Thanks to visit codestin.com
Credit goes to github.com

Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Commit 81ba71e

Browse files
author
Sauyon Lee
committed
Address review comments
1 parent 1092fe5 commit 81ba71e

File tree

4 files changed

+34
-58
lines changed

4 files changed

+34
-58
lines changed

ql/src/semmle/go/controlflow/ControlFlowGraph.qll

+12
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,18 @@ module ControlFlow {
5757
/** Gets the basic block to which this node belongs. */
5858
BasicBlock getBasicBlock() { result.getANode() = this }
5959

60+
/** Holds if this node dominates `dominee` in the control-flow graph. */
61+
pragma[inline]
62+
predicate dominatesNode(ControlFlow::Node dominee) {
63+
exists(ReachableBasicBlock thisbb, ReachableBasicBlock dbb, int i, int j |
64+
this = thisbb.getNode(i) and dominee = dbb.getNode(j)
65+
|
66+
thisbb.strictlyDominates(dbb)
67+
or
68+
thisbb = dbb and i <= j
69+
)
70+
}
71+
6072
/** Gets the innermost function or file to which this node belongs. */
6173
Root getRoot() { none() }
6274

ql/src/semmle/go/dataflow/SSA.qll

+12-42
Original file line numberDiff line numberDiff line change
@@ -316,26 +316,28 @@ private IR::Instruction accessPathAux(TSsaWithFields base, Field f) {
316316
)
317317
}
318318

319-
abstract class SsaWithFields extends TSsaWithFields {
319+
class SsaWithFields extends TSsaWithFields {
320320
/**
321321
* Gets the SSA variable corresponding to the base of this SSA variable with fields.
322322
*
323323
* For example, the SSA variable corresponding to `a` for the SSA variable with fields
324324
* corresponding to `a.b`.
325325
*/
326-
abstract SsaVariable getBaseVariable();
327-
328-
/** Gets the type of this SSA variable with fields. */
329-
abstract Type getType();
330-
331-
/** Gets a use in basic block `bb` that refers to this SSA variable with fields. */
332-
abstract IR::Instruction getAUseIn(ReachableBasicBlock bb);
326+
SsaVariable getBaseVariable() {
327+
this = TRoot(result)
328+
or
329+
exists(SsaWithFields base, Field f | this = TStep(base, f) | result = base.getBaseVariable())
330+
}
333331

334332
/** Gets a use that refers to this SSA variable with fields. */
335-
IR::Instruction getAUse() { result = this.getAUseIn(_) }
333+
DataFlow::Node getAUse() { this = accessPath(result.asInstruction()) }
336334

337335
/** Gets a textual representation of this element. */
338-
abstract string toString();
336+
string toString() {
337+
exists(SsaVariable var | this = TRoot(var) | result = "(" + var + ")")
338+
or
339+
exists(SsaWithFields base, Field f | this = TStep(base, f) | result = base + "." + f.getName())
340+
}
339341

340342
/**
341343
* Holds if this element is at the specified location.
@@ -350,35 +352,3 @@ abstract class SsaWithFields extends TSsaWithFields {
350352
this.getBaseVariable().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
351353
}
352354
}
353-
354-
private class SsaWithFieldsRoot extends SsaWithFields, TRoot {
355-
SsaVariable self;
356-
357-
SsaWithFieldsRoot() { this = TRoot(self) }
358-
359-
override SsaVariable getBaseVariable() { result = self }
360-
361-
override Type getType() { result = self.getType() }
362-
363-
override IR::Instruction getAUseIn(ReachableBasicBlock bb) { result = self.getAUseIn(bb) }
364-
365-
override string toString() { result = "(" + self.toString() + ")" }
366-
}
367-
368-
private class SsaWithFieldsStep extends SsaWithFields, TStep {
369-
SsaWithFields base;
370-
Field f;
371-
372-
SsaWithFieldsStep() { this = TStep(base, f) }
373-
374-
override SsaVariable getBaseVariable() { result = base.getBaseVariable() }
375-
376-
override Type getType() { result = f.getType() }
377-
378-
override IR::FieldReadInstruction getAUseIn(ReachableBasicBlock bb) {
379-
result.getBase() = base.getAUseIn(bb) and
380-
result.getField() = f
381-
}
382-
383-
override string toString() { result = base.toString() + "." + f.getName() }
384-
}

ql/src/semmle/go/dataflow/internal/DataFlowUtil.qll

+6-6
Original file line numberDiff line numberDiff line change
@@ -748,11 +748,11 @@ abstract class BarrierGuard extends Node {
748748

749749
/** Gets a node guarded by this guard. */
750750
final Node getAGuardedNode() {
751-
exists(ControlFlow::ConditionGuardNode guard, Node nd |
752-
exists(SsaWithFields var | result.asInstruction() = var.getAUse() |
753-
guards(guard, nd, var) and
754-
guard.dominates(result.asInstruction().getBasicBlock())
755-
)
751+
exists(ControlFlow::ConditionGuardNode guard, Node nd, SsaWithFields var |
752+
result = var.getAUse()
753+
|
754+
guards(guard, nd, var) and
755+
guard.dominates(result.asInstruction().getBasicBlock())
756756
)
757757
}
758758

@@ -764,7 +764,7 @@ abstract class BarrierGuard extends Node {
764764
*/
765765
pragma[noinline]
766766
private predicate guards(ControlFlow::ConditionGuardNode guard, Node nd, SsaWithFields ap) {
767-
guards(guard, nd) and nd.asInstruction() = ap.getAUse()
767+
guards(guard, nd) and nd = ap.getAUse()
768768
}
769769

770770
/**

ql/src/semmle/go/security/OpenUrlRedirectCustomizations.qll

+4-10
Original file line numberDiff line numberDiff line change
@@ -58,19 +58,13 @@ module OpenUrlRedirect {
5858
*/
5959
class PathAssignmentBarrier extends Barrier, Read {
6060
PathAssignmentBarrier() {
61-
exists(Write w, Field f, Read writeBase, SsaWithFields var |
61+
exists(Write w, Field f, SsaWithFields var |
6262
f.getName() = "Path" and
6363
hasHostnameSanitizingSubstring(w.getRhs()) and
64-
this.asInstruction() = var.getAUse() and
65-
writeBase.asInstruction() = var.getAUse()
64+
this = var.getAUse()
6665
|
67-
w.writesField(writeBase, f, _) and
68-
w.getBasicBlock().(ReachableBasicBlock).dominates(this.asInstruction().getBasicBlock()) and
69-
(
70-
not w.getBasicBlock() = this.asInstruction().getBasicBlock()
71-
or
72-
w.getASuccessor+() = this.asInstruction()
73-
)
66+
w.writesField(var.getAUse(), f, _) and
67+
w.dominatesNode(insn)
7468
)
7569
}
7670
}

0 commit comments

Comments
 (0)