[RESOLVED] NVL() equivalent in codeql

[CaledoniaProject]

I'm trying to list all sources, along with it's argument:

from DataFlow::Node node, MethodAccess ma, Method me
where 
node instanceof RemoteFlowSource
and node.asExpr() = ma
and ma.getMethod() = me
select
ma.getFile() as file,
ma.getEnclosingCallable() as method,
ma,
ma.getAnArgument()

It works fine with getParameter() but not getInputStream(). getInputStream() does not have an argument and ma.getAnArgument() will filter it out in the result set.

How can I ask codeql to show the argument when available, and show "null" when not available? Similar to NVL() in SQL query.

[smowton]

A simple version:

import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources

from DataFlow::Node node, MethodAccess ma, Method me, string argument
where
node instanceof RemoteFlowSource
and node.asExpr() = ma
and ma.getMethod() = me
and if exists(ma.getAnArgument()) then argument = ma.getAnArgument().toString() else argument = "(no args)"
select
ma.getFile() as file,
ma.getEnclosingCallable() as method,
ma,
argument

The disadvantage is this just stringifies the arg and it can't be clicked to show the arg we're referring to.

A little better: use a placeholder, here the method access itself:

import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources

from DataFlow::Node node, MethodAccess ma, Method me, Expr argument
where
node instanceof RemoteFlowSource
and node.asExpr() = ma
and ma.getMethod() = me
and if exists(ma.getAnArgument()) then argument = ma.getAnArgument() else argument = ma
select
ma.getFile() as file,
ma.getEnclosingCallable() as method,
ma,
argument

This is pretty good, though it's not very principled as it's tricky for other QL to tell when the placeholder has been used and when it hasn't.

Finally here's a fully principled solution using newtype to introduce a fresh type with a value for every Argument plus an extra value indicating the absence of arguments:

import java
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.FlowSources

newtype TArgumentOpt =
  TNoArgs() or
  TArg(Argument a)

class ArgumentOpt extends TArgumentOpt {
  string toString() {
    exists(Argument a | this = TArg(a) | result = a.toString())
    or
    this = TNoArgs() and result = "(no args)"
  }

  Location getLocation() {
    exists(Argument a | this = TArg(a) | result = a.getLocation())
  }
}

ArgumentOpt getAnArgument(MethodAccess ma) {
  if exists(ma.getAnArgument()) then result = TArg(ma.getAnArgument()) else result = TNoArgs()
}

from DataFlow::Node node, MethodAccess ma, Method me
where
node instanceof RemoteFlowSource
and node.asExpr() = ma
and ma.getMethod() = me
select
ma.getFile() as file,
ma.getEnclosingCallable() as method,
ma,
getAnArgument(ma)

Note that getLocation is only defined for the TArg case of the TArgumentOpt type -- this is ok because the VSCode extension copes with rows without a getLocation value, still showing them but without a hotlink to the argument as it occurs in the user's source code.