C#: Re-factor RequestForgery to use the new API.

2026-04-25 08:45:14 +02:00 · 2023-04-19 10:35:39 +02:00
parent b7e36b7dec
commit 1979a78f02
2 changed files with 40 additions and 4 deletions
--- a/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
+++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.ql
@@ -12,9 +12,9 @@

 import csharp
 import RequestForgery::RequestForgery
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import RequestForgeryFlow::PathGraph

-from RequestForgeryConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
+where RequestForgeryFlow::flowPath(source, sink)
 select sink.getNode(), source, sink, "The URL of this request depends on a $@.", source.getNode(),
  "user-provided value"
--- a/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
+++ b/csharp/ql/src/experimental/CWE-918/RequestForgery.qll
@@ -24,9 +24,11 @@ module RequestForgery {
  abstract private class Barrier extends DataFlow::Node { }

  /**
+   * DEPRECATED: Use `RequestForgeryFlow` instead.
+   *
   * A data flow configuration for detecting server side request forgery vulnerabilities.
   */
-  class RequestForgeryConfiguration extends DataFlow::Configuration {
+  deprecated class RequestForgeryConfiguration extends DataFlow::Configuration {
    RequestForgeryConfiguration() { this = "Server Side Request forgery" }

    override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -54,6 +56,40 @@ module RequestForgery {
    override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
  }

+  /**
+   * A data flow configuration for detecting server side request forgery vulnerabilities.
+   */
+  private module RequestForgeryFlowConfig implements DataFlow::ConfigSig {
+    predicate isSource(DataFlow::Node source) { source instanceof Source }
+
+    predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
+
+    predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
+      interpolatedStringFlowStep(prev, succ)
+      or
+      stringReplaceStep(prev, succ)
+      or
+      uriCreationStep(prev, succ)
+      or
+      formatConvertStep(prev, succ)
+      or
+      toStringStep(prev, succ)
+      or
+      stringConcatStep(prev, succ)
+      or
+      stringFormatStep(prev, succ)
+      or
+      pathCombineStep(prev, succ)
+    }
+
+    predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
+  }
+
+  /**
+   * A data flow module for detecting server side request forgery vulnerabilities.
+   */
+  module RequestForgeryFlow = DataFlow::Global<RequestForgeryFlowConfig>;
+
  /**
   * A remote data flow source taken as a source
   * for Server Side Request Forgery(SSRF) Vulnerabilities.