System.IO files test

csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs

@@ -0,0 +1,84 @@
+using System.IO;
+
+namespace Test
+{
+    class Files
+    {
+        public static void ReadAllText(string path)
+        {
+            string text = File.ReadAllText(path);
+            Sink(text); // $ hasTaintFlow=line:9
+        }
+
+        public static void ReadAllLines(string path)
+        {
+            string[] lines = File.ReadAllLines(path);
+            Sink(lines); // $ hasTaintFlow=line:15
+        }
+
+        public static void ReadAllBytes(string path)
+        {
+            byte[] bytes = File.ReadAllBytes(path);
+            Sink(bytes); // $ hasTaintFlow=line:21
+        }
+
+        public static void ReadLines(string path)
+        {
+            foreach (string line in File.ReadLines(path))
+            {
+                Sink(line); // $ hasTaintFlow=line:27
+            }
+        }
+
+        public static void BuuferedRead(string path)
+        {
+            using (FileStream fs = new FileStream(path, FileMode.Open))
+            {
+                using (BufferedStream bs = new BufferedStream(fs))
+                {
+                    using (StreamReader sr = new StreamReader(bs))
+                    {
+                        string line;
+                        while ((line = sr.ReadLine()) != null)
+                        {
+                            Sink(line); // $ hasTaintFlow=line:35
+                        }
+                    }
+                }
+            }
+        }
+
+        public static void ReadBlocks(string path)
+        {
+            using (FileStream fs = File.OpenRead(path))
+            {
+                byte[] buffer = new byte[1024];
+                int bytesRead;
+                while ((bytesRead = fs.Read(buffer, 0, buffer.Length)) > 0)
+                {
+                    Sink(buffer[0]); // $ hasTaintFlow=line:53
+                }
+            }
+        }
+
+        public static async void ReadAllTextAsync(string path)
+        {
+            string text = await File.ReadAllTextAsync(path);
+            Sink(text); // $ hasTaintFlow=line:66
+
+            using (FileStream fs = File.Open(path, FileMode.Open))
+            {
+                using (StreamReader sr = new StreamReader(fs))
+                {
+                    string line;
+                    while ((line = await sr.ReadLineAsync()) != null)
+                    {
+                        Sink(line); // $ hasTaintFlow=line:69
+                    }
+                }
+            }
+        }
+
+        static void Sink(object o) { }
+    }
+}

csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ext.yml

@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: threatModelConfiguration
+    data:
+      - ["file", true, 0]

csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql

@@ -0,0 +1,12 @@
+import csharp
+import semmle.code.csharp.security.dataflow.flowsources.FlowSources
+import TestUtilities.InlineFlowTest
+import TaintFlowTest<FilesConfig>
+
+module FilesConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))
+  }
+}

csharp/ql/test/library-tests/dataflow/flowsources/stored/file/options

@@ -0,0 +1,3 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
+semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs