Python: Elaborate qldoc and renames to match

yoff · yoff · commit 98dfe1a00a14 · 2021-03-26T17:27:43.000+01:00
diff --git a/python/ql/src/Security/CWE-327/Ssl.qll b/python/ql/src/Security/CWE-327/Ssl.qll
@@ -45,7 +45,7 @@ class OptionsAugOr extends ProtocolRestriction {
       (
         aa.getValue() = flag
         or
-        impliesValue(aa.getValue(), flag, false, false)
+        impliesBitSet(aa.getValue(), flag, false, false)
       )
     )
   }
@@ -70,7 +70,7 @@ class OptionsAugAndNot extends ProtocolUnrestriction {
       (
         aa.getValue() = notFlag
         or
-        impliesValue(aa.getValue(), notFlag, true, true)
+        impliesBitSet(aa.getValue(), notFlag, true, true)
       )
     )
   }
@@ -80,22 +80,36 @@ class OptionsAugAndNot extends ProtocolUnrestriction {
   override ProtocolVersion getUnrestriction() { result = restriction }
 }
 
-/** Whether `part` evaluates to `partIsTrue` if `whole` evaluates to `wholeIsTrue`. */
-predicate impliesValue(BinaryExpr whole, Expr part, boolean partIsTrue, boolean wholeIsTrue) {
+/**
+ * Holds if
+ *   for every bit, _b_:
+ *     `wholeHasBitSet` represents that _b_ is set in `whole`
+ *     implies
+ *     `partHasBitSet` represents that _b_ is set in `part`
+ *
+ * As an example take `whole` = `part1 & part2`. Then
+ * `impliesBitSet(whole, part1, true, true)` holds
+ * because for any bit in `whole`, if that bit is set it must also be set in `part1`.
+ *
+ * Similarly for `whole` = `part1 | part2`. Here
+ * `impliesBitSet(whole, part1, false, false)` holds
+ * because for any bit in `whole`, if that bit is not set, it cannot be set in `part1`.
+ */
+predicate impliesBitSet(BinaryExpr whole, Expr part, boolean partHasBitSet, boolean wholeHasBitSet) {
   whole.getOp() instanceof BitAnd and
   (
-    wholeIsTrue = true and partIsTrue = true and part in [whole.getLeft(), whole.getRight()]
+    wholeHasBitSet = true and partHasBitSet = true and part in [whole.getLeft(), whole.getRight()]
     or
-    wholeIsTrue = true and
-    impliesValue([whole.getLeft(), whole.getRight()], part, partIsTrue, wholeIsTrue)
+    wholeHasBitSet = true and
+    impliesBitSet([whole.getLeft(), whole.getRight()], part, partHasBitSet, wholeHasBitSet)
   )
   or
   whole.getOp() instanceof BitOr and
   (
-    wholeIsTrue = false and partIsTrue = false and part in [whole.getLeft(), whole.getRight()]
+    wholeHasBitSet = false and partHasBitSet = false and part in [whole.getLeft(), whole.getRight()]
     or
-    wholeIsTrue = false and
-    impliesValue([whole.getLeft(), whole.getRight()], part, partIsTrue, wholeIsTrue)
+    wholeHasBitSet = false and
+    impliesBitSet([whole.getLeft(), whole.getRight()], part, partHasBitSet, wholeHasBitSet)
   )
 }
 

Original file line number	Diff line number	Diff line change
`@@ -45,7 +45,7 @@ class OptionsAugOr extends ProtocolRestriction {`
`45`	`45`	`(`
`46`	`46`	`aa.getValue() = flag`
`47`	`47`	`or`
`48`		`- impliesValue(aa.getValue(), flag, false, false)`
	`48`	`+ impliesBitSet(aa.getValue(), flag, false, false)`
`49`	`49`	`)`
`50`	`50`	`)`
`51`	`51`	`}`
`@@ -70,7 +70,7 @@ class OptionsAugAndNot extends ProtocolUnrestriction {`
`70`	`70`	`(`
`71`	`71`	`aa.getValue() = notFlag`
`72`	`72`	`or`
`73`		`- impliesValue(aa.getValue(), notFlag, true, true)`
	`73`	`+ impliesBitSet(aa.getValue(), notFlag, true, true)`
`74`	`74`	`)`
`75`	`75`	`)`
`76`	`76`	`}`
`@@ -80,22 +80,36 @@ class OptionsAugAndNot extends ProtocolUnrestriction {`
`80`	`80`	`override ProtocolVersion getUnrestriction() { result = restriction }`
`81`	`81`	`}`
`82`	`82`
`83`		-/** Whether `part` evaluates to `partIsTrue` if `whole` evaluates to `wholeIsTrue`. */
`84`		`-predicate impliesValue(BinaryExpr whole, Expr part, boolean partIsTrue, boolean wholeIsTrue) {`
	`83`	`+/**`
	`84`	`+ * Holds if`
	`85`	`+ * for every bit, _b_:`
	`86`	+ * `wholeHasBitSet` represents that _b_ is set in `whole`
	`87`	`+ * implies`
	`88`	+ * `partHasBitSet` represents that _b_ is set in `part`
	`89`	`+ *`
	`90`	+ * As an example take `whole` = `part1 & part2`. Then
	`91`	+ * `impliesBitSet(whole, part1, true, true)` holds
	`92`	+ * because for any bit in `whole`, if that bit is set it must also be set in `part1`.
	`93`	`+ *`
	`94`	+ * Similarly for `whole` = `part1 \| part2`. Here
	`95`	+ * `impliesBitSet(whole, part1, false, false)` holds
	`96`	+ * because for any bit in `whole`, if that bit is not set, it cannot be set in `part1`.
	`97`	`+ */`
	`98`	`+predicate impliesBitSet(BinaryExpr whole, Expr part, boolean partHasBitSet, boolean wholeHasBitSet) {`
`85`	`99`	`whole.getOp() instanceof BitAnd and`
`86`	`100`	`(`
`87`		`- wholeIsTrue = true and partIsTrue = true and part in [whole.getLeft(), whole.getRight()]`
	`101`	`+ wholeHasBitSet = true and partHasBitSet = true and part in [whole.getLeft(), whole.getRight()]`
`88`	`102`	`or`
`89`		`- wholeIsTrue = true and`
`90`		`- impliesValue([whole.getLeft(), whole.getRight()], part, partIsTrue, wholeIsTrue)`
	`103`	`+ wholeHasBitSet = true and`
	`104`	`+ impliesBitSet([whole.getLeft(), whole.getRight()], part, partHasBitSet, wholeHasBitSet)`
`91`	`105`	`)`
`92`	`106`	`or`
`93`	`107`	`whole.getOp() instanceof BitOr and`
`94`	`108`	`(`
`95`		`- wholeIsTrue = false and partIsTrue = false and part in [whole.getLeft(), whole.getRight()]`
	`109`	`+ wholeHasBitSet = false and partHasBitSet = false and part in [whole.getLeft(), whole.getRight()]`
`96`	`110`	`or`
`97`		`- wholeIsTrue = false and`
`98`		`- impliesValue([whole.getLeft(), whole.getRight()], part, partIsTrue, wholeIsTrue)`
	`111`	`+ wholeHasBitSet = false and`
	`112`	`+ impliesBitSet([whole.getLeft(), whole.getRight()], part, partHasBitSet, wholeHasBitSet)`
`99`	`113`	`)`
`100`	`114`	`}`
`101`	`115`