mirror of
https://github.com/github/codeql.git
synced 2026-04-26 17:25:19 +02:00
C#: WIP: Add tuple data flow
This commit is contained in:
Tamas Vajk
@@ -1,5 +1,6 @@
|
||||
| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:53:18:53:19 | access to local variable t1 |
|
||||
| CSharp7.cs:57:11:57:19 | "tainted" | CSharp7.cs:58:18:58:19 | access to local variable t4 |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:18:92:28 | call to method I |
|
||||
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" |
|
||||
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:183:21:183:26 | call to local function g |
|
||||
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:184:21:184:26 | call to local function h |
|
||||
|
||||
@@ -34,33 +34,41 @@
|
||||
| CSharp7.cs:66:26:66:26 | 2 | CSharp7.cs:66:16:66:27 | (..., ...) |
|
||||
| CSharp7.cs:69:10:69:20 | this | CSharp7.cs:71:26:71:28 | this access |
|
||||
| CSharp7.cs:71:26:71:28 | [post] this access | CSharp7.cs:72:17:72:19 | this access |
|
||||
| CSharp7.cs:71:26:71:28 | call to method F | CSharp7.cs:71:9:71:22 | (..., ...) |
|
||||
| CSharp7.cs:71:26:71:28 | this access | CSharp7.cs:72:17:72:19 | this access |
|
||||
| CSharp7.cs:72:13:72:19 | SSA def(z) | CSharp7.cs:75:16:75:16 | access to local variable z |
|
||||
| CSharp7.cs:72:17:72:19 | [post] this access | CSharp7.cs:73:18:73:20 | this access |
|
||||
| CSharp7.cs:72:17:72:19 | call to method F | CSharp7.cs:72:13:72:19 | SSA def(z) |
|
||||
| CSharp7.cs:72:17:72:19 | this access | CSharp7.cs:73:18:73:20 | this access |
|
||||
| CSharp7.cs:73:18:73:20 | [post] this access | CSharp7.cs:74:13:74:15 | this access |
|
||||
| CSharp7.cs:73:18:73:20 | call to method F | CSharp7.cs:73:9:73:14 | (..., ...) |
|
||||
| CSharp7.cs:73:18:73:20 | this access | CSharp7.cs:74:13:74:15 | this access |
|
||||
| CSharp7.cs:74:13:74:15 | call to method F | CSharp7.cs:74:13:74:17 | access to field Item1 |
|
||||
| CSharp7.cs:75:16:75:16 | [post] access to local variable z | CSharp7.cs:77:39:77:39 | access to local variable z |
|
||||
| CSharp7.cs:75:16:75:16 | access to local variable z | CSharp7.cs:77:39:77:39 | access to local variable z |
|
||||
| CSharp7.cs:75:27:75:35 | (..., ...) | CSharp7.cs:75:9:75:23 | (..., ...) |
|
||||
| CSharp7.cs:75:28:75:28 | 1 | CSharp7.cs:75:27:75:35 | (..., ...) |
|
||||
| CSharp7.cs:75:31:75:31 | 2 | CSharp7.cs:75:27:75:35 | (..., ...) |
|
||||
| CSharp7.cs:75:34:75:34 | 3 | CSharp7.cs:75:27:75:35 | (..., ...) |
|
||||
| CSharp7.cs:76:9:76:32 | SSA def(x) | CSharp7.cs:79:27:79:27 | access to local variable x |
|
||||
| CSharp7.cs:76:18:76:32 | ... = ... | CSharp7.cs:76:9:76:14 | (..., ...) |
|
||||
| CSharp7.cs:76:27:76:32 | (..., ...) | CSharp7.cs:76:18:76:23 | (..., ...) |
|
||||
| CSharp7.cs:76:27:76:32 | (..., ...) | CSharp7.cs:76:18:76:32 | ... = ... |
|
||||
| CSharp7.cs:76:28:76:28 | 1 | CSharp7.cs:76:27:76:32 | (..., ...) |
|
||||
| CSharp7.cs:76:31:76:31 | 2 | CSharp7.cs:76:27:76:32 | (..., ...) |
|
||||
| CSharp7.cs:77:9:77:40 | SSA def(a) | CSharp7.cs:78:31:78:31 | access to local variable a |
|
||||
| CSharp7.cs:77:9:77:40 | SSA def(b) | CSharp7.cs:78:24:78:24 | access to local variable b |
|
||||
| CSharp7.cs:77:9:77:40 | SSA def(c) | CSharp7.cs:78:28:78:28 | access to local variable c |
|
||||
| CSharp7.cs:77:35:77:40 | (..., ...) | CSharp7.cs:77:9:77:31 | (..., ...) |
|
||||
| CSharp7.cs:77:36:77:36 | 1 | CSharp7.cs:77:9:77:40 | SSA def(a) |
|
||||
| CSharp7.cs:77:36:77:36 | 1 | CSharp7.cs:77:35:77:40 | (..., ...) |
|
||||
| CSharp7.cs:77:39:77:39 | access to local variable z | CSharp7.cs:77:35:77:40 | (..., ...) |
|
||||
| CSharp7.cs:78:23:78:33 | (..., ...) | CSharp7.cs:78:9:78:19 | (..., ...) |
|
||||
| CSharp7.cs:78:24:78:24 | access to local variable b | CSharp7.cs:78:23:78:33 | (..., ...) |
|
||||
| CSharp7.cs:78:27:78:32 | (..., ...) | CSharp7.cs:78:23:78:33 | (..., ...) |
|
||||
| CSharp7.cs:78:28:78:28 | access to local variable c | CSharp7.cs:78:27:78:32 | (..., ...) |
|
||||
| CSharp7.cs:78:31:78:31 | access to local variable a | CSharp7.cs:78:27:78:32 | (..., ...) |
|
||||
| CSharp7.cs:79:22:79:28 | (..., ...) | CSharp7.cs:79:9:79:18 | (..., ...) |
|
||||
| CSharp7.cs:79:23:79:24 | "" | CSharp7.cs:79:22:79:28 | (..., ...) |
|
||||
| CSharp7.cs:79:27:79:27 | access to local variable x | CSharp7.cs:79:22:79:28 | (..., ...) |
|
||||
| CSharp7.cs:82:21:82:21 | x | CSharp7.cs:84:20:84:20 | access to parameter x |
|
||||
@@ -74,6 +82,7 @@
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:89:18:89:34 | (..., ...) |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:89:18:89:34 | (..., ...) |
|
||||
| CSharp7.cs:90:9:90:29 | SSA def(t3) | CSharp7.cs:91:18:91:19 | access to local variable t3 |
|
||||
| CSharp7.cs:90:28:90:29 | access to local variable t1 | CSharp7.cs:90:9:90:24 | (..., ...) |
|
||||
| CSharp7.cs:90:28:90:29 | access to local variable t1 | CSharp7.cs:92:20:92:21 | access to local variable t1 |
|
||||
| CSharp7.cs:92:20:92:21 | access to local variable t1 | CSharp7.cs:92:20:92:27 | access to field Item1 |
|
||||
| CSharp7.cs:97:19:97:19 | 1 | CSharp7.cs:97:18:97:38 | (..., ...) |
|
||||
@@ -92,6 +101,7 @@
|
||||
| CSharp7.cs:104:45:104:45 | 1 | CSharp7.cs:104:22:104:46 | (..., ...) |
|
||||
| CSharp7.cs:109:9:109:46 | SSA def(m1) | CSharp7.cs:112:27:112:28 | access to local variable m1 |
|
||||
| CSharp7.cs:109:9:109:46 | SSA def(m2) | CSharp7.cs:112:31:112:32 | access to local variable m2 |
|
||||
| CSharp7.cs:109:28:109:46 | (..., ...) | CSharp7.cs:109:9:109:24 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:109:9:109:46 | SSA def(m1) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:109:28:109:46 | (..., ...) |
|
||||
| CSharp7.cs:109:40:109:45 | (..., ...) | CSharp7.cs:109:9:109:46 | SSA def(m2) |
|
||||
@@ -99,11 +109,14 @@
|
||||
| CSharp7.cs:109:41:109:41 | 0 | CSharp7.cs:109:40:109:45 | (..., ...) |
|
||||
| CSharp7.cs:109:44:109:44 | 1 | CSharp7.cs:109:40:109:45 | (..., ...) |
|
||||
| CSharp7.cs:112:9:112:33 | SSA def(m4) | CSharp7.cs:113:18:113:19 | access to local variable m4 |
|
||||
| CSharp7.cs:112:26:112:33 | (..., ...) | CSharp7.cs:112:9:112:22 | (..., ...) |
|
||||
| CSharp7.cs:112:27:112:28 | access to local variable m1 | CSharp7.cs:112:26:112:33 | (..., ...) |
|
||||
| CSharp7.cs:112:31:112:32 | access to local variable m2 | CSharp7.cs:112:26:112:33 | (..., ...) |
|
||||
| CSharp7.cs:114:9:114:67 | SSA def(m9) | CSharp7.cs:115:19:115:20 | access to local variable m9 |
|
||||
| CSharp7.cs:114:38:114:67 | ... = ... | CSharp7.cs:114:9:114:34 | (..., ...) |
|
||||
| CSharp7.cs:114:38:114:67 | SSA def(m2) | CSharp7.cs:118:9:118:10 | access to local variable m2 |
|
||||
| CSharp7.cs:114:38:114:67 | SSA qualifier def(m2.Item1) | CSharp7.cs:119:19:119:26 | access to field Item1 |
|
||||
| CSharp7.cs:114:49:114:67 | (..., ...) | CSharp7.cs:114:38:114:45 | (..., ...) |
|
||||
| CSharp7.cs:114:49:114:67 | (..., ...) | CSharp7.cs:114:38:114:67 | ... = ... |
|
||||
| CSharp7.cs:114:50:114:58 | "DefUse2" | CSharp7.cs:114:49:114:67 | (..., ...) |
|
||||
| CSharp7.cs:114:61:114:66 | (..., ...) | CSharp7.cs:114:38:114:67 | SSA def(m2) |
|
||||
@@ -186,9 +199,12 @@
|
||||
| CSharp7.cs:223:13:223:20 | [post] this access | CSharp7.cs:224:18:224:25 | this access |
