-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathInlineFlowTest.qll
More file actions
56 lines (48 loc) · 1.92 KB
/
InlineFlowTest.qll
File metadata and controls
56 lines (48 loc) · 1.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
/**
* Inline flow tests for Rust.
* See `shared/util/codeql/dataflow/test/InlineFlowTest.qll`
*/
import rust
private import codeql.dataflow.test.InlineFlowTest
private import codeql.rust.controlflow.CfgNodes
private import codeql.rust.dataflow.DataFlow
private import codeql.rust.dataflow.internal.DataFlowImpl
private import codeql.rust.dataflow.internal.Node as Node
private import codeql.rust.dataflow.internal.TaintTrackingImpl
private import codeql.rust.dataflow.internal.ModelsAsData as MaD
private import internal.InlineExpectationsTestImpl as InlineExpectationsTestImpl
/**
* Holds if the target expression of `call` is a path and the string
* representation of the path has `name` as a prefix.
*/
bindingset[name]
private predicate callTargetName(CallExprCfgNode call, string name) {
call.getFunction().(PathExprCfgNode).toString().matches(name + "%")
}
private module FlowTestImpl implements InputSig<Location, RustDataFlow> {
predicate defaultSource(DataFlow::Node source) { callTargetName(source.asExpr(), "source") }
predicate defaultSink(DataFlow::Node sink) {
any(CallExprCfgNode call | callTargetName(call, "sink")).getArgument(_) = sink.asExpr()
}
private string getSourceArgString(DataFlow::Node src) {
defaultSource(src) and
result = src.asExpr().(CallExprCfgNode).getArgument(0).toString()
or
sourceNode(src, _) and
exists(CallExprBase call |
call = src.(Node::FlowSummaryNode).getSourceElement().getCall() and
result = call.getArgList().getArg(0).toString()
)
}
bindingset[src, sink]
string getArgString(DataFlow::Node src, DataFlow::Node sink) {
(
result = getSourceArgString(src)
or
not exists(getSourceArgString(src)) and result = ""
) and
exists(sink)
}
predicate interpretModelForTest = MaD::interpretModelForTest/2;
}
import InlineFlowTestMake<Location, RustDataFlow, RustTaintTracking, InlineExpectationsTestImpl::Impl, FlowTestImpl>