hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12829 from michaelnebel/csharp/refactordataflow4

Browse Source 
C#: Re-factor tainttracking and dataflow configurations to use the new API.
This commit is contained in:
Michael Nebel
2023-04-19 08:32:36 +02:00
committed by GitHub
parent 62f5a5dcd5 e8e25b8e55
commit 1caca21552
20 changed files with 235 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
csharp/ql/test/library-tests/csharp7/GlobalFlow.ql
View File

@@ -3,20 +3,18 @@
*/
import csharp
import DataFlow::PathGraph
import GlobalFlow::PathGraph
class DataflowConfiguration extends DataFlow::Configuration {
DataflowConfiguration() { this = "data flow configuration" }
module GlobalFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source.asExpr().(Expr).getValue() = "tainted" }
override predicate isSource(DataFlow::Node source) {
source.asExpr().(Expr).getValue() = "tainted"
}
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(LocalVariable v | sink.asExpr() = v.getInitializer())
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
where conf.hasFlowPath(source, sink)
module GlobalFlow = DataFlow::Global<GlobalFlowConfig>;
from GlobalFlow::PathNode source, GlobalFlow::PathNode sink
where GlobalFlow::flowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()

16
csharp/ql/test/library-tests/dataflow/call-sensitivity/CallSensitivityFlow.ql
View File

@@ -3,14 +3,12 @@
*/
import csharp
import DataFlow::PathGraph
import CallSensitivity::PathGraph
class Conf extends DataFlow::Configuration {
Conf() { this = "CallSensitiveFlowConf" }
module CallSensitivityConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(MethodCall mc |
mc.getTarget().hasName("Sink") and
mc.getAnArgument() = sink.asExpr()
@@ -18,6 +16,8 @@ class Conf extends DataFlow::Configuration {
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
where conf.hasFlowPath(source, sink)
module CallSensitivity = DataFlow::Global<CallSensitivityConfig>;
from CallSensitivity::PathNode source, CallSensitivity::PathNode sink
where CallSensitivity::flowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()

18
csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.ql
View File

@@ -3,23 +3,23 @@
*/
import csharp
import DataFlow::PathGraph
import ArrayFlow::PathGraph
class Conf extends DataFlow::Configuration {
Conf() { this = "ArrayFlowConf" }
module ArrayFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(MethodCall mc |
mc.getTarget().hasUndecoratedName("Sink") and
mc.getAnArgument() = sink.asExpr()
)
}
override int fieldFlowBranchLimit() { result = 100 }
int fieldFlowBranchLimit() { result = 100 }
}
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
where conf.hasFlowPath(source, sink)
module ArrayFlow = DataFlow::Global<ArrayFlowConfig>;
from ArrayFlow::PathNode source, ArrayFlow::PathNode sink
where ArrayFlow::flowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()

16
csharp/ql/test/library-tests/dataflow/types/Types.ql
View File

@@ -3,17 +3,15 @@
*/
import csharp
import DataFlow::PathGraph
import Types::PathGraph
class Conf extends DataFlow::Configuration {
Conf() { this = "TypesConf" }
override predicate isSource(DataFlow::Node src) {
module TypesConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) {
src.asExpr() instanceof ObjectCreation or
src.asExpr() instanceof NullLiteral
}
override predicate isSink(DataFlow::Node sink) {
predicate isSink(DataFlow::Node sink) {
exists(MethodCall mc |
mc.getTarget().hasUndecoratedName("Sink") and
mc.getAnArgument() = sink.asExpr()
@@ -21,6 +19,8 @@ class Conf extends DataFlow::Configuration {
}
}
from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
where conf.hasFlowPath(source, sink)
module Types = DataFlow::Global<TypesConfig>;
from Types::PathNode source, Types::PathNode sink
where Types::flowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()