hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 05:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #16637 from hvitved/csharp/xml-validation-perf

Browse Source 
C#: Improve performance of `MissingXMLValidation` query
This commit is contained in:
Tom Hvitved
2024-06-04 09:28:37 +02:00
committed by GitHub
parent e6dc36b2c4 48455ec3c9
commit 16e9cede3c
3 changed files with 5 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll
View File

@@ -136,7 +136,9 @@ private Expr getBitwiseOrOperand(Expr e) { result = e.(BitwiseOrExpr).getAnOpera
/** A creation of an instance of `System.Xml.XmlReaderSettings`. */
class XmlReaderSettingsCreation extends ObjectCreation {
XmlReaderSettingsCreation() { this.getType() instanceof SystemXmlXmlReaderSettingsClass }
private SystemXmlXmlReaderSettingsClass settings;
XmlReaderSettingsCreation() { settings = this.getType() }
/** Gets a value set on the `ValidationType` property, if any. */
SystemXmlValidationType getValidationType() {
@@ -152,7 +154,7 @@ class XmlReaderSettingsCreation extends ObjectCreation {
/** Gets a value set for the given property in this local context. */
private Expr getPropertyValue(Property p) {
p = this.getType().(RefType).getAProperty() and
p = settings.getAProperty() and
exists(PropertyCall set, Expr arg |
set.getTarget() = p.getSetter() and
DataFlow::localExprFlow(this, set.getQualifier()) and

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/MissingXMLValidationQuery.qll
View File

@@ -52,7 +52,7 @@ deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration
private module MissingXmlValidationConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isSink(DataFlow::Node sink) { exists(sink.(Sink).getReason()) }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}

4
csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected
View File

@@ -2,7 +2,6 @@ edges
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:11390 |
@@ -10,7 +9,6 @@ edges
| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1162 |
nodes
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
@@ -22,8 +20,6 @@ nodes
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
| MissingXMLValidation.cs:35:26:35:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
| MissingXMLValidation.cs:35:43:35:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
subpaths