Convert barrier to MaD

I confirmed that without the model a test fails.
2026-02-12 05:01:06 +01:00 · 2026-01-09 15:24:47 +00:00
parent 68b618176e
commit 130f8f148b
2 changed files with 6 additions and 10 deletions
--- a/csharp/ql/lib/ext/System.Web.model.yml
+++ b/csharp/ql/lib/ext/System.Web.model.yml
@@ -1,4 +1,10 @@
 extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: barrierModel
+    data:
+      # The RawUrl property is considered to be safe for URL redirects
+      - ["System.Web", "HttpRequest", False, "get_RawUrl", "()", "", "ReturnValue", "url-redirection", "manual"]
  - addsTo:
      pack: codeql/csharp-all
      extensible: sinkModel
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -189,16 +189,6 @@ class HostComparisonSanitizer extends Sanitizer {
  }
 }

-/**
- * A call to the getter of the RawUrl property, whose value is considered to be safe for URL
- * redirects.
- */
-class RawUrlSanitizer extends Sanitizer {
-  RawUrlSanitizer() {
-    this.getExpr() = any(SystemWebHttpRequestClass r).getRawUrlProperty().getGetter().getACall()
-  }
-}
-
 /**
 * A string concatenation expression, where the left hand side contains the character "?".
 *