Merge pull request #7289 from michaelnebel/csharp-mad-as-csv

C#: Convert some of the existing flow summaries to CSV
2026-04-30 19:26:02 +02:00 · 2021-12-03 15:09:36 +01:00
parent 802faf1197 7ad52e1365
commit 4128f56aa9
4 changed files with 34 additions and 76 deletions
--- a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
@@ -499,82 +499,6 @@ private module FrameworkDataFlowAdaptor {
  }
 }

-/** Data flow for `System.Boolean`. */
-class SystemBooleanFlow extends LibraryTypeDataFlow, SystemBooleanStruct {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    this.methodFlow(source, sink, c) and
-    preservesValue = false
-  }
-
-  private predicate methodFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationMethod m
-  ) {
-    m = this.getParseMethod() and
-    (
-      source = TCallableFlowSourceArg(0) and
-      sink = TCallableFlowSinkReturn()
-    )
-    or
-    m = this.getTryParseMethod() and
-    (
-      source = TCallableFlowSourceArg(0) and
-      (
-        sink = TCallableFlowSinkReturn()
-        or
-        sink = TCallableFlowSinkArg(any(int i | m.getParameter(i).isOutOrRef()))
-      )
-    )
-  }
-}
-
-/** Data flow for `System.Uri`. */
-class SystemUriFlow extends LibraryTypeDataFlow, SystemUriClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      this.constructorFlow(source, sink, c)
-      or
-      this.methodFlow(source, sink, c)
-      or
-      exists(Property p |
-        this.propertyFlow(p) and
-        source = TCallableFlowSourceQualifier() and
-        sink = TCallableFlowSinkReturn() and
-        c = p.getGetter()
-      )
-    ) and
-    preservesValue = false
-  }
-
-  private predicate constructorFlow(CallableFlowSource source, CallableFlowSink sink, Constructor c) {
-    c = this.getAMember() and
-    c.getParameter(0).getType() instanceof StringType and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn()
-  }
-
-  private predicate methodFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationMethod m
-  ) {
-    m = this.getAMethod("ToString") and
-    source = TCallableFlowSourceQualifier() and
-    sink = TCallableFlowSinkReturn()
-  }
-
-  private predicate propertyFlow(Property p) {
-    p = this.getPathAndQueryProperty()
-    or
-    p = this.getQueryProperty()
-    or
-    p = this.getOriginalStringProperty()
-  }
-}
-
 /** Data flow for `System.IO.StringReader`. */
 class SystemIOStringReaderFlow extends LibraryTypeDataFlow, SystemIOStringReaderClass {
  override predicate callableFlow(
--- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll
+++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll
@@ -92,6 +92,20 @@ class SystemBooleanStruct extends BoolType {
  }
 }

+/** Data flow for `System.Boolean`. */
+private class SystemBooleanFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System;Boolean;false;Parse;(System.String);;Argument[0];ReturnValue;taint",
+        "System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];Argument[1];taint",
+        "System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];ReturnValue;taint",
+        "System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];Argument[1];taint",
+        "System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];ReturnValue;taint",
+      ]
+  }
+}
+
 /** The `System.Convert` class. */
 class SystemConvertClass extends SystemClass {
  SystemConvertClass() { this.hasName("Convert") }
@@ -539,6 +553,22 @@ class SystemUriClass extends SystemClass {
  }
 }

+/** Data flow for `System.Uri`. */
+private class SystemUriFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System;Uri;false;ToString;();;Argument[-1];ReturnValue;taint",
+        "System;Uri;false;Uri;(System.String);;Argument[0];ReturnValue;taint",
+        "System;Uri;false;Uri;(System.String,System.Boolean);;Argument[0];ReturnValue;taint",
+        "System;Uri;false;Uri;(System.String,System.UriKind);;Argument[0];ReturnValue;taint",
+        "System;Uri;false;get_OriginalString;();;Argument[-1];ReturnValue;taint",
+        "System;Uri;false;get_PathAndQuery;();;Argument[-1];ReturnValue;taint",
+        "System;Uri;false;get_Query;();;Argument[-1];ReturnValue;taint",
+      ]
+  }
+}
+
 /** The `System.ValueType` class. */
 class SystemValueTypeClass extends SystemClass {
  SystemValueTypeClass() { this.hasName("ValueType") }
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -2330,6 +2330,8 @@
 | System;Array;false;get_Item;(System.Int32);;Element of Argument[-1];ReturnValue;value |
 | System;Array;false;set_Item;(System.Int32,System.Object);;Argument[1];Element of Argument[-1];value |
 | System;Boolean;false;Parse;(System.String);;Argument[0];ReturnValue;taint |
+| System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];Argument[1];taint |
+| System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];ReturnValue;taint |
 | System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];Argument[1];taint |
 | System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];ReturnValue;taint |
 | System;Convert;false;ChangeType;(System.Object,System.Type);;Argument[0];ReturnValue;taint |
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
@@ -2004,6 +2004,8 @@
 | System;Array;false;get_Item;(System.Int32);;Element of Argument[-1];ReturnValue;value |
 | System;Array;false;set_Item;(System.Int32,System.Object);;Argument[1];Element of Argument[-1];value |
 | System;Boolean;false;Parse;(System.String);;Argument[0];ReturnValue;taint |
+| System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];Argument[1];taint |
+| System;Boolean;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Boolean);;Element of Argument[0];ReturnValue;taint |
 | System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];Argument[1];taint |
 | System;Boolean;false;TryParse;(System.String,System.Boolean);;Argument[0];ReturnValue;taint |
 | System;Convert;false;ChangeType;(System.Object,System.Type);;Argument[0];ReturnValue;taint |