hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix review findings

Browse Source
This commit is contained in:
Tamas Vajk
2021-06-30 09:25:59 +02:00
parent 3b5856907f
commit 0946ae2ae9
4 changed files with 27 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll
View File

@@ -86,7 +86,7 @@ private import internal.FlowSummaryImplSpecific
private module Frameworks {
private import semmle.code.csharp.security.dataflow.flowsources.Local
private import semmle.code.csharp.security.dataflow.flowsinks.Html
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
private import semmle.code.csharp.frameworks.System
private import semmle.code.csharp.security.dataflow.XSS
}

16
csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
View File

@@ -23,7 +23,6 @@ private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
private import semmle.code.csharp.frameworks.EntityFramework
private import semmle.code.csharp.frameworks.JsonNET
private import FlowSummary
private import semmle.code.csharp.dataflow.ExternalFlow
private newtype TAccessPath =
TNilAccessPath() or
@@ -500,21 +499,6 @@ private module FrameworkDataFlowAdaptor {
}
}
/** Data flow for `System.Int32`. */
private class SystemInt32FlowModelCsv extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"System;Int32;false;Parse;;;Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;;;Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];Argument[1];taint",
"System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];Argument[3];taint"
]
}
}
/** Data flow for `System.Boolean`. */
class SystemBooleanFlow extends LibraryTypeDataFlow, SystemBooleanStruct {
override predicate callableFlow(

23
csharp/ql/src/semmle/code/csharp/frameworks/System.qll
View File

@@ -2,6 +2,7 @@
import csharp
private import system.Reflection
private import semmle.code.csharp.dataflow.ExternalFlow
/** The `System` namespace. */
class SystemNamespace extends Namespace {
@@ -200,6 +201,28 @@ class SystemInt32Struct extends IntType {
}
}
/** Data flow for `System.Int32`. */
private class SystemInt32FlowModelCsv extends SummaryModelCsv {
override predicate row(string row) {
row =
[
"System;Int32;false;Parse;(System.String);;Argument[0];ReturnValue;taint",
"System;Int32;false;Parse;(System.String,System.IFormatProvider);;Argument[0];ReturnValue;taint",
"System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles);;Argument[0];ReturnValue;taint",
"System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider);;Argument[0];ReturnValue;taint",
"System;Int32;false;Parse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider);;Element of Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];Argument[1];taint",
"System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];ReturnValue;taint",
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];Argument[3];taint"
]
}
}
/** The `System.InvalidCastException` class. */
class SystemInvalidCastExceptionClass extends SystemClass {
SystemInvalidCastExceptionClass() { this.hasName("InvalidCastException") }