Merge remote-tracking branch 'upstream/master' into dbartol/Indirections

csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql

@@ -4,14 +4,11 @@
  * @kind problem
  * @id cs/serialization-check-bypass
  * @problem.severity warning
+ * @precision medium
  * @tags security
  *       external/cwe/cwe-20
  */
 
-/*
- * consider: @precision medium
- */
-
 import semmle.code.csharp.serialization.Serialization
 import semmle.code.csharp.controlflow.Guards
 

csharp/ql/src/Security Features/CWE-091/XMLInjection.ql

@@ -5,14 +5,11 @@
  * @kind problem
  * @id cs/xml-injection
  * @problem.severity error
+ * @precision high
  * @tags security
  *       external/cwe/cwe-091
  */
 
-/*
- * consider: @precision high
- */
-
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
 import semmle.code.csharp.frameworks.system.Xml

csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql

@@ -6,27 +6,14 @@
  * @kind problem
  * @id cs/assembly-path-injection
  * @problem.severity error
+ * @precision high
  * @tags security
  *       external/cwe/cwe-114
  */
 
-/*
- * consider: @precision high
- */
-
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
-
-class MainMethod extends Method {
-  MainMethod() {
-    this.hasName("Main") and
-    this.isStatic() and
-    (this.getReturnType() instanceof VoidType or this.getReturnType() instanceof IntType) and
-    if this.getNumberOfParameters() = 1
-    then this.getParameter(0).getType().(ArrayType).getElementType() instanceof StringType
-    else this.getNumberOfParameters() = 0
-  }
-}
+import semmle.code.csharp.commons.Util
 
 /**
  * A taint-tracking configuration for untrusted user input used to load a DLL.

csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql

@@ -4,14 +4,11 @@
  * @kind path-problem
  * @id cs/insecure-sql-connection
  * @problem.severity error
+ * @precision medium
  * @tags security
  *       external/cwe/cwe-327
  */
 
-/*
- * consider: @precision high
- */
-
 import csharp
 import DataFlow::PathGraph
 

csharp/ql/src/semmle/code/csharp/ir/implementation/raw/Instruction.qll

@@ -947,6 +947,10 @@ class ConvertInstruction extends UnaryInstruction {
   ConvertInstruction() { getOpcode() instanceof Opcode::Convert }
 }
 
+class CheckedConvertOrNullInstruction extends UnaryInstruction {
+  CheckedConvertOrNullInstruction() { getOpcode() instanceof Opcode::CheckedConvertOrNull }
+}
+
 /**
  * Represents an instruction that converts between two addresses
  * related by inheritance.
@@ -987,7 +991,7 @@ class InheritanceConversionInstruction extends UnaryInstruction {
 
 /**
  * Represents an instruction that converts from the address of a derived class
- * to the address of a direct non-virtual base class.
+ * to the address of a base class.
  */
 class ConvertToBaseInstruction extends InheritanceConversionInstruction {
   ConvertToBaseInstruction() { getOpcode() instanceof ConvertToBaseOpcode }

csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/Instruction.qll

@@ -947,6 +947,10 @@ class ConvertInstruction extends UnaryInstruction {
   ConvertInstruction() { getOpcode() instanceof Opcode::Convert }
 }
 
+class CheckedConvertOrNullInstruction extends UnaryInstruction {
+  CheckedConvertOrNullInstruction() { getOpcode() instanceof Opcode::CheckedConvertOrNull }
+}
+
 /**
  * Represents an instruction that converts between two addresses
  * related by inheritance.
@@ -987,7 +991,7 @@ class InheritanceConversionInstruction extends UnaryInstruction {
 
 /**
  * Represents an instruction that converts from the address of a derived class
- * to the address of a direct non-virtual base class.
+ * to the address of a base class.
  */
 class ConvertToBaseInstruction extends InheritanceConversionInstruction {
   ConvertToBaseInstruction() { getOpcode() instanceof ConvertToBaseOpcode }