Merge pull request #15547 from aschackmull/csharp/contentdataflow

aschackmull · web-flow · commit bcfce56ef696 · 2024-02-08T11:15:14.000+01:00
C#: Simplify, getASuccessor is pruned now.
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ContentDataFlow.qll
@@ -277,10 +277,6 @@ module Global<ConfigSig ContentConfig> {
     }
   }
 
-  // important to use `edges` and not `PathNode::getASuccessor()`, as the latter
-  // is not pruned for reachability
-  private predicate pathSucc = Flow::PathGraph::edges/2;
-
   /**
    * Provides a big-step flow relation, where flow stops at read/store steps that
    * must be recorded, and flow via `subpaths` such that reads/stores inside
@@ -290,10 +286,7 @@ module Global<ConfigSig ContentConfig> {
     private predicate reachesSink(Flow::PathNode node) {
       FlowConfig::isSink(node.getNode(), node.getState())
       or
-      exists(Flow::PathNode mid |
-        pathSucc(node, mid) and
-        reachesSink(mid)
-      )
+      reachesSink(node.getASuccessor())
     }
 
     /**
@@ -302,7 +295,7 @@ module Global<ConfigSig ContentConfig> {
      */
     pragma[nomagic]
     private predicate excludeStep(Flow::PathNode pred, Flow::PathNode succ) {
-      pathSucc(pred, succ) and
+      pred.getASuccessor() = succ and
       (
         // we need to record reads/stores inside summarized callables
         Flow::PathGraph::subpaths(pred, _, _, succ)
@@ -356,7 +349,7 @@ module Global<ConfigSig ContentConfig> {
 
     pragma[nomagic]
     private predicate step(Flow::PathNode pred, Flow::PathNode succ) {
-      pathSucc(pred, succ) and
+      pred.getASuccessor() = succ and
       not excludeStep(pred, succ)
     }
 
@@ -471,7 +464,7 @@ module Global<ConfigSig ContentConfig> {
     exists(Flow::PathNode mid |
       nodeReaches(source, scReads, scStores, mid, reads, stores) and
       storeStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and
-      pathSucc(mid, node)
+      mid.getASuccessor() = node
     )
   }
 
@@ -483,7 +476,7 @@ module Global<ConfigSig ContentConfig> {
     exists(Flow::PathNode mid |
       nodeReaches(source, scReads, scStores, mid, reads, stores) and
       readStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and
-      pathSucc(mid, node)
+      mid.getASuccessor() = node
     )
   }
 

Original file line number	Diff line number	Diff line change
`@@ -277,10 +277,6 @@ module Global<ConfigSig ContentConfig> {`
`277`	`277`	`}`
`278`	`278`	`}`
`279`	`279`
`280`		- // important to use `edges` and not `PathNode::getASuccessor()`, as the latter
`281`		`- // is not pruned for reachability`
`282`		`- private predicate pathSucc = Flow::PathGraph::edges/2;`
`283`		`-`
`284`	`280`	`/**`
`285`	`281`	`* Provides a big-step flow relation, where flow stops at read/store steps that`
`286`	`282`	* must be recorded, and flow via `subpaths` such that reads/stores inside
`@@ -290,10 +286,7 @@ module Global<ConfigSig ContentConfig> {`
`290`	`286`	`private predicate reachesSink(Flow::PathNode node) {`
`291`	`287`	`FlowConfig::isSink(node.getNode(), node.getState())`
`292`	`288`	`or`
`293`		`- exists(Flow::PathNode mid \|`
`294`		`- pathSucc(node, mid) and`
`295`		`- reachesSink(mid)`
`296`		`- )`
	`289`	`+ reachesSink(node.getASuccessor())`
`297`	`290`	`}`
`298`	`291`
`299`	`292`	`/**`
`@@ -302,7 +295,7 @@ module Global<ConfigSig ContentConfig> {`
`302`	`295`	`*/`
`303`	`296`	`pragma[nomagic]`
`304`	`297`	`private predicate excludeStep(Flow::PathNode pred, Flow::PathNode succ) {`
`305`		`- pathSucc(pred, succ) and`
	`298`	`+ pred.getASuccessor() = succ and`
`306`	`299`	`(`
`307`	`300`	`// we need to record reads/stores inside summarized callables`
`308`	`301`	`Flow::PathGraph::subpaths(pred, _, _, succ)`
`@@ -356,7 +349,7 @@ module Global<ConfigSig ContentConfig> {`
`356`	`349`
`357`	`350`	`pragma[nomagic]`
`358`	`351`	`private predicate step(Flow::PathNode pred, Flow::PathNode succ) {`
`359`		`- pathSucc(pred, succ) and`
	`352`	`+ pred.getASuccessor() = succ and`
`360`	`353`	`not excludeStep(pred, succ)`
`361`	`354`	`}`
`362`	`355`
`@@ -471,7 +464,7 @@ module Global<ConfigSig ContentConfig> {`
`471`	`464`	`exists(Flow::PathNode mid \|`
`472`	`465`	`nodeReaches(source, scReads, scStores, mid, reads, stores) and`
`473`	`466`	`storeStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and`
`474`		`- pathSucc(mid, node)`
	`467`	`+ mid.getASuccessor() = node`
`475`	`468`	`)`
`476`	`469`	`}`
`477`	`470`
`@@ -483,7 +476,7 @@ module Global<ConfigSig ContentConfig> {`
`483`	`476`	`exists(Flow::PathNode mid \|`
`484`	`477`	`nodeReaches(source, scReads, scStores, mid, reads, stores) and`
`485`	`478`	`readStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and`
`486`		`- pathSucc(mid, node)`
	`479`	`+ mid.getASuccessor() = node`
`487`	`480`	`)`
`488`	`481`	`}`
`489`	`482`