Merge pull request #17301 from michaelnebel/shared/contentflowbadjoin

Shared: Fix bad join in content flow.
github · Aug 27, 2024 · 287857c · 287857c
2 parents b79be71 + 77bfe39
commit 287857c
Showing 1 changed file with 20 additions and 8 deletions.
diff --git a/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll
@@ -455,27 +455,39 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
       )
     }
 
+    pragma[nomagic]
+    private predicate succNodeAndState(
+      Flow::PathNode pre, Node preNode, State preState, Flow::PathNode succ, Node succNode,
+      State succState
+    ) {
+      pre.getNode() = preNode and
+      pre.getState() = preState and
+      succ.getNode() = succNode and
+      succ.getState() = succState and
+      pre.getASuccessor() = succ
+    }
+
     pragma[nomagic]
     private predicate nodeReachesStore(
-      Flow::PathNode source, AccessPath scReads, AccessPath scStores, Flow::PathNode node,
+      Flow::PathNode source, AccessPath scReads, AccessPath scStores, Flow::PathNode target,
       ContentSet c, AccessPath reads, AccessPath stores
     ) {
-      exists(Flow::PathNode mid |
+      exists(Flow::PathNode mid, State midState, Node midNode, State targetState, Node targetNode |
         nodeReaches(source, scReads, scStores, mid, reads, stores) and
-        storeStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and
-        mid.getASuccessor() = node
+        succNodeAndState(mid, midNode, midState, target, targetNode, targetState) and
+        storeStep(midNode, midState, c, targetNode, targetState)
       )
     }
 
     pragma[nomagic]
     private predicate nodeReachesRead(
-      Flow::PathNode source, AccessPath scReads, AccessPath scStores, Flow::PathNode node,
+      Flow::PathNode source, AccessPath scReads, AccessPath scStores, Flow::PathNode target,
       ContentSet c, AccessPath reads, AccessPath stores
     ) {
-      exists(Flow::PathNode mid |
+      exists(Flow::PathNode mid, State midState, Node midNode, State targetState, Node targetNode |
         nodeReaches(source, scReads, scStores, mid, reads, stores) and
-        readStep(mid.getNode(), mid.getState(), c, node.getNode(), node.getState()) and
-        mid.getASuccessor() = node
+        succNodeAndState(mid, midNode, midState, target, targetNode, targetState) and
+        readStep(midNode, midState, c, targetNode, targetState)
       )
     }