minor bug fixes in queries for better readability

Lekssays · Lekssays · commit b66de84cb97c · 2026-03-10T12:30:22.000+03:00
diff --git a/src/tools/queries/double_free.scala b/src/tools/queries/double_free.scala
@@ -8,6 +8,14 @@
 
   val output = new StringBuilder()
 
+  // Helper: build path-boundary anchored regex from a filename
+  // e.g., "parser.c" -> "(^|.*/)parser\\.c$" so it matches "/path/to/parser.c"
+  // but NOT "/path/to/myparser.c"
+  def pathBoundaryRegex(f: String): String = {
+    val escaped = java.util.regex.Pattern.quote(f)
+    "(^|.*/)" + escaped + "$"
+  }
+
   /** Check if two line numbers are in mutually exclusive branches of the same IF.
     * Returns true if lineA is inside the THEN block and lineB inside ELSE (or vice versa),
     * meaning they cannot both execute in the same control flow path.
@@ -70,7 +78,8 @@
   val freeCalls = cpg.call.name("free|cfree|g_free|xmlFree|xsltFree.*").l
   
   val freeCallsFiltered = if (fileFilter.nonEmpty) {
-    freeCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+    val pattern = pathBoundaryRegex(fileFilter)
+    freeCalls.filter(_.file.name.headOption.exists(_.matches(pattern)))
   } else {
     freeCalls
   }
diff --git a/src/tools/queries/integer_overflow.scala b/src/tools/queries/integer_overflow.scala
@@ -8,6 +8,12 @@
 
   val output = new StringBuilder()
 
+  // Helper: build path-boundary anchored regex from a filename
+  def pathBoundaryRegex(f: String): String = {
+    val escaped = java.util.regex.Pattern.quote(f)
+    "(^|.*/)" + escaped + "$"
+  }
+
   output.append("Integer Overflow/Underflow Analysis\n")
   output.append("=" * 60 + "\n\n")
 
@@ -127,8 +133,10 @@
   // --- Analysis ---
 
   val allAllocCalls = cpg.call.name(allocPattern).l
+  val filePattern = if (fileFilter.nonEmpty) pathBoundaryRegex(fileFilter) else ""
+
   val allocCalls = if (fileFilter.nonEmpty) {
-    allAllocCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+    allAllocCalls.filter(_.file.name.headOption.exists(_.matches(filePattern)))
   } else {
     allAllocCalls
   }
@@ -248,7 +256,7 @@
     // Only flag high-risk arithmetic in array indices, with no bounds check nearby.
     val allIndexCalls = cpg.call.name("<operator>.indirectIndexAccess|<operator>.indexAccess").l
     val indexCalls = if (fileFilter.nonEmpty) {
-      allIndexCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+      allIndexCalls.filter(_.file.name.headOption.exists(_.matches(filePattern)))
     } else {
       allIndexCalls
     }
@@ -316,7 +324,7 @@
         }
 
       val arithSourcesFiltered = if (fileFilter.nonEmpty) {
-        arithSourceCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+        arithSourceCalls.filter(_.file.name.headOption.exists(_.matches(filePattern)))
       } else {
         arithSourceCalls
       }
@@ -395,7 +403,8 @@
         }
       }
     } catch {
-      case _: Exception => // Ignore dataflow engine errors gracefully
+      case e: Exception =>
+        output.append(s"  Note: Interprocedural arithmetic flow analysis encountered an error (${e.getClass.getSimpleName})\n")
     }
 
     // === Output results ===
diff --git a/src/tools/queries/null_pointer_deref.scala b/src/tools/queries/null_pointer_deref.scala
@@ -8,6 +8,12 @@
 
   val output = new StringBuilder()
 
