C#: Address review comments.

michaelnebel · michaelnebel · commit e9c9519d90df · 2024-11-06T16:29:20.000+01:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -1149,7 +1149,7 @@ private module Cached {
     } or
     TCapturedVariableContent(VariableCapture::CapturedVariable v) or
     TDelegateCallArgumentContent(int i) {
-      i = [0 .. max(int j | j = any(DelegateCall dc).getNumberOfArguments())]
+      i = [0 .. max(any(DelegateCall dc).getNumberOfArguments())]
     } or
     TDelegateCallReturnContent()
 
@@ -2287,10 +2287,10 @@ private predicate recordProperty(RecordType t, ContentSet c, string name) {
  * If there is a delegate call f(x), then we store "x" on "f"
  * using a delegate argument content set.
  */
-private predicate storeStepDelegateCall(Node node1, ContentSet c, Node node2) {
-  exists(DelegateCall call, int i |
-    node1.asExpr() = call.getArgument(i) and
-    node2.(PostUpdateNode).getPreUpdateNode().asExpr() = call.getExpr() and
+private predicate storeStepDelegateCall(ExplicitArgumentNode node1, ContentSet c, Node node2) {
+  exists(ExplicitDelegateLikeDataFlowCall call, int i |
+    node1.argumentOf(call, TPositionalArgumentPosition(i)) and
+    lambdaCall(call, _, node2.(PostUpdateNode).getPreUpdateNode()) and
     c.isDelegateCallArgument(i)
   )
 }
@@ -2456,10 +2456,10 @@ private predicate readContentStep(Node node1, Content c, Node node2) {
  * If there is a delegate call f(x), then we read the return of the delegate
  * call.
  */
-private predicate readStepDelegateCall(Node node1, ContentSet c, Node node2) {
-  exists(DelegateCall call |
-    node1.asExpr() = call.getExpr() and
-    node2.asExpr() = call and
+private predicate readStepDelegateCall(Node node1, ContentSet c, OutNode node2) {
+  exists(ExplicitDelegateLikeDataFlowCall call |
+    lambdaCall(call, _, node1) and
+    node2.getCall(TNormalReturnKind()) = call and
     c.isDelegateCallReturn()
   )
 }
diff --git a/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs b/csharp/ql/test/utils/modelgenerator/dataflow/Summaries.cs
@@ -64,10 +64,10 @@ public string ReturnField()
     }
 
     public Func<object, object> MyFunction;
-    // summary=Models;BasicFlow;false;MapMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated
-    // summary=Models;BasicFlow;false;MapMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated
+    // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated
+    // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated
     // No content based flow as MaD doesn't support callback logic in fields and properties.
-    public object MapMyFunction(object o)
+    public object ApplyMyFunction(object o)
     {
         return MyFunction(o);
     }
@@ -517,18 +517,18 @@ public string M1(string s, Func<string, string> map)
         return s;
     }
 
-    // neutral=Models;HigherOrderParameters;Map;(System.Func<System.Object,System.Object>,System.Object);summary;df-generated
-    // contentbased-summary=Models;HigherOrderParameters;false;Map;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated
-    // contentbased-summary=Models;HigherOrderParameters;false;Map;(System.Func<System.Object,System.Object>,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated
-    public object Map(Func<object, object> f, object o)
+    // neutral=Models;HigherOrderParameters;Apply;(System.Func<System.Object,System.Object>,System.Object);summary;df-generated
+    // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated
+    // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated
+    public object Apply(Func<object, object> f, object o)
     {
         return f(o);
     }
 
