Merge pull request github#12783 from smowton/smowton/feature/golang-hide-summary-nodes

smowton · web-flow · commit f6f22c0cecc0 · 2023-04-11T10:47:25.000+01:00
Go: hide summary nodes from path explanations
diff --git a/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll b/go/ql/lib/semmle/go/dataflow/internal/DataFlowPrivate.qll
@@ -352,7 +352,7 @@ Node getArgument(CallNode c, int i) {
 }
 
 /** Holds if `n` should be hidden from path explanations. */
-predicate nodeIsHidden(Node n) { none() }
+predicate nodeIsHidden(Node n) { n instanceof SummaryNode or n instanceof SummarizedParameterNode }
 
 class LambdaCallKind = Unit;
 
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected b/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.expected
@@ -0,0 +1,12 @@
+edges
+| test.go:14:8:14:15 | call to source | test.go:15:34:15:35 | fi |
+| test.go:15:2:15:44 | ... := ...[0] | test.go:16:7:16:12 | header |
+| test.go:15:34:15:35 | fi | test.go:15:2:15:44 | ... := ...[0] |
+nodes
+| test.go:14:8:14:15 | call to source | semmle.label | call to source |
+| test.go:15:2:15:44 | ... := ...[0] | semmle.label | ... := ...[0] |
+| test.go:15:34:15:35 | fi | semmle.label | fi |
+| test.go:16:7:16:12 | header | semmle.label | header |
+subpaths
+#select
+| test.go:14:8:14:15 | call to source | test.go:14:8:14:15 | call to source | test.go:16:7:16:12 | header | Path |
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.go b/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.go
@@ -0,0 +1,18 @@
+package test
+
+import (
+	"archive/tar"
+	"os"
+)
+
+func source() interface{} { return nil }
+
+func sink(x interface{}) {}
+
+func test() {
+
+	fi := source().(os.FileInfo)
+	header, _ := tar.FileInfoHeader(fi, "link")
+	sink(header)
+
+}
diff --git a/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.ql b/go/ql/test/library-tests/semmle/go/dataflow/HiddenNodes/test.ql
@@ -0,0 +1,22 @@
+/**
+ * @kind path-problem
+ */
+
+import go
+import DataFlow::PathGraph
+
+class Config extends TaintTracking::Configuration {
+  Config() { this = "config" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n = any(DataFlow::CallNode call | call.getTarget().getName() = "source").getResult()
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    n = any(DataFlow::CallNode call | call.getTarget().getName() = "sink").getAnArgument()
+  }
+}
+
+from DataFlow::PathNode source, DataFlow::PathNode sink, Config c
+where c.hasFlowPath(source, sink)
+select source, source, sink, "Path"

Original file line number	Diff line number	Diff line change
`@@ -352,7 +352,7 @@ Node getArgument(CallNode c, int i) {`
`352`	`352`	`}`
`353`	`353`
`354`	`354`	/** Holds if `n` should be hidden from path explanations. */
`355`		`-predicate nodeIsHidden(Node n) { none() }`
	`355`	`+predicate nodeIsHidden(Node n) { n instanceof SummaryNode or n instanceof SummarizedParameterNode }`
`356`	`356`
`357`	`357`	`class LambdaCallKind = Unit;`
`358`	`358`