|
||||
| CSharp7.cs:223:13:223:20 | this access | CSharp7.cs:224:18:224:25 | this access |
|
||||
| CSharp7.cs:224:18:224:25 | [post] this access | CSharp7.cs:225:22:225:29 | this access |
|
||||
| CSharp7.cs:224:18:224:25 | call to method f | CSharp7.cs:224:9:224:14 | (..., ...) |
|
||||
| CSharp7.cs:224:18:224:25 | this access | CSharp7.cs:225:22:225:29 | this access |
|
||||
| CSharp7.cs:225:22:225:29 | [post] this access | CSharp7.cs:226:22:226:33 | this access |
|
||||
| CSharp7.cs:225:22:225:29 | call to method f | CSharp7.cs:225:9:225:18 | (..., ...) |
|
||||
| CSharp7.cs:225:22:225:29 | this access | CSharp7.cs:226:22:226:33 | this access |
|
||||
| CSharp7.cs:226:22:226:33 | call to method f | CSharp7.cs:226:9:226:18 | (..., ...) |
|
||||
| CSharp7.cs:234:16:234:23 | SSA def(o) | CSharp7.cs:235:13:235:13 | access to local variable o |
|
||||
| CSharp7.cs:234:20:234:23 | null | CSharp7.cs:234:16:234:23 | SSA def(o) |
|
||||
| CSharp7.cs:235:13:235:13 | access to local variable o | CSharp7.cs:235:18:235:23 | SSA def(i1) |
|
||||
|
||||
@@ -1,12 +1,15 @@
|
||||
| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:41:9:41:21 | SSA def(x) |
|
||||
| CSharp7.cs:79:23:79:24 | "" | CSharp7.cs:79:9:79:18 | (..., ...) |
|
||||
| CSharp7.cs:79:23:79:24 | "" | CSharp7.cs:79:22:79:28 | (..., ...) |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:89:13:89:34 | SSA def(t1) |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:89:18:89:34 | (..., ...) |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:90:9:90:24 | (..., ...) |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:90:28:90:29 | access to local variable t1 |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:20:92:21 | access to local variable t1 |
|
||||
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:20:92:27 | access to field Item1 |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:89:13:89:34 | SSA def(t1) |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:89:18:89:34 | (..., ...) |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:90:9:90:24 | (..., ...) |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:90:28:90:29 | access to local variable t1 |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:92:20:92:21 | access to local variable t1 |
|
||||
| CSharp7.cs:89:30:89:33 | "X2" | CSharp7.cs:92:20:92:27 | access to field Item1 |
|
||||
@@ -18,10 +21,14 @@
|
||||
| CSharp7.cs:104:23:104:42 | "TupleMemberAccess2" | CSharp7.cs:104:18:104:47 | (..., ...) |
|
||||
| CSharp7.cs:104:23:104:42 | "TupleMemberAccess2" | CSharp7.cs:104:18:104:53 | access to field Item2 |
|
||||
| CSharp7.cs:104:23:104:42 | "TupleMemberAccess2" | CSharp7.cs:104:22:104:46 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:109:9:109:24 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:109:9:109:46 | SSA def(m1) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:109:28:109:46 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:112:9:112:22 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:112:26:112:33 | (..., ...) |
|
||||
| CSharp7.cs:109:29:109:37 | "DefUse1" | CSharp7.cs:112:27:112:28 | access to local variable m1 |
|
||||
| CSharp7.cs:114:50:114:58 | "DefUse2" | CSharp7.cs:114:9:114:34 | (..., ...) |
|
||||
| CSharp7.cs:114:50:114:58 | "DefUse2" | CSharp7.cs:114:38:114:45 | (..., ...) |
|
||||
| CSharp7.cs:114:50:114:58 | "DefUse2" | CSharp7.cs:114:38:114:67 | ... = ... |
|
||||
| CSharp7.cs:114:50:114:58 | "DefUse2" | CSharp7.cs:114:49:114:67 | (..., ...) |
|
||||
| CSharp7.cs:123:28:123:36 | "DefUse3" | CSharp7.cs:123:22:123:36 | ... = ... |
|
||||
|
