Dataflow: Deprecate BarrierGuard class #9618
Conversation
| abstract deprecated class BarrierGuard extends Node { | ||
| /** Holds if this guard validates `e` upon evaluating to `branch`. */ | ||
| abstract predicate checks(Expr e, boolean branch); | ||
|
|
||
| /** Gets a node guarded by this guard. */ | ||
| final Node getAGuardedNode() { | ||
| result = BarrierGuard<barrierGuardChecks/3>::getABarrierNodeForGuard(this) | ||
| } | ||
| } |
Check failure
Code scanning / CodeQL
Bidirectional imports for abstract classes
| */ | ||
| module BarrierGuard<guardChecksSig/3 guardChecks> { | ||
| /** Gets a node that is safely guarded by the given guard check. */ | ||
| ExprNode getABarrierNode() { |
There was a problem hiding this comment.
@yoff should this be ExprNode or CfgNode? It seems the only difference is that CfgNodes can also be patterns from a match statement. I simply don't know whether such patterns should be eligible for being the result of a guards check 🤔 Anyway, I was just a bit suspicious about this since we use ExprNode very little in our code, and thought it might just be a leftover from @aschackmull normally using that for Java.
codeql/python/ql/lib/semmle/python/dataflow/new/internal/DataFlowPublic.qll
Lines 267 to 268 in 02614e1
There was a problem hiding this comment.
Feel free to change it as a follow-up. I just kept the status quo in this case.
michaelnebel
left a comment
There was a problem hiding this comment.
C# Looks plausible to me!
8ae4c21
smowton
left a comment
There was a problem hiding this comment.
Directly resolved some ql-for-ql doc complaints; with that Go 👍
nickrolfe
left a comment
There was a problem hiding this comment.
The Ruby changes look good to me.
Are you running DCA comparisons?
ruby/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
Outdated
Show resolved
Hide resolved
I didn't plan to. |
csharp/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
Outdated
Show resolved
Hide resolved
java/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
Outdated
Show resolved
Hide resolved
python/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
Outdated
Show resolved
Hide resolved
ruby/ql/lib/change-notes/2022-06-21-barrierguard-deprecation.md
Outdated
Show resolved
Hide resolved
|
|
||
| /** A validation of unknown node by comparing with a constant string value. */ | ||
| class StringConstCompare extends DataFlow::BarrierGuard, CompareNode { | ||
| class StringConstCompareBarrier extends DataFlow::Node { |
There was a problem hiding this comment.
I wondered for a second whether this should be called StringConstCompareSanitizer, but I think using StringConstCompareBarrier is fine 👍 (and consistent with the new name in Ruby at least)
There was a problem hiding this comment.
Sounds like this is good to merge, then.
michaelnebel
left a comment
There was a problem hiding this comment.
C# Looks plausible to me!
| } | ||
|
|
||
| /** A bridge class to access the deprecated `isBarrierGuard`. */ | ||
| private class BarrierGuardGuardedNodeBridge extends Unit { |
There was a problem hiding this comment.
Neat trick for accessing a deprecated predicate without getting a deprecation warning.
Deprecates the BarrierGuard class for all languages using the shared data flow library, and replaces existing usage with the
BarrierGuardparameterised module.See initial Java implementation in #9294