From 67f738712af1e09388d8ca396f8655781dc8c731 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 16 Dec 2024 19:36:29 +0100 Subject: [PATCH] Implement `FlowSummaryImpl` stubs --- .../cpp/dataflow/internal/FlowSummaryImpl.qll | 10 ++++++++++ .../csharp/dataflow/internal/FlowSummaryImpl.qll | 16 ++++++++++++++++ go/ql/lib/semmle/go/dataflow/ExternalFlow.qll | 12 ++++++------ .../go/dataflow/internal/FlowSummaryImpl.qll | 10 ++++++++++ .../java/dataflow/internal/FlowSummaryImpl.qll | 16 ++++++++++++++++ .../dataflow/new/internal/FlowSummaryImpl.qll | 10 ++++++++++ .../ruby/dataflow/internal/FlowSummaryImpl.qll | 10 ++++++++++ .../swift/dataflow/internal/FlowSummaryImpl.qll | 10 ++++++++++ 8 files changed, 88 insertions(+), 6 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll index 424f3651bf88..5ba1db044290 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll @@ -12,8 +12,14 @@ private import semmle.code.cpp.dataflow.ExternalFlow private import semmle.code.cpp.ir.IR module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = Function; + class SourceBase = Void; + + class SinkBase = Void; + ArgumentPosition callbackSelfParameterPosition() { result = TDirectPosition(-1) } ReturnKind getStandardReturnValueKind() { result.(NormalReturnKind).getIndirectionIndex() = 0 } @@ -93,6 +99,10 @@ private module StepsInput implements Impl::Private::StepsInputSig { DataFlowCall getACall(Public::SummarizedCallable sc) { result.getStaticCallTarget().getUnderlyingCallable() = sc } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module SourceSinkInterpretationInput implements diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index d777566a336a..5d861464c8e3 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -14,8 +14,14 @@ private import semmle.code.csharp.Unification private import semmle.code.csharp.dataflow.internal.ExternalFlow module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = UnboundCallable; + class SourceBase = Void; + + class SinkBase = Void; + predicate neutralElement(SummarizedCallableBase c, string kind, string provenance, boolean isExact) { interpretNeutral(c, kind, provenance) and // isExact is not needed for C#. @@ -176,12 +182,22 @@ private module TypesInput implements Impl::Private::TypesInputSig { result.asGvnType() = Gvn::getGlobalValueNumber(dt.getDelegateType().getReturnType()) ) } + + DataFlowType getSourceNodeType(Input::SourceBase source, Impl::Private::SummaryComponent sc) { + none() + } + + DataFlowType getSinkNodeType(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } private module StepsInput implements Impl::Private::StepsInputSig { DataFlowCall getACall(Public::SummarizedCallable sc) { sc = viableCallable(result).asSummarizedCallable() } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module SourceSinkInterpretationInput implements diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll index 5ae7b6a7f0d8..3228f4248859 100644 --- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll @@ -90,7 +90,7 @@ import internal.ExternalFlowExtensions as FlowExtensions private import FlowSummary as FlowSummary private import internal.DataFlowPrivate private import internal.FlowSummaryImpl -private import internal.FlowSummaryImpl::Public +private import internal.FlowSummaryImpl::Public as Public private import internal.FlowSummaryImpl::Private private import internal.FlowSummaryImpl::Private::External private import codeql.mad.ModelValidation as SharedModelVal @@ -583,13 +583,13 @@ predicate sourceNode(DataFlow::Node node, string kind) { sourceNode(node, kind, predicate sinkNode(DataFlow::Node node, string kind) { sinkNode(node, kind, _) } // adapter class for converting Mad summaries to `SummarizedCallable`s -private class SummarizedCallableAdapter extends SummarizedCallable { +private class SummarizedCallableAdapter extends Public::SummarizedCallable { SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _) } private predicate relevantSummaryElementManual( string input, string output, string kind, string model ) { - exists(Provenance provenance | + exists(Public::Provenance provenance | summaryElement(this, input, output, kind, provenance, model) and provenance.isManual() ) @@ -598,11 +598,11 @@ private class SummarizedCallableAdapter extends SummarizedCallable { private predicate relevantSummaryElementGenerated( string input, string output, string kind, string model ) { - exists(Provenance provenance | + exists(Public::Provenance provenance | summaryElement(this, input, output, kind, provenance, model) and provenance.isGenerated() ) and - not exists(Provenance provenance | + not exists(Public::Provenance provenance | neutralElement(this, "summary", provenance) and