Add Argument.getACorrespondingSyntacticArgument

owen-mc · owen-mc · commit ced000ae460f · 2024-08-16T11:19:09.000+01:00
diff --git a/go/ql/lib/semmle/go/Concepts.qll b/go/ql/lib/semmle/go/Concepts.qll
@@ -121,11 +121,7 @@ private class DefaultFileSystemAccess extends FileSystemAccess::Range, DataFlow:
   }
 
   override DataFlow::Node getAPathArgument() {
-    not pathArgument instanceof DataFlow::ImplicitVarargsSlice and
-    result = pathArgument
-    or
-    pathArgument instanceof DataFlow::ImplicitVarargsSlice and
-    result = this.getAnImplicitVarargsArgument()
+    result = pathArgument.getACorrespondingSyntacticArgument()
   }
 }
 
@@ -378,19 +374,15 @@ module LoggerCall {
 }
 
 private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {
-  DataFlow::ArgumentNode messageComponent;
+  DataFlow::ArgumentNode messageArgument;
 
   DefaultLoggerCall() {
-    sinkNode(messageComponent, "log-injection") and
-    this = messageComponent.getCall()
+    sinkNode(messageArgument, "log-injection") and
+    this = messageArgument.getCall()
   }
 
   override DataFlow::Node getAMessageComponent() {
-    not messageComponent instanceof DataFlow::ImplicitVarargsSlice and
-    result = messageComponent
-    or
-    messageComponent instanceof DataFlow::ImplicitVarargsSlice and
-    result = this.getAnImplicitVarargsArgument()
+    result = messageArgument.getACorrespondingSyntacticArgument()
   }
 }
 
diff --git a/go/ql/lib/semmle/go/concepts/HTTP.qll b/go/ql/lib/semmle/go/concepts/HTTP.qll
@@ -332,13 +332,7 @@ module Http {
         )
       }
 
-      override DataFlow::Node getUrl() {
-        not url instanceof DataFlow::ImplicitVarargsSlice and
-        result = url
-        or
-        url instanceof DataFlow::ImplicitVarargsSlice and
-        result = this.getAnImplicitVarargsArgument()
-      }
+      override DataFlow::Node getUrl() { result = url.getACorrespondingSyntacticArgument() }
 
       override Http::ResponseWriter getResponseWriter() {
         rw = -1 and result.getANode() = this.getReceiver()
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowNodes.qll
@@ -841,11 +841,7 @@ module Public {
         or
         preupd = getAWrittenNode()
         or
-        (
-          preupd instanceof ArgumentNode and not preupd instanceof ImplicitVarargsSlice
-          or
-          preupd = any(CallNode c).getAnImplicitVarargsArgument()
-        ) and
+        preupd = any(ArgumentNode arg).getACorrespondingSyntacticArgument() and
         mutableType(preupd.getType())
       ) and
       (
@@ -889,6 +885,21 @@ module Public {
      * Gets this argument's position.
      */
     int getPosition() { result = i }
+
+    /**
+     * Gets a data-flow node for a syntactic argument corresponding this this
+     * argument. If this argument is not an implicit varargs slice then this
+     * will just be the argument itself. If this argument is an implicit
+     * varargs slice then this will be a data-flow node that for an argument
+     * that is stored in the implicit varargs slice.
+     */
+    Node getACorrespondingSyntacticArgument() {
+      not this instanceof DataFlow::ImplicitVarargsSlice and
+      result = this
+      or
+      this instanceof DataFlow::ImplicitVarargsSlice and
+      result = c.getAnImplicitVarargsArgument()
+    }
   }
 
   /**
diff --git a/go/ql/lib/semmle/go/frameworks/SQL.qll b/go/ql/lib/semmle/go/frameworks/SQL.qll
@@ -70,11 +70,7 @@ module SQL {
     private class DefaultQueryString extends Range {
       DefaultQueryString() {
         exists(DataFlow::ArgumentNode arg | sinkNode(arg, "sql-injection") |
-          not arg instanceof DataFlow::ImplicitVarargsSlice and
-          this = arg
-          or
-          arg instanceof DataFlow::ImplicitVarargsSlice and
-          this = arg.getCall().getAnImplicitVarargsArgument()
+          this = arg.getACorrespondingSyntacticArgument()
         )
       }
     }
diff --git a/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll b/go/ql/lib/semmle/go/frameworks/SystemCommandExecutors.qll
@@ -16,11 +16,7 @@ private class DefaultSystemCommandExecution extends SystemCommandExecution::Rang
   }
 
   override DataFlow::Node getCommandName() {
-    not commandName instanceof DataFlow::ImplicitVarargsSlice and
-    result = commandName
-    or
-    commandName instanceof DataFlow::ImplicitVarargsSlice and
-    result = this.getAnImplicitVarargsArgument()
+    result = commandName.getACorrespondingSyntacticArgument()
   }
 }
 