+  // Helper: build path-boundary anchored regex from a filename
+  def pathBoundaryRegex(f: String): String = {
+    val escaped = java.util.regex.Pattern.quote(f)
+    "(^|.*/)" + escaped + "$"
+  }
+
   /** Check if two line numbers are in mutually exclusive branches of the same IF.
     * Returns true if lineA is inside the THEN block and lineB inside ELSE (or vice versa),
     * meaning they cannot both execute in the same control flow path.
@@ -80,7 +86,8 @@
   val allocCalls = cpg.call.name(allocFunctions).l
 
   val allocCallsFiltered = if (fileFilter.nonEmpty) {
-    allocCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+    val pattern = pathBoundaryRegex(fileFilter)
+    allocCalls.filter(_.file.name.headOption.exists(_.matches(pattern)))
   } else {
     allocCalls
   }
@@ -390,7 +397,8 @@
                     }
                   }
                 } catch {
-                  case _: Exception => // Ignore dataflow errors gracefully
+                  case e: Exception =>
+                    output.append(s"  Note: Interprocedural analysis skipped for $assignedPtr in $methodName() (${e.getClass.getSimpleName})\n")
                 }
               }
             }
diff --git a/src/tools/queries/program_slice.scala b/src/tools/queries/program_slice.scala
@@ -123,7 +123,7 @@
               sortedDeps.groupBy(_._2).foreach { case (file, deps) =>
                  output.append(s"  File: $file\n")
                  deps.sortBy(_._1).foreach { case (line, _, varName, code, deps) =>
-                   val lineInfo = if (line != -1) s"[$line]" else "[Local]"
+                   val lineInfo = if (line != -1) s"[$file:$line]" else "[Local]"
                    output.append(s"    $lineInfo $varName: $code\n")
                    if (deps.nonEmpty) output.append(s"      <- depends on: ${deps.mkString(", ")}\n")
                  }
@@ -227,7 +227,7 @@
                sortedProps.groupBy(_._2).foreach { case (file, props) =>
                  output.append(s"  File: $file\n")
                  props.sortBy(_._1).foreach { case (line, _, propType, varName, code) =>
-                   output.append(s"    [$line] $propType ($varName): $code\n")
+                   output.append(s"    [$file:$line] $propType ($varName): $code\n")
                  }
                }
             }
diff --git a/src/tools/queries/taint_flows.scala b/src/tools/queries/taint_flows.scala
@@ -173,49 +173,58 @@
         }
       }
     } else {
-      output.append(s"Found ${flows.size} taint flow(s):\n\n")
-      
-      flows.zipWithIndex.foreach { case (flow, idx) =>
-        output.append(s"--- Flow ${idx + 1} ---\n")
-        
+      // Deduplicate: track seen (source_file:line -> sink_file:line) pairs
+      val seen = mutable.Set[String]()
+
+      flows.foreach { flow =>
         val elements = flow.elements.l
         if (elements.nonEmpty) {
-          // Source (first element)
           val source = elements.head
+          val sink = elements.last
+
           val srcFile = source.file.name.headOption.getOrElse("?")
           val srcLine = source.lineNumber.getOrElse(-1)
-          val srcMethod = getMethodName(source)
-          output.append(s"Source: ${source.code}\n")
-          output.append(s"  Location: $srcFile:$srcLine in $srcMethod()\n")
-          
-          // Path elements (intermediate steps)
-          if (elements.size > 2) {
-            output.append(s"\nPath (${elements.size - 2} intermediate steps):\n")
-            elements.slice(1, elements.size - 1).take(15).foreach { elem =>
-              val elemFile = elem.file.name.headOption.getOrElse("?")
-              val elemLine = elem.lineNumber.getOrElse(-1)
-              val elemMethod = getMethodName(elem)
-              val codeSnippet = elem.code.take(60).replaceAll("\n", " ")
-              output.append(s"  [$elemFile:$elemLine] $codeSnippet\n")
-              output.append(s"           in $elemMethod()\n")
-            }
-            if (elements.size - 2 > 15) {
-              output.append(s"  ... and ${elements.size - 17} more steps\n")
-            }
-          }
-          
-          // Sink (last element)
-          val sink = elements.last
           val snkFile = sink.file.name.headOption.getOrElse("?")
           val snkLine = sink.lineNumber.getOrElse(-1)
-          val snkMethod = getMethodName(sink)
-          output.append(s"\nSink: ${sink.code}\n")
-          output.append(s"  Location: $snkFile:$snkLine in $snkMethod()\n")
-          
-          output.append(s"\nPath length: ${elements.size} nodes\n")
+
+          val key = s"$srcFile:$srcLine->$snkFile:$snkLine"
+          if (!seen.contains(key)) {
+            seen.add(key)
+
+            output.append(s"--- Flow ${seen.size} ---\n")
+
+            // Source (first element)
+            val srcMethod = getMethodName(source)
+            output.append(s"Source: ${source.code}\n")
+            output.append(s"  Location: $srcFile:$srcLine in $srcMethod()\n")
+
+            // Path elements (intermediate steps)
+            if (elements.size > 2) {
+              output.append(s"\nPath (${elements.size - 2} intermediate steps):\n")
+              elements.slice(1, elements.size - 1).take(15).foreach { elem =>
+                val elemFile = elem.file.name.headOption.getOrElse("?")
+                val elemLine = elem.lineNumber.getOrElse(-1)
+                val elemMethod = getMethodName(elem)
+                val codeSnippet = elem.code.take(60).replaceAll("\n", " ")
+                output.append(s"  [$elemFile:$elemLine] $codeSnippet\n")
+                output.append(s"           in $elemMethod()\n")
+              }
+              if (elements.size - 2 > 15) {
+                output.append(s"  ... and ${elements.size - 17} more steps\n")
+              }
+            }
+
+            // Sink (last element)
+            val snkMethod = getMethodName(sink)
+            output.append(s"\nSink: ${sink.code}\n")
+            output.append(s"  Location: $snkFile:$snkLine in $snkMethod()\n")
+
+            output.append(s"\nPath length: ${elements.size} nodes\n\n")
+          }
         }
-        output.append("\n")
       }
+
+      output.append(s"Summary: ${seen.size} unique flow(s)\n")
     }
   }
   
