hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Make most module imports private.

Browse Source
This commit is contained in:
Michael Nebel
2022-03-24 10:47:22 +01:00
parent ad27a5a1a6
commit 1c7d764d54
6 changed files with 82 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
csharp/ql/src/utils/model-generator/internal/CaptureModels.qll
View File

@@ -3,14 +3,14 @@
* and sink models of the Standard or a 3rd party library.
*/
private import CaptureModelsSpecific
private import ModelGeneratorUtils
private import CaptureModelsSpecific
/**
* Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`).
*/
string captureQualifierFlow(TargetApi api) {
exists(ReturnNodeExt ret |
exists(DataFlowImplCommon::ReturnNodeExt ret |
api = returnNodeEnclosingCallable(ret) and
isOwnInstanceAccessNode(ret)
) and
@@ -47,7 +47,7 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
}
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
sink instanceof ReturnNodeExt and
sink instanceof DataFlowImplCommon::ReturnNodeExt and
not isOwnInstanceAccessNode(sink) and
not exists(captureQualifierFlow(sink.asExpr().getEnclosingCallable())) and
(state instanceof TaintRead or state instanceof TaintStore)
@@ -57,15 +57,15 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
DataFlow::FlowState state2
) {
exists(TypedContent tc |
store(node1, tc, node2, _) and
exists(DataFlowImplCommon::TypedContent tc |
DataFlowImplCommon::store(node1, tc, node2, _) and
isRelevantContent(tc.getContent()) and
(state1 instanceof TaintRead or state1 instanceof TaintStore) and
state2 instanceof TaintStore
)
or
exists(DataFlow::Content c |
readStep(node1, c, node2) and
DataFlowPrivate::readStep(node1, c, node2) and
isRelevantContent(c) and
state1 instanceof TaintRead and
state2 instanceof TaintRead
@@ -86,8 +86,8 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
*/
string captureThroughFlow(TargetApi api) {
exists(
ThroughFlowConfig config, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, string input,
string output
ThroughFlowConfig config, DataFlow::ParameterNode p,
DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input, string output
|
config.hasFlow(p, returnNodeExt) and
returnNodeExt.getEnclosingCallable() = api and
@@ -108,11 +108,11 @@ string captureThroughFlow(TargetApi api) {
private class FromSourceConfiguration extends TaintTracking::Configuration {
FromSourceConfiguration() { this = "FromSourceConfiguration" }
override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
override predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }
override predicate isSink(DataFlow::Node sink) {
exists(TargetApi c |
sink instanceof ReturnNodeExt and
sink instanceof DataFlowImplCommon::ReturnNodeExt and
sink.getEnclosingCallable() = c
)
}
@@ -132,7 +132,7 @@ private class FromSourceConfiguration extends TaintTracking::Configuration {
string captureSource(TargetApi api) {
exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
config.hasFlow(source, sink) and
sourceNode(source, kind) and
ExternalFlow::sourceNode(source, kind) and
api = sink.getEnclosingCallable() and
result = asSourceModel(api, returnNodeAsOutput(sink), kind)
)
@@ -148,7 +148,7 @@ string captureSource(TargetApi api) {
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
override predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }
override DataFlow::FlowFeature getAFeature() {
result instanceof DataFlow::FeatureHasSourceCallContext
@@ -161,7 +161,7 @@ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationS
string captureSink(TargetApi api) {
exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
config.hasFlow(src, sink) and
sinkNode(sink, kind) and
ExternalFlow::sinkNode(sink, kind) and
api = src.getEnclosingCallable() and
not kind = "logging" and
result = asSinkModel(api, asInputArgument(src), kind)

28
csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
View File

@@ -3,16 +3,18 @@
*/
import csharp
import semmle.code.csharp.dataflow.ExternalFlow
import semmle.code.csharp.dataflow.TaintTracking
import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
import semmle.code.csharp.dataflow.internal.DataFlowPrivate
import ModelGeneratorUtils
private import semmle.code.csharp.dataflow.ExternalFlow as Ef
private import semmle.code.csharp.dataflow.TaintTracking
private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as Dfic
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
private import ModelGeneratorUtils
/**
* Gets the enclosing callable of `ret`.
*/
Callable returnNodeEnclosingCallable(ReturnNodeExt ret) { result = getNodeEnclosingCallable(ret) }
Callable returnNodeEnclosingCallable(Dfic::ReturnNodeExt ret) {
result = Dfic::getNodeEnclosingCallable(ret)
}
/**
* Holds if `node` is an own instance access.
@@ -49,3 +51,17 @@ string asInputArgument(DataFlow::Node source) {
source.asExpr() instanceof FieldAccess and
result = qualifierString()
}
module DataFlowImplCommon {
predicate store = Dfic::store/4;
class ReturnNodeExt = Dfic::ReturnNodeExt;
class TypedContent = Dfic::TypedContent;
}
module ExternalFlow {
predicate sourceNode = Ef::sourceNode/2;
predicate sinkNode = Ef::sinkNode/2;
}

