Data flow: Prevent context-sensitive dispatch in source call contexts

Author: hvitved

csharp/ql/test/utils/modelgenerator/dataflow/CaptureContentSummaryModels.expected

@@ -1,3 +1,2 @@
 unexpectedModel
-| Unexpected contentbased-summary found: Models;HigherOrderParameters;false;Apply;(System.Func<System.Object,System.Object>,System.Object);;Argument[1];ReturnValue;value;dfc-generated |
 expectedModel

shared/dataflow/codeql/dataflow/internal/DataFlowImplCommon.qll

@@ -494,6 +494,10 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
         tgts = strictcount(Callable tgt | relevantCallEdgeIn(call, tgt)) and
         ctxtgts < tgts
       )
+      or
+      // If only a single lambda can reach `call`, we still want to check for the call
+      // context, since lambdas outside the codebase may reach as well
+      exists(viableCallableLambda(call, TCallSome(ctx)))
     }
 
     /**
@@ -739,7 +743,13 @@ module MakeImplCommon<LocationSig Location, InputSig<Location> Lang> {
       /** Holds if `call` does not have a reduced set of dispatch targets in call context `ctx`. */
       bindingset[call, ctx]
       predicate viableImplNotCallContextReduced(Call call, CallContext ctx) {
-        not Input2::callContextAffectsDispatch(call, ctx)
+        not Input2::callContextAffectsDispatch(call, ctx) and
+        // When sources have call contexts (using `FlowFeature`s), we check that `call` can
+        // dispatch in all possible call contexts
+        not (
+          ctx = TSomeCall() and
+          any(CallSet calls).asSome().contains(call)
+        )
       }
 
       /**