diff --git a/src/tools/queries/use_after_free.scala b/src/tools/queries/use_after_free.scala
@@ -8,6 +8,12 @@
 
   val output = new StringBuilder()
 
+  // Helper: build path-boundary anchored regex from a filename
+  def pathBoundaryRegex(f: String): String = {
+    val escaped = java.util.regex.Pattern.quote(f)
+    "(^|.*/)" + escaped + "$"
+  }
+
   /** Check if two line numbers are in mutually exclusive branches of the same IF.
     * Returns true if lineA is inside the THEN block and lineB inside ELSE (or vice versa),
     * meaning they cannot both execute in the same control flow path.
@@ -71,7 +77,8 @@
   val freeCalls = cpg.call.name("free|cfree|g_free|xmlFree|xsltFree.*").l
   
   val freeCallsFiltered = if (fileFilter.nonEmpty) {
-    freeCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) || f.endsWith(fileFilter)))
+    val pattern = pathBoundaryRegex(fileFilter)
+    freeCalls.filter(_.file.name.headOption.exists(_.matches(pattern)))
   } else {
     freeCalls
   }
@@ -263,7 +270,8 @@
                   }
                 }
               } catch {
-                case _: Exception => // Ignore dataflow errors
+                case e: Exception =>
+                  output.append(s"  Note: Interprocedural analysis skipped for $freedPtr in $methodName() (${e.getClass.getSimpleName})\n")
               }
             }
           }
diff --git a/src/tools/queries/variable_flow.scala b/src/tools/queries/variable_flow.scala
@@ -168,7 +168,7 @@
         // Deduplicate output
         val uniqueDeps = sortedDeps.distinct
         uniqueDeps.foreach { case (file, line, code, typeName) =>
-          sb.append(f"[$file:$line%4d] $code ($typeName)\n")
+          sb.append(s"[$file:$line] $code ($typeName)\n")
         }
       }
       