8
csharp/ql/src/utils/model-generator/internal/ModelGeneratorUtils.qll
View File

@@ -5,7 +5,7 @@ import ModelGeneratorUtilsSpecific
*/
predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
exists(DataFlow::Content f |
readStep(node1, f, node2) and
DataFlowPrivate::readStep(node1, f, node2) and
if f instanceof DataFlow::FieldContent
then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
else
@@ -14,7 +14,9 @@ predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
else any()
)
or
exists(DataFlow::Content f | storeStep(node1, f, node2) | containerContent(f))
exists(DataFlow::Content f | DataFlowPrivate::storeStep(node1, f, node2) |
DataFlowPrivate::containerContent(f)
)
}
/**
@@ -24,7 +26,7 @@ predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
predicate isRelevantContent(DataFlow::Content c) {
isRelevantType(c.(DataFlow::FieldContent).getField().getType()) or
isRelevantType(c.(DataFlow::SyntheticFieldContent).getField().getType()) or
containerContent(c)
DataFlowPrivate::containerContent(c)
}
/**

18
csharp/ql/src/utils/model-generator/internal/ModelGeneratorUtilsSpecific.qll
View File

@@ -1,6 +1,6 @@
import csharp
import semmle.code.csharp.dataflow.internal.DataFlowPrivate
private import semmle.code.csharp.commons.Util
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate as Dfp
private import semmle.code.csharp.commons.Util as Util
private import semmle.code.csharp.commons.Collections
private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon
private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
@@ -8,7 +8,7 @@ private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
/**
* Holds if it is relevant to generate models for `api`.
*/
predicate isRelevantForModels(Callable api) { not api instanceof MainMethod }
predicate isRelevantForModels(Callable api) { not api instanceof Util::MainMethod }
/**
* A class of callables that are relevant generating summary, source and sinks models for.
@@ -24,7 +24,7 @@ class TargetApi extends DataFlowCallable {
}
}
predicate asPartialModel = Csv::asPartialModel/1;
predicate asPartialModel = Dfp::Csv::asPartialModel/1;
/**
* Holds for type `t` for fields that are relevant as an intermediate
@@ -44,7 +44,7 @@ private string parameterAccess(Parameter p) {
string parameterNodeAsInput(DataFlow::ParameterNode p) {
result = parameterAccess(p.asParameter())
or
result = "Argument[Qualifier]" and p instanceof InstanceParameterNode
result = "Argument[Qualifier]" and p instanceof Dfp::InstanceParameterNode
}
pragma[nomagic]
@@ -66,3 +66,11 @@ string returnNodeAsOutput(ReturnNodeExt node) {
result = "Argument[Qualifier]"
)
}
module DataFlowPrivate {
predicate containerContent = Dfp::containerContent/1;
predicate readStep = Dfp::readStep/3;
predicate storeStep = Dfp::storeStep/3;
}

