Merge pull request #1109 from hvitved/csharp/conditional-bypass

calumgrant · web-flow · commit 0471471d46b0 · 2019-03-14T16:19:47.000Z
C#: Fix performance regression in `cs/user-controlled-bypass`
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/ConditionalBypass.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/ConditionalBypass.qll
@@ -57,11 +57,18 @@ module UserControlledBypassOfSensitiveMethod {
     }
   }
 
+  pragma[noinline]
+  private predicate conditionControlsCall0(
+    SensitiveExecutionMethodCall call, Expr e, ControlFlow::SuccessorTypes::BooleanSuccessor s
+  ) {
+    forex(BasicBlock bb | bb = call.getAControlFlowNode().getBasicBlock() | e.controlsBlock(bb, s))
+  }
+
   private predicate conditionControlsCall(
     SensitiveExecutionMethodCall call, SensitiveExecutionMethod def, Expr e, boolean cond
   ) {
     exists(ControlFlow::SuccessorTypes::BooleanSuccessor s | cond = s.getValue() |
-      e.controlsElement(call, s)
+      conditionControlsCall0(call, e, s)
     ) and
     def = call.getTarget()
   }

Original file line number	Diff line number	Diff line change
`@@ -57,11 +57,18 @@ module UserControlledBypassOfSensitiveMethod {`
`57`	`57`	`}`
`58`	`58`	`}`
`59`	`59`
	`60`	`+ pragma[noinline]`
	`61`	`+ private predicate conditionControlsCall0(`
	`62`	`+ SensitiveExecutionMethodCall call, Expr e, ControlFlow::SuccessorTypes::BooleanSuccessor s`
	`63`	`+ ) {`
	`64`	`+ forex(BasicBlock bb \| bb = call.getAControlFlowNode().getBasicBlock() \| e.controlsBlock(bb, s))`
	`65`	`+ }`
	`66`	`+`
`60`	`67`	`private predicate conditionControlsCall(`
`61`	`68`	`SensitiveExecutionMethodCall call, SensitiveExecutionMethod def, Expr e, boolean cond`
`62`	`69`	`) {`
`63`	`70`	`exists(ControlFlow::SuccessorTypes::BooleanSuccessor s \| cond = s.getValue() \|`
`64`		`- e.controlsElement(call, s)`
	`71`	`+ conditionControlsCall0(call, e, s)`
`65`	`72`	`) and`
`66`	`73`	`def = call.getTarget()`
`67`	`74`	`}`