C#: Rank summaries and source code such that only one is used.

michaelnebel · michaelnebel · commit 9f611d79acf0 · 2022-05-22T15:14:19.000+02:00
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll
@@ -83,13 +83,26 @@ newtype TReturnKind =
     )
   }
 
+/**
+ * Holds if the summary for `c` should be used for dataflow analysis.
+ */
+predicate useFlowSummary(FlowSummary::SummarizedCallable c) {
+  not c.fromSource()
+  or
+  c.fromSource() and not c.isAutoGenerated()
+}
+
 private module Cached {
+  /**
+   * The following heuristic is used to rank when to use source code or when to use summaries for DataFlowCallables.
+   * 1. Use hand written summaries.
+   * 2. Use source code.
+   * 3. Use auto generated summaries.
+   */
   cached
   newtype TDataFlowCallable =
-    TDotNetCallable(DotNet::Callable c) {
-      c.isUnboundDeclaration() and not c instanceof FlowSummary::SummarizedCallable
-    } or
-    TSummarizedCallable(FlowSummary::SummarizedCallable c)
+    TDotNetCallable(DotNet::Callable c) { c.isUnboundDeclaration() and not useFlowSummary(c) } or
+    TSummarizedCallable(FlowSummary::SummarizedCallable c) { useFlowSummary(c) }
 
   cached
   newtype TDataFlowCall =
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -743,9 +743,11 @@ private module Cached {
       FlowSummaryImpl::Public::SummarizedCallable c,
       FlowSummaryImpl::Private::SummaryNodeState state
     ) {
+      useFlowSummary(c) and
       FlowSummaryImpl::Private::summaryNodeRange(c, state)
     } or
     TSummaryParameterNode(FlowSummaryImpl::Public::SummarizedCallable c, ParameterPosition pos) {
+      useFlowSummary(c) and
       FlowSummaryImpl::Private::summaryParameterNodeRange(c, pos)
     } or
     TParamsArgumentNode(ControlFlow::Node callCfn) {
