C#/Java: Materialize sink/source/summary predicates to avoid join on input/output before filtering.

michaelnebel · michaelnebel · commit f8dbbe006e67 · 2023-02-08T10:04:43.000+01:00
diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll
@@ -85,18 +85,21 @@ class ExternalApi extends DotNet::Callable {
   }
 
   /** Holds if this API has a supported summary. */
+  pragma[nomagic]
   predicate hasSummary() {
     this instanceof SummarizedCallable
     or
     defaultAdditionalTaintStep(this.getAnInput(), _)
   }
 
   /** Holds if this API is a known source. */
+  pragma[nomagic]
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
   }
 
   /** Holds if this API is a known sink. */
+  pragma[nomagic]
   predicate isSink() { sinkNode(this.getAnInput(), _) }
 
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */
diff --git a/java/ql/src/Telemetry/ExternalApi.qll b/java/ql/src/Telemetry/ExternalApi.qll
@@ -74,16 +74,19 @@ class ExternalApi extends Callable {
   }
 
   /** Holds if this API has a supported summary. */
+  pragma[nomagic]
   predicate hasSummary() {
     this = any(SummarizedCallable sc).asCallable() or
     TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)
   }
 
+  pragma[nomagic]
   predicate isSource() {
     this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
   }
 
   /** Holds if this API is a known sink. */
+  pragma[nomagic]
   predicate isSink() { sinkNode(this.getAnInput(), _) }
 
   /** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */

Original file line number	Diff line number	Diff line change
`@@ -85,18 +85,21 @@ class ExternalApi extends DotNet::Callable {`
`85`	`85`	`}`
`86`	`86`
`87`	`87`	`/** Holds if this API has a supported summary. */`
	`88`	`+ pragma[nomagic]`
`88`	`89`	`predicate hasSummary() {`
`89`	`90`	`this instanceof SummarizedCallable`
`90`	`91`	`or`
`91`	`92`	`defaultAdditionalTaintStep(this.getAnInput(), _)`
`92`	`93`	`}`
`93`	`94`
`94`	`95`	`/** Holds if this API is a known source. */`
	`96`	`+ pragma[nomagic]`
`95`	`97`	`predicate isSource() {`
`96`	`98`	`this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)`
`97`	`99`	`}`
`98`	`100`
`99`	`101`	`/** Holds if this API is a known sink. */`
	`102`	`+ pragma[nomagic]`
`100`	`103`	`predicate isSink() { sinkNode(this.getAnInput(), _) }`
`101`	`104`
`102`	`105`	`/** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */`
Original file line number	Diff line number	Diff line change
`@@ -74,16 +74,19 @@ class ExternalApi extends Callable {`
`74`	`74`	`}`
`75`	`75`
`76`	`76`	`/** Holds if this API has a supported summary. */`
	`77`	`+ pragma[nomagic]`
`77`	`78`	`predicate hasSummary() {`
`78`	`79`	`this = any(SummarizedCallable sc).asCallable() or`
`79`	`80`	`TaintTracking::localAdditionalTaintStep(this.getAnInput(), _)`
`80`	`81`	`}`
`81`	`82`
	`83`	`+ pragma[nomagic]`
`82`	`84`	`predicate isSource() {`
`83`	`85`	`this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)`
`84`	`86`	`}`
`85`	`87`
`86`	`88`	`/** Holds if this API is a known sink. */`
	`89`	`+ pragma[nomagic]`
`87`	`90`	`predicate isSink() { sinkNode(this.getAnInput(), _) }`
`88`	`91`
`89`	`92`	`/** Holds if this API is supported by existing CodeQL libraries, that is, it is either a recognized source or sink or has a flow summary. */`