||||
@@ -0,0 +1,31 @@
|
||||
| Tuples.cs:5:13:5:56 | SSA def(x) | Tuples.cs:6:27:6:27 | access to local variable x |
|
||||
| Tuples.cs:5:13:5:56 | SSA qualifier def(x.Item1) | Tuples.cs:21:14:21:20 | access to field Item1 |
|
||||
| Tuples.cs:5:13:5:56 | SSA qualifier def(x.Item2) | Tuples.cs:23:14:23:20 | access to field Item2 |
|
||||
| Tuples.cs:5:13:5:56 | SSA qualifier def(x.Item2.Item1) | Tuples.cs:23:14:23:26 | access to field Item1 |
|
||||
| Tuples.cs:5:13:5:56 | SSA qualifier def(x.Item2.Item2) | Tuples.cs:24:14:24:26 | access to field Item2 |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) | Tuples.cs:5:13:5:56 | SSA def(x) |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(a) | Tuples.cs:7:14:7:14 | access to local variable a |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(b) | Tuples.cs:8:14:8:14 | access to local variable b |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(c) | Tuples.cs:9:14:9:14 | access to local variable c |
|
||||
| Tuples.cs:6:27:6:27 | access to local variable x | Tuples.cs:6:9:6:23 | (..., ...) |
|
||||
| Tuples.cs:6:27:6:27 | access to local variable x | Tuples.cs:11:23:11:23 | access to local variable x |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(a) | Tuples.cs:12:14:12:14 | access to local variable a |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(b) | Tuples.cs:13:14:13:14 | access to local variable b |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(c) | Tuples.cs:14:14:14:14 | access to local variable c |
|
||||
| Tuples.cs:11:23:11:23 | access to local variable x | Tuples.cs:11:9:11:19 | (..., ...) |
|
||||
| Tuples.cs:11:23:11:23 | access to local variable x | Tuples.cs:16:26:16:26 | access to local variable x |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(p) | Tuples.cs:17:14:17:14 | access to local variable p |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(q) | Tuples.cs:18:14:18:14 | access to local variable q |
|
||||
| Tuples.cs:16:9:16:26 | SSA qualifier def(q.Item1) | Tuples.cs:18:14:18:20 | access to field Item1 |
|
||||
| Tuples.cs:16:9:16:26 | SSA qualifier def(q.Item2) | Tuples.cs:19:14:19:20 | access to field Item2 |
|
||||
| Tuples.cs:16:26:16:26 | access to local variable x | Tuples.cs:16:9:16:22 | (..., ...) |
|
||||
| Tuples.cs:16:26:16:26 | access to local variable x | Tuples.cs:21:14:21:14 | access to local variable x |
|
||||
| Tuples.cs:18:14:18:14 | access to local variable q | Tuples.cs:19:14:19:14 | access to local variable q |
|
||||
| Tuples.cs:21:14:21:14 | [post] access to local variable x | Tuples.cs:22:14:22:14 | access to local variable x |
|
||||
| Tuples.cs:21:14:21:14 | access to local variable x | Tuples.cs:22:14:22:14 | access to local variable x |
|
||||
| Tuples.cs:21:14:21:20 | [post] access to field Item1 | Tuples.cs:22:14:22:16 | access to field Item1 |
|
||||
| Tuples.cs:21:14:21:20 | access to field Item1 | Tuples.cs:22:14:22:16 | access to field Item1 |
|
||||
| Tuples.cs:22:14:22:14 | [post] access to local variable x | Tuples.cs:23:14:23:14 | access to local variable x |
|
||||
| Tuples.cs:22:14:22:14 | access to local variable x | Tuples.cs:23:14:23:14 | access to local variable x |
|
||||
| Tuples.cs:23:14:23:14 | access to local variable x | Tuples.cs:24:14:24:14 | access to local variable x |
|
||||
| Tuples.cs:23:14:23:20 | access to field Item2 | Tuples.cs:24:14:24:20 | access to field Item2 |
|
||||
@@ -0,0 +1,5 @@
|
||||
import csharp
|
||||
|
||||
from DataFlow::Node pred, DataFlow::Node succ
|
||||
where DataFlow::localFlowStep(pred, succ)
|
||||
select pred, succ
|
||||
@@ -0,0 +1,91 @@
|
||||
Tuples.cs:
