Merge pull request #17235 from aschackmull/dataflow/fix-missing-subpaths

Dataflow: Fix missing subpaths due to type strengthening.
github · Aug 16, 2024 · ae013ba · ae013ba
2 parents fb7b89f + 51c43a7
commit ae013ba
Show file tree

Hide file tree

Showing 8 changed files with 795 additions and 3 deletions.
diff --git a/java/ql/test/library-tests/dataflow/collections/containerflow.expected b/java/ql/test/library-tests/dataflow/collections/containerflow.expected
diff --git a/java/ql/test/library-tests/dataflow/subpaths/flow.expected b/java/ql/test/library-tests/dataflow/subpaths/flow.expected
@@ -32,6 +32,7 @@ nodes
 | A.java:27:12:27:25 | apply(...) : String | semmle.label | apply(...) : String |
 | A.java:27:20:27:24 | (...)... : Object | semmle.label | (...)... : Object |
 subpaths
+| A.java:14:44:14:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | A.java:14:16:14:55 | propagateTaint(...) : String |
 | A.java:18:44:18:54 | source(...) : Object | A.java:8:24:8:33 | arg : Object | A.java:9:12:9:17 | (...)... : Object | A.java:18:16:18:55 | propagateTaint(...) : Object |
 | A.java:22:44:22:54 | source(...) : Object | A.java:26:41:26:48 | x : Object | A.java:27:12:27:25 | apply(...) : String | A.java:22:17:22:55 | apply(...) : String |
 | A.java:27:20:27:24 | (...)... : Object | A.java:22:24:22:33 | arg : String | A.java:22:39:22:41 | arg : String | A.java:27:12:27:25 | apply(...) : String |

diff --git a/java/ql/test/library-tests/frameworks/apache-collections/test.expected b/java/ql/test/library-tests/frameworks/apache-collections/test.expected
diff --git a/java/ql/test/library-tests/frameworks/gson/test.expected b/java/ql/test/library-tests/frameworks/gson/test.expected
diff --git a/java/ql/test/library-tests/frameworks/guava/generated/collect/test.expected b/java/ql/test/library-tests/frameworks/guava/generated/collect/test.expected
diff --git a/java/ql/test/library-tests/frameworks/netty/generated/test.expected b/java/ql/test/library-tests/frameworks/netty/generated/test.expected
diff --git a/java/ql/test/library-tests/frameworks/spring/util/test.expected b/java/ql/test/library-tests/frameworks/spring/util/test.expected
diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll
@@ -4878,12 +4878,13 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
         PathNodeImpl arg, PathNodeImpl par, PathNodeImpl ret, PathNodeImpl out
       ) {
         exists(
-          ParamNodeEx p, NodeEx o, FlowState sout, DataFlowType t, AccessPath apout,
-          PathNodeMid out0
+          ParamNodeEx p, NodeEx o, FlowState sout, DataFlowType t0, DataFlowType t,
+          AccessPath apout, PathNodeMid out0
         |
           pragma[only_bind_into](arg).getASuccessorImpl(_) = pragma[only_bind_into](out0) and
-          subpaths03(pragma[only_bind_into](arg), p, ret, o, sout, t, apout) and
+          subpaths03(pragma[only_bind_into](arg), p, ret, o, sout, t0, apout) and
           hasSuccessor(pragma[only_bind_into](arg), par, p) and
+          strengthenType(o, t0, t) and
           pathNode(out0, o, sout, _, _, t, apout, _, _)
         |
           out = out0 or out = out0.projectToSink(_)