codeql/csharp/ql/test/library-tests/dataflow/functionpointers/FunctionPointerFlow.ql at 0235df87582d56ff8b7f22824f89704a77340423 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
import csharp
import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
import semmle.code.csharp.dataflow.internal.DataFlowDispatch

query predicate fptrCall(FunctionPointerCall dc, Callable c) { c = dc.getARuntimeTarget() }

private class LocatableDataFlowCallOption extends CallOption {
  Location getLocation() {
    this = TCallNone() and
    result instanceof EmptyLocation
    or
    exists(DataFlowCall call |
      this = TCallSome(call) and
      result = call.getLocation()
    )
  }
}

private class LocatableDataFlowCall extends TDataFlowCall {
  LocatableDataFlowCall() {
    this.(ExplicitDelegateLikeDataFlowCall).getCall() instanceof FunctionPointerCall
  }

  string toString() { result = this.(DataFlowCall).toString() }

  Location getLocation() {
    exists(Location l |
      l = this.(DataFlowCall).getLocation() and
      if l instanceof SourceLocation then result = l else result instanceof EmptyLocation
    )
  }
}

query predicate fptrCallContext(
  LocatableDataFlowCall call, LocatableDataFlowCallOption lastCall, DataFlowCallable target
) {
  target = viableCallableLambda(call, lastCall)
}