provenance.isManual() ) @@ -621,7 +621,7 @@ private class SummarizedCallableAdapter extends SummarizedCallable { ) } - override predicate hasProvenance(Provenance provenance) { + override predicate hasProvenance(Public::Provenance provenance) { summaryElement(this, _, _, _, provenance, _) } } diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index 40c68ceb900a..55de73895938 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -21,8 +21,14 @@ private string positionToString(int pos) { } module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = Callable; + class SourceBase = Void; + + class SinkBase = Void; + predicate neutralElement( Input::SummarizedCallableBase c, string kind, string provenance, boolean isExact ) { @@ -108,6 +114,10 @@ private module StepsInput implements Impl::Private::StepsInputSig { call.getACalleeIncludingExternals() = sc ) } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module SourceSinkInterpretationInput implements diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index b4a2bad48f35..37201245a58b 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -27,8 +27,14 @@ private string positionToString(int pos) { } module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = FlowSummary::SummarizedCallableBase; + class SourceBase = Void; + + class SinkBase = Void; + predicate neutralElement( Input::SummarizedCallableBase c, string kind, string provenance, boolean isExact ) { @@ -123,12 +129,22 @@ private module TypesInput implements Impl::Private::TypesInputSig { result = getErasedRepr(t.(FunctionalInterface).getRunMethod().getReturnType()) and exists(rk) } + + DataFlowType getSourceNodeType(Input::SourceBase source, Impl::Private::SummaryComponent sc) { + none() + } + + DataFlowType getSinkNodeType(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } private module StepsInput implements Impl::Private::StepsInputSig { DataFlowCall getACall(Public::SummarizedCallable sc) { sc = viableCallable(result).asSummarizedCallable() } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } private predicate relatedArgSpec(Callable c, string spec) { diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll index a1dd67a008ad..f7fdf84549e6 100644 --- a/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll +++ b/python/ql/lib/semmle/python/dataflow/new/internal/FlowSummaryImpl.qll @@ -10,8 +10,14 @@ private import DataFlowImplSpecific::Private private import DataFlowImplSpecific::Public module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = string; + class SourceBase = Void; + + class SinkBase = Void; + ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() } ReturnKind getStandardReturnValueKind() { any() } @@ -98,6 +104,10 @@ private module StepsInput implements Impl::Private::StepsInputSig { sc.(LibraryCallable).getACallSimple().asCfgNode() ]) } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module Private { diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll index d0beb44ac7b4..c85d2230b23d 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll @@ -10,8 +10,14 @@ private import DataFlowImplSpecific::Private private import DataFlowImplSpecific::Public module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = string; + class SourceBase = Void; + + class SinkBase = Void; + ArgumentPosition callbackSelfParameterPosition() { result.isLambdaSelf() } ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind } @@ -154,6 +160,10 @@ private module StepsInput implements Impl::Private::StepsInputSig { or result.asCall().getAstNode() = sc.(LibraryCallable).getACallSimple() } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module Private { diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 0898f7b5355e..cb889baaebc2 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -12,8 +12,14 @@ private import DataFlowImplCommon private import codeql.swift.dataflow.ExternalFlow module Input implements InputSig { + private import codeql.util.Void + class SummarizedCallableBase = Function; + class SourceBase = Void; + + class SinkBase = Void; + ArgumentPosition callbackSelfParameterPosition() { result instanceof ThisArgumentPosition } ReturnKind getStandardReturnValueKind() { result instanceof NormalReturnKind } @@ -106,6 +112,10 @@ private import Make as Imp private module StepsInput implements Impl::Private::StepsInputSig { DataFlowCall getACall(Public::SummarizedCallable sc) { result.asCall().getStaticTarget() = sc } + + Node getSourceNode(Input::SourceBase source, Impl::Private::SummaryComponent sc) { none() } + + Node getSinkNode(Input::SinkBase sink, Impl::Private::SummaryComponent sc) { none() } } module SourceSinkInterpretationInput implements