|
||||
# 1| [Class] Tuples
|
||||
# 3| 5: [Method] M1
|
||||
# 3| -1: [TypeMention] Void
|
||||
# 4| 4: [BlockStmt] {...}
|
||||
# 5| 0: [LocalVariableDeclStmt] ... ...;
|
||||
# 5| 0: [LocalVariableDeclAndInitExpr] (String,(Int32,String)) x = ...
|
||||
# 5| -1: [TypeMention] (string, (int, string))
|
||||
# 5| 0: [LocalVariableAccess] access to local variable x
|
||||
# 5| 1: [TupleExpr] (..., ...)
|
||||
# 5| 0: [StringLiteral] "taint source"
|
||||
# 5| 1: [TupleExpr] (..., ...)
|
||||
# 5| 0: [IntLiteral] 1
|
||||
# 5| 1: [StringLiteral] "taint source"
|
||||
# 6| 1: [ExprStmt] ...;
|
||||
# 6| 0: [AssignExpr] ... = ...
|
||||
# 6| 0: [TupleExpr] (..., ...)
|
||||
# 6| 0: [LocalVariableDeclExpr] String a
|
||||
# 6| 1: [TupleExpr] (..., ...)
|
||||
# 6| 0: [LocalVariableDeclExpr] Int32 b
|
||||
# 6| 1: [LocalVariableDeclExpr] String c
|
||||
# 6| 1: [LocalVariableAccess] access to local variable x
|
||||
# 7| 2: [ExprStmt] ...;
|
||||
# 7| 0: [MethodCall] call to method Sink
|
||||
# 7| 0: [LocalVariableAccess] access to local variable a
|
||||
# 8| 3: [ExprStmt] ...;
|
||||
# 8| 0: [MethodCall] call to method Sink
|
||||
# 8| 0: [LocalVariableAccess] access to local variable b
|
||||
# 9| 4: [ExprStmt] ...;
|
||||
# 9| 0: [MethodCall] call to method Sink
|
||||
# 9| 0: [LocalVariableAccess] access to local variable c
|
||||
# 11| 5: [ExprStmt] ...;
|
||||
# 11| 0: [AssignExpr] ... = ...
|
||||
# 11| 0: [TupleExpr] (..., ...)
|
||||
# 11| 0: [LocalVariableAccess] access to local variable a
|
||||
# 11| 1: [TupleExpr] (..., ...)
|
||||
# 11| 0: [LocalVariableAccess] access to local variable b
|
||||
# 11| 1: [LocalVariableAccess] access to local variable c
|
||||
# 11| 1: [LocalVariableAccess] access to local variable x
|
||||
# 12| 6: [ExprStmt] ...;
|
||||
# 12| 0: [MethodCall] call to method Sink
|
||||
# 12| 0: [LocalVariableAccess] access to local variable a
|
||||
# 13| 7: [ExprStmt] ...;
|
||||
# 13| 0: [MethodCall] call to method Sink
|
||||
# 13| 0: [LocalVariableAccess] access to local variable b
|
||||
# 14| 8: [ExprStmt] ...;
|
||||
# 14| 0: [MethodCall] call to method Sink
|
||||
# 14| 0: [LocalVariableAccess] access to local variable c
|
||||
# 16| 9: [ExprStmt] ...;
|
||||
# 16| 0: [AssignExpr] ... = ...
|
||||
# 16| 0: [TupleExpr] (..., ...)
|
||||
# 16| 0: [LocalVariableDeclExpr] String p
|
||||
# 16| 1: [LocalVariableDeclExpr] (Int32,String) q
|
||||
# 16| 1: [LocalVariableAccess] access to local variable x
|
||||
# 17| 10: [ExprStmt] ...;
|
||||
# 17| 0: [MethodCall] call to method Sink
|
||||
# 17| 0: [LocalVariableAccess] access to local variable p
|
||||
# 18| 11: [ExprStmt] ...;
|
||||
# 18| 0: [MethodCall] call to method Sink
|
||||
# 18| 0: [FieldAccess] access to field Item1
|
||||
# 18| -1: [LocalVariableAccess] access to local variable q
|
||||
# 19| 12: [ExprStmt] ...;
|
||||
# 19| 0: [MethodCall] call to method Sink
|
||||
# 19| 0: [FieldAccess] access to field Item2
|
||||
# 19| -1: [LocalVariableAccess] access to local variable q
|
||||
# 21| 13: [ExprStmt] ...;
|
||||
# 21| 0: [MethodCall] call to method Sink
|
||||
# 21| 0: [FieldAccess] access to field Item1
|
||||
# 21| -1: [LocalVariableAccess] access to local variable x
|
||||
# 22| 14: [ExprStmt] ...;
|
||||
# 22| 0: [MethodCall] call to method Sink
|
||||
# 22| 0: [FieldAccess] access to field Item1
|
||||
# 22| -1: [LocalVariableAccess] access to local variable x
|
||||
# 23| 15: [ExprStmt] ...;
|
||||
# 23| 0: [MethodCall] call to method Sink
|
||||
# 23| 0: [FieldAccess] access to field Item1
|
||||
# 23| -1: [FieldAccess] access to field Item2
|
||||
