Skip to content
This repository was archived by the owner on Jan 5, 2023. It is now read-only.

Switch to use-use dataflow #460

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Switch to use-use dataflow #460

wants to merge 2 commits into from

Conversation

smowton
Copy link
Contributor

@smowton smowton commented Jan 21, 2021

This will make post-update nodes easy to implement.

Queries / tests that required changes:

  • The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow
  • The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer
  • The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.

@smowton
Switch to use-use dataflow. This will make post-update nodes easy to …
ae6fb8f 
…implement.

Queries / tests that required changes:
* The CleartextLogging and MissingErrorCheck queries are updated because they assumed def-use flow
* The CommandInjection query works around the shortcomings of use-use flow by essentially reintroducing def-use flow when it applies a sanitizer
* The OpenUrlRedirect query currently just accepts its fate; the tests are updated to avoid excess sanitization while the query comments on the problem. We should choose this approach or the CommandInjection one.
@smowton smowton requested a review from a team January 21, 2021 17:30
@smowton
Copy link
Contributor Author

smowton commented Jan 22, 2021

Performance results: mostly remarkable except for vitess, which takes 50% longer to run, and cockroach, which times out while computing varBlockReaches. Will review whether that predicate could be made less costly, and/or run this off against an alternative solution.

Many results were removed: mostly path-injection and command-injection, both of which use sanitisers, so my initial suspicion is caused by sanitisers propagating to subsequent uses.

@owen-mc owen-mc mentioned this pull request Nov 11, 2023
Draft
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@smowton