Original file line number	Diff line number	Diff line change
`@@ -121,11 +121,7 @@ private class DefaultFileSystemAccess extends FileSystemAccess::Range, DataFlow:`
`121`	`121`	`}`
`122`	`122`
`123`	`123`	`override DataFlow::Node getAPathArgument() {`
`124`		`- not pathArgument instanceof DataFlow::ImplicitVarargsSlice and`
`125`		`- result = pathArgument`
`126`		`- or`
`127`		`- pathArgument instanceof DataFlow::ImplicitVarargsSlice and`
`128`		`- result = this.getAnImplicitVarargsArgument()`
	`124`	`+ result = pathArgument.getACorrespondingSyntacticArgument()`
`129`	`125`	`}`
`130`	`126`	`}`
`131`	`127`
`@@ -378,19 +374,15 @@ module LoggerCall {`
`378`	`374`	`}`
`379`	`375`
`380`	`376`	`private class DefaultLoggerCall extends LoggerCall::Range, DataFlow::CallNode {`
`381`		`- DataFlow::ArgumentNode messageComponent;`
	`377`	`+ DataFlow::ArgumentNode messageArgument;`
`382`	`378`
`383`	`379`	`DefaultLoggerCall() {`
`384`		`- sinkNode(messageComponent, "log-injection") and`
`385`		`- this = messageComponent.getCall()`
	`380`	`+ sinkNode(messageArgument, "log-injection") and`
	`381`	`+ this = messageArgument.getCall()`
`386`	`382`	`}`
`387`	`383`
`388`	`384`	`override DataFlow::Node getAMessageComponent() {`
`389`		`- not messageComponent instanceof DataFlow::ImplicitVarargsSlice and`
`390`		`- result = messageComponent`
`391`		`- or`
`392`		`- messageComponent instanceof DataFlow::ImplicitVarargsSlice and`
`393`		`- result = this.getAnImplicitVarargsArgument()`
	`385`	`+ result = messageArgument.getACorrespondingSyntacticArgument()`
`394`	`386`	`}`
`395`	`387`	`}`
`396`	`388`
Original file line number	Diff line number	Diff line change
`@@ -332,13 +332,7 @@ module Http {`
`332`	`332`	`)`
`333`	`333`	`}`
`334`	`334`
`335`		`- override DataFlow::Node getUrl() {`
`336`		`- not url instanceof DataFlow::ImplicitVarargsSlice and`
`337`		`- result = url`
`338`		`- or`
`339`		`- url instanceof DataFlow::ImplicitVarargsSlice and`
`340`		`- result = this.getAnImplicitVarargsArgument()`
`341`		`- }`
	`335`	`+ override DataFlow::Node getUrl() { result = url.getACorrespondingSyntacticArgument() }`
`342`	`336`
`343`	`337`	`override Http::ResponseWriter getResponseWriter() {`
`344`	`338`	`rw = -1 and result.getANode() = this.getReceiver()`
Original file line number	Diff line number	Diff line change
`@@ -70,11 +70,7 @@ module SQL {`
`70`	`70`	`private class DefaultQueryString extends Range {`
`71`	`71`	`DefaultQueryString() {`
`72`	`72`	`exists(DataFlow::ArgumentNode arg \| sinkNode(arg, "sql-injection") \|`
`73`		`- not arg instanceof DataFlow::ImplicitVarargsSlice and`
`74`		`- this = arg`
`75`		`- or`
`76`		`- arg instanceof DataFlow::ImplicitVarargsSlice and`
`77`		`- this = arg.getCall().getAnImplicitVarargsArgument()`
	`73`	`+ this = arg.getACorrespondingSyntacticArgument()`
`78`	`74`	`)`
`79`	`75`	`}`
`80`	`76`	`}`
Original file line number	Diff line number	Diff line change
`@@ -16,11 +16,7 @@ private class DefaultSystemCommandExecution extends SystemCommandExecution::Rang`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`override DataFlow::Node getCommandName() {`
`19`		`- not commandName instanceof DataFlow::ImplicitVarargsSlice and`
`20`		`- result = commandName`
`21`		`- or`
`22`		`- commandName instanceof DataFlow::ImplicitVarargsSlice and`
`23`		`- result = this.getAnImplicitVarargsArgument()`
	`19`	`+ result = commandName.getACorrespondingSyntacticArgument()`
`24`	`20`	`}`
`25`	`21`	`}`
`26`	`22`