# 23| -1: [LocalVariableAccess] access to local variable x
|
||||
# 24| 16: [ExprStmt] ...;
|
||||
# 24| 0: [MethodCall] call to method Sink
|
||||
# 24| 0: [FieldAccess] access to field Item2
|
||||
# 24| -1: [FieldAccess] access to field Item2
|
||||
# 24| -1: [LocalVariableAccess] access to local variable x
|
||||
# 27| 6: [Method] Sink
|
||||
# 27| -1: [TypeMention] Void
|
||||
#-----| 1: (Type parameters)
|
||||
# 27| 0: [TypeParameter] T
|
||||
#-----| 2: (Parameters)
|
||||
# 27| 0: [Parameter] x
|
||||
# 27| -1: [TypeMention] T
|
||||
# 27| 4: [BlockStmt] {...}
|
||||
@@ -0,0 +1 @@
|
||||
semmle/code/csharp/PrintAst.ql
|
||||
28
csharp/ql/test/library-tests/dataflow/tuples/Tuples.cs
Normal file
28
csharp/ql/test/library-tests/dataflow/tuples/Tuples.cs
Normal file
@@ -0,0 +1,28 @@
|
||||
class Tuples
|
||||
{
|
||||
static void M1()
|
||||
{
|
||||
var x = (a: "taint source", (1, "taint source"));
|
||||
var (a, (b, c)) = x;
|
||||
Sink(a); // Tainted
|
||||
Sink(b);
|
||||
Sink(c); // Tainted
|
||||
|
||||
(a, (b, c)) = x;
|
||||
Sink(a); // Tainted
|
||||
Sink(b);
|
||||
Sink(c); // Tainted
|
||||
|
||||
(var p, var q) = x;
|
||||
Sink(p); // Tainted
|
||||
Sink(q.Item1);
|
||||
Sink(q.Item2); // Tainted
|
||||
|
||||
Sink(x.Item1); // Tainted
|
||||
Sink(x.a); // Tainted
|
||||
Sink(x.Item2.Item1);
|
||||
Sink(x.Item2.Item2); // Tainted
|
||||
}
|
||||
|
||||
static void Sink<T>(T x) { }
|
||||
}
|
||||
79
csharp/ql/test/library-tests/dataflow/tuples/Tuples.expected
Normal file
79
csharp/ql/test/library-tests/dataflow/tuples/Tuples.expected
Normal file
@@ -0,0 +1,79 @@
|
||||
edges
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | Tuples.cs:6:9:6:23 | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | Tuples.cs:11:9:11:19 | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | Tuples.cs:16:9:16:22 | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | Tuples.cs:21:14:21:14 | access to local variable x [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | Tuples.cs:22:14:22:14 | access to local variable x [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | Tuples.cs:5:37:5:55 | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | Tuples.cs:6:9:6:23 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | Tuples.cs:11:9:11:19 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | Tuples.cs:16:9:16:22 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | Tuples.cs:24:14:24:14 | access to local variable x [Item2, Item2] : String |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:5:37:5:55 | (..., ...) [Item2] : String | Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:5:37:5:55 | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item1] : String | Tuples.cs:6:9:6:27 | SSA def(a) : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item2, Item2] : String | Tuples.cs:6:9:6:23 | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item2] : String | Tuples.cs:6:9:6:23 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item2] : String | Tuples.cs:6:9:6:27 | SSA def(c) : String |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(a) : String | Tuples.cs:7:14:7:14 | access to local variable a |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(c) : String | Tuples.cs:9:14:9:14 | access to local variable c |
|
||||
| Tuples.cs:11:9:11:19 | (..., ...) [Item1] : String | Tuples.cs:11:9:11:23 | SSA def(a) : String |
|
||||
| Tuples.cs:11:9:11:19 | (..., ...) [Item2, Item2] : String | Tuples.cs:11:13:11:18 | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(a) : String | Tuples.cs:12:14:12:14 | access to local variable a |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(c) : String | Tuples.cs:14:14:14:14 | access to local variable c |
