Merge pull request #21410 from MathiasVP/add-WebSocket-ReceiveAsync-model

C#: Add `System.Net.WebSockets.ReceiveAsync` as a remote flow source
2026-03-30 20:28:15 +02:00 · 2026-03-04 16:09:50 +00:00
parent 219ea28217 f8f8991d36
commit 5b30e945ef
5 changed files with 23 additions and 0 deletions
--- a/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md
+++ b/csharp/ql/lib/change-notes/2026-03-04-websocket-receiveasync.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added `System.Net.WebSockets::ReceiveAsync` as a remote flow source.
--- a/csharp/ql/lib/ext/System.Net.WebSockets.model.yml
+++ b/csharp/ql/lib/ext/System.Net.WebSockets.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["System.Net.WebSockets", "WebSocket", True, "ReceiveAsync", "", "", "Argument[0]", "remote", "manual"]
--- a/csharp/ql/test/library-tests/dataflow/flowsources/remote/RemoteFlowSource.cs
+++ b/csharp/ql/test/library-tests/dataflow/flowsources/remote/RemoteFlowSource.cs
@@ -44,5 +44,13 @@ namespace RemoteFlowSource
        {
            Use(request.Unvalidated.RawUrl);
        }
+
+        public static async void M3(System.Net.WebSockets.WebSocket webSocket)
+        {
+            var buffer = new byte[1024];
+            var segment = new ArraySegment<byte>(buffer);
+            var result = await webSocket.ReceiveAsync(segment, System.Threading.CancellationToken.None);
+            Use(segment);
+        }
    }
 }
--- a/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.expected
+++ b/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.expected
@@ -9,3 +9,4 @@
 | RemoteFlowSource.cs:40:17:40:23 | access to parameter request | ASP.NET query string |
 | RemoteFlowSource.cs:45:17:45:23 | access to parameter request | ASP.NET query string |
 | RemoteFlowSource.cs:45:17:45:42 | access to property RawUrl | ASP.NET unvalidated request data |
+| RemoteFlowSource.cs:52:55:52:61 | [post] access to local variable segment | external |
--- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -185,6 +185,10 @@ source
 | System.IO;StreamWriter;StreamWriter;(System.String,System.IO.FileStreamOptions);Argument[this];file-write;manual |
 | System.IO;StreamWriter;StreamWriter;(System.String,System.Text.Encoding,System.IO.FileStreamOptions);Argument[this];file-write;manual |
 | System.Net.Sockets;TcpClient;GetStream;();ReturnValue;remote;manual |
+| System.Net.WebSockets;ClientWebSocket;ReceiveAsync;(System.ArraySegment<System.Byte>,System.Threading.CancellationToken);Argument[0];remote;manual |
+| System.Net.WebSockets;ClientWebSocket;ReceiveAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[0];remote;manual |
+| System.Net.WebSockets;WebSocket;ReceiveAsync;(System.ArraySegment<System.Byte>,System.Threading.CancellationToken);Argument[0];remote;manual |
+| System.Net.WebSockets;WebSocket;ReceiveAsync;(System.Memory<System.Byte>,System.Threading.CancellationToken);Argument[0];remote;manual |
 | System;Console;Read;();ReturnValue;stdin;manual |
 | System;Console;ReadKey;();ReturnValue;stdin;manual |
 | System;Console;ReadKey;(System.Boolean);ReturnValue;stdin;manual |