CodeQL library for Java/Kotlin
codeql/java-all 9.1.1 (changelog, source)
Index
Search

Predicate signature InputSig::getSourceContextParameterNodeType

Gets a special type to use for parameter node p belonging to callables with a source node where a source call context FlowFeature is used, if any.

This can be used to prevent lambdas from being resolved, when a concrete call context is needed. Example:

void Foo(Action<string> a)
{
    var x = Source();
    a(x);              // (1)
    a = s => Sink(s);  // (2)
    a(x);              // (3)
}

void Bar()
{
    Foo(s => Sink(s)); // (4)
}

If a source call context flow feature is used, a can be assigned a special type that is incompatible with the type of any lambda expression, which will prevent the call edge from (1) to (4). Note that the call edge from (3) to (2) will still be valid.

signature DataFlowType getSourceContextParameterNodeType(Node p)