Original file line number	Diff line number	Diff line change
`@@ -8,6 +8,12 @@`
`8`	`8`
`9`	`9`	`val output = new StringBuilder()`
`10`	`10`
	`11`	`+ // Helper: build path-boundary anchored regex from a filename`
	`12`	`+ def pathBoundaryRegex(f: String): String = {`
	`13`	`+ val escaped = java.util.regex.Pattern.quote(f)`
	`14`	`+ "(^\|.*/)" + escaped + "$"`
	`15`	`+ }`
	`16`	`+`
`11`	`17`	`/** Check if two line numbers are in mutually exclusive branches of the same IF.`
`12`	`18`	`* Returns true if lineA is inside the THEN block and lineB inside ELSE (or vice versa),`
`13`	`19`	`* meaning they cannot both execute in the same control flow path.`
`@@ -80,7 +86,8 @@`
`80`	`86`	`val allocCalls = cpg.call.name(allocFunctions).l`
`81`	`87`
`82`	`88`	`val allocCallsFiltered = if (fileFilter.nonEmpty) {`
`83`		`- allocCalls.filter(_.file.name.headOption.exists(f => f.contains(fileFilter) \|\| f.endsWith(fileFilter)))`
	`89`	`+ val pattern = pathBoundaryRegex(fileFilter)`
	`90`	`+ allocCalls.filter(_.file.name.headOption.exists(_.matches(pattern)))`
`84`	`91`	`} else {`
`85`	`92`	`allocCalls`
`86`	`93`	`}`
`@@ -390,7 +397,8 @@`
`390`	`397`	`}`
`391`	`398`	`}`
`392`	`399`	`} catch {`
`393`		`- case _: Exception => // Ignore dataflow errors gracefully`
	`400`	`+ case e: Exception =>`
	`401`	`+ output.append(s" Note: Interprocedural analysis skipped for $assignedPtr in $methodName() (${e.getClass.getSimpleName})\n")`
`394`	`402`	`}`
`395`	`403`	`}`
`396`	`404`	`}`
Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@`
`123`	`123`	`sortedDeps.groupBy(_._2).foreach { case (file, deps) =>`
`124`	`124`	`output.append(s" File: $file\n")`
`125`	`125`	`deps.sortBy(_._1).foreach { case (line, _, varName, code, deps) =>`
`126`		`- val lineInfo = if (line != -1) s"[$line]" else "[Local]"`
	`126`	`+ val lineInfo = if (line != -1) s"[$file:$line]" else "[Local]"`
`127`	`127`	`output.append(s" $lineInfo $varName: $code\n")`
`128`	`128`	`if (deps.nonEmpty) output.append(s" <- depends on: ${deps.mkString(", ")}\n")`
`129`	`129`	`}`
`@@ -227,7 +227,7 @@`
`227`	`227`	`sortedProps.groupBy(_._2).foreach { case (file, props) =>`
`228`	`228`	`output.append(s" File: $file\n")`
`229`	`229`	`props.sortBy(_._1).foreach { case (line, _, propType, varName, code) =>`
`230`		`- output.append(s" [$line] $propType ($varName): $code\n")`
	`230`	`+ output.append(s" [$file:$line] $propType ($varName): $code\n")`
`231`	`231`	`}`
`232`	`232`	`}`
`233`	`233`	`}`
Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@`
`168`	`168`	`// Deduplicate output`
`169`	`169`	`val uniqueDeps = sortedDeps.distinct`
`170`	`170`	`uniqueDeps.foreach { case (file, line, code, typeName) =>`
`171`		`- sb.append(f"[$file:$line%4d] $code ($typeName)\n")`
	`171`	`+ sb.append(s"[$file:$line] $code ($typeName)\n")`
`172`	`172`	`}`
`173`	`173`	`}`
`174`	`174`