search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.67k stars 1.54k forks source link

Java Get Assignment Node In Dataflow Path #17745

Open KylerKatzUH opened 3 weeks ago

KylerKatzUH commented 3 weeks ago

Hello,

I am analyzing the dataflow paths for some of my queries and noticing some steps are being left out—specifically, the steps related to assignments. For example,

String value1 = "Hello";

String value2 = value1;

print(value2)

The dataflow path for this would be

value1 - from String value1 = "Hello"; value1 - from String value2 = value1; value2 from print(value2)

Is there a way to also have value2 from value1 - fromString value2 = value1;` inserted as step 3? So that it is

value1 - from String value1 = "Hello"; value1 - from String value2 = value1; value2 - from String value2 = value1; value2 from print(value2)

So that it is easier to follow the assignments? It's simple in this example, however, it can become confusing in more complex situations.

Thank you

smowton commented 3 weeks ago

Do you mean you want to see that included in the small steps seen by DataFlow::localFlowStep, or in the large steps seen by the VSCode / SARIF-exposed path? Big steps are defined so that for long paths the user isn't drowned in excessive detail.

If indeed you mean big steps, then you can use predicate neverSkip(Node node) of DataFlow::ConfigSig to specify that a particular node should always terminate a flow big-step.

If you mean small steps (DataFlow::localFlowStep) don't include a node for the assignment LHS, then adding these is a more difficult prospect -- it would mean rewriting DataFlow::basicLocalFlowStep and the definition of DataFlow::Node to rewrite how flow node graphs are generated and connected.

KylerKatzUH commented 3 weeks ago

Hi @smowton, Thank you for pointing these out I will look into them.