Merge pull request github#9827 from erik-krogh/overrideAny

erik-krogh · web-flow · commit 2291f186953e · 2022-11-11T15:17:48.000+01:00
QL: Query for detecting unused parameter in override methods
diff --git a/ql/ql/src/codeql_ql/performance/VarUnusedInDisjunctQuery.qll b/ql/ql/src/codeql_ql/performance/VarUnusedInDisjunctQuery.qll
@@ -0,0 +1,27 @@
+import ql
+
+/**
+ * Holds if we assume `t` is a small type, and
+ * variables of this type are therefore not an issue in cartesian products.
+ */
+predicate isSmallType(Type t) {
+  t.getName() = "string" // DataFlow::Configuration and the like
+  or
+  exists(NewType newType | newType = t.getDeclaration() |
+    forex(NewTypeBranch branch | branch = newType.getABranch() | branch.getArity() = 0)
+  )
+  or
+  t.getName() = "boolean"
+  or
+  exists(NewType newType | newType = t.getDeclaration() |
+    forex(NewTypeBranch branch | branch = newType.getABranch() |
+      isSmallType(branch.getReturnType())
+    )
+  )
+  or
+  exists(NewTypeBranch branch | t = branch.getReturnType() |
+    forall(Type param | param = branch.getParameterType(_) | isSmallType(param))
+  )
+  or
+  isSmallType(t.getASuperType())
+}
diff --git a/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql b/ql/ql/src/queries/performance/VarUnusedInDisjunct.ql
@@ -10,6 +10,7 @@
  */
 
 import ql
+import codeql_ql.performance.VarUnusedInDisjunctQuery
 
 /**
  * Holds if `node` bind `var` in a (transitive) child node.
@@ -48,32 +49,6 @@ predicate alwaysBindsVar(VarDef var, AstNode node) {
   exists(IfFormula ifForm | ifForm = node | alwaysBindsVar(var, ifForm.getCondition()))
 }
 
-/**
- * Holds if we assume `t` is a small type, and
- * variables of this type are therefore not an issue in cartesian products.
- */
-predicate isSmallType(Type t) {
-  t.getName() = "string" // DataFlow::Configuration and the like
-  or
-  exists(NewType newType | newType = t.getDeclaration() |
-    forex(NewTypeBranch branch | branch = newType.getABranch() | branch.getArity() = 0)
-  )
-  or
-  t.getName() = "boolean"
-  or
-  exists(NewType newType | newType = t.getDeclaration() |
-    forex(NewTypeBranch branch | branch = newType.getABranch() |
-      isSmallType(branch.getReturnType())
-    )
-  )
-  or
-  exists(NewTypeBranch branch | t = branch.getReturnType() |
-    forall(Type param | param = branch.getParameterType(_) | isSmallType(param))
-  )
-  or
-  isSmallType(t.getASuperType())
-}
-
 /**
  * Holds if `pred` is inlined.
  */
diff --git a/ql/ql/src/queries/style/OverrideAny.ql b/ql/ql/src/queries/style/OverrideAny.ql
@@ -0,0 +1,41 @@
+/**
+ * @name Override with unmentioned parameter
+ * @description A predicate that overrides the default behavior but doesn't mention a parameter is suspicious.
+ * @kind problem
+ * @problem.severity warning
+ * @id ql/override-any
+ * @precision high
+ */
+
+import ql
+import codeql_ql.performance.VarUnusedInDisjunctQuery
+
+AstNode param(Predicate pred, string name, Type t) {
+  result = pred.getParameter(_) and
+  result.(VarDecl).getName() = name and
+  result.(VarDecl).getType() = t
+  or
+  result = pred.getReturnTypeExpr() and
+  name = "result" and
+  t = pred.getReturnType()
+}
+
+predicate hasAccess(Predicate pred, string name) {
+  exists(param(pred, name, _).(VarDecl).getAnAccess())
+  or
+  name = "result" and
+  exists(param(pred, name, _)) and
+  exists(ResultAccess res | res.getEnclosingPredicate() = pred)
+}
+
+from Predicate pred, AstNode param, string name, Type paramType
+where
+  pred.hasAnnotation("override") and
+  param = param(pred, name, paramType) and
+  not hasAccess(pred, name) and
+  not pred.getBody() instanceof NoneCall and
+  exists(pred.getBody()) and
+  not isSmallType(pred.getParent().(Class).getType()) and
+  not isSmallType(paramType)
+select pred, "Override predicate doesn't mention $@. Maybe mention it in a 'exists(" + name + ")'?",
+  param, name
