wip

github · Dec 10, 2024 · f812cbd · f812cbd
1 parent 4f7e97b
commit f812cbd
Show file tree

Hide file tree

Showing 4 changed files with 5 additions and 13 deletions.
diff --git a/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected b/cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
@@ -5,15 +5,13 @@ edges
 | overflowdestination.cpp:27:2:27:15 | *... = ... | overflowdestination.cpp:30:17:30:20 | *arg1 | provenance |  |
 | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | provenance |  |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
-| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | provenance | DataFlowFunction |
 | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:53:15:53:17 | *src | provenance |  |
 | overflowdestination.cpp:57:52:57:54 | *src | overflowdestination.cpp:60:15:60:17 | *src | provenance |  |
 | overflowdestination.cpp:60:15:60:17 | *src | overflowdestination.cpp:64:16:64:19 | *src2 | provenance |  |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:75:30:75:32 | *src | provenance |  |
 | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | provenance |  |
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance |  |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | provenance | DataFlowFunction |
 | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument | overflowdestination.cpp:76:30:76:32 | *src | provenance |  |
 | overflowdestination.cpp:76:30:76:32 | *src | overflowdestination.cpp:57:52:57:54 | *src | provenance |  |
 nodes
@@ -26,7 +24,6 @@ nodes
 | overflowdestination.cpp:46:15:46:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:50:52:50:54 | *src | semmle.label | *src |
-| overflowdestination.cpp:50:52:50:54 | *src [Reverse] | semmle.label | *src [Reverse] |
 | overflowdestination.cpp:53:15:53:17 | *src | semmle.label | *src |
 | overflowdestination.cpp:57:52:57:54 | *src | semmle.label | *src |
 | overflowdestination.cpp:60:15:60:17 | *src | semmle.label | *src |
@@ -37,7 +34,6 @@ nodes
 | overflowdestination.cpp:76:30:76:32 | *src | semmle.label | *src |
 subpaths
 | overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
-| overflowdestination.cpp:75:30:75:32 | *src | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | *src [Reverse] | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
 #select
 | overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | **argv | overflowdestination.cpp:30:17:30:20 | *arg1 | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
 | overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | *src | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |

diff --git a/java/ql/test/library-tests/dataflow/capture/test.expected b/java/ql/test/library-tests/dataflow/capture/test.expected
@@ -50,7 +50,6 @@
 | A.java:23:11:23:13 | "C" : String | A.java:39:12:39:12 | a : new A(...) { ... } [String s] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | parameter this [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | this <constr(this)> [Reverse] : Box [elem] |
-| A.java:25:22:25:24 | "D" : String | A.java:4:5:4:7 | this <constr(this)> [post update] [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:9:4:16 | e : String |
 | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:24 | this <.field> [Reverse] : Box [elem] |
 | A.java:25:22:25:24 | "D" : String | A.java:4:21:4:24 | this <.field> [post update] : Box [elem] |
@@ -89,7 +88,6 @@
 | A.java:27:16:27:18 | "E" : String | A.java:14:11:14:20 | f2(...) : new A(...) { ... } [Box b2, ... (2)] |
 | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:16 | a : new A(...) { ... } [Box b2, ... (2)] |
 | A.java:27:16:27:18 | "E" : String | A.java:15:16:15:22 | get(...) : String |
-| A.java:27:16:27:18 | "E" : String | A.java:26:14:26:26 | new Box(...) [Reverse] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:27:5:27:6 | b2 [Reverse] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:27:5:27:6 | b2 [post update] : Box [elem] |
 | A.java:27:16:27:18 | "E" : String | A.java:28:11:38:5 | Box b2 : Box [elem] |

diff --git a/java/ql/test/library-tests/dataflow/partial/test.expected b/java/ql/test/library-tests/dataflow/partial/test.expected
@@ -1,5 +1,4 @@
 edges
-| A.java:12:5:12:5 | b [Reverse] : Box [elem] | A.java:11:13:11:21 | new Box(...) [Reverse] : Box [elem] |
 | A.java:12:5:12:5 | b [post update] : Box [elem] | A.java:12:5:12:5 | b [Reverse] : Box [elem] |
 | A.java:12:5:12:5 | b [post update] : Box [elem] | A.java:13:12:13:12 | b : Box [elem] |
 | A.java:12:14:12:18 | src(...) : Object | A.java:12:5:12:5 | b [post update] : Box [elem] |
@@ -8,7 +7,6 @@ edges
 | A.java:17:13:17:16 | f1(...) : Box [elem] | A.java:18:8:18:8 | b : Box [elem] |
 | A.java:18:8:18:8 | b : Box [elem] | A.java:21:11:21:15 | b : Box [elem] |
 #select
-| 0 | A.java:11:13:11:21 | new Box(...) [Reverse] : Box [elem] |
 | 0 | A.java:12:5:12:5 | b [Reverse] : Box [elem] |
 | 0 | A.java:12:5:12:5 | b [post update] : Box [elem] |
 | 0 | A.java:12:5:12:18 | ...=... : Object |

diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -2055,8 +2055,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[nomagic]
         private predicate fwdFlowOutCand(
-          DataFlowCallEx call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner, NodeEx out,
-          ApApprox apa, boolean allowsFieldFlow
+          NormalDataFlowCall call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner,
+          NodeEx out, ApApprox apa, boolean allowsFieldFlow
         ) {
           fwdFlowIntoRet(ret, _, innercc, _, _, _, apa, _) and
           inner = ret.getEnclosingCallable() and
@@ -2071,8 +2071,8 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[nomagic]
         private predicate fwdFlowOutValidEdge(
-          DataFlowCallEx call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner, NodeEx out,
-          CcNoCall outercc, ApApprox apa, boolean allowsFieldFlow
+          NormalDataFlowCall call, RetNodeEx ret, CcNoCall innercc, DataFlowCallable inner,
+          NodeEx out, CcNoCall outercc, ApApprox apa, boolean allowsFieldFlow
         ) {
           fwdFlowOutCand(call, ret, innercc, inner, out, apa, allowsFieldFlow) and
           FwdTypeFlow::typeFlowValidEdgeOut(call.projectToCall(), inner) and
@@ -2081,7 +2081,7 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
         pragma[inline]
         private predicate fwdFlowOut(
-          DataFlowCallEx call, DataFlowCallable inner, NodeEx out, FlowState state,
+          NormalDataFlowCall call, DataFlowCallable inner, NodeEx out, FlowState state,
           CcNoCall outercc, SummaryCtx summaryCtx, Typ t, Ap ap, ApApprox apa, TypOption stored
         ) {
           exists(RetNodeEx ret, CcNoCall innercc, boolean allowsFieldFlow |