hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 05:05:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Convert System.Console.Read* local flow source to CSV

Browse Source
This commit is contained in:
Tamas Vajk
2021-06-23 16:25:09 +02:00
parent 9606816c39
commit 45568d5b10
2 changed files with 16 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll
View File

@@ -84,7 +84,7 @@ private import internal.FlowSummaryImplSpecific
* ensuring that they are visible to the taint tracking / data flow library.
*/
private module Frameworks {
// TODO
private import semmle.code.csharp.security.dataflow.flowsources.Local
}
/**

23
csharp/ql/src/semmle/code/csharp/security/dataflow/flowsources/Local.qll
View File

@@ -4,6 +4,7 @@
import csharp
private import semmle.code.csharp.frameworks.system.windows.Forms
private import semmle.code.csharp.dataflow.ExternalFlow
/** A data flow source of local data. */
abstract class LocalFlowSource extends DataFlow::Node {
@@ -11,6 +12,12 @@ abstract class LocalFlowSource extends DataFlow::Node {
abstract string getSourceType();
}
private class ExternalLocalFlowSource extends LocalFlowSource {
ExternalLocalFlowSource() { sourceNode(this, "local") }
override string getSourceType() { result = "external" }
}
/** A data flow source of local user input. */
abstract class LocalUserInputSource extends LocalFlowSource { }
@@ -22,13 +29,13 @@ class TextFieldSource extends LocalUserInputSource {
}
/** A call to any `System.Console.Read*` method. */
class SystemConsoleReadSource extends LocalUserInputSource {
SystemConsoleReadSource() {
this.asExpr() =
any(MethodCall call |
call.getTarget().hasQualifiedName("System.Console", ["ReadLine", "Read", "ReadKey"])
)
private class SystemConsoleReadSourceModelCsv extends SourceModelCsv {
override predicate row(string row) {
row =
[
"System;Console;false;ReadLine;;;ReturnValue;local",
"System;Console;false;Read;;;ReturnValue;local",
"System;Console;false;ReadKey;;;ReturnValue;local"
]
}
override string getSourceType() { result = "System.Console input" }
}