Module PathProblem::CustomPathProblem

A module for creating custom path problem results in CodeQL, using an efficient forward-reverse search pattern under the hood.

Implement CustomPathProblemConfigSig to define the nodes and edges of your graph, as well as start and end predicates to indicate the types of things that should be considered problems when connected in the graph.

Then import this module, and select nodes for which problem(a, b) holds, and they will be traceable in the path problem results.

Example usage:

module MacroPathProblemConfig implements CustomPathProblemConfigSig {
  class Node extends Locatable {
    Node() { this instanceof Macro or this instanceof MacroInvocation }
  }

  predicate start(Node n) {
    // Start at root macro invocations
    n instanceof MacroInvocation and not exists(n.(MacroInvocation).getParentInvocation())
  }

  // Find calls to macros we don't like
  predicate end(Node n) { n instanceof Macro and isBad(n) }

  predicate edge(Node a, Node b) {
    // The root macro invocation is connected to its definition
    b = a.(MacroInvocation).getMacro()
    or
    exists(MacroInvocation inner, MacroInvocation next |
       // Connect inner macros to the macros that invoke them
       inner.getParentInvocation() = next() and
       a = inner.getMacro() and b = next.getMacro()
    )
  }
}

// Import query predicates that make path-problem work correctly
import CustomPathProblem<MacroPathProblemConfig>

from MacroInvocation start, Macro end
where problem(start, end) // find macro invocations that are connected to bad macros
select start, start, end, "Macro invocation eventually calls a macro we don't like: $@", end, end.getName()