|
||||
| Tuples.cs:11:13:11:18 | (..., ...) [Item2] : String | Tuples.cs:11:9:11:19 | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:11:13:11:18 | (..., ...) [Item2] : String | Tuples.cs:11:9:11:23 | SSA def(c) : String |
|
||||
| Tuples.cs:16:9:16:22 | (..., ...) [Item1] : String | Tuples.cs:16:9:16:26 | SSA def(p) : String |
|
||||
| Tuples.cs:16:9:16:22 | (..., ...) [Item2, Item2] : String | Tuples.cs:16:9:16:26 | SSA def(q) [Item2] : String |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(p) : String | Tuples.cs:17:14:17:14 | access to local variable p |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(q) [Item2] : String | Tuples.cs:19:14:19:14 | access to local variable q [Item2] : String |
|
||||
| Tuples.cs:19:14:19:14 | access to local variable q [Item2] : String | Tuples.cs:19:14:19:20 | access to field Item2 |
|
||||
| Tuples.cs:21:14:21:14 | access to local variable x [Item1] : String | Tuples.cs:21:14:21:20 | access to field Item1 |
|
||||
| Tuples.cs:22:14:22:14 | access to local variable x [Item1] : String | Tuples.cs:22:14:22:16 | access to field Item1 |
|
||||
| Tuples.cs:24:14:24:14 | access to local variable x [Item2, Item2] : String | Tuples.cs:24:14:24:20 | access to field Item2 [Item2] : String |
|
||||
| Tuples.cs:24:14:24:20 | access to field Item2 [Item2] : String | Tuples.cs:24:14:24:26 | access to field Item2 |
|
||||
nodes
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:5:17:5:56 | (..., ...) [Item2, Item2] : String | semmle.label | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | semmle.label | "taint source" : String |
|
||||
| Tuples.cs:5:37:5:55 | (..., ...) [Item2] : String | semmle.label | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | semmle.label | "taint source" : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item2, Item2] : String | semmle.label | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:6:9:6:23 | (..., ...) [Item2] : String | semmle.label | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(a) : String | semmle.label | SSA def(a) : String |
|
||||
| Tuples.cs:6:9:6:27 | SSA def(c) : String | semmle.label | SSA def(c) : String |
|
||||
| Tuples.cs:7:14:7:14 | access to local variable a | semmle.label | access to local variable a |
|
||||
| Tuples.cs:9:14:9:14 | access to local variable c | semmle.label | access to local variable c |
|
||||
| Tuples.cs:11:9:11:19 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:11:9:11:19 | (..., ...) [Item2, Item2] : String | semmle.label | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(a) : String | semmle.label | SSA def(a) : String |
|
||||
| Tuples.cs:11:9:11:23 | SSA def(c) : String | semmle.label | SSA def(c) : String |
|
||||
| Tuples.cs:11:13:11:18 | (..., ...) [Item2] : String | semmle.label | (..., ...) [Item2] : String |
|
||||
| Tuples.cs:12:14:12:14 | access to local variable a | semmle.label | access to local variable a |
|
||||
| Tuples.cs:14:14:14:14 | access to local variable c | semmle.label | access to local variable c |
|
||||
| Tuples.cs:16:9:16:22 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
|
||||
| Tuples.cs:16:9:16:22 | (..., ...) [Item2, Item2] : String | semmle.label | (..., ...) [Item2, Item2] : String |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(p) : String | semmle.label | SSA def(p) : String |
|
||||
| Tuples.cs:16:9:16:26 | SSA def(q) [Item2] : String | semmle.label | SSA def(q) [Item2] : String |
|
||||
| Tuples.cs:17:14:17:14 | access to local variable p | semmle.label | access to local variable p |
