hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Component parameter passing step

Browse Source
This commit is contained in:
Ed Minnix
2025-03-05 00:01:08 -05:00
parent 795a2e1175
commit 48b90b28c7
1 changed files with 49 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll
View File

@@ -112,6 +112,16 @@ class MicrosoftAspNetCoreComponentsComponent extends Class {
}
}
/**
* The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` method.
*/
private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends Method {
MicrosoftAspNetCoreComponentsAddComponentParameterMethod() {
this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder",
"AddComponentParameter")
}
}
private module Sources {
private import semmle.code.csharp.security.dataflow.flowsources.Remote
@@ -133,3 +143,42 @@ private module Sources {
override string getSourceType() { result = "ASP.NET Core component route parameter" }
}
}
private module JumpNodes {
/**
* A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which
* sets the value of a parameter.
*/
private class ParameterPassingCall extends Call {
ParameterPassingCall() {
this.getTarget() instanceof MicrosoftAspNetCoreComponentsAddComponentParameterMethod
}
/**
* Gets the property whose value is being set.
*/
Property getParameterProperty() {
result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and
exists(NameOfExpr ne | ne = this.getArgument(1) |
result.getAnAccess() = ne.getAccess().(MemberAccess)
)
}
/**
* Gets the value being set.
*/
Expr getParameterValue() { result = this.getArgument(2) }
}
private class ComponentParameterJump extends DataFlow::NonLocalJumpNode {
ParameterPassingCall call;
ComponentParameterJump() { this.asExpr() = call.getParameterValue() }
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {
preservesValue = false and
result.asExpr() = call.getParameterProperty().getAnAccess()
}
}
}