C#: Add some source/sink model generator test examples.

2026-05-05 13:45:19 +02:00 · 2024-06-11 09:23:30 +02:00
parent 197cdab43d
commit 031e44b157
3 changed files with 51 additions and 0 deletions
--- a/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
+++ b/csharp/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+      - [ "Sinks", "NewSinks", False, "Sink", "(System.Object)", "", "Argument[0]", "test-sink", "manual"]
--- a/csharp/ql/test/utils/modelgenerator/dataflow/Sinks.cs
+++ b/csharp/ql/test/utils/modelgenerator/dataflow/Sinks.cs
@@ -12,6 +12,10 @@ public class NewSinks
    public string TaintedProp { get; set; }
    public string PrivateSetTaintedProp { get; private set; }

+    // Sink defined in the extensible file next to the test.
+    // neutral=Sinks;NewSinks;Sink;(System.Object);summary;df-generated
+    public void Sink(object o) => throw null;
+
    // New sink
    // sink=Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html-injection;df-generated
    // neutral=Sinks;NewSinks;WrapResponseWrite;(System.Object);summary;df-generated
@@ -78,6 +82,15 @@ public class NewSinks
        var response = new HttpResponse();
        response.WriteFile(PrivateSetTaintedProp);
    }
+
+    // Not a new sink because a simple type is used in an intermediate step
+    // SPURIOUS-sink=Sinks;NewSinks;false;WrapResponseWriteFileSimpleType;(System.String);;Argument[0];test-sink;df-generated
+    // neutral=Sinks;NewSinks;WrapResponseWriteFileSimpleType;(System.String);summary;df-generated
+    public void WrapResponseWriteFileSimpleType(string s)
+    {
+        var r = s == "hello";
+        Sink(r);
+    }
 }

 public class CompoundSinks
--- a/csharp/ql/test/utils/modelgenerator/dataflow/Sources.cs
+++ b/csharp/ql/test/utils/modelgenerator/dataflow/Sources.cs
@@ -34,4 +34,36 @@ public class NewSources
    {
        return Console.ReadKey();
    }
+
+    // Not a new source because a simple type is used in an intermediate step
+    // SPURIOUS-source=Sources;NewSources;false;WrapConsoleReadLineGetBool;();;ReturnValue;local;df-generated
+    // neutral=Sources;NewSources;WrapConsoleReadLineGetBool;();summary;df-generated
+    public bool WrapConsoleReadLineGetBool()
+    {
+        var s = Console.ReadLine();
+        return s == "hello";
+    }
+
+    public class MyConsoleReader
+    {
+        // source=Sources;NewSources+MyConsoleReader;false;ToString;();;ReturnValue;local;df-generated
+        // neutral=Sources;NewSources+MyConsoleReader;ToString;();summary;df-generated
+        public override string ToString()
+        {
+            return Console.ReadLine();
+        }
+    }
+
+
+    public class MyContainer<T>
+    {
+        public T Value { get; set; }
+
+        // SPURIOUS-source=Sources;NewSources+MyContainer<T>;false;Read;();;ReturnValue;local;df-generated
+        // summary=Sources;NewSources+MyContainer<T>;false;Read;();;Argument[this];ReturnValue;taint;df-generated
+        public string Read()
+        {
+            return Value.ToString();
+        }
+    }
 }