hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-21 06:37:10 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5308 from tamasvajk/feature/flow-sources-sinks

Browse Source 
C#: Add Console.Read* to local flow sources
This commit is contained in:
Tamás Vajk
2021-04-23 16:36:16 +02:00
committed by GitHub
parent c3058f4744 1b4c3c7415
commit 482f4e2e6d
4 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/change-notes/2021-04-22-console-read-local-source.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* `System.Console.Read` methods have been added as data flow sources of local user input.

12
csharp/ql/src/semmle/code/csharp/security/dataflow/flowsources/Local.qll
View File

@@ -20,3 +20,15 @@ class TextFieldSource extends LocalUserInputSource {
override string getSourceType() { result = "TextBox text" }
}
/** A call to any `System.Console.Read*` method. */
class SystemConsoleReadSource extends LocalUserInputSource {
SystemConsoleReadSource() {
this.asExpr() =
any(MethodCall call |
call.getTarget().hasQualifiedName("System.Console", ["ReadLine", "Read", "ReadKey"])
)
}
override string getSourceType() { result = "System.Console input" }
}

13
csharp/ql/test/query-tests/Security Features/CWE-134/ConsoleUncontrolledFormatString.cs Normal file
View File

@@ -0,0 +1,13 @@
using System;
using System;
public class Program
{
public static void Main()
{
var format = Console.ReadLine();
// BAD: Uncontrolled format string.
var x = string.Format(format, 1, 2);
}
}

4
csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected
View File

@@ -1,8 +1,11 @@
edges
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format |
| UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:14:23:14:26 | access to local variable path |
| UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:17:46:17:49 | access to local variable path |
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format |
nodes
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | semmle.label | access to local variable format |
| UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | semmle.label | access to local variable path |
| UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | semmle.label | access to local variable path |
@@ -10,6 +13,7 @@ nodes
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format |
#select
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | $@ flows to here and is used as a format string. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | call to method ReadLine |
| UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:14:23:14:26 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | access to property QueryString |
| UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:17:46:17:49 | access to local variable path | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:11:23:11:45 | access to property QueryString | access to property QueryString |
| UncontrolledFormatString.cs:34:23:34:31 | access to property Text | UncontrolledFormatString.cs:34:23:34:31 | access to property Text | UncontrolledFormatString.cs:34:23:34:31 | access to property Text | $@ flows to here and is used as a format string. | UncontrolledFormatString.cs:34:23:34:31 | access to property Text | access to property Text |