Skip to content

Commit 5d5448d

Browse files
MathiasVPMathiasVP
committed
PS: Also use the new library to handle array expressions.
1 parent b2cf155 commit 5d5448d

File tree

1 file changed

+23
-11
lines changed

1 file changed

+23
-11
lines changed

powershell/ql/lib/semmle/code/powershell/dataflow/internal/DataFlowPrivate.qll

Lines changed: 23 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -846,6 +846,24 @@ predicate jumpStep(Node pred, Node succ) {
846846
succ.(FlowSummaryNode).getSummaryNode())
847847
}
848848

849+
private predicate arrayExprStore(Node node1, ContentSet cs, Node node2, CfgNodes::ExprCfgNode e) {
850+
exists(CfgNodes::ExprNodes::ArrayExprCfgNode ae, CfgNodes::StmtNodes::StmtBlockCfgNode block |
851+
e = node1.(AstNode).getCfgNode() and
852+
ae = node2.asExpr() and
853+
block = ae.getStmtBlock()
854+
|
855+
exists(Content::KnownElementContent ec, int index |
856+
e = ArrayExprFlow::getReturn(block, index) and
857+
cs.isKnownOrUnknownElement(ec) and
858+
index = ec.getIndex().asInt()
859+
)
860+
or
861+
not ArrayExprFlow::eachValueIsReturnedOnce(block) and
862+
e = ArrayExprFlow::getAReturn(block) and
863+
cs.isAnyElement()
864+
)
865+
}
866+
849867
/**
850868
* Holds if data can flow from `node1` to `node2` via an assignment to
851869
* content `c`.
@@ -872,8 +890,10 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
872890
c.isAnyElement()
873891
)
874892
or
875-
exists(Content::KnownElementContent ec, int index |
876-
node2.asExpr().(CfgNodes::ExprNodes::ArrayLiteralCfgNode).getExpr(index) = node1.asExpr() and
893+
exists(Content::KnownElementContent ec, int index, CfgNodes::ExprCfgNode e |
894+
e = node1.asExpr() and
895+
not arrayExprStore(node1, _, _, e) and
896+
node2.asExpr().(CfgNodes::ExprNodes::ArrayLiteralCfgNode).getExpr(index) = e and
877897
c.isKnownOrUnknownElement(ec) and
878898
index = ec.getIndex().asInt()
879899
)
@@ -890,15 +910,7 @@ predicate storeStep(Node node1, ContentSet c, Node node2) {
890910
c.isAnyElement()
891911
)
892912
or
893-
c.isAnyElement() and
894-
exists(
895-
CfgNodes::ExprNodes::ArrayExprCfgNode arrayExpr, EscapeContainer::EscapeContainer container
896-
|
897-
node2.asExpr() = arrayExpr and
898-
container = arrayExpr.getStmtBlock().getAstNode() and
899-
node1.(AstNode).getCfgNode() = container.getAnEscapingElement() and
900-
container.mayBeMultiReturned(_)
901-
)
913+
arrayExprStore(node1, c, node2, _)
902914
or
903915
c.isAnyElement() and
904916
exists(CfgNode cfgNode |

0 commit comments

Comments
 (0)