hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merging the scenarios.

Browse Source
This commit is contained in:
Raul Garcia
2019-03-14 10:57:22 -07:00
parent ad4873a0e7
commit 2521848322
4 changed files with 19 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -13,3 +13,7 @@
/.vs/ql/v15/Browse.VC.db
/.vs/ProjectSettings.json
/.vs/VSWorkspaceState.json
/.vs/ql_ICryptoTransformLmbda/v15/Browse.VC.opendb
/.vs/ql_ICryptoTransformLmbda/v15/Browse.VC.db
/.vs/ql_ICryptoTransformLmbda/v15/.suo

10
csharp/ql/src/Likely Bugs/ParallelSink.qll
View File

@@ -16,3 +16,13 @@ class LambdaParallelSink extends ParallelSink {
)
}
}
class ThreadStartParallelSink extends ParallelSink {
ThreadStartParallelSink() {
exists( DelegateCreation dc, Expr e |
e = this.asExpr() |
dc.getArgument() = e
and dc.getType().getName().matches("%Start")
)
}
}

28
csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql
View File

@@ -18,22 +18,6 @@ import semmle.code.csharp.dataflow.DataFlow
import ParallelSink
import ICryptoTransform
class NotThreadSafeCryptoUsageIntoStartingCallingConfig extends TaintTracking::Configuration {
NotThreadSafeCryptoUsageIntoStartingCallingConfig() { this = "NotThreadSafeCryptoUsageIntoStartingCallingConfig" }
override predicate isSource(DataFlow::Node source) {
source instanceof LambdaCapturingICryptoTransformSource
}
override predicate isSink(DataFlow::Node sink) {
exists( DelegateCreation dc, Expr e |
e = sink.asExpr() |
dc.getArgument() = e
and dc.getType().getName().matches("%Start")
)
}
}
class NotThreadSafeCryptoUsageIntoParallelInvokeConfig extends TaintTracking::Configuration {
NotThreadSafeCryptoUsageIntoParallelInvokeConfig() { this = "NotThreadSafeCryptoUsageIntoParallelInvokeConfig" }
@@ -46,14 +30,8 @@ class NotThreadSafeCryptoUsageIntoParallelInvokeConfig extends TaintTracking::Co
}
}
from Expr e, string m, LambdaExpr l
from Expr e, string m, LambdaExpr l, NotThreadSafeCryptoUsageIntoParallelInvokeConfig config
where
exists( NotThreadSafeCryptoUsageIntoParallelInvokeConfig config |
config.hasFlow(DataFlow::exprNode(l), DataFlow::exprNode(e))
and m = "A $@ seems to be used to start a new thread using System.Threading.Tasks.Parallel.Invoke, and is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type."
)
or exists ( NotThreadSafeCryptoUsageIntoStartingCallingConfig config |
config.hasFlow(DataFlow::exprNode(l), DataFlow::exprNode(e))
and m = "A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type."
)
config.hasFlow(DataFlow::exprNode(l), DataFlow::exprNode(e))
and m = "A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type."
select e, m, l, "lambda expression"

4
csharp/ql/test/query-tests/Likely Bugs/ThreadUnsafeICryptoTransformLambda/ThreadUnsafeICryptoTransformLambda.expected
View File

@@ -1,4 +1,4 @@
| ThreadUnsafeICryptoTransformLambda.cs:27:62:27:66 | access to local variable start | A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:17:24:23:9 | (...) => ... | lambda expression |
| ThreadUnsafeICryptoTransformLambda.cs:89:62:89:66 | access to local variable start | A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:81:24:87:9 | (...) => ... | lambda expression |
| ThreadUnsafeICryptoTransformLambda.cs:143:29:147:17 | (...) => ... | A $@ seems to be used to start a new thread using System.Threading.Tasks.Parallel.Invoke, and is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:143:29:147:17 | (...) => ... | lambda expression |
| ThreadUnsafeICryptoTransformLambda.cs:148:17:152:17 | (...) => ... | A $@ seems to be used to start a new thread using System.Threading.Tasks.Parallel.Invoke, and is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:148:17:152:17 | (...) => ... | lambda expression |
| ThreadUnsafeICryptoTransformLambda.cs:143:29:147:17 | (...) => ... | A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:143:29:147:17 | (...) => ... | lambda expression |
| ThreadUnsafeICryptoTransformLambda.cs:148:17:152:17 | (...) => ... | A $@ seems to be used to start a new thread is capturing a local variable that either implements 'System.Security.Cryptography.ICryptoTransform' or has a field of this type. | ThreadUnsafeICryptoTransformLambda.cs:148:17:152:17 | (...) => ... | lambda expression |