C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates).

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/FlowSummary.qll

@@ -1,6 +1,7 @@
 /** Provides classes and predicates for defining flow summaries. */
 
 import csharp
+private import dotnet
 private import internal.FlowSummaryImpl as Impl
 private import internal.DataFlowDispatch as DataFlowDispatch
 
@@ -113,7 +114,41 @@ module SummaryComponentStack {
   SummaryComponentStack jump(Callable c) { result = singleton(SummaryComponent::jump(c)) }
 }
 
-class SummarizedCallable = Impl::Public::SummarizedCallable;
+abstract class SummarizedCallable extends DotNet::Callable {
+  /**
+   * Holds if data may flow from `input` to `output` through this callable.
+   *
+   * `preservesValue` indicates whether this is a value-preserving step
+   * or a taint-step.
+   *
+   * Input specifications are restricted to stacks that end with
+   * `SummaryComponent::argument(_)`, preceded by zero or more
+   * `SummaryComponent::return(_)` or `SummaryComponent::content(_)` components.
+   *
+   * Output specifications are restricted to stacks that end with
+   * `SummaryComponent::return(_)` or `SummaryComponent::argument(_)`.
+   *
+   * Output stacks ending with `SummaryComponent::return(_)` can be preceded by zero
+   * or more `SummaryComponent::content(_)` components.
+   *
+   * Output stacks ending with `SummaryComponent::argument(_)` can be preceded by an
+   * optional `SummaryComponent::parameter(_)` component, which in turn can be preceded
+   * by zero or more `SummaryComponent::content(_)` components.
+   */
+  pragma[nomagic]
+  predicate propagatesFlow(
+    SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
+  ) {
+    none()
+  }
+
+  /**
+   * Holds if values stored inside `content` are cleared on objects passed as
+   * arguments at position `pos` to this callable.
+   */
+  pragma[nomagic]
+  predicate clearsContent(ParameterPosition pos, DataFlow::ContentSet content) { none() }
+}
 
 private predicate recordConstructorFlow(Constructor c, int i, Property p) {
   c = any(RecordType r).getAMember() and
@@ -123,6 +158,22 @@ private predicate recordConstructorFlow(Constructor c, int i, Property p) {
   )
 }
 
+private class SummarizedCallableAdapter extends Impl::Public::SummarizedCallable {
+  private SummarizedCallable sc;
+
+  SummarizedCallableAdapter() { this = DataFlowDispatch::TSummarizedCallable(sc) }
+
+  final override predicate propagatesFlow(
+    SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
+  ) {
+    sc.propagatesFlow(input, output, preservesValue)
+  }
+
+  final override predicate clearsContent(ParameterPosition pos, DataFlow::ContentSet content) {
+    sc.clearsContent(pos, content)
+  }
+}
+
 private class RecordConstructorFlow extends SummarizedCallable {
   RecordConstructorFlow() { recordConstructorFlow(this, _, _) }
 

csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowDispatch.qll

@@ -247,8 +247,29 @@ class JumpReturnKind extends ReturnKind, TJumpReturnKind {
   override string toString() { result = "jump to " + target }
 }
 
-class DataFlowCallable extends DotNet::Callable {
-  DataFlowCallable() { this.isUnboundDeclaration() }
+/**
+ * A type for modeling dataflow callables.
+ */
+newtype TDataFlowCallable =
+  TDotNetCallable(DotNet::Callable c) { c.isUnboundDeclaration() } or
+  TSummarizedCallable(FlowSummary::SummarizedCallable c)
+
+class DataFlowCallable extends TDataFlowCallable {
+  /** Get the underlying source code callable, if any. */
+  Callable asCallable() { this = TDotNetCallable(result) }
+
+  /** Get the underlying summarized callable, if any. */
+  FlowSummary::SummarizedCallable asSummarizedCallable() { this = TSummarizedCallable(result) }
+
+  /** Gets a textual representation of this dataflow callable. */
+  string toString() {
+    result = [this.asCallable().toString(), this.asSummarizedCallable().toString()]
+  }
+
+  /** Get the location of this dataflow callable, if any. */
+  Location getLocation() {
+    result = this.asCallable().getLocation() or result = this.asSummarizedCallable().getLocation()
+  }
 }
 
 /** A call relevant for data flow. */