTarget())
-    or
+  /** Gets a summarized call target, if any. */
+  DataFlowCallable getASummaryTarget() {
     exists(Callable c, boolean static |
       result.asSummarizedCallable() = c and
       c = this.getATarget(static)
@@ -355,6 +360,12 @@ class NonDelegateDataFlowCall extends DataFlowCall, TNonDelegateCall {
     )
   }
 
+  override DataFlowCallable getARuntimeTarget() {
+    result.asCallable() = getCallableForDataFlow(dc.getADynamicTarget())
+    or
+    result = this.getASummaryTarget()
+  }
+
   /** Gets a static or dynamic target of this call. */
   Callable getATarget(boolean static) {
     result = dc.getADynamicTarget().getUnboundDeclaration() and static = false
diff --git a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected
@@ -187,12 +187,6 @@ edges
 | CollectionFlow.cs:373:52:373:53 | access to parameter ts [element] : A | CollectionFlow.cs:373:52:373:56 | access to array element |
 | CollectionFlow.cs:373:52:373:53 | access to parameter ts [element] : A | CollectionFlow.cs:373:52:373:56 | access to array element |
 | CollectionFlow.cs:375:49:375:52 | list [element] : A | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | CollectionFlow.cs:375:63:375:69 | access to indexer |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | CollectionFlow.cs:375:63:375:69 | access to indexer |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | CollectionFlow.cs:375:63:375:69 | access to indexer |
 | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | CollectionFlow.cs:375:63:375:69 | access to indexer |
 | CollectionFlow.cs:377:61:377:64 | dict [element, property Value] : A | CollectionFlow.cs:377:75:377:78 | access to parameter dict [element, property Value] : A |
 | CollectionFlow.cs:377:75:377:78 | access to parameter dict [element, property Value] : A | CollectionFlow.cs:377:75:377:81 | access to indexer |
@@ -204,12 +198,6 @@ edges
 | CollectionFlow.cs:381:41:381:42 | access to parameter ts [element] : A | CollectionFlow.cs:381:41:381:45 | access to array element : A |
 | CollectionFlow.cs:381:41:381:42 | access to parameter ts [element] : A | CollectionFlow.cs:381:41:381:45 | access to array element : A |
 | CollectionFlow.cs:383:43:383:46 | list [element] : A | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | CollectionFlow.cs:383:52:383:58 | access to indexer : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | CollectionFlow.cs:383:52:383:58 | access to indexer : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | CollectionFlow.cs:383:52:383:58 | access to indexer : A |
 | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | CollectionFlow.cs:383:52:383:58 | access to indexer : A |
 | CollectionFlow.cs:385:58:385:61 | dict [element, property Value] : A | CollectionFlow.cs:385:67:385:70 | access to parameter dict [element, property Value] : A |
 | CollectionFlow.cs:385:67:385:70 | access to parameter dict [element, property Value] : A | CollectionFlow.cs:385:67:385:73 | access to indexer : A |
@@ -402,12 +390,6 @@ nodes
 | CollectionFlow.cs:373:52:373:53 | access to parameter ts [element] : A | semmle.label | access to parameter ts [element] : A |
 | CollectionFlow.cs:373:52:373:56 | access to array element | semmle.label | access to array element |
 | CollectionFlow.cs:375:49:375:52 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:375:49:375:52 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
 | CollectionFlow.cs:375:63:375:66 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
 | CollectionFlow.cs:375:63:375:69 | access to indexer | semmle.label | access to indexer |
 | CollectionFlow.cs:377:61:377:64 | dict [element, property Value] : A | semmle.label | dict [element, property Value] : A |
@@ -424,16 +406,7 @@ nodes
 | CollectionFlow.cs:381:41:381:45 | access to array element : A | semmle.label | access to array element : A |
 | CollectionFlow.cs:381:41:381:45 | access to array element : A | semmle.label | access to array element : A |
 | CollectionFlow.cs:383:43:383:46 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | semmle.label | list [element] : A |
-| CollectionFlow.cs:383:43:383:46 | list [element] : A | semmle.label | list [element] : A |
 | CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:383:52:383:55 | access to parameter list [element] : A | semmle.label | access to parameter list [element] : A |
-| CollectionFlow.cs:383:52:383:58 | access to indexer : A | semmle.label | access to indexer : A |
-| CollectionFlow.cs:383:52:383:58 | access to indexer : A | semmle.label | access to indexer : A |
-| CollectionFlow.cs:383:52:383:58 | access to indexer : A | semmle.label | access to indexer : A |
 | CollectionFlow.cs:383:52:383:58 | access to indexer : A | semmle.label | access to indexer : A |
 | CollectionFlow.cs:385:58:385:61 | dict [element, property Value] : A | semmle.label | dict [element, property Value] : A |
 | CollectionFlow.cs:385:67:385:70 | access to parameter dict [element, property Value] : A | semmle.label | access to parameter dict [element, property Value] : A |
