Merge pull request #18592 from MathiasVP/fix-enclosing-callable-cpp

C++: Don't generate dataflow nodes for functions with summaries

Author: MathiasVP

cpp/ql/lib/experimental/cryptography/modules/OpenSSL.qll

@@ -87,11 +87,11 @@ module LiteralAlgorithmTracerConfig implements DataFlow::ConfigSig {
     // False positives in OpenSSL also observed for CRYPTO_strndup (filtering any CRYPTO_* function)
     // due to setting a null byte in the string
     (
-      isPossibleOpenSSLFunction(source.getEnclosingCallable())
+      isPossibleOpenSSLFunction(source.getFunction())
       implies
       (
-        not source.getEnclosingCallable().getName().matches("OBJ_%") and
-        not source.getEnclosingCallable().getName().matches("CRYPTO_%")
+        not source.getFunction().getName().matches("OBJ_%") and
+        not source.getFunction().getName().matches("CRYPTO_%")
       )
     )
   }

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowDispatch.qll

@@ -152,7 +152,7 @@ private module VirtualDispatch {
     ReturnNode node, ReturnKind kind, DataFlowCallable callable
   ) {
     node.getKind() = kind and
-    node.getEnclosingCallable() = callable.getUnderlyingCallable()
+    node.getFunction() = callable.getUnderlyingCallable()
   }
 
   /** Call through a function pointer. */

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

@@ -333,9 +333,7 @@ private module IndirectInstructions {
 import IndirectInstructions
 
 /** Gets the callable in which this node occurs. */
-DataFlowCallable nodeGetEnclosingCallable(Node n) {
-  result.getUnderlyingCallable() = n.getEnclosingCallable()
-}
+DataFlowCallable nodeGetEnclosingCallable(Node n) { result = n.getEnclosingCallable() }
 
 /** Holds if `p` is a `ParameterNode` of `c` with position `pos`. */
 predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) {
@@ -1011,10 +1009,8 @@ class CastNode extends Node {
 }
 
 cached
-private newtype TDataFlowCallable =
-  TSourceCallable(Cpp::Declaration decl) {
-    not decl instanceof FlowSummaryImpl::Public::SummarizedCallable
-  } or
+newtype TDataFlowCallable =
+  TSourceCallable(Cpp::Declaration decl) or
   TSummarizedCallable(FlowSummaryImpl::Public::SummarizedCallable c)
 
 /**
@@ -1127,7 +1123,21 @@ class DataFlowCall extends TDataFlowCall {
   /**
    * Gets the `Function` that the call targets, if this is statically known.
    */
-  DataFlowCallable getStaticCallTarget() { none() }
+  Function getStaticCallSourceTarget() { none() }
+
+  /**
+   * Gets the target of this call. If a summarized callable exists for the
+   * target this is chosen, and otherwise the callable is the implementation
+   * from the source code.
+   */
+  DataFlowCallable getStaticCallTarget() {
+    exists(Function target | target = this.getStaticCallSourceTarget() |
+      not exists(TSummarizedCallable(target)) and
+      result.asSourceCallable() = target
+      or
+      result.asSummarizedCallable() = target
+    )
+  }
 
   /**
    * Gets the `index`'th argument operand. The qualifier is considered to have index `-1`.
@@ -1173,14 +1183,12 @@ private class NormalCall extends DataFlowCall, TNormalCall {
 
   override CallTargetOperand getCallTargetOperand() { result = call.getCallTargetOperand() }
 
-  override DataFlowCallable getStaticCallTarget() {
-    result.getUnderlyingCallable() = call.getStaticCallTarget()
-  }
+  override Function getStaticCallSourceTarget() { result = call.getStaticCallTarget() }
 
   override ArgumentOperand getArgumentOperand(int index) { result = call.getArgumentOperand(index) }
 
   override DataFlowCallable getEnclosingCallable() {
-    result.getUnderlyingCallable() = call.getEnclosingFunction()
+    result.asSourceCallable() = call.getEnclosingFunction()
   }
 
   override string toString() { result = call.toString() }