-
|
Hi, I am trying to determine whether a private module MyConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) {
constrainSource(n)
}
predicate isSink(DataFlow::Node n) {
constrainSink(n)
}
}
private module MyFlow = DataFlow::Global<MyConfig>;
from DataFlow::Node a, DataFlow::node b
where MyFlow::flow(a, b)
select ...The key point here is that the search space is constrained within private module MyConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) {
any()
}
predicate isSink(DataFlow::Node n) {
any()
}
}
private module AnyFlow = DataFlow::Global<MyConfig>;
from DataFlow::Node a, DataFlow::node b
where
constrainSource(a) and constrainSink(b) and
AnyFlow::flow(a, b)
select ...In theory, both Please, is there a way to check flows only for nodes that are constrained in the To provide more context, I'm writing a tool that identifies items that satisfy a set of (variable) constraints. Some constraints are structural and can be expressed with predicates (e.g., from DataFlow::Node n1, DataFlow::Node n2, DataFlow::Node n3
where
someConstr(n1) and
otherConstr(n2) and
(yetAnotherConstr(n3) or thatConstr(n3)) and
flowsTo(n1, n3) and not flowsTo(n1, n2)I am looking for any working solution (e.g., transitively stepping the data-flow graph) that would allow me to factor out the flow logic into the library. I'm aware of that |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
|
Hi 👋 Constraining sources and sinks inside a data flow/taint tracking config module is indeed crucial for performance. The data flow library works by performing a set of reachability calculations ("which nodes can be reached from a source", "which nodes that can be reached from a source can reach a sink") before computing the actual data flow graph. So the short answer is that using |
Beta Was this translation helpful? Give feedback.
Hi 👋
Constraining sources and sinks inside a data flow/taint tracking config module is indeed crucial for performance. The data flow library works by performing a set of reachability calculations ("which nodes can be reached from a source", "which nodes that can be reached from a source can reach a sink") before computing the actual data flow graph. So the short answer is that using
isSource() { any() }orisSink() { any() }will not be able to scale.