hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Convert existing mapped-property classes to directly extend DatabaseInputSource

Browse Source
This commit is contained in:
Ed Minnix
2024-01-18 16:26:04 -05:00
parent 975327648c
commit 0ff12c07c7
3 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
View File

@@ -12,6 +12,7 @@ private import semmle.code.csharp.frameworks.Sql
private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public
private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate
private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored
/**
* Definitions relating to the `System.ComponentModel.DataAnnotations`
@@ -44,7 +45,7 @@ module EntityFramework {
}
/** A taint source where the data has come from a mapped property stored in the database. */
class StoredFlowSource extends DataFlow::Node {
class StoredFlowSource extends Stored::DatabaseInputSource {
StoredFlowSource() {
this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
}

3
csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
View File

@@ -6,6 +6,7 @@ import csharp
private import semmle.code.csharp.frameworks.System
private import semmle.code.csharp.frameworks.system.Collections
private import semmle.code.csharp.frameworks.Sql
private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored
/** Definitions relating to the `NHibernate` package. */
module NHibernate {
@@ -86,7 +87,7 @@ module NHibernate {
}
/** A taint source where the data has come from a mapped property stored in the database. */
class StoredFlowSource extends DataFlow::Node {
class StoredFlowSource extends Stored::DatabaseInputSource {
StoredFlowSource() {
this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
}

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
View File

@@ -60,7 +60,7 @@ class DbDataReaderPropertyStoredFlowSource extends DatabaseInputSource {
}
/** A read of a mapped property. */
class ORMMappedProperty extends DatabaseInputSource {
deprecated class ORMMappedProperty extends DataFlow::Node {
ORMMappedProperty() {
this instanceof EntityFramework::StoredFlowSource or
this instanceof NHibernate::StoredFlowSource