Skip to content

Diff-informed queries via primary/secondary abstractions#19586

Closed
jbj wants to merge 4 commits intogithub:mainfrom
jbj:DiffInformedQuery-unit-class
Closed

Diff-informed queries via primary/secondary abstractions#19586
jbj wants to merge 4 commits intogithub:mainfrom
jbj:DiffInformedQuery-unit-class

Conversation

@jbj
Copy link
Contributor

@jbj jbj commented May 27, 2025

This PR is a proof of concept for how diff-informed queries could be made more high level, reducing hard-to-remember design patterns and simultaneously reducing reverse dependencies and the "module soup" I proposed in #17846.

I've only implemented what's necessary for XSS.ql so far since I expect a lot of changes to names and APIs.

jbj added 4 commits May 27, 2025 08:44
@jbj
DataFlow: Single-inheritance activation
7c7d639
@jbj
Java: XSS with abstract class (some duplication)
f8922f1 
I haven't figured out how to avoid the redundancy between
`getASelected{Source,Sink}Location` in the module and the class. Maybe
we need a strong notion of primary and secondary data-flow
configurations.
@jbj
DataFlow: primary and secondary configurations
7600a73 
For now I've only implemented what XSS.qll needs
@jbj
Java: avoid some duplication in XSS.qll
be3bd4a
@jbj jbj requested review from aschackmull and asgerf May 27, 2025 07:28
github-advanced-security[bot]
github-advanced-security bot found potential problems May 27, 2025
View reviewed changes
java/ql/src/Security/CWE/CWE-079/XSS.ql

class IsDiffInformed extends DataFlow::DiffInformedQuery {
// This predicate is overridden to be more precise than the default
// implementation in order to support secondary secondary data-flow

Check warning

Code scanning / CodeQL

Comment has repeated word Warning

The comment repeats secondary.
shared/dataflow/codeql/dataflow/DataFlow.qll
}

module Primary<ConfigSig Config> implements GlobalFlowSig {
private module Config0 implements FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/DataFlow.qll
}
}

private module C implements FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
}
}

private module C implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
module FindSinks<DataFlow::ConfigSig Config, DataFlow::SecondaryConfig SC> implements
DataFlow::GlobalFlowSig
{
private module Config0 implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
shared/dataflow/codeql/dataflow/TaintTracking.qll
}
}

private module C implements DataFlowInternal::FullStateConfigSig {

Check warning

Code scanning / CodeQL

Data flow configuration module naming Warning

Modules implementing a data flow configuration should end in Config.
@asgerf asgerf removed their request for review August 29, 2025 07:35
@jbj
Copy link
Contributor Author

jbj commented Nov 4, 2025

Superseded by #20386

@jbj jbj closed this Nov 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aschackmull aschackmull Awaiting requested review from aschackmull

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

No one assigned

Labels

DataFlow Library Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jbj