Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ abstract private class LocalFunctionCreationNode extends NodeImpl, TLocalFunctio
LocalFunction getFunction() { result = function }

ExprNode getAnAccess(boolean inSameCallable) {
result.getExpr().(LocalFunctionAccess).getTarget() = this.getFunction() and
isLocalFunctionCallReceiver(_, result.getExpr(), this.getFunction()) and
if result.getEnclosingCallable() = this.getEnclosingCallable()
then inSameCallable = true
else inSameCallable = false
Expand Down Expand Up @@ -399,7 +399,11 @@ module VariableCapture {

predicate hasBody(Callable body) { body = c }

predicate hasAliasedAccess(Expr f) { closureFlowStep+(this, f) and not closureFlowStep(f, _) }
predicate hasAliasedAccess(Expr f) {
closureFlowStep+(this, f) and not closureFlowStep(f, _)
or
isLocalFunctionCallReceiver(_, f.getAstNode(), c)
}
}

class Callable extends Cs::Callable {
Expand Down Expand Up @@ -881,7 +885,7 @@ module LocalFlow {
exists(SsaImpl::getAReadAtNode(def, node2.(ExprNode).getControlFlowNode()))
)
or
delegateCreationStep(node1, node2)
node2 = node1.(LocalFunctionCreationNode).getAnAccess(true)
or
node1 =
unique(FlowSummaryNode n1 |
Expand Down Expand Up @@ -2549,9 +2553,10 @@ class DataFlowType extends TDataFlowType {
* creations associated with the same type.
*/
ControlFlowElement getADelegateCreation() {
exists(Callable callable |
lambdaCreationExpr(result, callable) and
this = TDelegateDataFlowType(callable)
exists(Callable callable | this = TDelegateDataFlowType(callable) |
lambdaCreationExpr(result, callable)
or
isLocalFunctionCallReceiver(_, result, callable)
)
}

Expand All @@ -2566,12 +2571,7 @@ class DataFlowType extends TDataFlowType {
DataFlowType getNodeType(Node n) {
result = n.(NodeImpl).getDataFlowType() and
not lambdaCreation(n, _, _) and
not delegateCreationStep(_, n)
or
exists(Node arg |
delegateCreationStep(arg, n) and
result = getNodeType(arg)
)
not isLocalFunctionCallReceiver(_, n.asExpr(), _)
or
[
n.asExpr().(ControlFlowElement),
Expand Down Expand Up @@ -2896,7 +2896,7 @@ private predicate lambdaCreationExpr(ControlFlowElement creation, Callable c) {
c =
[
creation.(AnonymousFunctionExpr),
creation.(CallableAccess).getTarget().getUnboundDeclaration(),
creation.(DelegateCreation).getArgument().(CallableAccess).getTarget().getUnboundDeclaration(),
creation.(AddressOfExpr).getOperand().(CallableAccess).getTarget().getUnboundDeclaration(),
creation.(LocalFunctionStmt).getLocalFunction()
]
Expand All @@ -2910,6 +2910,13 @@ predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c)
exists(kind)
}

private predicate isLocalFunctionCallReceiver(
LocalFunctionCall call, LocalFunctionAccess receiver, LocalFunction f
) {
receiver.getParent() = call and
f = receiver.getTarget().getUnboundDeclaration()
}

private class LambdaConfiguration extends ControlFlowReachabilityConfiguration {
LambdaConfiguration() { this = "LambdaConfiguration" }

Expand All @@ -2926,7 +2933,7 @@ private class LambdaConfiguration extends ControlFlowReachabilityConfiguration {
scope = e2 and
isSuccessor = true
or
e1.(LocalFunctionAccess).getParent() = e2.(LocalFunctionCall) and
isLocalFunctionCallReceiver(e2, e1, _) and
exactScope = false and
scope = e2 and
isSuccessor = true
Expand Down
4 changes: 3 additions & 1 deletion csharp/ql/test/library-tests/dataflow/global/Capture.cs
Original file line number Diff line number Diff line change
Expand Up @@ -327,9 +327,11 @@ void M12()
{
var x = "taint source";

void CapturedLocalFunction() => Check(x); // missing flow from line 328
void CapturedLocalFunction() => Check(x);

void CapturingLocalFunction() => CapturedLocalFunction();

CapturingLocalFunction();
}

void M13()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
| Capture.cs:312:15:312:15 | access to local variable x |
| Capture.cs:319:19:319:19 | access to local variable x |
| Capture.cs:330:47:330:47 | access to local variable x |
| Capture.cs:339:45:339:45 | access to local variable x |
| Capture.cs:341:45:341:45 | access to local variable x |
| GlobalDataFlow.cs:19:15:19:29 | access to field SinkField0 |
| GlobalDataFlow.cs:27:15:27:32 | access to property SinkProperty0 |
| GlobalDataFlow.cs:45:50:45:59 | access to parameter sinkParam2 |
Expand Down
Loading