Go: Adapt to changes in FlowSummaryImpl

hvitved · hvitved · commit f6d16218e35b · 2026-01-21T11:11:30.000+01:00
diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll
@@ -503,44 +503,23 @@ predicate barrierNode(DataFlow::Node node, string kind) { barrierNode(node, kind
 
 // adapter class for converting Mad summaries to `SummarizedCallable`s
 private class SummarizedCallableAdapter extends Public::SummarizedCallable {
-  SummarizedCallableAdapter() { summaryElement(this, _, _, _, _, _) }
+  string input_;
+  string output_;
+  string kind;
+  Public::Provenance p_;
+  string model_;
 
-  private predicate relevantSummaryElementManual(
-    string input, string output, string kind, string model
-  ) {
-    exists(Public::Provenance provenance |
-      summaryElement(this, input, output, kind, provenance, model) and
-      provenance.isManual()
-    )
-  }
-
-  private predicate relevantSummaryElementGenerated(
-    string input, string output, string kind, string model
-  ) {
-    exists(Public::Provenance provenance |
-      summaryElement(this, input, output, kind, provenance, model) and
-      provenance.isGenerated()
-    ) and
-    not exists(Public::Provenance provenance |
-      neutralElement(this, "summary", provenance) and
-      provenance.isManual()
-    )
-  }
+  SummarizedCallableAdapter() { summaryElement(this, input_, output_, kind, p_, model_) }
 
   override predicate propagatesFlow(
-    string input, string output, boolean preservesValue, string model
+    string input, string output, boolean preservesValue, Public::Provenance p, boolean isExact,
+    string model
   ) {
-    exists(string kind |
-      this.relevantSummaryElementManual(input, output, kind, model)
-      or
-      not this.relevantSummaryElementManual(_, _, _, _) and
-      this.relevantSummaryElementGenerated(input, output, kind, model)
-    |
-      if kind = "value" then preservesValue = true else preservesValue = false
-    )
-  }
-
-  override predicate hasProvenance(Public::Provenance provenance) {
-    summaryElement(this, _, _, _, provenance, _)
+    input = input_ and
+    output = output_ and
+    (if kind = "value" then preservesValue = true else preservesValue = false) and
+    p = p_ and
+    isExact = true and
+    model = model_
   }
 }
diff --git a/go/ql/lib/semmle/go/dataflow/FlowSummary.qll b/go/ql/lib/semmle/go/dataflow/FlowSummary.qll
@@ -18,6 +18,11 @@ deprecated class SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
 deprecated module SummaryComponentStack = Impl::Private::SummaryComponentStack;
 
-class SummarizedCallable = Impl::Public::SummarizedCallable;
+/** Provides the `Range` class used to define the extent of `SummarizedCallable`. */
+module SummarizedCallable {
+  class Range = Impl::Public::SummarizedCallable;
+}
+
+class SummarizedCallable = Impl::Public::RelevantSummarizedCallable;
 
 deprecated class RequiredSummaryComponentStack = Impl::Private::RequiredSummaryComponentStack;
diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
@@ -29,15 +29,16 @@ module Input implements InputSig<Location, DataFlowImplSpecific::GoDataFlow> {
 
   class SinkBase = Void;
 
+  predicate callableFromSource(SummarizedCallableBase c) { exists(c.getFuncDef()) }
+
   predicate neutralElement(
     Input::SummarizedCallableBase c, string kind, string provenance, boolean isExact
   ) {
     exists(string namespace, string type, string name, string signature |
       neutralModel(namespace, type, name, signature, kind, provenance) and
       c.asFunction() = interpretElement(namespace, type, false, name, signature, "").asEntity()
     ) and
-    // isExact is not needed for Go.
-    isExact = false
+    isExact = true
   }
 
   ArgumentPosition callbackSelfParameterPosition() { result = -1 }
diff --git a/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll b/go/ql/lib/semmle/go/frameworks/stdlib/NetHttp.qll
@@ -157,7 +157,7 @@ module NetHttp {
       |
         this = call.getASyntacticArgument() and
         callable = call.getACalleeIncludingExternals() and
-        callable.propagatesFlow(input, output, _, _)
+        callable.propagatesFlow(input, output, _, _, _, _)
       |
         // A modeled function conveying taint from some input to the response writer,
         // e.g. `io.Copy(responseWriter, someTaintedReader)`

Original file line number	Diff line number	Diff line change
`@@ -157,7 +157,7 @@ module NetHttp {`
`157`	`157`	`\|`
`158`	`158`	`this = call.getASyntacticArgument() and`
`159`	`159`	`callable = call.getACalleeIncludingExternals() and`
`160`		`- callable.propagatesFlow(input, output, _, _)`
	`160`	`+ callable.propagatesFlow(input, output, _, _, _, _)`
`161`	`161`	`\|`
`162`	`162`	`// A modeled function conveying taint from some input to the response writer,`
`163`	`163`	// e.g. `io.Copy(responseWriter, someTaintedReader)`