C#: Implement missingArgumentCallExclude and multipleArgumentCallExclude

hvitved · hvitved · commit 53302117a14a · 2023-09-12T20:05:11.000+02:00
diff --git a/csharp/ql/consistency-queries/DataFlowConsistency.ql b/csharp/ql/consistency-queries/DataFlowConsistency.ql
@@ -72,6 +72,44 @@ private module Input implements InputSig<CsharpDataFlow> {
   }
 
   predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() }
+
+  predicate missingArgumentCallExclude(ArgumentNode arg) {
+    // TODO: Remove once object initializers are modeled properly
+    arg.(Private::PostUpdateNodes::ObjectInitializerNode).getInitializer() instanceof
+      ObjectInitializer
+    or
+    // TODO: Remove once underlying issue is fixed
+    exists(QualifiableExpr qe |
+      qe.isConditional() and
+      qe.getQualifier() = arg.asExpr()
+    )
+  }
+
+  predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) {
+    isArgumentNode(arg, call, _) and
+    (
+      // TODO: Remove once object initializers are modeled properly
+      arg =
+        any(Private::PostUpdateNodes::ObjectInitializerNode init |
+          init.argumentOf(call, _) and
+          init.getInitializer().getNumberOfChildren() > 1
+        )
+      or
+      exists(ControlFlow::Nodes::ElementNode cfn, ControlFlow::Nodes::Split split |
+        exists(arg.asExprAtNode(cfn))
+      |
+        split = cfn.getASplit() and
+        not split = call.getControlFlowNode().getASplit()
+        or
+        split = call.getControlFlowNode().getASplit() and
+        not split = cfn.getASplit()
+      )
+      or
+      call instanceof TransitiveCapturedDataFlowCall
+      or
+      call.(NonDelegateDataFlowCall).getDispatchCall().isReflection()
+    )
+  }
 }
 
 import MakeConsistency<CsharpDataFlow, CsharpTaintTracking, Input>
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -2032,7 +2032,7 @@ abstract class PostUpdateNode extends Node {
   abstract Node getPreUpdateNode();
 }
 
-private module PostUpdateNodes {
+module PostUpdateNodes {
   class ObjectCreationNode extends PostUpdateNode, ExprNode, TExprNode {
     private ObjectCreation oc;
 
diff --git a/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll b/csharp/ql/lib/semmle/code/csharp/dispatch/Dispatch.qll
@@ -50,6 +50,9 @@ class DispatchCall extends Internal::TDispatchCall {
   RuntimeCallable getADynamicTargetInCallContext(DispatchCall ctx) {
     result = Internal::getADynamicTargetInCallContext(this, ctx)
   }
+
+  /** Holds if this call uses reflection. */
+  predicate isReflection() { this instanceof Internal::TDispatchReflectionCall }
 }
 
 /** Internal implementation details. */

Original file line number	Diff line number	Diff line change
`@@ -2032,7 +2032,7 @@ abstract class PostUpdateNode extends Node {`
`2032`	`2032`	`abstract Node getPreUpdateNode();`
`2033`	`2033`	`}`
`2034`	`2034`
`2035`		`-private module PostUpdateNodes {`
	`2035`	`+module PostUpdateNodes {`
`2036`	`2036`	`class ObjectCreationNode extends PostUpdateNode, ExprNode, TExprNode {`
`2037`	`2037`	`private ObjectCreation oc;`
`2038`	`2038`
Original file line number	Diff line number	Diff line change
`@@ -50,6 +50,9 @@ class DispatchCall extends Internal::TDispatchCall {`
`50`	`50`	`RuntimeCallable getADynamicTargetInCallContext(DispatchCall ctx) {`
`51`	`51`	`result = Internal::getADynamicTargetInCallContext(this, ctx)`
`52`	`52`	`}`
	`53`	`+`
	`54`	`+ /** Holds if this call uses reflection. */`
	`55`	`+ predicate isReflection() { this instanceof Internal::TDispatchReflectionCall }`
`53`	`56`	`}`
`54`	`57`
`55`	`58`	`/** Internal implementation details. */`