|
||||
| Tuples.cs:19:14:19:14 | access to local variable q [Item2] : String | semmle.label | access to local variable q [Item2] : String |
|
||||
| Tuples.cs:19:14:19:20 | access to field Item2 | semmle.label | access to field Item2 |
|
||||
| Tuples.cs:21:14:21:14 | access to local variable x [Item1] : String | semmle.label | access to local variable x [Item1] : String |
|
||||
| Tuples.cs:21:14:21:20 | access to field Item1 | semmle.label | access to field Item1 |
|
||||
| Tuples.cs:22:14:22:14 | access to local variable x [Item1] : String | semmle.label | access to local variable x [Item1] : String |
|
||||
| Tuples.cs:22:14:22:16 | access to field Item1 | semmle.label | access to field Item1 |
|
||||
| Tuples.cs:24:14:24:14 | access to local variable x [Item2, Item2] : String | semmle.label | access to local variable x [Item2, Item2] : String |
|
||||
| Tuples.cs:24:14:24:20 | access to field Item2 [Item2] : String | semmle.label | access to field Item2 [Item2] : String |
|
||||
| Tuples.cs:24:14:24:26 | access to field Item2 | semmle.label | access to field Item2 |
|
||||
#select
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:7:14:7:14 | access to local variable a | $@ | Tuples.cs:7:14:7:14 | access to local variable a | access to local variable a |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:12:14:12:14 | access to local variable a | $@ | Tuples.cs:12:14:12:14 | access to local variable a | access to local variable a |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:17:14:17:14 | access to local variable p | $@ | Tuples.cs:17:14:17:14 | access to local variable p | access to local variable p |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:21:14:21:20 | access to field Item1 | $@ | Tuples.cs:21:14:21:20 | access to field Item1 | access to field Item1 |
|
||||
| Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:5:21:5:34 | "taint source" : String | Tuples.cs:22:14:22:16 | access to field Item1 | $@ | Tuples.cs:22:14:22:16 | access to field Item1 | access to field Item1 |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:9:14:9:14 | access to local variable c | $@ | Tuples.cs:9:14:9:14 | access to local variable c | access to local variable c |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:14:14:14:14 | access to local variable c | $@ | Tuples.cs:14:14:14:14 | access to local variable c | access to local variable c |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:19:14:19:20 | access to field Item2 | $@ | Tuples.cs:19:14:19:20 | access to field Item2 | access to field Item2 |
|
||||
| Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:5:41:5:54 | "taint source" : String | Tuples.cs:24:14:24:26 | access to field Item2 | $@ | Tuples.cs:24:14:24:26 | access to field Item2 | access to field Item2 |
|
||||
25
csharp/ql/test/library-tests/dataflow/tuples/Tuples.ql
Normal file
25
csharp/ql/test/library-tests/dataflow/tuples/Tuples.ql
Normal file
@@ -0,0 +1,25 @@
|
||||
/**
|
||||
* @kind path-problem
|
||||
*/
|
||||
|
||||
import csharp
|
||||
import DataFlow::PathGraph
|
||||
|
||||
class Conf extends DataFlow::Configuration {
|
||||
Conf() { this = "TypesConf" }
|
||||
|
||||
override predicate isSource(DataFlow::Node src) {
|
||||
src.asExpr().(StringLiteral).getValue() = "taint source"
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodCall mc |
|
||||
mc.getTarget().hasName("Sink") and
|
||||
mc.getAnArgument() = sink.asExpr()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select source, source, sink, "$@", sink, sink.toString()
|
||||
Reference in New Issue
Block a user