Data flow: Add LambdaArgs node

Author: hvitved

shared/dataflow/codeql/dataflow/internal/ContentDataFlowImpl.qll

@@ -216,7 +216,7 @@ module MakeImplContentDataFlow<LocationSig Location, InputSig<Location> Lang> {
 
     private predicate readStep(Node node1, State state1, ContentSet c, Node node2, ReadState state2) {
       exists(int size |
-        readSet(node1, c, node2) and
+        readSet(any(NodeEx n1 | n1.asNode() = node1), c, any(NodeEx n2 | n2.asNode() = node2)) and // todo
         ContentConfig::isRelevantContent(c) and
         state2.decode(size + 1, true)
       |

shared/dataflow/codeql/dataflow/internal/DataFlowImpl.qll

@@ -477,14 +477,6 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
       hasReadStep(c)
     }
 
-    // pragma[nomagic]
-    // private predicate viableReturnPosOutEx(DataFlowCall call, ReturnPosition pos, NodeEx out) {
-    //   viableReturnPosOut(call, pos, out.asNode())
-    // }
-    // pragma[nomagic]
-    // private predicate viableParamArgEx(DataFlowCall call, ParamNodeEx p, ArgNodeEx arg) {
-    //   viableParamArg(call, p.asNode(), arg.asNode())
-    // }
     /**
      * Holds if field flow should be used for the given configuration.
      */
@@ -2896,15 +2888,9 @@ module MakeImpl<LocationSig Location, InputSig<Location> Lang> {
 
             predicate isHidden() {
               not Config::includeHiddenNodes() and
-              (
-                hiddenNode(this.getNodeEx().asNode()) and
-                not this.isSource() and
-                not this instanceof PathNodeSink
-                or
-                this.getNodeEx() instanceof TNodeImplicitRead
-                or
-                hiddenNode(this.getNodeEx().asParamReturnNode())
-              )
+              hiddenNode(this.getNodeEx()) and
+              not this.isSource() and
+              not this instanceof PathNodeSink
             }
 
             /** Gets a textual representation of this element. */

shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll

@@ -891,6 +891,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       or
       result = this.asLambdaMallocNode().toString() + " [LambdaMalloc]"
       or
+      result = this.asLambdaArgsNode().toString() + " [LambdaArgs]"
+      or
       result = this.asLambdaInstancePostUpdateNode().toString() + " [LambdaPostUpdate]"
       or
       exists(DataFlowCall synthcall, ArgumentPosition apos, boolean isPost |
@@ -914,6 +916,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
 
     Node asLambdaMallocNode() { this = TNodeLambdaMalloc(result) }
 
+    Node asLambdaArgsNode() { this = TNodeLambdaArgs(result) }
+
     predicate isLambdaArgNode(DataFlowCall synthcall, ArgumentPosition apos, boolean isPost) {
       this = TNodeLambdaArg(synthcall, apos, isPost)
     }
@@ -929,6 +933,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       or
       this = TNodeLambdaMalloc(result)
       or
+      this = TNodeLambdaArgs(result)
+      or
       exists(DataFlowCall synthcall |
         this = TNodeLambdaArg(synthcall, _, _) and
         lambdaCreation(result, _, _, synthcall)
@@ -955,6 +961,8 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       or
       nodeDataFlowType(this.asLambdaMallocNode(), result)
       or
+      nodeDataFlowType(this.asLambdaArgsNode(), result)
+      or
       exists(
         DataFlowCall synthcall, ArgumentPosition apos, DataFlowCallable c, ParameterNode p,
         ParameterPosition ppos
@@ -1117,9 +1125,14 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
     }
 
     cached
-    predicate hiddenNode(Node n) {
-      // todo: add all lambda nodes here after end debugging
-      nodeIsHidden(n)
+    predicate hiddenNode(NodeEx n) {
+      nodeIsHidden(n.asNode()) or
+      n.isImplicitReadNode(_) or
+      exists(n.asLambdaInstancePostUpdateNode()) or
+      exists(n.asLambdaMallocNode()) or
+      exists(n.asLambdaArgsNode()) or
+      n.isLambdaArgNode(_, _, _) or
+      hiddenNode(any(NodeEx p | n.asParamReturnNode() = p.asNode()))
     }
 
     cached
@@ -1788,10 +1801,15 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       or
       //read step from malloc to args
       //lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c, DataFlowCall synthCall)
-      exists(DataFlowCall synthcall, LambdaCallKind k, ArgumentPosition apos |
-        lambdaCreation(node1.asLambdaMallocNode(), k, _, synthcall) and
-        node2.isLambdaArgNode(synthcall, apos, false) and
+      exists(Node lambda, DataFlowCall synthcall, LambdaCallKind k, ArgumentPosition apos |
+        lambdaCreation(lambda, k, _, synthcall) and
+        lambda = node1.asLambdaArgsNode() and
         c.getAReadContent() = getLambdaArgumentContent(k, apos)
+      |
+        node2.isLambdaArgNode(synthcall, apos, false)
+        or
+        node2.asLambdaMallocNode() = lambda and
+        node2.(ArgNodeEx).argumentOf(_, apos)
       )
     }
 
@@ -2030,12 +2048,13 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       } or
       TNodeLambdaInstancePostUpdate(ParameterNode pre) { isLambdaInstanceParameter(pre) } or
       TNodeLambdaMalloc(Node lambda) { lambdaCreation(lambda, _, _, _) } or
+      TNodeLambdaArgs(Node lambda) { lambdaCreation(lambda, _, _, _) } or
       TNodeLambdaArg(DataFlowCall synthcall, ArgumentPosition apos, Boolean ispost) {
         exists(DataFlowCallable c, ParameterNode p, ParameterPosition ppos |
           lambdaCreation(_, _, c, synthcall) and
           isParameterNode(p, c, ppos) and
-          not isLambdaInstanceParameter(p) and
           parameterMatch(ppos, apos) and
+          not isLambdaInstanceParameter(p) and
           exists(ispost)
         )
       }
@@ -2077,7 +2096,7 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
         model = ""
       )
       or
-      LambdaFlow::lambdaFlowsToPostUpdate(node2.asLambdaMallocNode(), node1.asNode()) and
+      LambdaFlow::lambdaFlowsToPostUpdate(node2.asLambdaArgsNode(), node1.asNode()) and
       model = ""
     }