more wip

Author: aschackmull

csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql

@@ -13,17 +13,19 @@ import csharp
 import Solorigate
 import experimental.code.csharp.Cryptography.NonCryptographicHashes
 
+ControlFlowNode loopExitNode(LoopStmt loop) { result.isAfter(loop) }
+
 from Variable v, Literal l, LoopStmt loop, Expr additional_xor
 where
   maybeUsedInFnvFunction(v, _, _, loop) and
   (
     exists(BitwiseXorExpr xor2 | xor2.getAnOperand() = l and additional_xor = xor2 |
-      loop.getAControlFlowExitNode().getASuccessor*() = xor2.getAControlFlowNode() and
+      loopExitNode(loop).getASuccessor*() = xor2.getAControlFlowNode() and
       xor2.getAnOperand() = v.getAnAccess()
     )
     or
     exists(AssignXorExpr xor2 | xor2.getAnOperand() = l and additional_xor = xor2 |
-      loop.getAControlFlowExitNode().getASuccessor*() = xor2.getAControlFlowNode() and
+      loopExitNode(loop).getASuccessor*() = xor2.getAControlFlowNode() and
       xor2.getAnOperand() = v.getAnAccess()
     )
   )

csharp/ql/consistency-queries/CfgConsistency.ql

@@ -1,5 +1,2 @@
 import csharp
-import semmle.code.csharp.controlflow.internal.Completion
-import ControlFlow
-import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl::Consistency
-import semmle.code.csharp.controlflow.internal.Splitting
+import ControlFlow::Consistency

csharp/ql/consistency-queries/DataFlowConsistency.ql

@@ -1,26 +1,11 @@
 import csharp
-private import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl as ControlFlowGraphImpl
 private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific
 private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific
 private import codeql.dataflow.internal.DataFlowImplConsistency
 
 private module Input implements InputSig<Location, CsharpDataFlow> {
   private import CsharpDataFlow
 
-  private predicate isStaticAssignable(Assignable a) { a.(Modifiable).isStatic() }
-
-  predicate uniqueEnclosingCallableExclude(Node node) {
-    // TODO: Remove once static initializers are folded into the
-    // static constructors
-    isStaticAssignable(ControlFlowGraphImpl::getNodeCfgScope(node.getControlFlowNode()))
-  }
-
-  predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) {
-    // TODO: Remove once static initializers are folded into the
-    // static constructors
-    isStaticAssignable(ControlFlowGraphImpl::getNodeCfgScope(call.getControlFlowNode()))
-  }
-
   predicate uniqueNodeLocationExclude(Node n) {
     // Methods with multiple implementations
     n instanceof ParameterNode
@@ -70,16 +55,6 @@ private module Input implements InputSig<Location, CsharpDataFlow> {
           init.getInitializer().getNumberOfChildren() > 1
         )
       or
-      exists(ControlFlowNodes::ElementNode cfn, ControlFlowNodes::Split split |
-        exists(arg.asExprAtNode(cfn))
-      |
-        split = cfn.getASplit() and
-        not split = call.getControlFlowNode().getASplit()
-        or
-        split = call.getControlFlowNode().getASplit() and
-        not split = cfn.getASplit()
-      )
-      or
       call.(NonDelegateDataFlowCall).getDispatchCall().isReflection()
     )
   }

csharp/ql/consistency-queries/VariableCaptureConsistency.ql

@@ -1,13 +1,6 @@
 import csharp
 import semmle.code.csharp.dataflow.internal.DataFlowPrivate::VariableCapture::Flow::ConsistencyChecks
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate::VariableCapture::Flow::ConsistencyChecks as ConsistencyChecks
-private import semmle.code.csharp.controlflow.BasicBlocks
-private import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl
-
-query predicate uniqueEnclosingCallable(BasicBlock bb, string msg) {
-  ConsistencyChecks::uniqueEnclosingCallable(bb, msg) and
-  getNodeCfgScope(bb.getFirstNode()) instanceof Callable
-}
 
 query predicate consistencyOverview(string msg, int n) { none() }
 

csharp/ql/lib/printCfg.ql

@@ -7,8 +7,7 @@
  * @tags ide-contextual-queries/print-cfg
  */
 
-private import semmle.code.csharp.controlflow.internal.ControlFlowGraphImpl
-private import semmle.code.csharp.controlflow.ControlFlowGraph2 as C2
+import csharp
 
 external string selectedSourceFile();
 
@@ -22,17 +21,15 @@ external int selectedSourceColumn();
 
 private predicate selectedSourceColumnAlias = selectedSourceColumn/0;
 
-module ViewCfgQueryInput implements ViewCfgQueryInputSig<File> {
-// module ViewCfgQueryInput implements C2::ControlFlow::ViewCfgQueryInputSig<File> {
+module ViewCfgQueryInput implements ControlFlow::ViewCfgQueryInputSig<File> {
   predicate selectedSourceFile = selectedSourceFileAlias/0;
 
   predicate selectedSourceLine = selectedSourceLineAlias/0;
 
   predicate selectedSourceColumn = selectedSourceColumnAlias/0;
 
   predicate cfgScopeSpan(
-    CfgScope scope, File file, int startLine, int startColumn, int endLine, int endColumn
-    // Callable scope, File file, int startLine, int startColumn, int endLine, int endColumn
+    Callable scope, File file, int startLine, int startColumn, int endLine, int endColumn
   ) {
     file = scope.getFile() and
     scope.getLocation().getStartLine() = startLine and
@@ -42,13 +39,21 @@ module ViewCfgQueryInput implements ViewCfgQueryInputSig<File> {
       loc.getEndColumn() = endColumn
     |
       loc = scope.(Callable).getBody().getLocation()
-      // or
-      // loc = scope.(Field).getInitializer().getLocation()
-      // or
-      // loc = scope.(Property).getInitializer().getLocation()
+      or
+      loc = any(AssignExpr init | scope.(ObjectInitMethod).initializes(init)).getLocation()
+      or
+      exists(AssignableMember a, Constructor ctor |
+        scope = ctor and
+        ctor.isStatic() and
+        a.isStatic() and
+        a.getDeclaringType() = ctor.getDeclaringType()
+      |
+        loc = a.(Field).getInitializer().getLocation()
+        or
+        loc = a.(Property).getInitializer().getLocation()
+      )
     )
   }
 }
 
-import ViewCfgQuery<File, ViewCfgQueryInput>
-// import C2::ControlFlow::ViewCfgQuery<File, ViewCfgQueryInput>
+import ControlFlow::ViewCfgQuery<File, ViewCfgQueryInput>

csharp/ql/lib/semmle/code/csharp/Caching.qll

@@ -7,23 +7,6 @@ private import csharp
  * in the same stage across different files.
  */
 module Stages {
-  cached
-  module ControlFlowStage {
-    private import semmle.code.csharp.controlflow.internal.Splitting
-
-    cached
-    predicate forceCachingInSameStage() { any() }
-
-    cached
-    private predicate forceCachingInSameStageRev() {
-      exists(Split s)
-      or
-      exists(ControlFlowNode n)
-      or
-      forceCachingInSameStageRev()
-    }
-  }
-
   cached
   module GuardsStage {
     private import semmle.code.csharp.controlflow.Guards