hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Re-factor UrlRedirect to use the new API.

Browse Source
This commit is contained in:
Michael Nebel
2023-04-12 15:03:36 +02:00
parent bdf1da340d
commit 60544c6889
2 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
View File

@@ -33,9 +33,11 @@ abstract class Sanitizer extends DataFlow::ExprNode { }
abstract deprecated class SanitizerGuard extends DataFlow::BarrierGuard { }
/**
* DEPRECATED: Use `UrlRedirect` instead.
*
* A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
*/
class TaintTrackingConfiguration extends TaintTracking::Configuration {
deprecated class TaintTrackingConfiguration extends TaintTracking::Configuration {
TaintTrackingConfiguration() { this = "UrlRedirect" }
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -49,6 +51,22 @@ class TaintTrackingConfiguration extends TaintTracking::Configuration {
}
}
/**
* A taint-tracking configuration for reasoning about unvalidated URL redirect vulnerabilities.
*/
private module UrlRedirectConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
}
/**
* A taint-tracking module for reasoning about unvalidated URL redirect vulnerabilities.
*/
module UrlRedirect = TaintTracking::Global<UrlRedirectConfig>;
/** A source of remote user input. */
class RemoteSource extends Source instanceof RemoteFlowSource { }

6
csharp/ql/src/Security Features/CWE-601/UrlRedirect.ql
View File

@@ -13,9 +13,9 @@
import csharp
import semmle.code.csharp.security.dataflow.UrlRedirectQuery
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
import UrlRedirect::PathGraph
from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
where c.hasFlowPath(source, sink)
from UrlRedirect::PathNode source, UrlRedirect::PathNode sink
where UrlRedirect::flowPath(source, sink)
select sink.getNode(), source, sink, "Untrusted URL redirection due to $@.", source.getNode(),
"user-provided value"