wip2

csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.cs

@@ -58,6 +58,31 @@ public void M9(A a)
         a.Nested.Field = Source<string>(3);
     }
 
+    public void M10()
+    {
+        var a = new A();
+        Sink(a);
+        Sink(a.Nested.Nested.Field);
+        GetNestedNested(a).Field = Source<string>(4);
+        Sink(a.Nested.Nested.Field); // $ hasValueFlow=4
+    }
+
+    public void M11(A a)
+    {
+
+    }
+
+    public void M11()
+    {
+        var a = new A();
+        M11(a);
+        Sink(a.Field);
+        a.Field = Source<string>(5);
+        Sink(a.Field); // $ hasValueFlow=5
+    }
+
+    public A GetNestedNested(A a) => a.Nested.Nested;
+
     public static void Sink(object o) { }
 
     static T Source<T>(object source) => throw null;

csharp/ql/test/library-tests/dataflow/reverse-flow/ReverseFlow.expected

@@ -34,6 +34,20 @@ edges
 | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | ReverseFlow.cs:56:22:56:22 | a [Return] : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | provenance |  |
 | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | ReverseFlow.cs:66:25:66:25 | [post] access to local variable a : A [field Nested, field Nested, field Field] : String | provenance |  |
+| ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | ReverseFlow.cs:84:38:84:52 | access to field Nested [Reverse] : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:66:25:66:25 | [post] access to local variable a : A [field Nested, field Nested, field Field] : String | ReverseFlow.cs:67:14:67:14 | access to local variable a : A [field Nested, field Nested, field Field] : String | provenance |  |
+| ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:67:14:67:14 | access to local variable a : A [field Nested, field Nested, field Field] : String | ReverseFlow.cs:67:14:67:21 | access to field Nested : A [field Nested, field Field] : String | provenance |  |
+| ReverseFlow.cs:67:14:67:21 | access to field Nested : A [field Nested, field Field] : String | ReverseFlow.cs:67:14:67:28 | access to field Nested : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:67:14:67:28 | access to field Nested : A [field Field] : String | ReverseFlow.cs:67:14:67:34 | access to field Field | provenance |  |
+| ReverseFlow.cs:80:9:80:9 | [post] access to local variable a : A [field Field] : String | ReverseFlow.cs:81:14:81:14 | access to local variable a : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | ReverseFlow.cs:80:9:80:9 | [post] access to local variable a : A [field Field] : String | provenance |  |
+| ReverseFlow.cs:81:14:81:14 | access to local variable a : A [field Field] : String | ReverseFlow.cs:81:14:81:20 | access to field Field | provenance |  |
+| ReverseFlow.cs:84:38:84:38 | access to parameter a [Reverse] : A [field Nested, field Nested, field Field] : String | ReverseFlow.cs:84:32:84:32 | a [Return] : A [field Nested, field Nested, field Field] : String | provenance |  |
+| ReverseFlow.cs:84:38:84:45 | access to field Nested [Reverse] : A [field Nested, field Field] : String | ReverseFlow.cs:84:38:84:38 | access to parameter a [Reverse] : A [field Nested, field Nested, field Field] : String | provenance |  |
+| ReverseFlow.cs:84:38:84:52 | access to field Nested [Reverse] : A [field Field] : String | ReverseFlow.cs:84:38:84:45 | access to field Nested [Reverse] : A [field Nested, field Field] : String | provenance |  |
 nodes
 | ReverseFlow.cs:10:12:10:12 | [post] access to local variable a : A [field Nested, field Field] : String | semmle.label | [post] access to local variable a : A [field Nested, field Field] : String |
 | ReverseFlow.cs:11:14:11:14 | access to local variable a : A [field Nested, field Field] : String | semmle.label | access to local variable a : A [field Nested, field Field] : String |
@@ -72,8 +86,27 @@ nodes
 | ReverseFlow.cs:58:9:58:9 | [post] access to parameter a : A [field Nested, field Field] : String | semmle.label | [post] access to parameter a : A [field Nested, field Field] : String |
 | ReverseFlow.cs:58:9:58:16 | [post] access to field Nested : A [field Field] : String | semmle.label | [post] access to field Nested : A [field Field] : String |
 | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
+| ReverseFlow.cs:66:9:66:26 | [post] call to method GetNestedNested : A [field Field] : String | semmle.label | [post] call to method GetNestedNested : A [field Field] : String |
+| ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | semmle.label | call to method GetNestedNested [Reverse] : A [field Field] : String |
+| ReverseFlow.cs:66:25:66:25 | [post] access to local variable a : A [field Nested, field Nested, field Field] : String | semmle.label | [post] access to local variable a : A [field Nested, field Nested, field Field] : String |
+| ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
+| ReverseFlow.cs:67:14:67:14 | access to local variable a : A [field Nested, field Nested, field Field] : String | semmle.label | access to local variable a : A [field Nested, field Nested, field Field] : String |
+| ReverseFlow.cs:67:14:67:21 | access to field Nested : A [field Nested, field Field] : String | semmle.label | access to field Nested : A [field Nested, field Field] : String |
+| ReverseFlow.cs:67:14:67:28 | access to field Nested : A [field Field] : String | semmle.label | access to field Nested : A [field Field] : String |
+| ReverseFlow.cs:67:14:67:34 | access to field Field | semmle.label | access to field Field |
+| ReverseFlow.cs:80:9:80:9 | [post] access to local variable a : A [field Field] : String | semmle.label | [post] access to local variable a : A [field Field] : String |
+| ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | semmle.label | call to method Source<String> : String |
+| ReverseFlow.cs:81:14:81:14 | access to local variable a : A [field Field] : String | semmle.label | access to local variable a : A [field Field] : String |
+| ReverseFlow.cs:81:14:81:20 | access to field Field | semmle.label | access to field Field |
+| ReverseFlow.cs:84:32:84:32 | a [Return] : A [field Nested, field Nested, field Field] : String | semmle.label | a [Return] : A [field Nested, field Nested, field Field] : String |
+| ReverseFlow.cs:84:38:84:38 | access to parameter a [Reverse] : A [field Nested, field Nested, field Field] : String | semmle.label | access to parameter a [Reverse] : A [field Nested, field Nested, field Field] : String |
+| ReverseFlow.cs:84:38:84:45 | access to field Nested [Reverse] : A [field Nested, field Field] : String | semmle.label | access to field Nested [Reverse] : A [field Nested, field Field] : String |
+| ReverseFlow.cs:84:38:84:52 | access to field Nested [Reverse] : A [field Field] : String | semmle.label | access to field Nested [Reverse] : A [field Field] : String |
 subpaths
+| ReverseFlow.cs:66:9:66:26 | call to method GetNestedNested [Reverse] : A [field Field] : String | ReverseFlow.cs:84:38:84:52 | access to field Nested [Reverse] : A [field Field] : String | ReverseFlow.cs:84:32:84:32 | a [Return] : A [field Nested, field Nested, field Field] : String | ReverseFlow.cs:66:25:66:25 | [post] access to local variable a : A [field Nested, field Nested, field Field] : String |
 #select
 | ReverseFlow.cs:11:14:11:27 | access to field Field | ReverseFlow.cs:22:19:22:35 | call to method Source<String> : String | ReverseFlow.cs:11:14:11:27 | access to field Field | $@ | ReverseFlow.cs:22:19:22:35 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:28:14:28:30 | access to field Field | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | ReverseFlow.cs:28:14:28:30 | access to field Field | $@ | ReverseFlow.cs:39:22:39:38 | call to method Source<String> : String | call to method Source<String> : String |
 | ReverseFlow.cs:46:14:46:20 | access to field Field | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | ReverseFlow.cs:46:14:46:20 | access to field Field | $@ | ReverseFlow.cs:58:26:58:42 | call to method Source<String> : String | call to method Source<String> : String |
+| ReverseFlow.cs:67:14:67:34 | access to field Field | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | ReverseFlow.cs:67:14:67:34 | access to field Field | $@ | ReverseFlow.cs:66:36:66:52 | call to method Source<String> : String | call to method Source<String> : String |
+| ReverseFlow.cs:81:14:81:20 | access to field Field | ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | ReverseFlow.cs:81:14:81:20 | access to field Field | $@ | ReverseFlow.cs:80:19:80:35 | call to method Source<String> : String | call to method Source<String> : String |

shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll

@@ -959,7 +959,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       this.asNode().(ArgNode).argumentOf(call_, pos_.asArgumentPosition())
       or
       // this.asNodeReverse() = getAnOutNodeExt(call_, pos_.asReturnKind()) and
-      this.asNodeReverse() = getAnOutNode(call_, pos_.asReturnKind().(ValueReturnKind).getKind()) //and
+      this.asNodeReverse() = getAnOutNode(call_, pos_.asReturnKind().(ValueReturnKind).getKind()) and //and
+      not this.asNodeReverse() instanceof PostUpdateNode // needed for swift
       // call_.toString().matches("%GetBox1%")
     }
 

swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.expected

@@ -1,12 +1,2 @@
 testFailures
-| custom.swift:54:12:54:12 | mc1 | Unexpected result: tainted=data3 |
-| custom.swift:55:12:55:17 | ...[...] | Unexpected result: tainted=data3 |
-| custom.swift:62:12:62:12 | mc2 | Unexpected result: tainted=data4 |
-| custom.swift:63:12:63:17 | ...[...] | Unexpected result: tainted=data4 |
-| custom.swift:70:12:70:12 | mc3 | Unexpected result: tainted=data1 |
-| custom.swift:71:12:71:17 | ...[...] | Unexpected result: tainted=data1 |
-| custom.swift:78:12:78:12 | mc4 | Unexpected result: tainted=data1 |
-| custom.swift:79:12:79:17 | ...[...] | Unexpected result: tainted=data1 |
-| custom.swift:106:12:106:12 | mc6 | Unexpected result: tainted=data9 |
-| custom.swift:107:12:107:17 | ...[...] | Unexpected result: tainted=data9 |
 failures

swift/ql/test/library-tests/dataflow/taint/libraries/TaintInline.ql

@@ -1,14 +1,5 @@
-/**
- * @kind path-problem
- */
-
 import TestUtilities.InlineFlowTest
 
 string customTaintFlowTag() { result = "tainted" }
 
 import FlowTest<NoFlowConfig, DefaultFlowConfig, defaultValueFlowTag/0, customTaintFlowTag/0>
-import PathGraph
-
-from PathNode source, PathNode sink
-where flowPath(source, sink)
-select sink, source, sink, "$@", source, source.toString()