Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C#/Java: Content based model generation improvements. #17521

Draft
wants to merge 11 commits into
base: main
Choose a base branch
from
Draft

C#/Java: Content based model generation improvements. #17521

wants to merge 11 commits into from
+1,596 −1,966

Conversation

michaelnebel
Copy link
Contributor

@michaelnebel michaelnebel commented Sep 19, 2024
edited
Loading

In this PR we make the following model generator improvements.

  • Instead of completely excluding an API from model generation, if it overall has "too many" summaries, we now consider the number of summaries pr. parameter instead and only exclude an API and paramater combination in case it could yield more than three summaries.
  • The requirement for when we accept synthetic fields has been made less tight. Accesspaths containing synthetic field should no longer be identical to form a chain of synthetics. The synthetic fields should now just be mentioned in the same order.

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 19, 2024
View reviewed changes
csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll
ReturnNodeExt() {
kind = DataFlowImplCommon::getValueReturnPosition(this).getKind() or
kind = DataFlowImplCommon::getParamReturnPosition(this, _).getKind()
private import csharp as CS

Check warning

Code scanning / CodeQL

Names only differing by case Warning

CS is only different by casing from Cs that is used elsewhere for modules.
java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
private import CaptureModelsSpecific
private import CaptureModelsPrinting
private import java as J
private import semmle.code.java.dataflow.DataFlow

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.java.dataflow.TaintTracking
Loading
.
java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.java.dataflow.internal.ModelExclusions
private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
private import semmle.code.java.dataflow.SSA as Ssa

Check warning

Code scanning / CodeQL

Names only differing by case Warning

Ssa is only different by casing from SSA that is used elsewhere for modules.
shared/mad/codeql/mad/modelgenerator/ModelGeneratorImpl.qll
*/

private import codeql.dataflow.DataFlow
private import codeql.dataflow.TaintTracking as Tt

Check warning

Code scanning / CodeQL

Names only differing by case Warning

Tt is only different by casing from TT that is used elsewhere for modules.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C# DataFlow Library Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michaelnebel