You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to determine whether a DataFlow::Node a globally flows into a DataFlow::Node b. This is typically done by defining a custom DataFlow::ConfigSig like this:
privatemodule MyConfig implements DataFlow::ConfigSig{predicateisSource(DataFlow::Noden){constrainSource(n)}predicateisSink(DataFlow::Noden){constrainSink(n)}}privatemodule MyFlow = DataFlow::Global<MyConfig>;
from DataFlow::Nodea, DataFlow::node b
where MyFlow::flow(a,b)select ...
The key point here is that the search space is constrained within isSource and isSink. This is what I do not want, instead I'd like to constrain the space within the query like so:
privatemodule MyConfig implements DataFlow::ConfigSig{predicateisSource(DataFlow::Noden){any()}predicateisSink(DataFlow::Noden){any()}}privatemodule AnyFlow = DataFlow::Global<MyConfig>;
from DataFlow::Nodea, DataFlow::node b
whereconstrainSource(a)andconstrainSink(b)and
AnyFlow::flow(a,b)select ...
In theory, both MyFlow and AnyFlow solve the same reachability problem over the same space. However, the second approach is prohibitively slow on real-sized applications (tested with CQL 2.22.1).
Please, is there a way to check flows only for nodes that are constrained in the where clause?
To provide more context, I'm writing a tool that identifies items that satisfy a set of (variable) constraints. Some constraints are structural and can be expressed with predicates (e.g., constrainSource/Sink in the example) but others are flow-related and must be handled with DataFlow::Global. I'm trying to define constraint primitives in an .qll library and then use those to generate the final query. I'd like the library to expose (and internally use) a "flowsTo" primitive, so that I can produce something like:
from DataFlow::Noden1, DataFlow::Noden2, DataFlow::Noden3wheresomeConstr(n1)andotherConstr(n2)and(yetAnotherConstr(n3)orthatConstr(n3))andflowsTo(n1,n3)andnotflowsTo(n1,n2)
I am looking for any working solution (e.g., transitively stepping the data-flow graph) that would allow me to factor out the flow logic into the library. I'm aware of that localFlowStep* trick, but I need to search globally. All help is greatly appreciated.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I am trying to determine whether a
DataFlow::Node aglobally flows into aDataFlow::Node b. This is typically done by defining a customDataFlow::ConfigSiglike this:The key point here is that the search space is constrained within
isSourceandisSink. This is what I do not want, instead I'd like to constrain the space within the query like so:In theory, both
MyFlowandAnyFlowsolve the same reachability problem over the same space. However, the second approach is prohibitively slow on real-sized applications (tested with CQL 2.22.1).Please, is there a way to check flows only for nodes that are constrained in the
whereclause?To provide more context, I'm writing a tool that identifies items that satisfy a set of (variable) constraints. Some constraints are structural and can be expressed with predicates (e.g.,
constrainSource/Sinkin the example) but others are flow-related and must be handled withDataFlow::Global. I'm trying to define constraint primitives in an .qll library and then use those to generate the final query. I'd like the library to expose (and internally use) a "flowsTo" primitive, so that I can produce something like:I am looking for any working solution (e.g., transitively stepping the data-flow graph) that would allow me to factor out the flow logic into the library. I'm aware of that
localFlowStep*trick, but I need to search globally. All help is greatly appreciated.Beta Was this translation helpful? Give feedback.
All reactions