Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: Avoid higher-numbered dataflow configs that depend on lower-numbered ones #8748

Merged
merged 2 commits into from Apr 22, 2022
Merged

Java: Avoid higher-numbered dataflow configs that depend on lower-numbered ones #8748

merged 2 commits into from Apr 22, 2022

Conversation

smowton
Copy link
Contributor

@smowton smowton commented Apr 15, 2022

While trying to enumerate sinks as perceived by various queries, #8742 noticed that some of our qll files that define sinks can't be imported concurrently. This turned out to be because some QLLs defy the usual pattern that lower-numbered dataflow configs are defined in terms of higher ones, not the reverse. By flipping the dataflow instance numbers here, it becomes possible to import all of the java/ql/lib/semmle/code/java/security directory concurrently.

smowton added 2 commits Apr 15, 2022
@smowton
Add TaintTracking3
27d87e9
@smowton
Generally define lower-numbered data-flow configs in terms of higher-…
9050594 
…numbered ones

Since usually we have DataFlow3::Configurations that stand alone, DataFlow2::Configurations that depend on them, and finally DataFlow::Configurations that produce a top-level query result (for example), qll files where the reverse pattern holds will usually not be concurrently importable due to dataflow configuration recursion prevention.
@smowton smowton requested a review from as a code owner Apr 15, 2022
@github-actions github-actions bot added the Java label Apr 15, 2022
@smowton smowton added the no-change-note-required label Apr 15, 2022
@intrigus-lgtm
Copy link

@intrigus-lgtm intrigus-lgtm commented Apr 15, 2022

the usual pattern that lower-numbered dataflow configs are defined in terms of higher ones, not the reverse.

Is this documented somewhere or would it make sense to document this somewhere? (I did not know this pattern before)

@aschackmull
Copy link

@aschackmull aschackmull commented Apr 19, 2022

the usual pattern that lower-numbered dataflow configs are defined in terms of higher ones, not the reverse.

Is this documented somewhere or would it make sense to document this somewhere? (I did not know this pattern before)

It's not documented, and we don't intend to, as it will hopefully soon be a thing of the past.

@smowton smowton merged commit d309e15 into github:main Apr 22, 2022
18 of 21 checks passed
@smowton
Copy link
Author

@smowton smowton commented Apr 22, 2022

Ignored qldoc complaints since they (a) are shared with existing TaintTracking instances and (b) don't really matter, being requests for a file-level doc block in a file that declares one, documented, entity.

@erik-krogh erik-krogh mentioned this pull request Apr 22, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aschackmull aschackmull

Assignees
No one assigned
Labels
Java no-change-note-required
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@smowton @intrigus-lgtm @aschackmull