PS: Use the new library to calculate returned expressions.

MathiasVP · MathiasVP · commit ee8c5862000e · 2025-03-28T19:34:50.000Z
diff --git a/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll b/powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll
@@ -8,6 +8,7 @@ private import DataFlowDispatch
 private import SsaImpl as SsaImpl
 private import FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.powershell.frameworks.data.ModelsAsData
+private import PipelineReturns as PipelineReturns
 
 /** Gets the callable in which this node occurs. */
 DataFlowCallable nodeGetEnclosingCallable(Node n) { result = n.(NodeImpl).getEnclosingCallable() }
@@ -87,6 +88,16 @@ module SsaFlow {
   }
 }
 
+private module ArrayExprFlow {
+  private module Input implements PipelineReturns::InputSig {
+    predicate isSource(CfgNodes::AstCfgNode source) {
+      source = any(CfgNodes::ExprNodes::ArrayExprCfgNode ae).getStmtBlock()
+    }
+  }
+
+  import PipelineReturns::Make<Input>
+}
+
 /** Provides predicates related to local data flow. */
 module LocalFlow {
   pragma[nomagic]
@@ -184,8 +195,12 @@ private module Cached {
       n = any(CfgNodes::ExprNodes::IndexExprCfgNode index).getBase()
     } or
     TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or
-    TPreReturnNodeImpl(CfgNodes::AstCfgNode n, Boolean isArray) { isMultiReturned(n) } or
-    TImplicitWrapNode(CfgNodes::AstCfgNode n, Boolean shouldWrap) { isMultiReturned(n) } or
+    TPreReturnNodeImpl(CfgNodes::ScriptBlockCfgNode scriptBlock, Boolean isArray) {
+      blockMayReturnMultipleValues(scriptBlock)
+    } or
+    TImplicitWrapNode(CfgNodes::ScriptBlockCfgNode scriptBlock, Boolean shouldWrap) {
+      blockMayReturnMultipleValues(scriptBlock)
+    } or
     TReturnNodeImpl(CfgScope scope) or
     TProcessNode(ProcessBlock process) or
     TProcessPropertyByNameNode(PipelineByPropertyNameIteratorVariable iter) {
@@ -752,64 +767,41 @@ abstract class ReturnNode extends Node {
   abstract ReturnKind getKind();
 }
 
-private module EscapeContainer {
-  private import semmle.code.powershell.internal.AstEscape::Private
+private class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
+  private ReturnKind rk;
 
-  private module ReturnContainerInterpreter implements InterpretAstInputSig {
-    class T = CfgNodes::AstCfgNode;
-
-    T interpret(Ast a) { result.(CfgNodes::ExprCfgNode).getExpr() = a } // TODO: Recutse into expr-to-stmt conversions
-  }
-
-  class EscapeContainer extends AstEscape<ReturnContainerInterpreter>::Element {
-    /** Holds if `n` may be returned multiples times. */
-    predicate mayBeMultiReturned(CfgNode n) {
-      n = this.getANode() and
-      n.getASuccessor+() = n
-      or
-      this.getAChild().(EscapeContainer).mayBeMultiReturned(n)
-    }
-  }
+  SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), rk) }
 
-  private class SummaryReturnNode extends FlowSummaryNode, ReturnNode {
-    private ReturnKind rk;
-
-    SummaryReturnNode() { FlowSummaryImpl::Private::summaryReturnNode(this.getSummaryNode(), rk) }
-
-    override ReturnKind getKind() { result = rk }
-  }
+  override ReturnKind getKind() { result = rk }
 }
 
 private module ReturnNodes {
-  private import EscapeContainer
+  private CfgNodes::NamedBlockCfgNode getAReturnBlock(CfgNodes::ScriptBlockCfgNode sb) {
+    result = sb.getBeginBlock()
+    or
+    result = sb.getEndBlock()
+    or
+    result = sb.getProcessBlock()
+  }
 
-  private predicate isReturnedImpl(CfgNodes::AstCfgNode n, EscapeContainer container) {
-    container = n.getScope() and
-    n = container.getAnEscapingElement()
+  private module CfgScopeReturn implements PipelineReturns::InputSig {
+    predicate isSource(CfgNodes::AstCfgNode source) { source = getAReturnBlock(_) }
   }
 
+  private module P = PipelineReturns::Make<CfgScopeReturn>;
+
   /**
    * Holds if `n` may be returned, and there are possibly
    * more than one return value from the function.
    */
-  predicate isMultiReturned(CfgNodes::AstCfgNode n) {
-    exists(EscapeContainer container | isReturnedImpl(n, container) |
-      strictcount(container.getAnEscapingElement()) > 1
-      or
-      container.mayBeMultiReturned(n)
-    )
+  predicate blockMayReturnMultipleValues(CfgNodes::ScriptBlockCfgNode scriptBlock) {
+    P::mayReturnMultipleValues(getAReturnBlock(scriptBlock))
   }
 
   /**
    * Holds if `n` may be returned.
    */
-  predicate isReturned(CfgNodes::AstCfgNode n) { isReturnedImpl(n, _) }
-
-  /**
-   * Holds if `n` may be returned, and this is the only value that may be
-   * returned from the function.
-   */
-  predicate isUniqueReturned(CfgNodes::AstCfgNode n) { isReturned(n) and not isMultiReturned(n) }
+  predicate isReturned(CfgNodes::AstCfgNode n) { n = P::getAReturn(_) }
 
   class NormalReturnNode extends ReturnNode instanceof ReturnNodeImpl {
     final override NormalReturnKind getKind() { any() }