22
java/ql/src/utils/model-generator/internal/CaptureModels.qll
View File

@@ -10,7 +10,7 @@ private import ModelGeneratorUtils
* Gets the summary model of `api`, if it follows the `fluent` programming pattern (returns `this`).
*/
string captureQualifierFlow(TargetApi api) {
exists(ReturnNodeExt ret |
exists(DataFlowImplCommon::ReturnNodeExt ret |
api = returnNodeEnclosingCallable(ret) and
isOwnInstanceAccessNode(ret)
) and
@@ -47,7 +47,7 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
}
override predicate isSink(DataFlow::Node sink, DataFlow::FlowState state) {
sink instanceof ReturnNodeExt and
sink instanceof DataFlowImplCommon::ReturnNodeExt and
not isOwnInstanceAccessNode(sink) and
not exists(captureQualifierFlow(sink.asExpr().getEnclosingCallable())) and
(state instanceof TaintRead or state instanceof TaintStore)
@@ -57,8 +57,8 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
DataFlow::Node node1, DataFlow::FlowState state1, DataFlow::Node node2,
DataFlow::FlowState state2
) {
exists(TypedContent tc |
store(node1, tc, node2, _) and
exists(DataFlowImplCommon::TypedContent tc |
DataFlowImplCommon::store(node1, tc, node2, _) and
isRelevantContent(tc.getContent()) and
(state1 instanceof TaintRead or state1 instanceof TaintStore) and
state2 instanceof TaintStore
@@ -86,8 +86,8 @@ private class ThroughFlowConfig extends TaintTracking::Configuration {
*/
string captureThroughFlow(TargetApi api) {
exists(
ThroughFlowConfig config, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt, string input,
string output
ThroughFlowConfig config, DataFlow::ParameterNode p,
DataFlowImplCommon::ReturnNodeExt returnNodeExt, string input, string output
|
config.hasFlow(p, returnNodeExt) and
returnNodeExt.getEnclosingCallable() = api and
@@ -108,11 +108,11 @@ string captureThroughFlow(TargetApi api) {
private class FromSourceConfiguration extends TaintTracking::Configuration {
FromSourceConfiguration() { this = "FromSourceConfiguration" }
override predicate isSource(DataFlow::Node source) { sourceNode(source, _) }
override predicate isSource(DataFlow::Node source) { ExternalFlow::sourceNode(source, _) }
override predicate isSink(DataFlow::Node sink) {
exists(TargetApi c |
sink instanceof ReturnNodeExt and
sink instanceof DataFlowImplCommon::ReturnNodeExt and
sink.getEnclosingCallable() = c
)
}
@@ -132,7 +132,7 @@ private class FromSourceConfiguration extends TaintTracking::Configuration {
string captureSource(TargetApi api) {
exists(DataFlow::Node source, DataFlow::Node sink, FromSourceConfiguration config, string kind |
config.hasFlow(source, sink) and
sourceNode(source, kind) and
ExternalFlow::sourceNode(source, kind) and
api = sink.getEnclosingCallable() and
result = asSourceModel(api, returnNodeAsOutput(sink), kind)
)
@@ -148,7 +148,7 @@ string captureSource(TargetApi api) {
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
override predicate isSink(DataFlow::Node sink) { sinkNode(sink, _) }
override predicate isSink(DataFlow::Node sink) { ExternalFlow::sinkNode(sink, _) }
override DataFlow::FlowFeature getAFeature() {
result instanceof DataFlow::FeatureHasSourceCallContext
@@ -161,7 +161,7 @@ private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationS
string captureSink(TargetApi api) {
exists(DataFlow::Node src, DataFlow::Node sink, PropagateToSinkConfiguration config, string kind |
config.hasFlow(src, sink) and
sinkNode(sink, kind) and
ExternalFlow::sinkNode(sink, kind) and
api = src.getEnclosingCallable() and
not kind = "logging" and
result = asSinkModel(api, asInputArgument(src), kind)

22
java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll
View File

@@ -3,9 +3,9 @@
*/
import java
import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.dataflow.ExternalFlow as Ef
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.internal.DataFlowImplCommon
private import semmle.code.java.dataflow.internal.DataFlowImplCommon as Dfic
import semmle.code.java.dataflow.internal.DataFlowNodes
import semmle.code.java.dataflow.internal.DataFlowPrivate
import semmle.code.java.dataflow.InstanceAccess
@@ -14,8 +14,8 @@ import ModelGeneratorUtils
/**
* Gets the enclosing callable of `ret`.
*/
Callable returnNodeEnclosingCallable(ReturnNodeExt ret) {
result = getNodeEnclosingCallable(ret).asCallable()
Callable returnNodeEnclosingCallable(Dfic::ReturnNodeExt ret) {
result = Dfic::getNodeEnclosingCallable(ret).asCallable()
}
/**
@@ -60,3 +60,17 @@ string asInputArgument(DataFlow::Node source) {
source.asExpr() instanceof FieldAccess and
result = qualifierString()
}
module DataFlowImplCommon {
predicate store = Dfic::store/4;
class ReturnNodeExt = Dfic::ReturnNodeExt;
class TypedContent = Dfic::TypedContent;
}
module ExternalFlow {
predicate sourceNode = Ef::sourceNode/2;
predicate sinkNode = Ef::sinkNode/2;
}