Merge pull request #26 from microsoft/jb1/lib/dataflowstack

DataFlowStack Common Library Init

Author: ropwareJB

cpp/ql/lib/semmle/code/cpp/dataflow/internal/DataFlowPrivate.qll

@@ -253,11 +253,30 @@ class DataFlowCall extends Expr instanceof Call {
    */
   Expr getArgument(int n) { result = super.getArgument(n) }
 
+  /** Gets an argument to this call. */
+  Expr getAnArgument(){ result = super.getAnArgument() }
+
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ result = this.getNode() }
+
   /** Gets the data flow node corresponding to this call. */
   ExprNode getNode() { result.getExpr() = this }
 
+  /** Gets the data flow node corresponding to this call. (Alias of `getNode()`) */
+  ExprNode getDataFlowNode() { result = this.getNode() }
+
   /** Gets the enclosing callable of this call. */
   Function getEnclosingCallable() { result = this.getEnclosingFunction() }
+
+  /** Gets the target of the call, as best as makes sense for this kind of call.
+   * 
+   * The precise meaning depends on the kind of call it is:
+   *   - For a call to a function, it’s the function being called.
+   *   - For a C++ method call, it’s the statically resolved method.
+   *   - For an Objective C message expression, it’s the statically resolved method, and it might not exist.
+   *   - For a variable call, it never exists.
+   */
+  DataFlowCallable getARuntimeTarget(){ result = super.getTarget() }
 }
 
 predicate isUnreachableInCall(Node n, DataFlowCall call) { none() } // stub implementation

cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll

@@ -919,6 +919,13 @@ class DataFlowType = Type;
 /** A function call relevant for data flow. */
 class DataFlowCall extends CallInstruction {
   DataFlowCallable getEnclosingCallable() { result = this.getEnclosingFunction() }
+
+  // #43: Stub Implementation
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ none() } // TODO: JB1 return an argument as a DataFlow ArgumentNode
+
+  /** Gets the target of the call, as a DataFlowCallable. */
+  DataFlowCallable getARuntimeTarget(){ none() } // TODO getCallTarget() returns `Instruction`
 }
 
 module IsUnreachableInCall {

csharp/ql/lib/qlpack.yml

@@ -8,6 +8,7 @@ upgrades: upgrades
 dependencies:
   codeql/controlflow: ${workspace}
   codeql/dataflow: ${workspace}
+  codeql/dataflowstack: ${workspace}
   codeql/mad: ${workspace}
   codeql/ssa: ${workspace}
   codeql/threat-models: ${workspace}

csharp/ql/lib/semmle/code/csharp/dataflow/DataFlowStack.qll

@@ -0,0 +1,14 @@
+
+private import codeql.dataflow.DataFlow
+private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific
+
+private import codeql.dataflowstack.DataFlowStack as DFS
+private import DFS::DataFlowStackMake<CsharpDataFlow> as DataFlowStackFactory
+
+module DataFlowStackMake<DataFlowStackFactory::DataFlow::GlobalFlowSig Flow>{
+    import DataFlowStackFactory::FlowStack<Flow>
+}
+
+module BiStackAnalysisMake<DataFlowStackFactory::DataFlow::GlobalFlowSig FlowA, DataFlowStackFactory::DataFlow::GlobalFlowSig FlowB>{
+    import DataFlowStackFactory::BiStackAnalysis<FlowA, FlowB>
+}

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -289,6 +289,9 @@ abstract class DataFlowCall extends TDataFlowCall {
   /** Gets the argument at position `pos` of this call. */
   final ArgumentNode getArgument(ArgumentPosition pos) { result.argumentOf(this, pos) }
 
+  /** Gets an argument of this call. */
+  final ArgumentNode getAnArgumentNode() { result.argumentOf(this, _) }
+
   /** Gets a textual representation of this call. */
   abstract string toString();
 

go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll

@@ -334,6 +334,13 @@ class DataFlowCall extends Expr {
     or
     not exists(this.getEnclosingFunction()) and result.asFileScope() = this.getFile()
   }
+
+  // #45 - Stub Implementation
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ result = this.getArgument(_) }
+
+  /** Gets the target of the call, as a DataFlowCallable. */
+  DataFlowCallable getARuntimeTarget(){ result.asCallable() = call.getACalleeIncludingExternals() }
 }
 
 /** Holds if `e` is an expression that always has the same Boolean value `val`. */

java/ql/lib/semmle/code/java/dataflow/internal/DataFlowPrivate.qll

@@ -458,6 +458,13 @@ class DataFlowCall extends TDataFlowCall {
   ) {
     this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
+
+  // #44: Stub Implementation
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ none() } // TODO: JB1 return an argument as a DataFlow ArgumentNode
+
+  /** Gets the target of the call, as a DataFlowCallable. */
+  DataFlowCallable getARuntimeTarget(){ none() }
 }
 
 /** A source call, that is, a `Call`. */

python/ql/lib/semmle/python/dataflow/new/internal/DataFlowDispatch.qll

@@ -1397,6 +1397,13 @@ abstract class DataFlowCall extends TDataFlowCall {
   ) {
     this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
+
+  // #47: Stubs below
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ none() } // TODO: JB1 return an argument as a DataFlow ArgumentNode
+
+  /** Gets the target of the call, as a DataFlowCallable. */
+  DataFlowCallable getARuntimeTarget(){ none() } // TODO
 }
 
 /** A call found in the program source (as opposed to a synthesised call). */

ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll

@@ -134,6 +134,13 @@ class DataFlowCall extends TDataFlowCall {
   ) {
     this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
   }
+
+  // #46: Stubs Below
+  /** Gets an argument to this call as a Node. */
+  ArgumentNode getAnArgumentNode(){ none() } // TODO: JB1 return an argument as a DataFlow ArgumentNode
+
+  /** Gets the target of the call, as a DataFlowCallable. */
+  DataFlowCallable getARuntimeTarget(){ none() } // TODO
 }
 
 /**

shared/dataflow/codeql/dataflow/DataFlow.qll

@@ -54,10 +54,20 @@ signature module InputSig {
   Node exprNode(DataFlowExpr e);
 
   class DataFlowCall {
+
+    /**
+     * Gets a run-time target of this call. A target is always a source
+     * declaration, and if the callable has both CIL and source code, only
+     * the source code version is returned.
+     */
+    DataFlowCallable getARuntimeTarget();
+
     /** Gets a textual representation of this element. */
     string toString();
 
     DataFlowCallable getEnclosingCallable();
+
+    ArgumentNode getAnArgumentNode();
   }
 
   class DataFlowCallable {
@@ -508,11 +518,11 @@ module DataFlowMake<InputSig Lang> {
       /** Gets the underlying Node. */
       Node getNode();
 
-      /** Gets a successor of this node, if any. */
-      PathNode getASuccessor();
-
       /** Holds if this node is a source. */
       predicate isSource();
+
+      /** Gets a successor of this node, if any. */
+      PathNode getASuccessor();
     }
 
     /**