codeql-go icon indicating copy to clipboard operation
codeql-go copied to clipboard
verified publisher icon github

Switch to use-use dataflow

Open smowton opened this issue 5 years ago • 1 comments

This will make post-update nodes easy to implement.

Queries / tests that required changes:

  • The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow
  • The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer
  • The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.

smowton avatar Jan 21 '21 17:01 smowton

Performance results: mostly remarkable except for vitess, which takes 50% longer to run, and cockroach, which times out while computing varBlockReaches. Will review whether that predicate could be made less costly, and/or run this off against an alternative solution.

Many results were removed: mostly path-injection and command-injection, both of which use sanitisers, so my initial suspicion is caused by sanitisers propagating to subsequent uses.

smowton avatar Jan 22 '21 17:01 smowton