hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-03 12:45:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19122 from tamasvajk/tamasvajk/blazor/parameter-passing-jumpnode

Browse Source 
C#: Blazor: Add non-local jump node for parameter passing
This commit is contained in:
Tamás Vajk
2025-03-28 16:03:54 +01:00
committed by GitHub
parent 43567664bf 42278eb6cf
commit 342d4a6982
18 changed files with 217 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Name.cs Normal file
View File

@@ -0,0 +1,22 @@
namespace VulnerableBlazorApp.Components
{
using Microsoft.AspNetCore.Components;
public partial class Name : Microsoft.AspNetCore.Components.ComponentBase
{
protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder)
{
if (TheName is not null)
{
builder.OpenElement(0, "div");
builder.OpenElement(1, "p");
builder.AddContent(2, (MarkupString)TheName);
builder.CloseElement();
builder.CloseElement();
}
}
[Parameter]
public string TheName { get; set; }
}
}

50
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList.cs Normal file
View File

@@ -0,0 +1,50 @@
namespace VulnerableBlazorApp.Components
{
using System.Collections.Generic;
using Microsoft.AspNetCore.Components;
[RouteAttribute("/names/{name?}")]
public partial class NameList : Microsoft.AspNetCore.Components.ComponentBase
{
protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder)
{
if (Names is not null)
{
builder.OpenElement(0, "div");
builder.OpenElement(1, "ul");
foreach (var name in Names)
{
builder.OpenElement(2, "li");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(3);
builder.AddComponentParameter(4, nameof(VulnerableBlazorApp.Components.Name.TheName), name);
builder.CloseComponent();
builder.CloseElement();
}
builder.CloseElement();
builder.CloseElement();
}
builder.OpenElement(5, "div");
builder.OpenElement(6, "p");
builder.AddContent(7, "Name: ");
builder.OpenComponent<VulnerableBlazorApp.Components.Name>(8);
builder.AddComponentParameter(9, nameof(VulnerableBlazorApp.Components.Name.TheName), Name);
builder.CloseComponent();
builder.CloseElement();
}
[Parameter]
public string Name { get; set; }
protected override void OnParametersSet()
{
if (Name is not null)
{
Names.Add(Name);
}
}
public List<string> Names { get; set; } = new List<string>();
}
}

12
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected Normal file
View File

@@ -0,0 +1,12 @@
edges
| NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 |
nodes
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam |
| Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName |
| NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String |
subpaths
#select
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value |
| Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value |

1
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref Normal file
View File

@@ -0,0 +1 @@
Security Features/CWE-079/XSS.ql

3
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected
View File

@@ -2,3 +2,6 @@
| Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter |
| Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external |
| Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external |
| NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter |
| NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter |