temp

hvitved · hvitved · commit aae8079b5583 · 2024-02-21T13:39:11.000+01:00
diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll
@@ -66,9 +66,9 @@ module TaintedPathConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node sanitizer) {
     sanitizer instanceof SimpleTypeSanitizer or
-    sanitizer instanceof PathInjectionSanitizer or
-    sanitizer.getLocation().getFile().getBaseName() =
-      ["BaseObject.java", "SimpleNode.java", "Context.java"]
+    sanitizer instanceof PathInjectionSanitizer //or
+    // sanitizer.getLocation().getFile().getBaseName() =
+    //   ["BaseObject.java", "SimpleNode.java", "Context.java"]
   }
 
   predicate isAdditionalFlowStep(DataFlow::Node n1, DataFlow::Node n2) {
diff --git a/java/ql/test/library-tests/dataflow/call-sensitivity/flow.expected b/java/ql/test/library-tests/dataflow/call-sensitivity/flow.expected
@@ -36,8 +36,8 @@ edges
 =======
 | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:27:27:27:34 | o : Number |
 | A2.java:27:27:27:34 | o : Number | A2.java:29:9:29:9 | o |
-| A.java:6:28:6:35 | o : Object | A.java:8:11:8:11 | o : Object |
-| A.java:6:28:6:35 | o : Object | A.java:8:11:8:11 | o : Object |
+| A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number |
+| A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number |
 | A.java:14:29:14:36 | o : Number | A.java:16:9:16:9 | o |
 | A.java:20:30:20:37 | o : Number | A.java:22:9:22:9 | o |
 | A.java:26:31:26:38 | o : Number | A.java:28:9:28:9 | o |
@@ -52,14 +52,14 @@ edges
 | A.java:66:25:66:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:67:25:67:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:68:25:68:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
-| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Object |
+| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number |
 | A.java:69:20:69:33 | new Integer(...) : Number | A.java:69:8:69:40 | flowThrough(...) |
 | A.java:71:25:71:38 | new Integer(...) : Number | A.java:43:36:43:43 | o : Number |
 | A.java:84:18:84:31 | new Integer(...) : Number | A.java:14:29:14:36 | o : Number |
 | A.java:85:19:85:32 | new Integer(...) : Number | A.java:20:30:20:37 | o : Number |
 | A.java:86:20:86:33 | new Integer(...) : Number | A.java:26:31:26:38 | o : Number |
 | A.java:87:24:87:37 | new Integer(...) : Number | A.java:32:35:32:42 | o : Number |
-| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Object |
+| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number |
 | A.java:88:20:88:33 | new Integer(...) : Number | A.java:88:8:88:37 | flowThrough(...) |
 | A.java:99:20:99:33 | new Integer(...) : Number | A.java:106:30:106:37 | o : Number |
 | A.java:100:21:100:34 | new Integer(...) : Number | A.java:113:31:113:38 | o : Number |
@@ -72,10 +72,10 @@ nodes
 | A2.java:15:15:15:28 | new Integer(...) : Number | semmle.label | new Integer(...) : Number |
 | A2.java:27:27:27:34 | o : Number | semmle.label | o : Number |
 | A2.java:29:9:29:9 | o | semmle.label | o |
-| A.java:6:28:6:35 | o : Object | semmle.label | o : Object |
-| A.java:6:28:6:35 | o : Object | semmle.label | o : Object |
-| A.java:8:11:8:11 | o : Object | semmle.label | o : Object |
-| A.java:8:11:8:11 | o : Object | semmle.label | o : Object |
+| A.java:6:28:6:35 | o : Number | semmle.label | o : Number |
+| A.java:6:28:6:35 | o : Number | semmle.label | o : Number |
+| A.java:8:11:8:11 | o : Number | semmle.label | o : Number |
+| A.java:8:11:8:11 | o : Number | semmle.label | o : Number |
 | A.java:14:29:14:36 | o : Number | semmle.label | o : Number |
 | A.java:16:9:16:9 | o | semmle.label | o |
 | A.java:20:30:20:37 | o : Number | semmle.label | o : Number |
@@ -114,8 +114,8 @@ nodes
 | A.java:120:36:120:43 | o : Number | semmle.label | o : Number |
 | A.java:128:9:128:10 | o3 | semmle.label | o3 |
 subpaths
-| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Object | A.java:8:11:8:11 | o : Object | A.java:69:8:69:40 | flowThrough(...) |
-| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Object | A.java:8:11:8:11 | o : Object | A.java:88:8:88:37 | flowThrough(...) |
+| A.java:69:20:69:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number | A.java:69:8:69:40 | flowThrough(...) |
+| A.java:88:20:88:33 | new Integer(...) : Number | A.java:6:28:6:35 | o : Number | A.java:8:11:8:11 | o : Number | A.java:88:8:88:37 | flowThrough(...) |
 #select
 | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:15:15:15:28 | new Integer(...) : Number | A2.java:29:9:29:9 | o | $@ | A2.java:29:9:29:9 | o | o |
 | A.java:62:18:62:31 | new Integer(...) : Number | A.java:62:18:62:31 | new Integer(...) : Number | A.java:16:9:16:9 | o | $@ | A.java:16:9:16:9 | o | o |
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -3228,11 +3228,12 @@ module MakeImpl<InputSig Lang> {
     // private predicate mostBusyNodeFwd4 = Stage4::mostBusyNodeFwd/10;
     private predicate mostBusyNodeFwd5 = Stage5::mostBusyNodeFwd/10;
 
