From 4d8b782695fdec2dc2058f6112a1bbebfb02d660 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 2 Apr 2026 10:56:09 +0100 Subject: [PATCH 1/2] Shared: Also expose dataflow stage 1's forward flow predicate. --- .../dataflow/internal/DataFlowImplStage1.qll | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index 426576d3acef..e9c92844fb7f 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -91,6 +91,10 @@ module MakeImplStage1 Lang> { class ApNil extends Ap; + predicate fwdFlow(Nd node); + + predicate fwdFlow(Nd node, Ap ap); + predicate revFlow(Nd node); predicate revFlow(Nd node, Ap ap); @@ -634,7 +638,7 @@ module MakeImplStage1 Lang> { ) } - private predicate fwdFlow(NodeEx node) { fwdFlow(node, _) } + predicate fwdFlow(NodeEx node) { fwdFlow(node, _) } pragma[nomagic] private predicate fwdFlowReadSet(ContentSet c, NodeEx node, Cc cc) { @@ -1291,6 +1295,13 @@ module MakeImplStage1 Lang> { import Stage1 import Stage1Common + predicate fwdFlow(Nd node) { Stage1::fwdFlow(node) } + + predicate fwdFlow(Nd node, Ap ap) { + Stage1::fwdFlow(node) and + exists(ap) + } + predicate revFlow(NodeEx node, Ap ap) { Stage1::revFlow(node) and exists(ap) } predicate toNormalSinkNode = toNormalSinkNodeEx/1; @@ -1395,6 +1406,10 @@ module MakeImplStage1 Lang> { import Stage1Common + predicate fwdFlow(Nd node) { Stage1::fwdFlow(node.getNodeEx()) } + + predicate fwdFlow(Nd node, Ap ap) { Stage1::fwdFlow(node.getNodeEx()) and exists(ap) } + predicate revFlow(Nd node) { Stage1::revFlow(node.getNodeEx()) } predicate revFlow(Nd node, Ap ap) { Stage1::revFlow(node.getNodeEx()) and exists(ap) } From e06294bcb4ccfbc0783c47a1a8c9f0f84578f2da Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Tue, 7 Apr 2026 11:11:04 +0100 Subject: [PATCH 2/2] Shared: Respond to review comments. --- .../codeql/dataflow/internal/DataFlowImplStage1.qll | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll index e9c92844fb7f..b7a45a67b567 100644 --- a/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll +++ b/shared/dataflow/codeql/dataflow/internal/DataFlowImplStage1.qll @@ -86,15 +86,13 @@ module MakeImplStage1 Lang> { bindingset[p, kind] predicate parameterFlowThroughAllowed(ParamNd p, ReturnKindExt kind); + predicate fwdFlow(Nd node); + // begin StageSig class Ap; class ApNil extends Ap; - predicate fwdFlow(Nd node); - - predicate fwdFlow(Nd node, Ap ap); - predicate revFlow(Nd node); predicate revFlow(Nd node, Ap ap); @@ -1297,11 +1295,6 @@ module MakeImplStage1 Lang> { predicate fwdFlow(Nd node) { Stage1::fwdFlow(node) } - predicate fwdFlow(Nd node, Ap ap) { - Stage1::fwdFlow(node) and - exists(ap) - } - predicate revFlow(NodeEx node, Ap ap) { Stage1::revFlow(node) and exists(ap) } predicate toNormalSinkNode = toNormalSinkNodeEx/1; @@ -1408,8 +1401,6 @@ module MakeImplStage1 Lang> { predicate fwdFlow(Nd node) { Stage1::fwdFlow(node.getNodeEx()) } - predicate fwdFlow(Nd node, Ap ap) { Stage1::fwdFlow(node.getNodeEx()) and exists(ap) } - predicate revFlow(Nd node) { Stage1::revFlow(node.getNodeEx()) } predicate revFlow(Nd node, Ap ap) { Stage1::revFlow(node.getNodeEx()) and exists(ap) }