-    // neutral=Models;HigherOrderParameters;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);summary;df-generated
-    // contentbased-summary=Models;HigherOrderParameters;false;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[0];Argument[1].Parameter[1];value;dfc-generated
-    // contentbased-summary=Models;HigherOrderParameters;false;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated
-    public object Map2(object o, Func<object, object, object> f)
+    // neutral=Models;HigherOrderParameters;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);summary;df-generated
+    // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[0];Argument[1].Parameter[1];value;dfc-generated
+    // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated
+    public object Apply2(object o, Func<object, object, object> f)
     {
         var x = f(null, o);
         return x;
diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll
@@ -631,7 +631,11 @@ module MakeModelGenerator<
     }
 
     /**
-     * Models as Data currently doesn't support callback logic in fields.
+     * Holds if the access path `ap` is not a parameter or returnvalue of a callback
+     * stored in a field.
+     *
+     * That is, we currently don't include summaries that rely on parameters or return values
+     * of callbacks stored in fields.
      */
     private predicate validateAccessPath(PropagateContentFlow::AccessPath ap) {
       not (mentionsField(ap) and mentionsCallback(ap))

Original file line number	Diff line number	Diff line change
`@@ -64,10 +64,10 @@ public string ReturnField()`
`64`	`64`	`}`
`65`	`65`
`66`	`66`	`public Func<object, object> MyFunction;`
`67`		`- // summary=Models;BasicFlow;false;MapMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated`
`68`		`- // summary=Models;BasicFlow;false;MapMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated`
	`67`	`+ // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[0];Argument[this];taint;df-generated`
	`68`	`+ // summary=Models;BasicFlow;false;ApplyMyFunction;(System.Object);;Argument[this];ReturnValue;taint;df-generated`
`69`	`69`	`// No content based flow as MaD doesn't support callback logic in fields and properties.`
`70`		`- public object MapMyFunction(object o)`
	`70`	`+ public object ApplyMyFunction(object o)`
`71`	`71`	`{`
`72`	`72`	`return MyFunction(o);`
`73`	`73`	`}`
`@@ -517,18 +517,18 @@ public string M1(string s, Func<string, string> map)`
`517`	`517`	`return s;`
`518`	`518`	`}`
`519`	`519`
`520`		`- // neutral=Models;HigherOrderParameters;Map;(System.Func<System.Object,System.Object>,System.Object);summary;df-generated`
`521`		`- // contentbased-summary=Models;HigherOrderParameters;false;Map;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated`
`522`		`- // contentbased-summary=Models;HigherOrderParameters;false;Map;(System.Func<System.Object,System.Object>,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated`
`523`		`- public object Map(Func<object, object> f, object o)`
	`520`	`+ // neutral=Models;HigherOrderParameters;Apply;(System.Func<System.Object,System.Object>,System.Object);summary;df-generated`
	`521`	`+ // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];Argument[0].Parameter[0];value;dfc-generated`
	`522`	`+ // contentbased-summary=Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[0].ReturnValue;ReturnValue;value;dfc-generated`
	`523`	`+ public object Apply(Func<object, object> f, object o)`
`524`	`524`	`{`
`525`	`525`	`return f(o);`
`526`	`526`	`}`
`527`	`527`
`528`		`- // neutral=Models;HigherOrderParameters;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);summary;df-generated`
`529`		`- // contentbased-summary=Models;HigherOrderParameters;false;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[0];Argument[1].Parameter[1];value;dfc-generated`
`530`		`- // contentbased-summary=Models;HigherOrderParameters;false;Map2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated`
`531`		`- public object Map2(object o, Func<object, object, object> f)`
	`528`	`+ // neutral=Models;HigherOrderParameters;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);summary;df-generated`
	`529`	`+ // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[0];Argument[1].Parameter[1];value;dfc-generated`
	`530`	`+ // contentbased-summary=Models;HigherOrderParameters;false;Apply2;(System.Object,System.Func<System.Object,System.Object,System.Object>);;Argument[1].ReturnValue;ReturnValue;value;dfc-generated`
	`531`	`+ public object Apply2(object o, Func<object, object, object> f)`
`532`	`532`	`{`
`533`	`533`	`var x = f(null, o);`
`534`	`534`	`return x;`