-    bindingset[node, t0, inSummaryCtx]
+    bindingset[node, origT, t0, inSummaryCtx]
     private predicate strengthenType(
       NodeEx node, DataFlowType origT, DataFlowType t0, DataFlowType t, boolean inSummaryCtx
     ) {
       exists(inSummaryCtx) and
+      exists(origT) and
       // if node instanceof RetNodeEx and inSummaryCtx = true
       // then t = node.getDataFlowType() and compatibleTypes(t, t0)
       // else
@@ -3254,12 +3255,7 @@ module MakeImpl<InputSig Lang> {
           then t = nt
           else (
             compatibleTypes(nt, t0) and
-            // t = t0
-            if inSummaryCtx = true and node instanceof ParamNodeEx
-            then
-              t = nt and
-              compatibleTypes(origT, t)
-            else t = t0
+            t = t0
           )
         )
       else t = t0
@@ -3545,6 +3541,7 @@ module MakeImpl<InputSig Lang> {
       abstract AccessPathFront getFront();
 
       /** Holds if this is a representation of `head` followed by the `typ,tail` pair. */
+      bindingset[head, typ, tail]
       abstract predicate isCons(Content head, DataFlowType typ, AccessPathApprox tail);
     }
 
@@ -3557,6 +3554,7 @@ module MakeImpl<InputSig Lang> {
 
       override AccessPathFront getFront() { result = TFrontNil() }
 
+      bindingset[head, typ, tail]
       override predicate isCons(Content head, DataFlowType typ, AccessPathApprox tail) { none() }
     }
 
@@ -3579,6 +3577,7 @@ module MakeImpl<InputSig Lang> {
 
       override AccessPathFront getFront() { result = TFrontHead(c) }
 
+      bindingset[head, typ, tail]
       override predicate isCons(Content head, DataFlowType typ, AccessPathApprox tail) {
         head = c and typ = t and tail = TNil()
       }
@@ -3604,6 +3603,7 @@ module MakeImpl<InputSig Lang> {
 
       override AccessPathFront getFront() { result = TFrontHead(c1) }
 
+      bindingset[head, typ, tail]
       override predicate isCons(Content head, DataFlowType typ, AccessPathApprox tail) {
         head = c1 and
         typ = t and
@@ -3636,6 +3636,7 @@ module MakeImpl<InputSig Lang> {
 
       override AccessPathFront getFront() { result = TFrontHead(c) }
 
+      bindingset[head, typ, tail]
       override predicate isCons(Content head, DataFlowType typ, AccessPathApprox tail) {
         head = c and
         (
@@ -3691,13 +3692,15 @@ module MakeImpl<InputSig Lang> {
 
       ApHeadContent projectToHeadContent(Content c) { result = c }
 
-      class ApOption = AccessPathFrontOption;
+      // class ApOption = AccessPathFrontOption;
+      class ApOption = AccessPathApproxOption;
 
-      // class ApOption = AccessPathApproxOption;
-      ApOption apNone() { result = TAccessPathFrontNone() }
+      ApOption apNone() { result = TAccessPathApproxNone() }
 
-      ApOption apSome(Ap ap) { result = TAccessPathFrontSome(ap.getFront()) }
+      ApOption apSome(Ap ap) { result = TAccessPathApproxSome(ap) }
 
+      // ApOption apNone() { result = TAccessPathFrontNone() }
+      // ApOption apSome(Ap ap) { result = TAccessPathFrontSome(ap.getFront()) }
       import Level1CallContext
       import LocalCallContext
 
@@ -3747,7 +3750,7 @@ module MakeImpl<InputSig Lang> {
         Stage5::parameterMayFlowThrough(p, _) and
         Stage5::revFlow(n, state, TReturnCtxMaybeFlowThrough(_), _, apa0) and
         Stage5::fwdFlow(n, state, any(CallContextCall ccc), TParamNodeSome(p.asNode()), _,
-          TAccessPathFrontSome(apa.getFront()), _, _, apa0, _)
+          TAccessPathApproxSome(apa), _, _, apa0, _)
       )
     }
 
