hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Improve CFG for assignments

Browse Source 
Write accesses in assignments, such as the access to `x` in `x = 0` are not
evaluated, so they should not have entries in the control flow graph. However,
qualifiers (and indexer arguments) should still be evaluated, for example in

```
x.Foo.Bar = 0;
```

the CFG should be `x --> x.Foo --> 0 --> x.Foo.Bar = 0` (as opposed to
`x --> x.Foo --> x.Foo.Bar --> 0 --> x.Foo.Bar = 0`, prior to this change).

A special case is assignments via acessors (properties, indexers, and event
adders), where we do want to include the access in the control flow graph,
as it represents the accessor call:

```
x.Prop = 0;
```

But instead of `x --> x.set_Prop --> 0 --> x.Prop = 0` the CFG should be
`x --> 0 --> x.set_Prop --> x.Prop = 0`, as the setter is called *after* the
assigned value has been evaluated.

An even more special case is tuple assignments via accessors:

```
(x.Prop1, y.Prop2) = (0, 1);
```

Here the CFG should be
`x --> y --> 0 --> 1 --> x.set_Prop1 --> y.set_Prop2 --> (x.Prop1, y.Prop2) = (0, 1)`.
This commit is contained in:
Tom Hvitved
2019-02-08 09:39:22 +01:00
parent 096757dadf
commit 5ce9b25ec9
18 changed files with 928 additions and 1319 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
csharp/ql/test/library-tests/security/dataflow/flowsources/StoredFlowSources.expected
View File

@@ -1,4 +1,3 @@
| data.cs:22:29:22:42 | access to local variable customerReader |
| data.cs:22:29:22:76 | OleDbDataReader customerReader = ... |
| data.cs:22:46:22:76 | call to method ExecuteReader |
| data.cs:25:20:25:33 | access to local variable customerReader |
@@ -11,13 +10,11 @@
| data.cs:29:51:29:71 | access to indexer |
| data.cs:31:13:31:26 | access to local variable customerReader |
| data.cs:31:13:31:34 | call to method Close |
| entity.cs:32:29:32:33 | access to local variable blogs |
| entity.cs:32:29:32:82 | DbRawSqlQuery<Blog> blogs = ... |
| entity.cs:32:37:32:82 | call to method SqlQuery |
| entity.cs:33:30:33:34 | access to local variable blogs |
| entity.cs:36:31:36:34 | access to local variable blog |
| entity.cs:36:31:36:39 | access to property Name |
| entity.cs:39:31:39:39 | access to local variable blogNames |
| entity.cs:39:31:39:93 | DbRawSqlQuery<String> blogNames = ... |
| entity.cs:39:43:39:93 | call to method SqlQuery |
| entity.cs:40:34:40:42 | access to local variable blogNames |