Data flow: Add more consistency checks

Author: hvitved

csharp/ql/consistency-queries/DataFlowConsistency.ql

@@ -75,8 +75,3 @@ private module Input implements InputSig<CsharpDataFlow> {
 }
 
 import MakeConsistency<CsharpDataFlow, CsharpTaintTracking, Input>
-
-query predicate multipleToString(DataFlow::Node n, string s) {
-  s = strictconcat(n.toString(), ",") and
-  strictcount(n.toString()) > 1
-}

ruby/ql/consistency-queries/DataFlowConsistency.ql

@@ -35,11 +35,11 @@ private module Input implements InputSig<RubyDataFlow> {
       n.asExpr() = arg
     )
   }
+
+  predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) {
+    arg.asExpr().getASuccessor(any(SuccessorTypes::ConditionalSuccessor c)).getASuccessor() =
+      call.asCall()
+  }
 }
 
 import MakeConsistency<RubyDataFlow, RubyTaintTracking, Input>
-
-query predicate multipleToString(DataFlow::Node n, string s) {
-  s = strictconcat(n.toString(), ",") and
-  strictcount(n.toString()) > 1
-}

shared/dataflow/codeql/dataflow/internal/DataFlowImplConsistency.qll

@@ -58,6 +58,16 @@ signature module InputSig<DF::InputSig DataFlowLang> {
 
   /** Holds if `n` should be excluded from the consistency test `identityLocalStep`. */
   default predicate identityLocalStepExclude(DataFlowLang::Node n) { none() }
+
+  /** Holds if `arg` should be excluded from the consistency test `missingArgumentCall`. */
+  default predicate missingArgumentCallExclude(DataFlowLang::ArgumentNode arg) { none() }
+
+  /** Holds if `(arg, call)` should be excluded from the consistency test `multipleArgumentCall`. */
+  default predicate multipleArgumentCallExclude(
+    DataFlowLang::ArgumentNode arg, DataFlowLang::DataFlowCall call
+  ) {
+    none()
+  }
 }
 
 module MakeConsistency<
@@ -147,13 +157,6 @@ module MakeConsistency<
     )
   }
 
-  query predicate missingToString(string msg) {
-    exists(int c |
-      c = strictcount(Node n | not exists(n.toString())) and
-      msg = "Nodes without toString: " + c
-    )
-  }
-
   query predicate parameterCallable(ParameterNode p, string msg) {
     exists(DataFlowCallable c | isParameterNode(p, c, _) and c != nodeGetEnclosingCallable(p)) and
     msg = "Callable mismatch for parameter."
@@ -287,4 +290,20 @@ module MakeConsistency<
     not Input::identityLocalStepExclude(n) and
     msg = "Node steps to itself"
   }
+
+  query predicate missingArgumentCall(ArgumentNode arg, string msg) {
+    not Input::missingArgumentCallExclude(arg) and
+    not isArgumentNode(arg, _, _) and
+    msg = "Missing call for argument node."
+  }
+
+  query predicate multipleArgumentCall(ArgumentNode arg, DataFlowCall call, string msg) {
+    isArgumentNode(arg, call, _) and
+    not Input::multipleArgumentCallExclude(arg, call) and
+    strictcount(DataFlowCall call0 |
+      isArgumentNode(arg, call0, _) and
+      not Input::multipleArgumentCallExclude(arg, call0)
+    ) > 1 and
+    msg = "Multiple calls for argument node."
+  }
 }