Skip to content

Commit

Permalink
Merge pull request #15867 from hvitved/dataflow/ap-limit
Browse files Browse the repository at this point in the history
Data flow: Add `ConfigSig::accessPathLimit`
  • Loading branch information
hvitved authored Mar 12, 2024
2 parents 5085121 + d7790fa commit dddba32
Show file tree
Hide file tree
Showing 34 changed files with 89 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,8 @@ module Global<ConfigSig ContentConfig> {

DataFlow::FlowFeature getAFeature() { result = ContentConfig::getAFeature() }

predicate accessPathLimit = ContentConfig::accessPathLimit/0;

// needed to record reads/stores inside summarized callables
predicate includeHiddenNodes() { any() }
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
6 changes: 3 additions & 3 deletions csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,11 @@ string captureQualifierFlow(TargetApiSpecific api) {
result = ModelPrinting::asValueModel(api, qualifierString(), "ReturnValue")
}

private int accessPathLimit() { result = 2 }
private int accessPathLimit0() { result = 2 }

private newtype TTaintState =
TTaintRead(int n) { n in [0 .. accessPathLimit()] } or
TTaintStore(int n) { n in [1 .. accessPathLimit()] }
TTaintRead(int n) { n in [0 .. accessPathLimit0()] } or
TTaintStore(int n) { n in [1 .. accessPathLimit0()] }

abstract private class TaintState extends TTaintState {
abstract string toString();
Expand Down
2 changes: 2 additions & 0 deletions go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl1.qll
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
2 changes: 2 additions & 0 deletions go/ql/lib/semmle/go/dataflow/internal/DataFlowImpl2.qll
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
6 changes: 3 additions & 3 deletions java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
Original file line number Diff line number Diff line change
Expand Up @@ -72,11 +72,11 @@ string captureQualifierFlow(TargetApiSpecific api) {
result = ModelPrinting::asValueModel(api, qualifierString(), "ReturnValue")
}

private int accessPathLimit() { result = 2 }
private int accessPathLimit0() { result = 2 }

private newtype TTaintState =
TTaintRead(int n) { n in [0 .. accessPathLimit()] } or
TTaintStore(int n) { n in [1 .. accessPathLimit()] }
TTaintRead(int n) { n in [0 .. accessPathLimit0()] } or
TTaintStore(int n) { n in [1 .. accessPathLimit0()] }

abstract private class TaintState extends TTaintState {
abstract string toString();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
2 changes: 2 additions & 0 deletions ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl1.qll
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
2 changes: 2 additions & 0 deletions ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowImpl2.qll
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down
10 changes: 10 additions & 0 deletions shared/dataflow/codeql/dataflow/DataFlow.qll
Original file line number Diff line number Diff line change
Expand Up @@ -376,6 +376,9 @@ module Configs<InputSig Lang> {
*/
default int fieldFlowBranchLimit() { result = 2 }

/** Gets the access path limit. */
default int accessPathLimit() { result = Lang::accessPathLimit() }

/**
* Gets a data flow configuration feature to add restrictions to the set of
* valid flow paths.
Expand Down Expand Up @@ -495,6 +498,9 @@ module Configs<InputSig Lang> {
*/
default int fieldFlowBranchLimit() { result = 2 }

/** Gets the access path limit. */
default int accessPathLimit() { result = Lang::accessPathLimit() }

/**
* Gets a data flow configuration feature to add restrictions to the set of
* valid flow paths.
Expand Down Expand Up @@ -583,6 +589,8 @@ module DataFlowMake<InputSig Lang> {
private module C implements FullStateConfigSig {
import DefaultState<Config>
import Config

predicate accessPathLimit = Config::accessPathLimit/0;
}

import Impl<C>
Expand All @@ -599,6 +607,8 @@ module DataFlowMake<InputSig Lang> {
module GlobalWithState<StateConfigSig Config> implements GlobalFlowSig {
private module C implements FullStateConfigSig {
import Config

predicate accessPathLimit = Config::accessPathLimit/0;
}

import Impl<C>
Expand Down
18 changes: 13 additions & 5 deletions shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,9 @@ module MakeImpl<InputSig Lang> {
*/
int fieldFlowBranchLimit();

/** Gets the access path limit. */
int accessPathLimit();

/**
* Gets a data flow configuration feature to add restrictions to the set of
* valid flow paths.
Expand Down Expand Up @@ -477,7 +480,9 @@ module MakeImpl<InputSig Lang> {
/**
* Holds if field flow should be used for the given configuration.
*/
private predicate useFieldFlow() { Config::fieldFlowBranchLimit() >= 1 }
private predicate useFieldFlow() {
Config::fieldFlowBranchLimit() >= 1 and Config::accessPathLimit() > 0
}

private predicate hasSourceCallCtx() {
exists(FlowFeature feature | feature = Config::getAFeature() |
Expand Down Expand Up @@ -2522,7 +2527,10 @@ module MakeImpl<InputSig Lang> {

bindingset[c, t, tail]
Ap apCons(Content c, Typ t, Ap tail) {
result = true and exists(c) and exists(t) and exists(tail)
result = true and
exists(c) and
exists(t) and
if tail = true then Config::accessPathLimit() > 1 else any()
}

class ApHeadContent = Unit;
Expand Down Expand Up @@ -3026,11 +3034,11 @@ module MakeImpl<InputSig Lang> {
} or
TConsCons(Content c1, DataFlowType t, Content c2, int len) {
Stage4::consCand(c1, t, TFrontHead(c2)) and
len in [2 .. accessPathLimit()] and
len in [2 .. Config::accessPathLimit()] and
not expensiveLen2unfolding(c1)
} or
TCons1(Content c, int len) {
len in [1 .. accessPathLimit()] and
len in [1 .. Config::accessPathLimit()] and
expensiveLen2unfolding(c)
}

Expand Down Expand Up @@ -4626,7 +4634,7 @@ module MakeImpl<InputSig Lang> {

private newtype TPartialAccessPath =
TPartialNil() or
TPartialCons(Content c, int len) { len in [1 .. accessPathLimit()] }
TPartialCons(Content c, int len) { len in [1 .. Config::accessPathLimit()] }

/**
* Conceptually a list of `Content`s, but only the first
Expand Down
2 changes: 2 additions & 0 deletions swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll
Original file line number Diff line number Diff line change
Expand Up @@ -285,6 +285,8 @@ deprecated private module Config implements FullStateConfigSig {

int fieldFlowBranchLimit() { result = min(any(Configuration config).fieldFlowBranchLimit()) }

int accessPathLimit() { result = 5 }

FlowFeature getAFeature() { result = any(Configuration config).getAFeature() }

predicate sourceGrouping(Node source, string sourceGroup) {
Expand Down

0 comments on commit dddba32

Please sign in to comment.